From f637d05a182c0e8e73ac2048ce11e2603b0f2b4c Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akrivoka@redhat.com>
Date: Wed, 17 Jul 2013 16:30:15 +0200
Subject: Properly handle non-existent cert files

https://fedorahosted.org/freeipa/ticket/3785
---
 ipaserver/install/certs.py        | 13 +++++++++++--
 ipaserver/install/installutils.py |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 06925d53..6d01d2be 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -188,6 +188,8 @@ class NSSDatabase(object):
             if e.returncode == 17:
                 raise RuntimeError("incorrect password for pkcs#12 file %s" %
                     pkcs12_filename)
+            elif e.returncode == 10:
+                raise RuntimeError("Failed to open %s" % pkcs12_filename)
             else:
                 raise RuntimeError("unknown error import pkcs#12 file %s" %
                     pkcs12_filename)
@@ -206,6 +208,8 @@ class NSSDatabase(object):
         except ipautil.CalledProcessError, e:
             if e.returncode == 17:
                 raise RuntimeError("incorrect password for pkcs#12 file")
+            elif e.returncode == 10:
+                raise RuntimeError("Failed to open %s" % pkcs12_fname)
             else:
                 raise RuntimeError("unknown error using pkcs#12 file")
 
@@ -255,8 +259,13 @@ class NSSDatabase(object):
 
         The file must contain exactly one certificate.
         """
-        with open(location) as fd:
-            certs = fd.read()
+        try:
+            with open(location) as fd:
+                certs = fd.read()
+        except IOError as e:
+            raise RuntimeError(
+                "Failed to open %s: %s" % (location, e.strerror)
+            )
 
         cert, st = find_cert_from_txt(certs)
         self.add_single_pem_cert(nickname, flags, cert)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index a716525b..d23f9b57 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -721,7 +721,7 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
         ca_cert_name = 'The Root CA'
         try:
             nssdb.import_pem_cert(ca_cert_name, "CT,C,C", ca_file)
-        except ValueError, e:
+        except (ValueError, RuntimeError) as e:
             raise ScriptError(str(e))
 
         # Import everything in the PKCS#12
-- 
cgit