diff options
Diffstat (limited to 'base/common/python')
-rw-r--r-- | base/common/python/pki/cli/pkcs12.py | 19 | ||||
-rw-r--r-- | base/common/python/pki/nssdb.py | 22 |
2 files changed, 35 insertions, 6 deletions
diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py index a7c32cc2b..3fcea35a4 100644 --- a/base/common/python/pki/cli/pkcs12.py +++ b/base/common/python/pki/cli/pkcs12.py @@ -55,6 +55,7 @@ class PKCS12ImportCLI(pki.cli.CLI): print(' --no-trust-flags Do not include trust flags') print(' --no-user-certs Do not import user certificates') print(' --no-ca-certs Do not import CA certificates') + print(' --overwrite Overwrite existing certificates') print(' -v, --verbose Run in verbose mode.') print(' --debug Run in debug mode.') print(' --help Show help message.') @@ -65,7 +66,7 @@ class PKCS12ImportCLI(pki.cli.CLI): try: opts, _ = getopt.gnu_getopt(args, 'v', [ 'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=', - 'no-trust-flags', 'no-user-certs', 'no-ca-certs', + 'no-trust-flags', 'no-user-certs', 'no-ca-certs', 'overwrite', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: @@ -79,6 +80,7 @@ class PKCS12ImportCLI(pki.cli.CLI): no_trust_flags = False import_user_certs = True import_ca_certs = True + overwrite = False debug = False for o, a in opts: @@ -100,6 +102,9 @@ class PKCS12ImportCLI(pki.cli.CLI): elif o == '--no-ca-certs': import_ca_certs = False + elif o == '--overwrite': + overwrite = True + elif o in ('-v', '--verbose'): self.set_verbose(True) @@ -221,6 +226,15 @@ class PKCS12ImportCLI(pki.cli.CLI): cert_id = cert_info['id'] nickname = cert_info['nickname'] + cert = nssdb.get_cert(nickname) + + if cert: + if not overwrite: + print('WARNING: cert %s already exists' % nickname) + continue + + nssdb.remove_cert(nickname) + if 'trust_flags' in cert_info: trust_flags = cert_info['trust_flags'] else: @@ -292,6 +306,9 @@ class PKCS12ImportCLI(pki.cli.CLI): if no_trust_flags: cmd.extend(['--no-trust-flags']) + if overwrite: + cmd.extend(['--overwrite']) + if self.verbose: cmd.extend(['--verbose']) diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 0c27c3f19..f563fd81e 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -423,12 +423,20 @@ class NSSDatabase(object): output_format_option ]) - cert_data = subprocess.check_output(cmd) + try: + cert_data = subprocess.check_output(cmd) + + if output_format == 'base64': + cert_data = base64.b64encode(cert_data) - if output_format == 'base64': - cert_data = base64.b64encode(cert_data) + return cert_data - return cert_data + except subprocess.CalledProcessError: + # All certutil errors return the same code (i.e. 255). + # For now assume it was caused by missing certificate. + # TODO: Check error message. If it's caused by other + # issue, throw exception. + return None def remove_cert(self, nickname): @@ -576,7 +584,8 @@ class NSSDatabase(object): pkcs12_password=None, pkcs12_password_file=None, no_user_certs=False, - no_ca_certs=False): + no_ca_certs=False, + overwrite=False): tmpdir = tempfile.mkdtemp() @@ -613,6 +622,9 @@ class NSSDatabase(object): if no_ca_certs: cmd.extend(['--no-ca-certs']) + if overwrite: + cmd.extend(['--overwrite']) + subprocess.check_call(cmd) finally: |