diff options
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 8d7b7d0d..7ad4c508 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -194,46 +194,6 @@ class NSSDatabase(object): raise RuntimeError("unknown error import pkcs#12 file %s" % pkcs12_filename) - def find_root_cert_from_pkcs12(self, pkcs12_fname, passwd_fname=None): - """Given a PKCS#12 file, try to find any certificates that do - not have a key. The assumption is that these are the root CAs. - """ - args = ["/usr/bin/pk12util", "-d", self.secdir, - "-l", pkcs12_fname, - "-k", passwd_fname] - if passwd_fname: - args = args + ["-w", passwd_fname] - try: - (stdout, stderr, returncode) = ipautil.run(args) - except ipautil.CalledProcessError, e: - if e.returncode == 17: - raise RuntimeError("incorrect password for pkcs#12 file") - elif e.returncode == 10: - raise RuntimeError("Failed to open %s" % pkcs12_fname) - else: - raise RuntimeError("unknown error using pkcs#12 file") - - lines = stdout.split('\n') - - # A simple state machine. - # 1 = looking for a line starting with 'Certificate' - # 2 = looking for the Friendly name (nickname) - nicknames = [] - state = 1 - for line in lines: - if state == 2: - m = re.match("\W+Friendly Name: (.*)", line) - if m: - nicknames.append( m.groups(0)[0]) - state = 1 - if line == "Certificate:": - state = 2 - elif line and not line.startswith(' '): - # Top-level item that is not a certificate - state = 1 - - return nicknames - def trust_root_cert(self, root_nickname): if root_nickname[:7] == "Builtin": root_logger.debug( @@ -791,10 +751,6 @@ class CertDB(object): return root_nicknames - def find_root_cert_from_pkcs12(self, pkcs12_fname, passwd_fname=None): - return self.nssdb.find_root_cert_from_pkcs12(pkcs12_fname, - passwd_fname=passwd_fname) - def trust_root_cert(self, root_nickname): if root_nickname is None: root_logger.debug("Unable to identify root certificate to trust. Continuing but things are likely to fail.") |