Properly handle non-existent cert files

https://fedorahosted.org/freeipa/ticket/3785
author: Ana Krivokapic <akrivoka@redhat.com> 2013-07-17 16:30:15 +0200
committer: Martin Kosek <mkosek@redhat.com> 2013-07-18 13:37:40 +0200
commit: f637d05a182c0e8e73ac2048ce11e2603b0f2b4c (patch)
tree: 4e60d32c713c36291d2d846ae602e59599d69b7f
parent: 240b12169b9a52113426f6b7893ea9c6bfaf4ea4 (diff)
download: freeipa.git-f637d05a182c0e8e73ac2048ce11e2603b0f2b4c.tar.gz
freeipa.git-f637d05a182c0e8e73ac2048ce11e2603b0f2b4c.tar.xz
freeipa.git-f637d05a182c0e8e73ac2048ce11e2603b0f2b4c.zip
2 files changed, 12 insertions, 3 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 06925d53..6d01d2be 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -188,6 +188,8 @@ class NSSDatabase(object):
             if e.returncode == 17:
                 raise RuntimeError("incorrect password for pkcs#12 file %s" %
                     pkcs12_filename)
+            elif e.returncode == 10:
+                raise RuntimeError("Failed to open %s" % pkcs12_filename)
             else:
                 raise RuntimeError("unknown error import pkcs#12 file %s" %
                     pkcs12_filename)
@@ -206,6 +208,8 @@ class NSSDatabase(object):
         except ipautil.CalledProcessError, e:
             if e.returncode == 17:
                 raise RuntimeError("incorrect password for pkcs#12 file")
+            elif e.returncode == 10:
+                raise RuntimeError("Failed to open %s" % pkcs12_fname)
             else:
                 raise RuntimeError("unknown error using pkcs#12 file")
 
@@ -255,8 +259,13 @@ class NSSDatabase(object):
 
         The file must contain exactly one certificate.
         """
-        with open(location) as fd:
-            certs = fd.read()
+        try:
+            with open(location) as fd:
+                certs = fd.read()
+        except IOError as e:
+            raise RuntimeError(
+                "Failed to open %s: %s" % (location, e.strerror)
+            )
 
         cert, st = find_cert_from_txt(certs)
         self.add_single_pem_cert(nickname, flags, cert)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index a716525b..d23f9b57 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -721,7 +721,7 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
         ca_cert_name = 'The Root CA'
         try:
             nssdb.import_pem_cert(ca_cert_name, "CT,C,C", ca_file)
-        except ValueError, e:
+        except (ValueError, RuntimeError) as e:
             raise ScriptError(str(e))
 
         # Import everything in the PKCS#12
author	Ana Krivokapic <akrivoka@redhat.com>	2013-07-17 16:30:15 +0200
committer	Martin Kosek <mkosek@redhat.com>	2013-07-18 13:37:40 +0200
commit	f637d05a182c0e8e73ac2048ce11e2603b0f2b4c (patch)
tree	4e60d32c713c36291d2d846ae602e59599d69b7f
parent	240b12169b9a52113426f6b7893ea9c6bfaf4ea4 (diff)
download	freeipa.git-f637d05a182c0e8e73ac2048ce11e2603b0f2b4c.tar.gz freeipa.git-f637d05a182c0e8e73ac2048ce11e2603b0f2b4c.tar.xz freeipa.git-f637d05a182c0e8e73ac2048ce11e2603b0f2b4c.zip