summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki/server/deployment/pkihelper.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
-rw-r--r--base/server/python/pki/server/deployment/pkihelper.py32
1 files changed, 32 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index f01f6f69f..2898d7fe0 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -4592,6 +4592,34 @@ class ConfigClient:
return cert
+class SystemCertificateVerifier:
+ """ Verifies system certificates for a subsystem"""
+
+ def __init__(self, instance=None, subsystem=None):
+ self.instance = instance
+ self.subsystem = subsystem
+
+ def verify_certificate(self, cert_id=None):
+ cmd = ['pki-server', 'subsystem-cert-validate',
+ '-i', self.instance.name,
+ self.subsystem]
+ if cert_id is not None:
+ cmd.append(cert_id)
+ try:
+ subprocess.check_output(
+ cmd,
+ stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError as e:
+ config.pki_log.error(
+ "pki subsystem-cert-validate return code: " + str(e.returncode),
+ extra=config.PKI_INDENTATION_LEVEL_2
+ )
+ config.pki_log.error(
+ e.output,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ raise
+
+
class PKIDeployer:
"""Holds the global dictionaries and the utility objects"""
@@ -4660,3 +4688,7 @@ class PKIDeployer:
os.chmod(
new_descriptor,
config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS)
+
+ @staticmethod
+ def create_system_cert_verifier(instance=None, subsystem=None):
+ return SystemCertificateVerifier(instance, subsystem)
generated by cgit (git 2.34.1) at 2024-04-25 13:38:45 +0000