1 files changed, 14 insertions, 13 deletions

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index a005fb9f7..6e01efb9c 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -42,10 +42,11 @@ from ipalib import pkcs10, x509, api
 from ipalib.errors import CertificateOperationError
 from ipalib.text import _
 from ipaplatform import services
+from ipaplatform.paths import paths
 
 # Apache needs access to this database so we need to create it
 # where apache can reach
-NSS_DIR = "/etc/httpd/alias"
+NSS_DIR = paths.HTTPD_ALIAS_DIR
 
 def find_cert_from_txt(cert, start=0):
     """
@@ -114,7 +115,7 @@ class NSSDatabase(object):
         self.close()
 
     def run_certutil(self, args, stdin=None):
-        new_args = ["/usr/bin/certutil", "-d", self.secdir]
+        new_args = [paths.CERTUTIL, "-d", self.secdir]
         new_args = new_args + args
         return ipautil.run(new_args, stdin)
 
@@ -177,12 +178,12 @@ class NSSDatabase(object):
 
     def import_pkcs12(self, pkcs12_filename, db_password_filename,
                       pkcs12_passwd=None):
-        args = ["/usr/bin/pk12util", "-d", self.secdir,
+        args = [paths.PK12UTIL, "-d", self.secdir,
                 "-i", pkcs12_filename,
                 "-k", db_password_filename, '-v']
         if pkcs12_passwd is not None:
             pkcs12_passwd = pkcs12_passwd + '\n'
-            args = args + ["-w", "/dev/stdin"]
+            args = args + ["-w", paths.DEV_STDIN]
         try:
             ipautil.run(args, stdin=pkcs12_passwd)
         except ipautil.CalledProcessError, e:
@@ -298,7 +299,7 @@ class CertDB(object):
         self.cacert_fname = self.secdir + "/cacert.asc"
         self.pk12_fname = self.secdir + "/cacert.p12"
         self.pin_fname = self.secdir + "/pin.txt"
-        self.pwd_conf = "/etc/httpd/conf/password.conf"
+        self.pwd_conf = paths.HTTPD_PASSWORD_CONF
         self.reqdir = None
         self.certreq_fname = None
         self.certder_fname = None
@@ -328,7 +329,7 @@ class CertDB(object):
         if fstore:
             self.fstore = fstore
         else:
-            self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+            self.fstore = sysrestore.FileStore(paths.SYSRESTORE)
 
     subject_base = ipautil.dn_attribute_property('_subject_base')
 
@@ -351,7 +352,7 @@ class CertDB(object):
         if self.reqdir is not None:
             return
 
-        self.reqdir = tempfile.mkdtemp('', 'ipa-', '/var/lib/ipa')
+        self.reqdir = tempfile.mkdtemp('', 'ipa-', paths.VAR_LIB_IPA)
         self.certreq_fname = self.reqdir + "/tmpcertreq"
         self.certder_fname = self.reqdir + "/tmpcert.der"
 
@@ -379,7 +380,7 @@ class CertDB(object):
     def run_signtool(self, args, stdin=None):
         with open(self.passwd_fname, "r") as f:
             password = f.readline()
-        new_args = ["/usr/bin/signtool", "-d", self.secdir, "-p", password]
+        new_args = [paths.SIGNTOOL, "-d", self.secdir, "-p", password]
 
         new_args = new_args + args
         ipautil.run(new_args, stdin)
@@ -446,7 +447,7 @@ class CertDB(object):
         os.chmod(self.cacert_fname, stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH)
         if create_pkcs12:
             ipautil.backup_file(self.pk12_fname)
-            ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
+            ipautil.run([paths.PK12UTIL, "-d", self.secdir,
                          "-o", self.pk12_fname,
                          "-n", self.cacert_name,
                          "-w", self.passwd_fname,
@@ -508,7 +509,7 @@ class CertDB(object):
                 libpath = 'lib64'
             else:
                 libpath = 'lib'
-            command = '/usr/%s/ipa/certmonger/%s' % (libpath, command)
+            command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command)
         cmonger = services.knownservices.certmonger
         cmonger.enable()
         services.knownservices.messagebus.start()
@@ -779,7 +780,7 @@ class CertDB(object):
         if nickname is None:
             nickname = get_ca_nickname(api.env.realm)
 
-        ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
+        ipautil.run([paths.PK12UTIL, "-d", self.secdir,
                      "-o", pkcs12_fname,
                      "-n", nickname,
                      "-k", self.passwd_fname,
@@ -787,7 +788,7 @@ class CertDB(object):
 
     def export_pem_p12(self, pkcs12_fname, pkcs12_pwd_fname,
                        nickname, pem_fname):
-        ipautil.run(["/usr/bin/openssl", "pkcs12",
+        ipautil.run([paths.OPENSSL, "pkcs12",
                      "-export", "-name", nickname,
                      "-in", pem_fname, "-out", pkcs12_fname,
                      "-passout", "file:" + pkcs12_pwd_fname])
@@ -857,7 +858,7 @@ class CertDB(object):
 
     def install_pem_from_p12(self, p12_fname, p12_passwd, pem_fname):
         pwd = ipautil.write_tmp_file(p12_passwd)
-        ipautil.run(["/usr/bin/openssl", "pkcs12", "-nodes",
+        ipautil.run([paths.OPENSSL, "pkcs12", "-nodes",
                      "-in", p12_fname, "-out", pem_fname,
                      "-passin", "file:" + pwd.name])