From 3703062ab25a7817581eefa2f89214e8a6244bee Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 28 Sep 2010 23:10:25 -0400
Subject: Use consistent, specific nickname for the IPA CA certificate.

Also fix some imports for sha. We have a compat module for it, use it.

ticket 181
---
 ipapython/certdb.py             |  6 ++++--
 ipaserver/install/cainstance.py |  3 ++-
 ipaserver/install/certs.py      | 14 +++++---------
 ipaserver/install/dsinstance.py |  2 +-
 ipaserver/plugins/selfsign.py   |  3 ++-
 5 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index fb99e25a..a2fbb0ec 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -21,10 +21,12 @@ from ipapython import ipautil
 from ipapython import nsslib
 from ipalib import pkcs10
 import tempfile
-import sha
+from ipalib.compat import sha1
 import shutil
 import os
 
+CA_NICKNAME = "IPA CA"
+
 class CertDB(object):
     """
     To be used for temporary NSS databases only. If temporary is set then
@@ -64,7 +66,7 @@ class CertDB(object):
         return ipautil.run(new_args, stdin)
 
     def generate_random(self):
-        return sha.sha(ipautil.ipa_generate_password()).hexdigest()
+        return sha1(ipautil.ipa_generate_password()).hexdigest()
 
     def create_noise_file(self):
         """
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d356ef82..cc203d5e 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -36,6 +36,7 @@ import urllib
 import xml.dom.minidom
 import stat
 from ipapython import dogtag
+from ipapython.certdb import CA_NICKNAME
 from ipalib import pkcs10
 import subprocess
 
@@ -381,7 +382,7 @@ class CAInstance(service.Service):
         # The same database is used for mod_nss because the NSS context
         # will already have been initialized by Apache by the time
         # mod_python wants to do things.
-        self.canickname = "CA certificate"
+        self.canickname = CA_NICKNAME
         self.basedn = "o=ipaca"
         self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-")
         self.ra_agent_db = "/etc/httpd/alias"
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 033bda28..4f8b4e70 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -33,6 +33,7 @@ from ipapython import dogtag
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython import certmonger
+from ipapython.certdb import CA_NICKNAME
 from ipalib import pkcs10
 from ConfigParser import RawConfigParser, MissingSectionHeaderError
 import service
@@ -44,12 +45,7 @@ import nss.nss as nss
 
 from ipalib import api
 
-# The sha module is deprecated in Python 2.6, replaced by hashlib. Try
-# that first and fall back to sha.sha if it isn't available.
-try:
-    from hashlib import sha256 as sha
-except ImportError:
-    from sha import sha
+from ipalib.compat import sha1
 
 CA_SERIALNO="/var/lib/ipa/ca_serialno"
 
@@ -195,7 +191,7 @@ class CertDB(object):
         else:
             self.subject_format = "CN=%s,O=IPA"
 
-        self.cacert_name = "CA certificate"
+        self.cacert_name = CA_NICKNAME
         self.valid_months = "120"
         self.keysize = "1024"
 
@@ -268,7 +264,7 @@ class CertDB(object):
         os.chmod(fname, perms)
 
     def gen_password(self):
-        return sha(ipautil.ipa_generate_password()).hexdigest()
+        return sha1(ipautil.ipa_generate_password()).hexdigest()
 
     def run_certutil(self, args, stdin=None):
         new_args = ["/usr/bin/certutil", "-d", self.secdir]
@@ -857,7 +853,7 @@ class CertDB(object):
             else:
                 raise RuntimeError("unknown error import pkcs#12 file")
 
-    def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname="CA certificate"):
+    def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=CA_NICKNAME):
         ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
                      "-o", pkcs12_fname,
                      "-n", nickname,
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c72220c8..7dbfdaab 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -522,7 +522,7 @@ class DsInstance(service.Service):
         first have to shut down the directory server in case it has
         opened the cert db read-only.  Then we use the CertDB class
         to add the CA cert.  We have to provide a nickname, and we
-        do not use 'CA certificate' since that's the default, so
+        do not use 'IPA CA' since that's the default, so
         we use 'Imported CA' if none specified.  Then we restart
         the server."""
         # first make sure we have a valid cacert_fname
diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py
index 5333a89a..9943f73d 100644
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@@ -39,6 +39,7 @@ from ipalib import Backend
 from ipalib import errors
 from ipalib import x509
 from ipalib import pkcs10
+from ipapython.certdb import CA_NICKNAME
 import subprocess
 import os
 import re
@@ -156,7 +157,7 @@ class ra(rabase.rabase):
                 "/usr/bin/certutil",
                 "-C",
                 "-d", self.sec_dir,
-                "-c", "CA certificate",
+                "-c", CA_NICKNAME,
                 "-i", csr_name,
                 "-o", cert_name,
                 "-m", str(serialno),
-- 
cgit