Check LDAP instead of local configuration to see if IPA CA is enabled

The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-10-13 14:30:15 +0200
committer: Martin Kosek <mkosek@redhat.com> 2014-10-17 12:53:11 +0200
commit: 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch)
tree: 4e1e34c392d56672d22c7d8d00c0794163048119 /ipaserver/install/httpinstance.py
parent: 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff)
download: freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz
freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz
freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 367c536b9..e34034706 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -82,12 +82,14 @@ class HTTPInstance(service.Service):
             self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
 
         self.cert_nickname = cert_nickname
+        self.ca_is_configured = True
 
     subject_base = ipautil.dn_attribute_property('_subject_base')
 
     def create_instance(self, realm, fqdn, domain_name, dm_password=None,
                         autoconfig=True, pkcs12_info=None,
-                        subject_base=None, auto_redirect=True, ca_file=None):
+                        subject_base=None, auto_redirect=True, ca_file=None,
+                        ca_is_configured=None):
         self.fqdn = fqdn
         self.realm = realm
         self.domain = domain_name
@@ -105,6 +107,8 @@ class HTTPInstance(service.Service):
             CRL_PUBLISH_PATH=dogtag.install_constants.CRL_PUBLISH_PATH,
         )
         self.ca_file = ca_file
+        if ca_is_configured is not None:
+            self.ca_is_configured = ca_is_configured
 
         # get a connection to the DS
         self.ldap_connect()
@@ -219,7 +223,7 @@ class HTTPInstance(service.Service):
 
         db = certs.CertDB(self.realm, subject_base=self.subject_base)
         if self.pkcs12_info:
-            if api.env.enable_ra:
+            if self.ca_is_configured:
                 trust_flags = 'CT,C,C'
             else:
                 trust_flags = None
@@ -236,7 +240,7 @@ class HTTPInstance(service.Service):
             nickname = server_certs[0][0]
             self.dercert = db.get_cert_from_db(nickname, pem=False)
 
-            if api.env.enable_ra:
+            if self.ca_is_configured:
                 db.track_server_cert(nickname, self.principal, db.passwd_fname, 'restart_httpd')
 
             self.__set_mod_nss_nickname(nickname)
@@ -267,7 +271,7 @@ class HTTPInstance(service.Service):
 
     def __import_ca_certs(self):
         db = certs.CertDB(self.realm, subject_base=self.subject_base)
-        self.import_ca_certs(db, api.env.enable_ra)
+        self.import_ca_certs(db, self.ca_is_configured)
 
     def __setup_autoconfig(self):
         target_fname = paths.PREFERENCES_HTML
author	Jan Cholasta <jcholast@redhat.com>	2014-10-13 14:30:15 +0200
committer	Martin Kosek <mkosek@redhat.com>	2014-10-17 12:53:11 +0200
commit	608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch)
tree	4e1e34c392d56672d22c7d8d00c0794163048119 /ipaserver/install/httpinstance.py
parent	6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff)
download	freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip