diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-08-01 22:35:32 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-08-05 22:23:20 +0200 |
| commit | da66600e8ae07fa4169d24909c7d04ed69d2906c (patch) | |
| tree | 00f75b05951788df27c91c3559daf231d67a1b32 /base/server/python | |
| parent | f726f9a668b523c4e5a9438d8ea301f4b556efd4 (diff) | |
| download | pki-da66600e8ae07fa4169d24909c7d04ed69d2906c.tar.gz pki-da66600e8ae07fa4169d24909c7d04ed69d2906c.tar.xz pki-da66600e8ae07fa4169d24909c7d04ed69d2906c.zip | |
Added log messages for certificate import during cloning.
To help troubleshooting cloning issues the security_databases.py
has been modified to log the content of the PKCS #12 file before
import and the NSS database after import.
https://fedorahosted.org/pki/ticket/2424
Diffstat (limited to 'base/server/python')
| -rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/security_databases.py | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 18fc3e1ef..99daf1564 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -19,9 +19,11 @@ # from __future__ import absolute_import +from __future__ import print_function import os import pki.nssdb +import pki.pkcs12 import pki.server # PKI Deployment Imports @@ -104,9 +106,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): directory=deployer.mdict['pki_database_path'], password_file=deployer.mdict['pki_shared_pfile']) - nssdb.import_pkcs12( - pkcs12_file=pki_server_pkcs12_path, - pkcs12_password=pki_server_pkcs12_password) + try: + nssdb.import_pkcs12( + pkcs12_file=pki_server_pkcs12_path, + pkcs12_password=pki_server_pkcs12_password) + finally: + nssdb.close() # update external CA file (if needed) external_certs_path = deployer.mdict['pki_server_external_certs_path'] @@ -127,10 +132,33 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): directory=deployer.mdict['pki_database_path'], password_file=deployer.mdict['pki_shared_pfile']) - nssdb.import_pkcs12( - pkcs12_file=pki_clone_pkcs12_path, - pkcs12_password=pki_clone_pkcs12_password, - no_user_certs=True) + try: + print('Importing certificates from %s:' % pki_clone_pkcs12_path) + + # The PKCS12 class requires an NSS database to run. For simplicity + # it uses the NSS database that has just been created. + pkcs12 = pki.pkcs12.PKCS12( + path=pki_clone_pkcs12_path, + password=pki_clone_pkcs12_password, + nssdb=nssdb) + + try: + pkcs12.show_certs() + finally: + pkcs12.close() + + # Import certificates + nssdb.import_pkcs12( + pkcs12_file=pki_clone_pkcs12_path, + pkcs12_password=pki_clone_pkcs12_password, + no_user_certs=True) + + print('Imported certificates in %s:' % deployer.mdict['pki_database_path']) + + nssdb.show_certs() + + finally: + nssdb.close() if len(deployer.instance.tomcat_instance_subsystems()) < 2: |