summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki/server/deployment/scriptlets/security_databases.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/security_databases.py')
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/security_databases.py25
1 files changed, 24 insertions, 1 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
index 947c9a740..a2ba8f436 100644
--- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py
+++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
@@ -21,7 +21,9 @@
from __future__ import absolute_import
+import os
import pki.nssdb
+import pki.server
# PKI Deployment Imports
from .. import pkiconfig as config
@@ -90,7 +92,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# importing system certificates
- pki_server_pkcs12_password = deployer.mdict['pki_server_pkcs12_password']
+ pki_server_pkcs12_password = deployer.mdict[
+ 'pki_server_pkcs12_password']
if not pki_server_pkcs12_password:
raise Exception('Missing pki_server_pkcs12_password property.')
@@ -102,6 +105,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
pkcs12_file=pki_server_pkcs12_path,
pkcs12_password=pki_server_pkcs12_password)
+ # update external CA file (if needed)
+ external_cert_path = deployer.mdict['pki_server_external_cert_path']
+ if external_cert_path is not None:
+ self.update_external_cert_conf(external_cert_path, deployer)
+
if len(deployer.instance.tomcat_instance_subsystems()) < 2:
# only create a self signed cert for a new instance
#
@@ -175,6 +183,21 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
deployer.file.delete(deployer.mdict['pki_shared_pfile'])
return self.rv
+ def update_external_cert_conf(self, external_path, deployer):
+ external_certs = pki.server.PKIInstance.read_external_certs(
+ external_path)
+
+ if len(external_certs) > 0:
+ instance = pki.server.PKIInstance(
+ deployer.mdict['pki_instance_name'])
+ instance.load_external_certs(
+ os.path.join(deployer.mdict['pki_instance_configuration_path'],
+ 'external_certs.conf')
+ )
+
+ for cert in external_certs:
+ instance.add_external_cert(cert.nickname, cert.token)
+
def destroy(self, deployer):
config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__,
generated by cgit (git 2.34.1) at 2024-05-02 04:39:31 +0000