From d1574136754ff7e2190b0cf9a99b211c1bfededa Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 31 Oct 2012 10:37:33 -0400
Subject: Use correct Dogtag configuration in get_pin and get_ca_certchain

Some install utilities used Dogtag configuration before Dogtag
was configured. Fix by passing the relevant dogtag_constants
where they're needed.
---
 ipapython/certmonger.py | 6 ++++--
 ipapython/dogtag.py     | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'ipapython')

diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index 22678dadb..f29050ea9 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -353,13 +353,15 @@ def remove_principal_from_cas():
         fp.close()
 
 # Routines specific to renewing dogtag CA certificates
-def get_pin(token):
+def get_pin(token, dogtag_constants=None):
     """
     Dogtag stores its NSS pin in a file formatted as token:PIN.
 
     The caller is expected to handle any exceptions raised.
     """
-    with open(dogtag.configured_constants().PASSWORD_CONF_PATH, 'r') as f:
+    if dogtag_constants is None:
+        dogtag_constants = dogtag.configured_constants()
+    with open(dogtag_constants.PASSWORD_CONF_PATH, 'r') as f:
         for line in f:
             (tok, pin) = line.split('=', 1)
             if token == tok:
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 067a66afb..1b428d20e 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -149,15 +149,17 @@ def error_from_xml(doc, message_template):
         return errors.RemoteRetrieveError(reason=message_template % e)
 
 
-def get_ca_certchain(ca_host=None):
+def get_ca_certchain(ca_host=None, dogtag_constants=None):
     """
     Retrieve the CA Certificate chain from the configured Dogtag server.
     """
     if ca_host is None:
         ca_host = api.env.ca_host
+    if dogtag_constants is None:
+        dogtag_constants = configured_constants()
     chain = None
     conn = httplib.HTTPConnection(ca_host,
-        api.env.ca_install_port or configured_constants().UNSECURE_PORT)
+        api.env.ca_install_port or dogtag_constants.UNSECURE_PORT)
     conn.request("GET", "/ca/ee/ca/getCertChain")
     res = conn.getresponse()
     doc = None
-- 
cgit