summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-04-22 14:36:51 -0400
committerRob Crittenden <rcritten@redhat.com>2009-05-04 16:58:28 -0400
commit0dfb451c3f355a55dace8ce2ada8db335fc5c0b8 (patch)
tree762efbdd7d9e347121a219f823355d857034258b
parent8424ea8c0380b57dd0dc0f8c79ecf23171072249 (diff)
downloadfreeipa-0dfb451c3f355a55dace8ce2ada8db335fc5c0b8.tar.gz
freeipa-0dfb451c3f355a55dace8ce2ada8db335fc5c0b8.tar.xz
freeipa-0dfb451c3f355a55dace8ce2ada8db335fc5c0b8.zip
Utilize the new dogtag library for retrieving the CA cert chain
-rw-r--r--ipaserver/install/cainstance.py19
1 files changed, 4 insertions, 15 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d33901dc..889a648e 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -35,6 +35,7 @@ import httplib
import urllib
import xml.dom.minidom
import stat
+from ipapython import dogtag
from nss.error import NSPRError
import nss.nss as nss
@@ -690,21 +691,9 @@ class CAInstance(service.Service):
stdout, stderr = self.__run_certutil(["-N"])
def __get_ca_chain(self):
- conn = httplib.HTTPConnection(self.host_name, 9180)
- conn.request("GET", "/ca/ee/ca/getCertChain")
- res = conn.getresponse()
- if res.status == 200:
- data = res.read()
-
- doc = xml.dom.minidom.parseString(data)
- item_node = doc.getElementsByTagName("ChainBase64")
- chain = item_node[0].childNodes[0].data
- doc.unlink()
- conn.close()
-
- return chain
- else:
- conn.close()
+ try:
+ return dogtag.get_ca_certchain()
+ except:
raise RuntimeError("Unable to retrieve CA chain")
def __create_ca_agent_pkcs12(self):