diff options
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/security_databases.py')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/security_databases.py | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 947c9a740..a2ba8f436 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -21,7 +21,9 @@ from __future__ import absolute_import +import os import pki.nssdb +import pki.server # PKI Deployment Imports from .. import pkiconfig as config @@ -90,7 +92,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # importing system certificates - pki_server_pkcs12_password = deployer.mdict['pki_server_pkcs12_password'] + pki_server_pkcs12_password = deployer.mdict[ + 'pki_server_pkcs12_password'] if not pki_server_pkcs12_password: raise Exception('Missing pki_server_pkcs12_password property.') @@ -102,6 +105,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): pkcs12_file=pki_server_pkcs12_path, pkcs12_password=pki_server_pkcs12_password) + # update external CA file (if needed) + external_cert_path = deployer.mdict['pki_server_external_cert_path'] + if external_cert_path is not None: + self.update_external_cert_conf(external_cert_path, deployer) + if len(deployer.instance.tomcat_instance_subsystems()) < 2: # only create a self signed cert for a new instance # @@ -175,6 +183,21 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.file.delete(deployer.mdict['pki_shared_pfile']) return self.rv + def update_external_cert_conf(self, external_path, deployer): + external_certs = pki.server.PKIInstance.read_external_certs( + external_path) + + if len(external_certs) > 0: + instance = pki.server.PKIInstance( + deployer.mdict['pki_instance_name']) + instance.load_external_certs( + os.path.join(deployer.mdict['pki_instance_configuration_path'], + 'external_certs.conf') + ) + + for cert in external_certs: + instance.add_external_cert(cert.nickname, cert.token) + def destroy(self, deployer): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, |