diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-04-22 14:35:43 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-05-04 16:56:12 -0400 |
commit | 8424ea8c0380b57dd0dc0f8c79ecf23171072249 (patch) | |
tree | 860b962dce9a9dbd856ab56e8b91823887eb77c6 /ipalib/plugins/join.py | |
parent | dfe9db55484339a8a9f2ce3bd057bd9702bb9579 (diff) | |
download | freeipa-8424ea8c0380b57dd0dc0f8c79ecf23171072249.tar.gz freeipa-8424ea8c0380b57dd0dc0f8c79ecf23171072249.tar.xz freeipa-8424ea8c0380b57dd0dc0f8c79ecf23171072249.zip |
A class for dealing with a temporary NSS certificate database
Diffstat (limited to 'ipalib/plugins/join.py')
-rw-r--r-- | ipalib/plugins/join.py | 52 |
1 files changed, 45 insertions, 7 deletions
diff --git a/ipalib/plugins/join.py b/ipalib/plugins/join.py index d75043fdd..5f0d9974f 100644 --- a/ipalib/plugins/join.py +++ b/ipalib/plugins/join.py @@ -26,6 +26,15 @@ from ipalib import Command, Str, Int from ipalib import errors import krbV import os, subprocess +from ipapython import ipautil +from ipapython import certdb +from ipapython import dogtag +import tempfile +import sha +import httplib +import xml.dom.minidom +import stat +import shutil def get_realm(): krbctx = krbV.default_context() @@ -103,14 +112,43 @@ class join(Command): def __get_keytab(self, principal, stdin=None): args = ["/usr/sbin/ipa-getkeytab", "-s", self.env.host, "-p", principal,"-k", "/tmp/kt"] - return self.__run(args, stdin) + return ipautil.run(args, stdin) - def __run(self, args, stdin=None): - if stdin: - p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) - stdout,stderr = p.communicate(stdin) + def _generate_server_cert(self, hostname): + subject = "CN=%s,OU=pki-ipa,O=IPA" % hostname + cdb = certdb.CertDB(secdir=None, temporary=True) + + csr = cdb.generate_csr(subject, keysize=1024) + + # Request a cert + try: + result = api.Command['cert_request'](unicode(csr), **{}) + except KeyError: + return "Certificates are not supported" + + # Load the cert into our temporary database + if result.get('certificate', False): + cert_file = cdb.secdir + "/cert.txt" + f = open(cert_file, "w") + f.write(result.get('certificate')) + f.close() + + cdb.add_certificate(cert_file, "Server-Cert", is_ca=False) + + ca_chain = dogtag.get_ca_certchain() + + ca_file = cdb.secdir + "/ca.txt" + f = open(ca_file, "w") + f.write(ca_chain) + f.close() + + cdb.add_certificate(ca_file, "caCert", is_ca=True) + + result = cdb.create_pkcs12("/tmp/server.p12", "Server-Cert") else: - p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) - stdout,stderr = p.communicate() + # Raise some error? + pass + + return result api.register(join) |