Use consistent, specific nickname for the IPA CA certificate.

Also fix some imports for sha. We have a compat module for it, use it. ticket 181
author: Rob Crittenden <rcritten@redhat.com> 2010-09-28 23:10:25 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2010-10-01 13:37:34 -0400
commit: 3703062ab25a7817581eefa2f89214e8a6244bee (patch)
tree: 469a4abc1eea4dadac459e28936fe7e117e8808a /ipaserver
parent: 3127df2aee8ad8ef95f34610665a004fece51acf (diff)
download: freeipa-3703062ab25a7817581eefa2f89214e8a6244bee.tar.gz
freeipa-3703062ab25a7817581eefa2f89214e8a6244bee.tar.xz
freeipa-3703062ab25a7817581eefa2f89214e8a6244bee.zip
4 files changed, 10 insertions, 12 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d356ef82d..cc203d5ec 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -36,6 +36,7 @@ import urllib
 import xml.dom.minidom
 import stat
 from ipapython import dogtag
+from ipapython.certdb import CA_NICKNAME
 from ipalib import pkcs10
 import subprocess
 
@@ -381,7 +382,7 @@ class CAInstance(service.Service):
         # The same database is used for mod_nss because the NSS context
         # will already have been initialized by Apache by the time
         # mod_python wants to do things.
-        self.canickname = "CA certificate"
+        self.canickname = CA_NICKNAME
         self.basedn = "o=ipaca"
         self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-")
         self.ra_agent_db = "/etc/httpd/alias"
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 033bda289..4f8b4e708 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -33,6 +33,7 @@ from ipapython import dogtag
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython import certmonger
+from ipapython.certdb import CA_NICKNAME
 from ipalib import pkcs10
 from ConfigParser import RawConfigParser, MissingSectionHeaderError
 import service
@@ -44,12 +45,7 @@ import nss.nss as nss
 
 from ipalib import api
 
-# The sha module is deprecated in Python 2.6, replaced by hashlib. Try
-# that first and fall back to sha.sha if it isn't available.
-try:
-    from hashlib import sha256 as sha
-except ImportError:
-    from sha import sha
+from ipalib.compat import sha1
 
 CA_SERIALNO="/var/lib/ipa/ca_serialno"
 
@@ -195,7 +191,7 @@ class CertDB(object):
         else:
             self.subject_format = "CN=%s,O=IPA"
 
-        self.cacert_name = "CA certificate"
+        self.cacert_name = CA_NICKNAME
         self.valid_months = "120"
         self.keysize = "1024"
 
@@ -268,7 +264,7 @@ class CertDB(object):
         os.chmod(fname, perms)
 
     def gen_password(self):
-        return sha(ipautil.ipa_generate_password()).hexdigest()
+        return sha1(ipautil.ipa_generate_password()).hexdigest()
 
     def run_certutil(self, args, stdin=None):
         new_args = ["/usr/bin/certutil", "-d", self.secdir]
@@ -857,7 +853,7 @@ class CertDB(object):
             else:
                 raise RuntimeError("unknown error import pkcs#12 file")
 
-    def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname="CA certificate"):
+    def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=CA_NICKNAME):
         ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
                      "-o", pkcs12_fname,
                      "-n", nickname,
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c72220c84..7dbfdaabe 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -522,7 +522,7 @@ class DsInstance(service.Service):
         first have to shut down the directory server in case it has
         opened the cert db read-only.  Then we use the CertDB class
         to add the CA cert.  We have to provide a nickname, and we
-        do not use 'CA certificate' since that's the default, so
+        do not use 'IPA CA' since that's the default, so
         we use 'Imported CA' if none specified.  Then we restart
         the server."""
         # first make sure we have a valid cacert_fname
diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py
index 5333a89a3..9943f73d2 100644
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@@ -39,6 +39,7 @@ from ipalib import Backend
 from ipalib import errors
 from ipalib import x509
 from ipalib import pkcs10
+from ipapython.certdb import CA_NICKNAME
 import subprocess
 import os
 import re
@@ -156,7 +157,7 @@ class ra(rabase.rabase):
                 "/usr/bin/certutil",
                 "-C",
                 "-d", self.sec_dir,
-                "-c", "CA certificate",
+                "-c", CA_NICKNAME,
                 "-i", csr_name,
                 "-o", cert_name,
                 "-m", str(serialno),
author	Rob Crittenden <rcritten@redhat.com>	2010-09-28 23:10:25 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2010-10-01 13:37:34 -0400
commit	3703062ab25a7817581eefa2f89214e8a6244bee (patch)
tree	469a4abc1eea4dadac459e28936fe7e117e8808a /ipaserver
parent	3127df2aee8ad8ef95f34610665a004fece51acf (diff)
download	freeipa-3703062ab25a7817581eefa2f89214e8a6244bee.tar.gz freeipa-3703062ab25a7817581eefa2f89214e8a6244bee.tar.xz freeipa-3703062ab25a7817581eefa2f89214e8a6244bee.zip