diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-03-17 15:23:34 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-03-18 22:29:19 +0100 |
| commit | 04055a9bc40486950a3288acf610522e767c1e27 (patch) | |
| tree | edea267daf3bbee63847aa38d2f634b44e00c4f9 /base/server/python/pki/server/deployment/scriptlets/security_databases.py | |
| parent | 1b15c725b6e9c5d9057b66e0a2806a7813a8d61b (diff) | |
| download | pki-04055a9bc40486950a3288acf610522e767c1e27.tar.gz pki-04055a9bc40486950a3288acf610522e767c1e27.tar.xz pki-04055a9bc40486950a3288acf610522e767c1e27.zip | |
Additional clean-ups for PKCS #12 utilities.
The pki_server_external_cert_path has been renamed to
pki_server_external_certs_path to match the file name.
A default pki_server_external_certs_path has been added to
default.cfg.
The pki pkcs12-export has been modified to export into existing
PKCS #12 file by default.
The pki-server instance-cert-export has been modified to accept a
list of nicknames to export.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/security_databases.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/security_databases.py | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 027c4c4cf..3947ad64c 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -85,12 +85,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_secmod_database'], perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - pki_server_pkcs12_path = deployer.mdict['pki_server_pkcs12_path'] + # import system certificates before starting the server + pki_server_pkcs12_path = deployer.mdict['pki_server_pkcs12_path'] if pki_server_pkcs12_path: - # importing system certificates - pki_server_pkcs12_password = deployer.mdict[ 'pki_server_pkcs12_password'] if not pki_server_pkcs12_password: @@ -105,9 +104,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): pkcs12_password=pki_server_pkcs12_password) # update external CA file (if needed) - external_cert_path = deployer.mdict['pki_server_external_cert_path'] - if external_cert_path is not None: - self.update_external_cert_conf(external_cert_path, deployer) + external_certs_path = deployer.mdict['pki_server_external_certs_path'] + if external_certs_path is not None: + self.update_external_certs_conf(external_certs_path, deployer) if len(deployer.instance.tomcat_instance_subsystems()) < 2: # only create a self signed cert for a new instance @@ -183,20 +182,18 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.file.delete(deployer.mdict['pki_shared_pfile']) return self.rv - def update_external_cert_conf(self, external_path, deployer): + def update_external_certs_conf(self, external_path, deployer): external_certs = pki.server.PKIInstance.read_external_certs( external_path) if len(external_certs) > 0: - instance = pki.server.PKIInstance( - deployer.mdict['pki_instance_name']) - instance.load_external_certs( + deployer.instance.load_external_certs( os.path.join(deployer.mdict['pki_instance_configuration_path'], 'external_certs.conf') ) for cert in external_certs: - instance.add_external_cert(cert.nickname, cert.token) + deployer.instance.add_external_cert(cert.nickname, cert.token) def destroy(self, deployer): |