From eb28cf05cfad246383dbda054c8cd477bc7acc73 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Sat, 20 Aug 2016 10:47:15 +0200
Subject: Updated pki-server subsystem-cert-update CLI.

The pki-server subsystem-cert-update CLI has been updated to
use certutil to retrieve the certificate data from the proper
token. It will also show a warning if the certificate request
cannot be found.

The NSSDatabase constructor has been modified to normalize the
name of internal NSS token to None. If the token name is None,
the certutil will be executed without the -h option.

The NSSDatabase.get_cert() has been modified to prepend the token
name to the certificate nickname.

https://fedorahosted.org/pki/ticket/2440
---
 base/common/python/pki/nssdb.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'base/common/python')

diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
index ed456540b..736efcac3 100644
--- a/base/common/python/pki/nssdb.py
+++ b/base/common/python/pki/nssdb.py
@@ -105,7 +105,11 @@ class NSSDatabase(object):
             directory = os.path.join(os.path.expanduser("~"), '.dogtag', 'nssdb')
 
         self.directory = directory
-        self.token = token
+
+        if token == 'internal' or token == 'Internal Key Storage Token':
+            self.token = None
+        else:
+            self.token = token
 
         self.tmpdir = tempfile.mkdtemp()
 
@@ -425,12 +429,15 @@ class NSSDatabase(object):
             '-d', self.directory
         ]
 
+        fullname = nickname
+
         if self.token:
             cmd.extend(['-h', self.token])
+            fullname = self.token + ':' + fullname
 
         cmd.extend([
             '-f', self.password_file,
-            '-n', nickname,
+            '-n', fullname,
             output_format_option
         ])
 
-- 
cgit