diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2012-07-18 17:48:11 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2012-07-19 10:16:42 -0700 |
| commit | 3fcefc1b67e7afe0455267b3876d9e6ef47531cc (patch) | |
| tree | 023d0c199d696df9655174f2e3a5a7d79bb52310 /base/deploy/src/scriptlets/pkihelper.py | |
| parent | 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 (diff) | |
| download | pki-3fcefc1b67e7afe0455267b3876d9e6ef47531cc.tar.gz pki-3fcefc1b67e7afe0455267b3876d9e6ef47531cc.tar.xz pki-3fcefc1b67e7afe0455267b3876d9e6ef47531cc.zip | |
PKI Deployment Scriptlets
Saved Admin Certificate, imported it into NSS client security databases, and
exported it to a PKCS #12 file such that it may be imported into a browser.
TRAC Ticket #221
Dogtag 10: Create a PKCS #12 file containing the Admin Certificate
(https://fedorahosted.org/pki/ticket/221)
Diffstat (limited to 'base/deploy/src/scriptlets/pkihelper.py')
| -rw-r--r-- | base/deploy/src/scriptlets/pkihelper.py | 55 |
1 files changed, 46 insertions, 9 deletions
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 7b77bcee5..7de6502a2 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -326,16 +326,22 @@ class configuration_file: extra=config.PKI_INDENTATION_LEVEL_2) sys.exit(1) # If required, verify existence of Backup Password - # (except for Clones) if config.str2bool(master['pki_backup_keys']): - if not config.str2bool(master['pki_clone']): - if not sensitive.has_key('pki_backup_password') or\ - not len(sensitive['pki_backup_password']): - config.pki_log.error( - log.PKIHELPER_UNDEFINED_BACKUP_PASSWORD_1, - config.pkideployment_cfg, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + if not sensitive.has_key('pki_backup_password') or\ + not len(sensitive['pki_backup_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_BACKUP_PASSWORD_1, + config.pkideployment_cfg, + extra=config.PKI_INDENTATION_LEVEL_2) + sys.exit(1) + # Verify existence of Client PKCS #12 Password for Admin Cert + if not sensitive.has_key('pki_client_pkcs12_password') or\ + not len(sensitive['pki_client_pkcs12_password']): + config.pki_log.error( + log.PKIHELPER_UNDEFINED_CLIENT_PKCS12_PASSWORD_1, + config.pkideployment_cfg, + extra=config.PKI_INDENTATION_LEVEL_2) + sys.exit(1) # Verify existence of PKCS #12 Password (ONLY for Clones) if config.str2bool(master['pki_clone']): if not sensitive.has_key('pki_pkcs12_password') or\ @@ -1583,6 +1589,37 @@ class password: sys.exit(1) return + def create_client_pkcs12_password_conf(self, path, overwrite_flag=False, + critical_failure=True): + try: + if not config.pki_dry_run_flag: + if os.path.exists(path): + if overwrite_flag: + config.pki_log.info( + log.PKIHELPER_PASSWORD_CONF_1, path, + extra=config.PKI_INDENTATION_LEVEL_2) + # overwrite the existing 'pkcs12_password.conf' file + with open(path, "wt") as fd: + fd.write(sensitive['pki_client_pkcs12_password']) + fd.closed + else: + config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, + extra=config.PKI_INDENTATION_LEVEL_2) + # create a new 'pkcs12_password.conf' file + with open(path, "wt") as fd: + fd.write(sensitive['pki_client_pkcs12_password']) + fd.closed + else: + if not os.path.exists(path) or overwrite_flag: + config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, + extra=config.PKI_INDENTATION_LEVEL_2) + except OSError as exc: + config.pki_log.error(log.PKI_OSERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + if critical_failure == True: + sys.exit(1) + return + # PKI Deployment NSS 'certutil' Class class certutil: |