diff options
-rw-r--r-- | base/common/python/pki/nssdb.py | 29 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/ca.py | 9 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/kra.py | 9 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/ocsp.py | 6 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/tks.py | 6 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/tps.py | 6 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 2 |
7 files changed, 43 insertions, 24 deletions
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index a428e397a..a6b2fa30f 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -395,7 +395,8 @@ class NSSDatabase(object): subprocess.check_call(cmd) - def import_cert_chain(self, nickname, cert_chain_file, trust_attributes=None): + def import_cert_chain(self, nickname, cert_chain_file, + trust_attributes=None): tmpdir = tempfile.mkdtemp() @@ -407,16 +408,18 @@ class NSSDatabase(object): nickname=nickname, cert_file=cert_chain_file, trust_attributes=trust_attributes) - return self.get_cert( - nickname=nickname, - output_format='base64') + return ( + self.get_cert(nickname=nickname, output_format='base64'), + [nickname] + ) - elif file_type == 'pkcs7': # import PKCS #7 cert chain - return self.import_pkcs7( + elif file_type == 'pkcs7': # import PKCS #7 cert chain + chain, nicks = self.import_pkcs7( pkcs7_file=cert_chain_file, nickname=nickname, trust_attributes=trust_attributes, output_format='base64') + return chain, nicks else: # import PKCS #7 data without header/footer with open(cert_chain_file, 'r') as f: @@ -427,17 +430,18 @@ class NSSDatabase(object): with open(tmp_cert_chain_file, 'w') as f: f.write(pkcs7_data) - self.import_pkcs7( + chain, nicks = self.import_pkcs7( pkcs7_file=tmp_cert_chain_file, nickname=nickname, trust_attributes=trust_attributes) - return base64_data + return base64_data, nicks finally: shutil.rmtree(tmpdir) - def import_pkcs7(self, pkcs7_file, nickname, trust_attributes=None, output_format='pem'): + def import_pkcs7(self, pkcs7_file, nickname, trust_attributes=None, + output_format='pem'): tmpdir = tempfile.mkdtemp() @@ -453,6 +457,7 @@ class NSSDatabase(object): # parse PEM output into separate PEM certificates certs = [] lines = [] + nicks = [] state = 'header' for line in output.splitlines(): @@ -494,6 +499,7 @@ class NSSDatabase(object): n = '%s #%d' % (nickname, counter) self.add_cert(n, cert_file, trust_attributes) + nicks.append(n) counter += 1 @@ -501,12 +507,13 @@ class NSSDatabase(object): with open(pkcs7_file, 'r') as f: data = f.read() - return convert_pkcs7(data, 'pem', output_format) + return convert_pkcs7(data, 'pem', output_format), nicks finally: shutil.rmtree(tmpdir) - def import_pkcs12(self, pkcs12_file, pkcs12_password=None, pkcs12_password_file=None): + def import_pkcs12(self, pkcs12_file, pkcs12_password=None, + pkcs12_password_file=None): tmpdir = tempfile.mkdtemp() diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py index af0d941f5..fcc76fa25 100644 --- a/base/server/python/pki/server/cli/ca.py +++ b/base/server/python/pki/server/cli/ca.py @@ -398,9 +398,12 @@ class CAClonePrepareCLI(pki.cli.CLI): subsystem.export_system_cert( 'subsystem', pkcs12_file, pkcs12_password_file, new_file=True) - subsystem.export_system_cert('signing', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('ocsp_signing', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('audit_signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'ocsp_signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'audit_signing', pkcs12_file, pkcs12_password_file) finally: shutil.rmtree(tmpdir) diff --git a/base/server/python/pki/server/cli/kra.py b/base/server/python/pki/server/cli/kra.py index d1b27dbc1..c11fda6ab 100644 --- a/base/server/python/pki/server/cli/kra.py +++ b/base/server/python/pki/server/cli/kra.py @@ -131,9 +131,12 @@ class KRAClonePrepareCLI(pki.cli.CLI): subsystem.export_system_cert( 'subsystem', pkcs12_file, pkcs12_password_file, new_file=True) - subsystem.export_system_cert('transport', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('storage', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('audit_signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'transport', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'storage', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'audit_signing', pkcs12_file, pkcs12_password_file) finally: shutil.rmtree(tmpdir) diff --git a/base/server/python/pki/server/cli/ocsp.py b/base/server/python/pki/server/cli/ocsp.py index 7b1b43487..88fff4330 100644 --- a/base/server/python/pki/server/cli/ocsp.py +++ b/base/server/python/pki/server/cli/ocsp.py @@ -131,8 +131,10 @@ class OCSPClonePrepareCLI(pki.cli.CLI): subsystem.export_system_cert( 'subsystem', pkcs12_file, pkcs12_password_file, new_file=True) - subsystem.export_system_cert('signing', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('audit_signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'audit_signing', pkcs12_file, pkcs12_password_file) finally: shutil.rmtree(tmpdir) diff --git a/base/server/python/pki/server/cli/tks.py b/base/server/python/pki/server/cli/tks.py index 39343db98..55b506bde 100644 --- a/base/server/python/pki/server/cli/tks.py +++ b/base/server/python/pki/server/cli/tks.py @@ -131,8 +131,10 @@ class TKSClonePrepareCLI(pki.cli.CLI): subsystem.export_system_cert( 'subsystem', pkcs12_file, pkcs12_password_file, new_file=True) - subsystem.export_system_cert('signing', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('audit_signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'audit_signing', pkcs12_file, pkcs12_password_file) finally: shutil.rmtree(tmpdir) diff --git a/base/server/python/pki/server/cli/tps.py b/base/server/python/pki/server/cli/tps.py index 05045cb0d..54c99a6de 100644 --- a/base/server/python/pki/server/cli/tps.py +++ b/base/server/python/pki/server/cli/tps.py @@ -131,8 +131,10 @@ class TPSClonePrepareCLI(pki.cli.CLI): subsystem.export_system_cert( 'subsystem', pkcs12_file, pkcs12_password_file, new_file=True) - subsystem.export_system_cert('signing', pkcs12_file, pkcs12_password_file) - subsystem.export_system_cert('audit_signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'signing', pkcs12_file, pkcs12_password_file) + subsystem.export_system_cert( + 'audit_signing', pkcs12_file, pkcs12_password_file) finally: shutil.rmtree(tmpdir) diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 278ac644b..fc6877d36 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -162,7 +162,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): external_ca_cert_chain_nickname = deployer.mdict['pki_external_ca_cert_chain_nickname'] external_ca_cert_chain_file = deployer.mdict['pki_external_ca_cert_chain_path'] if external_ca_cert_chain_file: - cert_chain = nssdb.import_cert_chain( + cert_chain, _nicks = nssdb.import_cert_chain( nickname=external_ca_cert_chain_nickname, cert_chain_file=external_ca_cert_chain_file, trust_attributes='CT,C,C') |