From b48889a2ef41fd45ca69c3926c36ef075777447c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 19 Feb 2016 15:09:49 +0100 Subject: Added pki-server commands to export system certificates. Some pki-server commands have been added to simplify exporting the required certificates for subsystem installations. These commands will invoke the pki pkcs12 utility to export the certificates from the instance NSS database. The pki-server ca-cert-chain-export command will export the the certificate chain needed for installing additional subsystems running on a separate instance. The pki-server -clone-prepare commands will export the certificates required for cloning a subsystem. https://fedorahosted.org/pki/ticket/1742 --- base/common/python/pki/nssdb.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'base/common/python/pki') diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index c6beab317..a418cdc00 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -484,7 +484,7 @@ class NSSDatabase(object): finally: shutil.rmtree(tmpdir) - def export_pkcs12(self, pkcs12_file, nickname, pkcs12_password=None, + def export_pkcs12(self, pkcs12_file, nicknames=None, pkcs12_password=None, pkcs12_password_file=None): tmpdir = tempfile.mkdtemp() @@ -502,14 +502,24 @@ class NSSDatabase(object): raise Exception('Missing PKCS #12 password') cmd = [ - 'pk12util', + 'pki', '-d', self.directory, - '-k', self.password_file, - '-o', pkcs12_file, - '-w', password_file, - '-n', nickname + '-C', self.password_file ] + if self.token and self.token != 'internal': + cmd.extend(['--token', self.token]) + + cmd.extend(['pkcs12-export']) + + cmd.extend([ + '--pkcs12', pkcs12_file, + '--pkcs12-password-file', password_file + ]) + + if nicknames: + cmd.extend(nicknames) + subprocess.check_call(cmd) finally: -- cgit