summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipapython/certdb.py6
-rw-r--r--ipaserver/install/cainstance.py3
-rw-r--r--ipaserver/install/certs.py14
-rw-r--r--ipaserver/install/dsinstance.py2
-rw-r--r--ipaserver/plugins/selfsign.py3
5 files changed, 14 insertions, 14 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index fb99e25ac..a2fbb0ec3 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -21,10 +21,12 @@ from ipapython import ipautil
from ipapython import nsslib
from ipalib import pkcs10
import tempfile
-import sha
+from ipalib.compat import sha1
import shutil
import os
+CA_NICKNAME = "IPA CA"
+
class CertDB(object):
"""
To be used for temporary NSS databases only. If temporary is set then
@@ -64,7 +66,7 @@ class CertDB(object):
return ipautil.run(new_args, stdin)
def generate_random(self):
- return sha.sha(ipautil.ipa_generate_password()).hexdigest()
+ return sha1(ipautil.ipa_generate_password()).hexdigest()
def create_noise_file(self):
"""
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d356ef82d..cc203d5ec 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -36,6 +36,7 @@ import urllib
import xml.dom.minidom
import stat
from ipapython import dogtag
+from ipapython.certdb import CA_NICKNAME
from ipalib import pkcs10
import subprocess
@@ -381,7 +382,7 @@ class CAInstance(service.Service):
# The same database is used for mod_nss because the NSS context
# will already have been initialized by Apache by the time
# mod_python wants to do things.
- self.canickname = "CA certificate"
+ self.canickname = CA_NICKNAME
self.basedn = "o=ipaca"
self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-")
self.ra_agent_db = "/etc/httpd/alias"
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 033bda289..4f8b4e708 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -33,6 +33,7 @@ from ipapython import dogtag
from ipapython import sysrestore
from ipapython import ipautil
from ipapython import certmonger
+from ipapython.certdb import CA_NICKNAME
from ipalib import pkcs10
from ConfigParser import RawConfigParser, MissingSectionHeaderError
import service
@@ -44,12 +45,7 @@ import nss.nss as nss
from ipalib import api
-# The sha module is deprecated in Python 2.6, replaced by hashlib. Try
-# that first and fall back to sha.sha if it isn't available.
-try:
- from hashlib import sha256 as sha
-except ImportError:
- from sha import sha
+from ipalib.compat import sha1
CA_SERIALNO="/var/lib/ipa/ca_serialno"
@@ -195,7 +191,7 @@ class CertDB(object):
else:
self.subject_format = "CN=%s,O=IPA"
- self.cacert_name = "CA certificate"
+ self.cacert_name = CA_NICKNAME
self.valid_months = "120"
self.keysize = "1024"
@@ -268,7 +264,7 @@ class CertDB(object):
os.chmod(fname, perms)
def gen_password(self):
- return sha(ipautil.ipa_generate_password()).hexdigest()
+ return sha1(ipautil.ipa_generate_password()).hexdigest()
def run_certutil(self, args, stdin=None):
new_args = ["/usr/bin/certutil", "-d", self.secdir]
@@ -857,7 +853,7 @@ class CertDB(object):
else:
raise RuntimeError("unknown error import pkcs#12 file")
- def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname="CA certificate"):
+ def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=CA_NICKNAME):
ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
"-o", pkcs12_fname,
"-n", nickname,
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c72220c84..7dbfdaabe 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -522,7 +522,7 @@ class DsInstance(service.Service):
first have to shut down the directory server in case it has
opened the cert db read-only. Then we use the CertDB class
to add the CA cert. We have to provide a nickname, and we
- do not use 'CA certificate' since that's the default, so
+ do not use 'IPA CA' since that's the default, so
we use 'Imported CA' if none specified. Then we restart
the server."""
# first make sure we have a valid cacert_fname
diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py
index 5333a89a3..9943f73d2 100644
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@@ -39,6 +39,7 @@ from ipalib import Backend
from ipalib import errors
from ipalib import x509
from ipalib import pkcs10
+from ipapython.certdb import CA_NICKNAME
import subprocess
import os
import re
@@ -156,7 +157,7 @@ class ra(rabase.rabase):
"/usr/bin/certutil",
"-C",
"-d", self.sec_dir,
- "-c", "CA certificate",
+ "-c", CA_NICKNAME,
"-i", csr_name,
"-o", cert_name,
"-m", str(serialno),