From c123264ac77cd533a08978909f837c8f4d3e224e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 25 Sep 2013 08:33:35 +0000
Subject: Read passwords from stdin when importing PKCS#12 files with pk12util.

This works around pk12util refusing to use empty password files, which prevents
the use of PKCS#12 files with empty password.

https://fedorahosted.org/freeipa/ticket/3897
---
 ipaserver/install/ipa_server_certinstall.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'ipaserver/install/ipa_server_certinstall.py')

diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index a9563e09..1aa27b2e 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -155,9 +155,8 @@ class ServerCertInstall(admintool.AdminTool):
         os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
 
     def import_cert(self, dirname, pkcs12_passwd, old_cert, principal, command):
-        pw = write_tmp_file(pkcs12_passwd)
         server_cert = installutils.check_pkcs12(
-            pkcs12_info=(self.pkcs12_fname, pw.name),
+            pkcs12_info=(self.pkcs12_fname, pkcs12_passwd),
             ca_file=CACERT,
             hostname=api.env.host)
 
@@ -167,7 +166,7 @@ class ServerCertInstall(admintool.AdminTool):
                 cdb.untrack_server_cert(old_cert)
 
             cdb.delete_cert(old_cert)
-            cdb.import_pkcs12(self.pkcs12_fname, pw.name)
+            cdb.import_pkcs12(self.pkcs12_fname, pkcs12_passwd)
 
             if api.env.enable_ra:
                 cdb.track_server_cert(server_cert, principal, cdb.passwd_fname,
-- 
cgit