diff options
| author | Dinesh Prasanth M K <dmoluguw@redhat.com> | 2017-06-23 15:57:29 -0400 |
|---|---|---|
| committer | Dinesh Prasanth M K <dmoluguw@redhat.com> | 2017-06-23 19:43:24 -0400 |
| commit | d762073c4b5bcd4f9f30e3b8439983a497a77c97 (patch) | |
| tree | c8da74a726315dfdddefdfb3bc703b26ce4044de | |
| parent | db84bffad64dd4b9a9d684255794719ae13d677f (diff) | |
| download | pki-d762073c4b5bcd4f9f30e3b8439983a497a77c97.tar.gz pki-d762073c4b5bcd4f9f30e3b8439983a497a77c97.tar.xz pki-d762073c4b5bcd4f9f30e3b8439983a497a77c97.zip | |
Patch for "pki-server subsystem-cert-update" command
Currently, the --cert option has not been implemented for
`pki-server subsystem-cert-update` command. The --cert takes
certificate name that needs to be added to the NSS database
and replaces the existing certificate (if exists) in the
database
https://pagure.io/dogtagpki/issue/2756
Change-Id: If8be9edd55a673230f86e213fc803be365e55a92
| -rw-r--r-- | base/server/python/pki/server/cli/subsystem.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 10af8ca6a..a9857ba5f 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -741,6 +741,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') + print(' --cert <certificate> New certificate to be added') print() def execute(self, argv): @@ -748,7 +749,8 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', - 'verbose', 'help']) + 'verbose', 'help', + 'cert=']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) @@ -756,6 +758,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): sys.exit(1) instance_name = 'pki-tomcat' + cert_file = None for o, a in opts: if o in ('-i', '--instance'): @@ -768,6 +771,9 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): self.usage() sys.exit() + elif o == '--cert': + cert_file = a + else: print('ERROR: unknown option ' + o) self.usage() @@ -807,6 +813,27 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): token = subsystem_cert['token'] nssdb = instance.open_nssdb(token) + + if cert_file: + if not os.path.isfile(cert_file): + print('ERROR: %s certificate does not exist.' % cert_file) + self.usage() + sys.exit(1) + + data = nssdb.get_cert( + nickname=subsystem_cert['nickname'], + output_format='base64') + + if data: + if self.verbose: + print('Removing old %s certificate from database.' % subsystem_cert['nickname']) + nssdb.remove_cert(nickname=subsystem_cert['nickname']) + if self.verbose: + print('Adding new %s certificate into database.' % subsystem_cert['nickname']) + nssdb.add_cert( + nickname=subsystem_cert['nickname'], + cert_file=cert_file) + data = nssdb.get_cert( nickname=subsystem_cert['nickname'], output_format='base64') |