diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2015-04-14 20:05:17 -0600 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-04-14 20:05:17 -0600 |
commit | cde899c8e8516125b26818d5668487c99267420c (patch) | |
tree | f17f837e0e89aef299fa724df11be9a91528011b /base/server/python/pki/server/deployment/pkihelper.py | |
parent | 711d3ca66b6702a33839c3a436550464fa49d0d8 (diff) | |
download | pki-cde899c8e8516125b26818d5668487c99267420c.tar.gz pki-cde899c8e8516125b26818d5668487c99267420c.tar.xz pki-cde899c8e8516125b26818d5668487c99267420c.zip |
Add HSM options to pkispawn
- PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index d11badf5c..5099887cc 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -2531,6 +2531,68 @@ class Certutil: return +class Modutil: + """PKI Deployment NSS 'modutil' Class""" + + def __init__(self, deployer): + self.mdict = deployer.mdict + + def register_security_module(self, path, modulename, libfile, + prefix=None, critical_failure=True): + try: + # Compose this "modutil" command + command = ["modutil"] + # Provide a path to the NSS security databases + if path: + command.extend(["-dbdir", path]) + else: + config.pki_log.error( + log.PKIHELPER_MODUTIL_MISSING_PATH, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MODUTIL_MISSING_PATH) + # Add optional security database prefix + if prefix is not None: + command.extend(["--dbprefix", prefix]) + # Append '-nocertdb' switch + command.extend(["-nocertdb"]) + # Specify a 'modulename' + if modulename: + command.extend(["-add", modulename]) + else: + config.pki_log.error( + log.PKIHELPER_MODUTIL_MISSING_MODULENAME, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MODUTIL_MISSING_MODULENAME) + # Specify a 'libfile' + if libfile: + command.extend(["-libfile", libfile]) + else: + config.pki_log.error( + log.PKIHELPER_MODUTIL_MISSING_LIBFILE, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MODUTIL_MISSING_LIBFILE) + # Append '-force' switch + command.extend(["-force"]) + # Display this "modutil" command + config.pki_log.info( + log.PKIHELPER_REGISTER_SECURITY_MODULE_1, + ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) + # Execute this "modutil" command + subprocess.check_call(command) + except subprocess.CalledProcessError as exc: + config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + if critical_failure: + raise + except OSError as exc: + config.pki_log.error(log.PKI_OSERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + if critical_failure: + raise + return + + class PK12util: """PKI Deployment pk12util class""" @@ -4282,6 +4344,7 @@ class PKIDeployer: self.war = War(self) self.password = Password(self) self.certutil = Certutil(self) + self.modutil = Modutil(self) self.pk12util = PK12util(self) self.kra_connector = KRAConnector(self) self.security_domain = SecurityDomain(self) |