diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-07-15 08:12:14 +0000 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-08-20 16:18:59 +0200 |
commit | f2c3ae36f939199e4d5bb3ea2c27c984708aae13 (patch) | |
tree | 9d101f3b477b8fc13e5cc50af2e35b1387704b9e /ipaserver/install/ipa_server_certinstall.py | |
parent | 809123ab0224b14e360428188837d2555f954297 (diff) | |
download | freeipa-f2c3ae36f939199e4d5bb3ea2c27c984708aae13.tar.gz freeipa-f2c3ae36f939199e4d5bb3ea2c27c984708aae13.tar.xz freeipa-f2c3ae36f939199e4d5bb3ea2c27c984708aae13.zip |
Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.
https://fedorahosted.org/freeipa/ticket/3641
Diffstat (limited to 'ipaserver/install/ipa_server_certinstall.py')
-rw-r--r-- | ipaserver/install/ipa_server_certinstall.py | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index b20701774..e4676098d 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -102,19 +102,19 @@ class ServerCertInstall(admintool.AdminTool): serverid = dsinstance.realm_to_serverid(api.env.realm) dirname = dsinstance.config_dirname(serverid) - pwdfile = os.path.join(dirname, 'pwdfile.txt') - with open(pwdfile) as fd: - passwd = fd.read() - - server_cert = self.import_cert(dirname, self.options.dirsrv_pin, passwd) - conn = ldap2(shared_instance=False, base_dn='') conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=self.dm_password) - entry = conn.make_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), - ('cn', 'config')), - nssslpersonalityssl=[server_cert]) + entry = conn.get_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), + ('cn', 'config')), + ['nssslpersonalityssl']) + old_cert = entry.single_value('nssslpersonalityssl') + + server_cert = self.import_cert(dirname, self.options.dirsrv_pin, + old_cert) + + entry['nssslpersonalityssl'] = [server_cert] try: conn.update_entry(entry) except errors.EmptyModlist: @@ -125,7 +125,11 @@ class ServerCertInstall(admintool.AdminTool): def install_http_cert(self): dirname = certs.NSS_DIR - server_cert = self.import_cert(dirname, self.options.http_pin, "") + old_cert = installutils.get_directive(httpinstance.NSS_CONF, + 'NSSNickname') + + server_cert = self.import_cert(dirname, self.options.http_pin, + old_cert) installutils.set_directive(httpinstance.NSS_CONF, 'NSSNickname', server_cert) @@ -140,7 +144,7 @@ class ServerCertInstall(admintool.AdminTool): os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid) os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid) - def import_cert(self, dirname, pkcs12_passwd, db_password): + def import_cert(self, dirname, pkcs12_passwd, old_cert): pw = write_tmp_file(pkcs12_passwd) server_cert = installutils.check_pkcs12( pkcs12_info=(self.pkcs12_fname, pw.name), @@ -149,8 +153,8 @@ class ServerCertInstall(admintool.AdminTool): cdb = certs.CertDB(api.env.realm, nssdir=dirname) try: - cdb.create_from_pkcs12(self.pkcs12_fname, pw.name, - db_password, CACERT) + cdb.delete_cert(old_cert) + cdb.import_pkcs12(self.pkcs12_fname, pw.name) except RuntimeError, e: raise admintool.ScriptError(str(e)) |