From a80e994148a81914858f82b14af5fad90e12533d Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Fri, 2 Nov 2012 16:44:47 -0400
Subject: Convert admin cert from ascii to binary before importing into certdb

Sometimes importing the ascii admin cert into th client certdb fails.
The binary always appears to work though.
---
 base/deploy/src/scriptlets/pkijython.py   | 19 ++++++++++++++++---
 base/deploy/src/scriptlets/pkimessages.py |  1 +
 2 files changed, 17 insertions(+), 3 deletions(-)

(limited to 'base')

diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index 6f71cb88b..4321e0a2a 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -581,11 +581,18 @@ class rest_client:
                     admin_cert_file = os.path.join(
                         master['pki_client_dir'],
                         master['pki_client_admin_cert'])
+                    admin_cert_bin_file = admin_cert_file + ".der"
                     javasystem.out.println(log.PKI_JYTHON_ADMIN_CERT_SAVE +\
                                            " " + "'" + admin_cert_file + "'")
                     FILE = open(admin_cert_file, "w")
                     FILE.write(admin_cert)
                     FILE.close()
+                    # convert the cert file to binary
+                    command = "AtoB "+ admin_cert_file + " " + admin_cert_bin_file
+                    javasystem.out.println(log.PKI_JYTHON_ADMIN_CERT_ATOB +\
+                        " " + "'" + command + "'")
+                    os.system(command)
+
                     # Since Jython runs under Java, it does NOT support the
                     # following operating system specific command:
                     #
@@ -594,11 +601,18 @@ class rest_client:
                     #         config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS)
                     #
                     # Emulate it with a system call.
-                    command = "chmod" + " " + "660" + " " + admin_cert_file
+                    command = "chmod" + " 660 " + admin_cert_file
                     javasystem.out.println(
                         log.PKI_JYTHON_CHMOD +\
                         " " + "'" + command + "'")
                     os.system(command)
+
+                    command = "chmod" + " 660 " + admin_cert_bin_file
+                    javasystem.out.println(
+                        log.PKI_JYTHON_CHMOD +\
+                        " " + "'" + command + "'")
+                    os.system(command)
+
                     # Import the Administration Certificate
                     # into the client NSS security database
                     command = "certutil" + " " +\
@@ -613,9 +627,8 @@ class rest_client:
                               master['pki_client_password_conf'] + " " +\
                               "-d" + " " +\
                               master['pki_client_database_dir'] + " " +\
-                              "-a" + " " +\
                               "-i" + " " +\
-                              admin_cert_file
+                              admin_cert_bin_file
                     javasystem.out.println(
                         log.PKI_JYTHON_ADMIN_CERT_IMPORT +\
                         " " + "'" + command + "'")
diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py
index cce2e8f0e..becbea63e 100644
--- a/base/deploy/src/scriptlets/pkimessages.py
+++ b/base/deploy/src/scriptlets/pkimessages.py
@@ -282,6 +282,7 @@ PKI_JYTHON_ADMIN_CERT_EXPORT = "exporting Admin Certificate from "\
 PKI_JYTHON_ADMIN_CERT_IMPORT = "importing Admin Certificate into "\
                                "NSS client security database:"
 PKI_JYTHON_ADMIN_CERT_SAVE = "saving Admin Certificate to file:"
+PKI_JYTHON_ADMIN_CERT_ATOB = "converting Admin Certificate to binary:"
 PKI_JYTHON_CDATA_TAG = "tag:"
 PKI_JYTHON_CDATA_CERT = "cert:"
 PKI_JYTHON_CDATA_REQUEST = "request:"
-- 
cgit