summaryrefslogtreecommitdiffstats
path: root/ipapython/certdb.py
Commit message (Collapse)AuthorAgeFilesLines
* certdb: never use the -r option of certutilJan Cholasta2016-03-161-10/+8
| | | | | | | | | | | | | | | The -r option makes certutil output certificates in DER. If there are multiple certificates sharing the same nickname, certutil will output them concatenated into a single blob. The blob is not a valid DER anymore and causes failures further in the code. Use the -a option instead to output the certificates in PEM and convert them to DER on demand. https://fedorahosted.org/freeipa/ticket/5117 https://fedorahosted.org/freeipa/ticket/5720 Reviewed-By: David Kupka <dkupka@redhat.com>
* client: stop using /etc/pki/nssdbJan Cholasta2016-02-241-0/+29
| | | | | | | | | | Don't put any IPA certificates to /etc/pki/nssdb - IPA itself uses /etc/ipa/nssdb and IPA CA certificates are provided to the system using p11-kit. Remove leftovers on upgrade. https://fedorahosted.org/freeipa/ticket/5592 Reviewed-By: David Kupka <dkupka@redhat.com>
* Refactor ipautil.runPetr Viktorin2015-12-141-13/+17
| | | | | | | | | | | | | | | | | | | | | The ipautil.run function now returns an object with returncode and output are accessible as attributes. The stdout and stderr of all commands are logged (unless skip_output is given). The stdout/stderr contents must be explicitly requested with a keyword argument, otherwise they are None. This is because in Python 3, the output needs to be decoded, and that can fail if it's not decodable (human-readable) text. The raw (bytes) output is always available from the result object, as is "leniently" decoded output suitable for logging. All calls are changed to reflect this. A use of Popen in cainstance is changed to ipautil.run. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* enable pem=True in export_pem_cert functionNiranjan MR2015-11-111-1/+1
| | | | | | | | | | export_pem_cert should export the certificate in pem format but instead exports the cert in der format as it doesn't enable pem=True. This patch specifies pem=True for export_pem_cert function Signed-off-by: Niranjan MR <mrniranjan@fedoraproject.org> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-4/+4
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-311-5/+5
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix CA cert validity check for CA-less and external CA installer optionsJan Cholasta2014-10-161-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4612 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add missing imports to ipapython.certdbJan Cholasta2014-09-301-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Use NSSDatabase instead of direct certutil calls in client codeJan Cholasta2014-09-301-11/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add NSSDatabase.has_nickname for checking nickname presence in a NSS DBJan Cholasta2014-09-301-0/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Move NSSDatabase from ipaserver.certs to ipapython.certdbJan Cholasta2014-09-301-0/+451
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Introduce NSS database /etc/ipa/nssdbJan Cholasta2014-09-301-0/+28
| | | | | | | | | | This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove unused ipapython.certdb.CertDB classPetr Viktorin2013-04-021-127/+0
|
* Drop ipapython.compat.Jan Cholasta2013-02-011-1/+1
|
* Move the compat module from ipalib to ipapython.Jan Cholasta2012-02-131-1/+1
| | | | | | Fixes import problems trying to import just ipalib/compat.py. https://fedorahosted.org/freeipa/ticket/754
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Use Realm as certs subject base nameSimo Sorce2010-11-181-1/+3
| | | | Also use the realm name as nickname for the CA certificate
* Use consistent, specific nickname for the IPA CA certificate.Rob Crittenden2010-10-011-2/+4
| | | | | | Also fix some imports for sha. We have a compat module for it, use it. ticket 181
* Handle CSRs whether they have NEW in the header or notRob Crittenden2010-05-031-7/+2
| | | | Also consolidate some duplicate code
* Fix a comment and some typosRob Crittenden2009-05-131-1/+1
|
* Fix breakage on python 2.4 with missing object subclassRob Crittenden2009-05-051-1/+1
|
* A class for dealing with a temporary NSS certificate databaseRob Crittenden2009-05-041-0/+150