summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/kra.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/install/kra.py')
-rw-r--r--ipaserver/install/kra.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py
index b55dfb702..2586b4af2 100644
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -3,7 +3,9 @@
#
from ipalib import api, errors
+from ipapython import certdb
from ipapython import dogtag
+from ipapython import ipautil
from ipapython.dn import DN
from ipaserver.install import cainstance
from ipaserver.install import krainstance
@@ -34,6 +36,20 @@ def install_check(api, replica_config, options):
if not api.Command.kra_is_enabled()['result']:
raise RuntimeError("KRA is not installed on the master system")
+ with certdb.NSSDatabase() as tmpdb:
+ pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
+ tmpdb.create_db(pw.name)
+ tmpdb.import_pkcs12(replica_config.dir + "/cacert.p12", pw.name,
+ replica_config.dirman_password)
+ kra_cert_nicknames = [
+ "storageCert cert-pki-kra", "transportCert cert-pki-kra",
+ "auditSigningCert cert-pki-kra"
+ ]
+ if not all(tmpdb.has_nickname(nickname)
+ for nickname in kra_cert_nicknames):
+ raise RuntimeError("Missing KRA certificates, please create a "
+ "new replica file.")
+
def install(api, replica_config, options):
subject = dsinstance.DsInstance().find_subject_base()
generated by cgit (git 2.34.1) at 2024-05-08 12:29:14 +0000