diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 10:23:19 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a (patch) | |
tree | be4382c5867061a294d9b32004b22931295104a6 /ipaserver/install/service.py | |
parent | 88706c56745faa430ff00d2f1c5f0605b5af29ef (diff) | |
download | freeipa-82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a.tar.gz freeipa-82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a.tar.xz freeipa-82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a.zip |
Import CA certs from certificate store to DS NSS database on replica install.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver/install/service.py')
-rw-r--r-- | ipaserver/install/service.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 9e4ea3700..585c903bd 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -27,7 +27,7 @@ import datetime from ipapython import sysrestore, ipautil, dogtag, ipaldap from ipapython.dn import DN from ipapython.ipa_log_manager import * -from ipalib import errors +from ipalib import errors, certstore from ipaplatform import services from ipaplatform.paths import paths @@ -269,6 +269,21 @@ class Service(object): except Exception, e: root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e))) + def import_ca_certs(self, db, ca_is_configured, conn=None): + if conn is None: + if not self.admin_conn: + self.ldap_connect() + conn = self.admin_conn + + try: + ca_certs = certstore.get_ca_certs_nss( + conn, self.suffix, self.realm, ca_is_configured) + except errors.NotFound: + pass + else: + for cert, nickname, trust_flags in ca_certs: + db.add_cert(cert, nickname, trust_flags) + def is_configured(self): return self.sstore.has_state(self.service_name) |