diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-13 14:44:03 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-09-05 13:59:04 +0200 |
commit | 063cd7724d77707a8070c5f416b19d966440d739 (patch) | |
tree | 869e018f2af468ee6957938be796859ada0f7d90 | |
parent | 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 (diff) | |
download | freeipa-063cd7724d77707a8070c5f416b19d966440d739.tar.gz freeipa-063cd7724d77707a8070c5f416b19d966440d739.tar.xz freeipa-063cd7724d77707a8070c5f416b19d966440d739.zip |
Add new NSSDatabase method get_cert for getting certs from NSS databases.
Part of https://fedorahosted.org/freeipa/ticket/3737
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r-- | ipaserver/install/certs.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 53d04723f..088dcc360 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -209,9 +209,21 @@ class NSSDatabase(object): raise RuntimeError( "Setting trust on %s failed" % root_nickname) + def get_cert(self, nickname, pem=False): + args = ['-L', '-n', nickname] + if pem: + args.append('-a') + else: + args.append('-r') + try: + cert, err, returncode = self.run_certutil(args) + except ipautil.CalledProcessError: + raise RuntimeError("Failed to get %s" % nickname) + return cert + def export_pem_cert(self, nickname, location): """Export the given cert to PEM file in the given location""" - cert, err, returncode = self.run_certutil(["-L", "-n", nickname, "-a"]) + cert = self.get_cert(nickname) with open(location, "w+") as fd: fd.write(cert) os.chmod(location, 0444) |