diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-10-25 15:51:06 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:13:56 +0100 |
| commit | 2fdc2d0cb7fa98992fe6c2070cb5dc34c500ac09 (patch) | |
| tree | 545f07e4efc689c2ce06b8a7e54b6cc54ffd6e6b | |
| parent | 7279ef1d0f28dae9f3203362ca9e2245e56e111f (diff) | |
| download | freeipa-2fdc2d0cb7fa98992fe6c2070cb5dc34c500ac09.tar.gz freeipa-2fdc2d0cb7fa98992fe6c2070cb5dc34c500ac09.tar.xz freeipa-2fdc2d0cb7fa98992fe6c2070cb5dc34c500ac09.zip | |
CertDB: add API for non-destructive initialization from PKCS#12 bundle
`create_from_pkcs12` method of CertDB was re-creating NSS database files
during PKCS#12 bundle import. This may cause bugs because the file permissions
could be re-set to wrong values causing subtle bugs. Modify the class API so
that the server cert chain can be imported while preserving existing FS
attributes.
https://fedorahosted.org/freeipa/ticket/6429
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | ipaserver/install/certs.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 13e66cb6c..9f7cad85a 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -588,6 +588,14 @@ class CertDB(object): self.create_noise_file() self.create_passwd_file(passwd) self.create_certdbs() + self.init_from_pkcs12( + pkcs12_fname, + pkcs12_passwd, + ca_file=ca_file, + trust_flags=trust_flags) + + def init_from_pkcs12(self, pkcs12_fname, pkcs12_passwd, + ca_file=None, trust_flags=None): self.import_pkcs12(pkcs12_fname, pkcs12_passwd) server_certs = self.find_server_certs() if len(server_certs) == 0: |