From d1574136754ff7e2190b0cf9a99b211c1bfededa Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 31 Oct 2012 10:37:33 -0400
Subject: Use correct Dogtag configuration in get_pin and get_ca_certchain

Some install utilities used Dogtag configuration before Dogtag
was configured. Fix by passing the relevant dogtag_constants
where they're needed.
---
 ipaserver/install/cainstance.py | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'ipaserver/install/cainstance.py')

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 9b32623c..2e4375b8 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1091,7 +1091,8 @@ class CAInstance(service.Service):
 
     def __get_ca_chain(self):
         try:
-            return dogtag.get_ca_certchain(ca_host=self.fqdn)
+            return dogtag.get_ca_certchain(ca_host=self.fqdn,
+                dogtag_constants=self.dogtag_constants)
         except Exception, e:
             raise RuntimeError("Unable to retrieve CA chain: %s" % str(e))
 
@@ -1387,11 +1388,16 @@ class CAInstance(service.Service):
         with open(HTTPD_CONFD + "ipa-pki-proxy.conf", "w") as fd:
             fd.write(template)
 
-    def track_servercert(self):
+    def __get_ca_pin(self):
         try:
-            pin = certmonger.get_pin('internal')
+            return certmonger.get_pin('internal',
+                dogtag_constants=self.dogtag_constants)
         except IOError, e:
-            raise RuntimeError('Unable to determine PIN for CA instance: %s' % str(e))
+            raise RuntimeError(
+                'Unable to determine PIN for CA instance: %s' % str(e))
+
+    def track_servercert(self):
+        pin = self.__get_ca_pin()
         certmonger.dogtag_start_tracking(
             'dogtag-ipa-renew-agent', 'Server-Cert cert-pki-ca', pin, None,
             self.dogtag_constants.ALIAS_DIR,
@@ -1403,10 +1409,7 @@ class CAInstance(service.Service):
         ipaservices.knownservices.messagebus.start()
         cmonger.start()
 
-        try:
-            pin = certmonger.get_pin('internal')
-        except IOError, e:
-            raise RuntimeError('Unable to determine PIN for CA instance: %s' % str(e))
+        pin = self.__get_ca_pin()
 
         # Server-Cert cert-pki-ca is renewed per-server
         for nickname in ['auditSigningCert cert-pki-ca',
@@ -1449,10 +1452,7 @@ class CAInstance(service.Service):
         certificate is available. If it is then it gets installed.
         """
 
-        try:
-            pin = certmonger.get_pin('internal')
-        except IOError, e:
-            raise RuntimeError('Unable to determine PIN for CA instance: %s' % str(e))
+        pin = self.__get_ca_pin()
 
         # Server-Cert cert-pki-ca is renewed per-server
         for nickname in ['auditSigningCert cert-pki-ca',
-- 
cgit