summaryrefslogtreecommitdiffstats
path: root/ipapython/certmonger.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipapython/certmonger.py')
-rw-r--r--ipapython/certmonger.py36
1 files changed, 36 insertions, 0 deletions
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index 9cc4466c..22678dad 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -114,6 +114,27 @@ def get_request_id(criteria):
return reqid
+def get_requests_for_dir(dir):
+ """
+ Return a list containing the request ids for a given NSS database
+ directory.
+ """
+ reqid=[]
+ fileList=os.listdir(REQUEST_DIR)
+ for file in fileList:
+ rv = find_request_value(os.path.join(REQUEST_DIR, file),
+ 'cert_storage_location')
+ if rv is None:
+ continue
+ rv = os.path.abspath(rv).rstrip()
+ if rv != dir:
+ continue
+ id = find_request_value(os.path.join(REQUEST_DIR, file), 'id')
+ if id is not None:
+ reqid.append(id.rstrip())
+
+ return reqid
+
def add_request_value(request_id, directive, value):
"""
Add a new directive to a certmonger request file.
@@ -393,6 +414,21 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, command):
(stdout, stderr, returncode) = ipautil.run(args, nolog=[pin])
+def check_state(dirs):
+ """
+ Given a set of directories and nicknames verify that we are no longer
+ tracking certificates.
+
+ dirs is a list of directories to test for. We will return a tuple
+ of nicknames for any tracked certificates found.
+
+ This can only check for NSS-based certificates.
+ """
+ reqids = []
+ for dir in dirs:
+ reqids.extend(get_requests_for_dir(dir))
+
+ return reqids
if __name__ == '__main__':
request_id = request_cert("/etc/httpd/alias", "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM")
generated by cgit (git 2.34.1) at 2024-05-20 05:53:53 +0000