diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 11:16:52 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 88706c56745faa430ff00d2f1c5f0605b5af29ef (patch) | |
tree | b7d607829b878c9f71e1fb1ca8eff0ec5548d071 /ipaserver | |
parent | feecdb4cdcc237af02d2469b6c7d66e40320394c (diff) | |
download | freeipa-88706c56745faa430ff00d2f1c5f0605b5af29ef.tar.gz freeipa-88706c56745faa430ff00d2f1c5f0605b5af29ef.tar.xz freeipa-88706c56745faa430ff00d2f1c5f0605b5af29ef.zip |
Add new add_cert method for adding certificates to NSSDatabase and CertDB.
Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and
remove add_single_pem_cert.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/certs.py | 18 | ||||
-rw-r--r-- | ipaserver/install/ipa_cacert_manage.py | 10 |
2 files changed, 13 insertions, 15 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 3779551fb..02f079e63 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -232,7 +232,7 @@ class NSSDatabase(object): ) cert, st = find_cert_from_txt(certs) - self.add_single_pem_cert(nickname, flags, cert) + self.add_cert(cert, nickname, flags, pem=True) try: find_cert_from_txt(certs, st) @@ -242,12 +242,11 @@ class NSSDatabase(object): raise ValueError('%s contains more than one certificate' % location) - def add_single_pem_cert(self, nick, flags, cert): - """Import a cert in PEM format""" - self.run_certutil(["-A", "-n", nick, - "-t", flags, - "-a"], - stdin=cert) + def add_cert(self, cert, nick, flags, pem=False): + args = ["-A", "-n", nick, "-t", flags] + if pem: + args.append("-a") + self.run_certutil(args, stdin=cert) def delete_cert(self, nick): self.run_certutil(["-D", "-n", nick]) @@ -500,7 +499,7 @@ class CertDB(object): else: nick = str(subject_dn) tf = ',,' - self.nssdb.add_single_pem_cert(nick, tf, cert) + self.nssdb.add_cert(cert, nick, tf, pem=True) except RuntimeError: break @@ -737,6 +736,9 @@ class CertDB(object): f.write(cert) f.close() + def add_cert(self, cert, nick, flags, pem=False): + self.nssdb.add_cert(cert, nick, flags, pem) + def import_cert(self, cert_fname, nickname): """ Load a certificate from a PEM file and add minimal trust. diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index 8f09c858c..bf2a55b0d 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -216,21 +216,17 @@ class CACertManage(admintool.AdminTool): with certs.NSSDatabase() as tmpdb: pw = ipautil.write_tmp_file(ipautil.ipa_generate_password()) tmpdb.create_db(pw.name) - tmpdb.add_single_pem_cert( - 'IPA CA', 'C,,', x509.make_pem(base64.b64encode(old_cert))) + tmpdb.add_cert(old_cert, 'IPA CA', 'C,,') try: - tmpdb.add_single_pem_cert( - 'IPA CA', 'C,,', x509.make_pem(base64.b64encode(cert))) + tmpdb.add_cert(cert, 'IPA CA', 'C,,') except ipautil.CalledProcessError, e: raise admintool.ScriptError( "Not compatible with the current CA certificate: %s", e) ca_certs = x509.load_certificate_chain_from_file(ca_filename) for ca_cert in ca_certs: - tmpdb.add_single_pem_cert( - str(ca_cert.subject), 'C,,', - x509.make_pem(base64.b64encode(ca_cert.der_data))) + tmpdb.add_cert(ca_cert.der_data, str(ca_cert.subject), 'C,,') del ca_certs del ca_cert |