diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-06-13 14:44:03 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
| commit | f39c6ee54496f1378d580303b4d470370922ab5e (patch) | |
| tree | efc4b69f84c3801201e897e86a58ff78d72e2293 /ipaserver | |
| parent | 987bf3fbf097425935a91730f725f02107116f27 (diff) | |
| download | freeipa-f39c6ee54496f1378d580303b4d470370922ab5e.tar.gz freeipa-f39c6ee54496f1378d580303b4d470370922ab5e.tar.xz freeipa-f39c6ee54496f1378d580303b4d470370922ab5e.zip | |
Add new NSSDatabase method get_cert for getting certs from NSS databases.
Part of https://fedorahosted.org/freeipa/ticket/3737
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/certs.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 815f3bf31..f958e366e 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -211,9 +211,21 @@ class NSSDatabase(object): raise RuntimeError( "Setting trust on %s failed" % root_nickname) + def get_cert(self, nickname, pem=False): + args = ['-L', '-n', nickname] + if pem: + args.append('-a') + else: + args.append('-r') + try: + cert, err, returncode = self.run_certutil(args) + except ipautil.CalledProcessError: + raise RuntimeError("Failed to get %s" % nickname) + return cert + def export_pem_cert(self, nickname, location): """Export the given cert to PEM file in the given location""" - cert, err, returncode = self.run_certutil(["-L", "-n", nickname, "-a"]) + cert = self.get_cert(nickname) with open(location, "w+") as fd: fd.write(cert) os.chmod(location, 0444) |