Check security module registration

- PKI TRAC Ticket #1426 - pkispawn of KRA on HSM fails (shared instances) - PKI TRAC Ticket #1427 - pkispawn of OCSP on HSM fails (shared instances) - PKI TRAC Ticket #1429 - pkispawn of TKS on HSM fails (shared instances)
author: Matthew Harmsen <mharmsen@redhat.com> 2015-06-18 13:01:34 -0600
committer: Matthew Harmsen <mharmsen@redhat.com> 2015-06-18 19:27:13 -0600
commit: d54544b7732baebf6a93ee50708e445921478034 (patch)
tree: 4215d89682f278e5794a3ee663f3c091707c7a86 /base/server/python/pki
parent: b9f51eb366c98647544d1d090cb9dbd0d29c6e09 (diff)
download: pki-d54544b7732baebf6a93ee50708e445921478034.tar.gz
pki-d54544b7732baebf6a93ee50708e445921478034.tar.xz
pki-d54544b7732baebf6a93ee50708e445921478034.zip
2 files changed, 59 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index a94444793..42ca0d9cf 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -2688,9 +2688,63 @@ class Modutil:
     def __init__(self, deployer):
         self.mdict = deployer.mdict
 
+    def is_security_module_registered(self, path, modulename,
+                                      prefix=None, critical_failure=True):
+        status = False
+        try:
+            # Compose this "modutil" command
+            command = ["modutil"]
+            #   Provide a path to the NSS security databases
+            if path:
+                command.extend(["-dbdir", path])
+            else:
+                config.pki_log.error(
+                    log.PKIHELPER_MODUTIL_MISSING_PATH,
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(log.PKIHELPER_MODUTIL_MISSING_PATH)
+            #   Add optional security database prefix
+            if prefix is not None:
+                command.extend(["--dbprefix", prefix])
+            #   Append '-nocertdb' switch
+            command.extend(["-nocertdb"])
+            #   Specify a 'modulename'
+            if modulename:
+                command.extend(["-list", modulename])
+            else:
+                config.pki_log.error(
+                    log.PKIHELPER_MODUTIL_MISSING_MODULENAME,
+                    extra=config.PKI_INDENTATION_LEVEL_2)
+                raise Exception(log.PKIHELPER_MODUTIL_MISSING_MODULENAME)
+            # Display this "modutil" command
+            config.pki_log.info(
+                log.PKIHELPER_REGISTERED_SECURITY_MODULE_CHECK_1,
+                ' '.join(command),
+                extra=config.PKI_INDENTATION_LEVEL_2)
+            # Execute this "modutil" command
+            subprocess.check_call(command)
+            # 'modulename' is already registered
+            status = True
+            config.pki_log.info(
+                log.PKIHELPER_REGISTERED_SECURITY_MODULE_1, modulename,
+                extra=config.PKI_INDENTATION_LEVEL_2)
+        except subprocess.CalledProcessError as exc:
+            # 'modulename' is not registered
+            config.pki_log.info(
+                log.PKIHELPER_UNREGISTERED_SECURITY_MODULE_1, modulename,
+                extra=config.PKI_INDENTATION_LEVEL_2)
+        except OSError as exc:
+            config.pki_log.error(log.PKI_OSERROR_1, exc,
+                                 extra=config.PKI_INDENTATION_LEVEL_2)
+            if critical_failure:
+                raise
+        return status
+
     def register_security_module(self, path, modulename, libfile,
                                  prefix=None, critical_failure=True):
         try:
+            # First check if security module is already registered
+            if self.is_security_module_registered(path, modulename):
+                return
             # Compose this "modutil" command
             command = ["modutil"]
             #   Provide a path to the NSS security databases
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index dd6ba4160..652840792 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -260,6 +260,11 @@ PKIHELPER_PK12UTIL_MISSING_OUTFILE = \
 PKIHELPER_PK12UTIL_MISSING_PWFILE = \
     "pk12util missing -w pw-file option!"
 PKIHELPER_REGISTER_SECURITY_MODULE_1 = "executing '%s'"
+PKIHELPER_REGISTERED_SECURITY_MODULE_CHECK_1 = "executing '%s'"
+PKIHELPER_REGISTERED_SECURITY_MODULE_1 = \
+    "security module '%s' is already registered."
+PKIHELPER_UNREGISTERED_SECURITY_MODULE_1 = \
+    "security module '%s' is not registered."
 
 PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = \
     "instance '%s' contains '%d' PKI subsystems"
author	Matthew Harmsen <mharmsen@redhat.com>	2015-06-18 13:01:34 -0600
committer	Matthew Harmsen <mharmsen@redhat.com>	2015-06-18 19:27:13 -0600
commit	d54544b7732baebf6a93ee50708e445921478034 (patch)
tree	4215d89682f278e5794a3ee663f3c091707c7a86 /base/server/python/pki
parent	b9f51eb366c98647544d1d090cb9dbd0d29c6e09 (diff)
download	pki-d54544b7732baebf6a93ee50708e445921478034.tar.gz pki-d54544b7732baebf6a93ee50708e445921478034.tar.xz pki-d54544b7732baebf6a93ee50708e445921478034.zip