diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-02-19 15:09:49 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-02 06:10:24 +0200 |
commit | 9667921a5a2489a3fccc6f4f7f7af88f60eadbd2 (patch) | |
tree | 6989057c4a7759e8ecf96542da6538454515e1e7 /base/common | |
parent | 943b62447dc41286e172bd8e11f747a0f524695b (diff) | |
download | pki-9667921a5a2489a3fccc6f4f7f7af88f60eadbd2.tar.gz pki-9667921a5a2489a3fccc6f4f7f7af88f60eadbd2.tar.xz pki-9667921a5a2489a3fccc6f4f7f7af88f60eadbd2.zip |
Added pki-server commands to export system certificates.
Some pki-server commands have been added to simplify exporting
the required certificates for subsystem installations. These
commands will invoke the pki pkcs12 utility to export the
certificates from the instance NSS database.
The pki-server ca-cert-chain-export command will export the
the certificate chain needed for installing additional
subsystems running on a separate instance.
The pki-server <subsystem>-clone-prepare commands will export
the certificates required for cloning a subsystem.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/common')
-rw-r--r-- | base/common/python/pki/nssdb.py | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 67fd90b4c..219d824fd 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -502,7 +502,8 @@ class NSSDatabase(object): finally: shutil.rmtree(tmpdir) - def export_pkcs12(self, pkcs12_file, nickname, pkcs12_password=None, pkcs12_password_file=None): + def export_pkcs12(self, pkcs12_file, nicknames=None, pkcs12_password=None, + pkcs12_password_file=None): tmpdir = tempfile.mkdtemp() @@ -519,14 +520,24 @@ class NSSDatabase(object): raise Exception('Missing PKCS #12 password') cmd = [ - 'pk12util', + 'pki', '-d', self.directory, - '-k', self.password_file, - '-o', pkcs12_file, - '-w', password_file, - '-n', nickname + '-C', self.password_file ] + if self.token and self.token != 'internal': + cmd.extend(['--token', self.token]) + + cmd.extend(['pkcs12-export']) + + cmd.extend([ + '--pkcs12', pkcs12_file, + '--pkcs12-password-file', password_file + ]) + + if nicknames: + cmd.extend(nicknames) + subprocess.check_call(cmd) finally: |