Added pki-server commands to export system certificates.

Some pki-server commands have been added to simplify exporting
the required certificates for subsystem installations. These
commands will invoke the pki pkcs12 utility to export the
certificates from the instance NSS database.

The pki-server ca-cert-chain-export command will export the
the certificate chain needed for installing additional
subsystems running on a separate instance.

The pki-server <subsystem>-clone-prepare commands will export
the certificates required for cloning a subsystem.

https://fedorahosted.org/pki/ticket/1742

1 files changed, 16 insertions, 6 deletions

diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
index c6beab317..a418cdc00 100644
--- a/base/common/python/pki/nssdb.py
+++ b/base/common/python/pki/nssdb.py
@@ -484,7 +484,7 @@ class NSSDatabase(object):
         finally:
             shutil.rmtree(tmpdir)
 
-    def export_pkcs12(self, pkcs12_file, nickname, pkcs12_password=None,
+    def export_pkcs12(self, pkcs12_file, nicknames=None, pkcs12_password=None,
                       pkcs12_password_file=None):
 
         tmpdir = tempfile.mkdtemp()
@@ -502,14 +502,24 @@ class NSSDatabase(object):
                 raise Exception('Missing PKCS #12 password')
 
             cmd = [
-                'pk12util',
+                'pki',
                 '-d', self.directory,
-                '-k', self.password_file,
-                '-o', pkcs12_file,
-                '-w', password_file,
-                '-n', nickname
+                '-C', self.password_file
             ]
 
+            if self.token and self.token != 'internal':
+                cmd.extend(['--token', self.token])
+
+            cmd.extend(['pkcs12-export'])
+
+            cmd.extend([
+                '--pkcs12', pkcs12_file,
+                '--pkcs12-password-file', password_file
+            ])
+
+            if nicknames:
+                cmd.extend(nicknames)
+
             subprocess.check_call(cmd)
 
         finally: