Add new add_cert method for adding certificates to NSSDatabase and CertDB.

Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and
remove add_single_pem_cert.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

2 files changed, 13 insertions, 15 deletions

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 3779551fb..02f079e63 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -232,7 +232,7 @@ class NSSDatabase(object):
             )
 
         cert, st = find_cert_from_txt(certs)
-        self.add_single_pem_cert(nickname, flags, cert)
+        self.add_cert(cert, nickname, flags, pem=True)
 
         try:
             find_cert_from_txt(certs, st)
@@ -242,12 +242,11 @@ class NSSDatabase(object):
             raise ValueError('%s contains more than one certificate' %
                              location)
 
-    def add_single_pem_cert(self, nick, flags, cert):
-        """Import a cert in PEM format"""
-        self.run_certutil(["-A", "-n", nick,
-                            "-t", flags,
-                            "-a"],
-                            stdin=cert)
+    def add_cert(self, cert, nick, flags, pem=False):
+        args = ["-A", "-n", nick, "-t", flags]
+        if pem:
+            args.append("-a")
+        self.run_certutil(args, stdin=cert)
 
     def delete_cert(self, nick):
         self.run_certutil(["-D", "-n", nick])
@@ -500,7 +499,7 @@ class CertDB(object):
                 else:
                     nick = str(subject_dn)
                     tf = ',,'
-                self.nssdb.add_single_pem_cert(nick, tf, cert)
+                self.nssdb.add_cert(cert, nick, tf, pem=True)
             except RuntimeError:
                 break
 
@@ -737,6 +736,9 @@ class CertDB(object):
         f.write(cert)
         f.close()
 
+    def add_cert(self, cert, nick, flags, pem=False):
+        self.nssdb.add_cert(cert, nick, flags, pem)
+
     def import_cert(self, cert_fname, nickname):
         """
         Load a certificate from a PEM file and add minimal trust.
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index 8f09c858c..bf2a55b0d 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -216,21 +216,17 @@ class CACertManage(admintool.AdminTool):
         with certs.NSSDatabase() as tmpdb:
             pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
             tmpdb.create_db(pw.name)
-            tmpdb.add_single_pem_cert(
-                'IPA CA', 'C,,', x509.make_pem(base64.b64encode(old_cert)))
+            tmpdb.add_cert(old_cert, 'IPA CA', 'C,,')
 
             try:
-                tmpdb.add_single_pem_cert(
-                    'IPA CA', 'C,,', x509.make_pem(base64.b64encode(cert)))
+                tmpdb.add_cert(cert, 'IPA CA', 'C,,')
             except ipautil.CalledProcessError, e:
                 raise admintool.ScriptError(
                     "Not compatible with the current CA certificate: %s", e)
 
             ca_certs = x509.load_certificate_chain_from_file(ca_filename)
             for ca_cert in ca_certs:
-                tmpdb.add_single_pem_cert(
-                    str(ca_cert.subject), 'C,,',
-                    x509.make_pem(base64.b64encode(ca_cert.der_data)))
+                tmpdb.add_cert(ca_cert.der_data, str(ca_cert.subject), 'C,,')
             del ca_certs
             del ca_cert