diff options
Diffstat (limited to 'base/common')
-rw-r--r-- | base/common/python/pki/crypto.py | 39 | ||||
-rw-r--r-- | base/common/python/pki/kra.py | 4 |
2 files changed, 30 insertions, 13 deletions
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py index f9aed3f36..147e65447 100644 --- a/base/common/python/pki/crypto.py +++ b/base/common/python/pki/crypto.py @@ -102,7 +102,7 @@ class NSSCryptoProvider(CryptoProvider): """ @staticmethod - def setup_database(db_dir, password, over_write=False): + def setup_database(db_dir, password=None, over_write=False, password_file=None): """ Create an NSS database """ if os.path.exists(db_dir): if not over_write: @@ -113,14 +113,20 @@ class NSSCryptoProvider(CryptoProvider): os.remove(db_dir) os.makedirs(db_dir) - home = os.path.expanduser("~") - with tempfile.NamedTemporaryFile(dir=home) as pwd_file: - pwd_file.write(password) - pwd_file.flush() - command = ['certutil', '-N', '-d', db_dir, '-f', pwd_file.name] + try: + if password: + (f, password_file) = tempfile.mkstemp() + os.write(f, password) + os.close(f) + + command = ['certutil', '-N', '-d', db_dir, '-f', password_file] subprocess.check_call(command) - def __init__(self, certdb_dir, certdb_password): + finally: + if password and password_file: + os.remove(password_file) + + def __init__(self, certdb_dir, certdb_password=None, password_file=None): """ Initialize nss and nss related parameters This method expects a NSS database to have already been created at @@ -128,7 +134,14 @@ class NSSCryptoProvider(CryptoProvider): """ CryptoProvider.__init__(self) self.certdb_dir = certdb_dir - self.certdb_password = certdb_password + + if certdb_password: + self.certdb_password = certdb_password + + elif password_file: + with open(password_file, 'r') as f: + self.certdb_password = f.readline().strip() + self.nonce_iv = "e4:bb:3b:d3:c3:71:2e:58" def initialize(self): @@ -137,12 +150,18 @@ class NSSCryptoProvider(CryptoProvider): """ nss.nss_init(self.certdb_dir) - def import_cert(self, cert_nick, cert, trust): + def import_cert(self, cert_nick, cert, trust=',,'): """ Import a certificate into the nss database """ + # accept both CertData object or cert actual data + if type(cert).__name__ == 'CertData': + content = cert.encoded + else: + content = cert + # certutil -A -d db_dir -n cert_nick -t trust -i cert_file with tempfile.NamedTemporaryFile() as cert_file: - cert_file.write(cert.binary) + cert_file.write(content) cert_file.flush() command = ['certutil', '-A', '-d', self.certdb_dir, '-n', cert_nick, '-t', trust, diff --git a/base/common/python/pki/kra.py b/base/common/python/pki/kra.py index 6559b986b..9e46235d2 100644 --- a/base/common/python/pki/kra.py +++ b/base/common/python/pki/kra.py @@ -52,8 +52,6 @@ class KRAClient(object): initialized beforehand. """ self.connection = connection + self.crypto = crypto self.keys = key.KeyClient(connection, crypto, transport_cert_nick) self.system_certs = SystemCertClient(connection) - - - |