Remove pkcs12 handling functions from CertDB

These functions don't require anything from the CertDB instance, move them out so no needless instantiation of CertDB is performed in order to use them. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Stanislav Laznicka <slaznick@redhat.com> 2017-02-27 08:43:59 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2017-03-01 09:43:41 +0000
commit: afea026a5c45ce24f3bf6da499b4d334eea3ca78 (patch)
tree: d7b6cb2a5affda9c76b5d5801224abb52e37d323
parent: 0a54fac02cecad3b9e3bf8ad0c8a44df3b701857 (diff)
download: freeipa-afea026a5c45ce24f3bf6da499b4d334eea3ca78.tar.gz
freeipa-afea026a5c45ce24f3bf6da499b4d334eea3ca78.tar.xz
freeipa-afea026a5c45ce24f3bf6da499b4d334eea3ca78.zip
3 files changed, 24 insertions, 25 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 001b03f3b..172521562 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -61,6 +61,27 @@ def get_cert_nickname(cert):
     return (str(dn[0]), dn)
 
 
+def install_pem_from_p12(p12_fname, p12_passwd, pem_fname):
+    pwd = ipautil.write_tmp_file(p12_passwd)
+    ipautil.run([paths.OPENSSL, "pkcs12", "-nokeys",
+                 "-in", p12_fname, "-out", pem_fname,
+                 "-passin", "file:" + pwd.name])
+
+
+def install_key_from_p12(p12_fname, p12_passwd, pem_fname):
+    pwd = ipautil.write_tmp_file(p12_passwd)
+    ipautil.run([paths.OPENSSL, "pkcs12", "-nodes", "-nocerts",
+                 "-in", p12_fname, "-out", pem_fname,
+                 "-passin", "file:" + pwd.name])
+
+
+def export_pem_p12(pkcs12_fname, pkcs12_pwd_fname, nickname, pem_fname):
+    ipautil.run([paths.OPENSSL, "pkcs12",
+                 "-export", "-name", nickname,
+                 "-in", pem_fname, "-out", pkcs12_fname,
+                 "-passout", "file:" + pkcs12_pwd_fname])
+
+
 class CertDB(object):
     """An IPA-server-specific wrapper around NSS
 
@@ -538,13 +559,6 @@ class CertDB(object):
                      "-k", self.passwd_fname,
                      "-w", pkcs12_pwd_fname])
 
-    def export_pem_p12(self, pkcs12_fname, pkcs12_pwd_fname,
-                       nickname, pem_fname):
-        ipautil.run([paths.OPENSSL, "pkcs12",
-                     "-export", "-name", nickname,
-                     "-in", pem_fname, "-out", pkcs12_fname,
-                     "-passout", "file:" + pkcs12_pwd_fname])
-
     def create_from_cacert(self):
         cacert_fname = paths.IPA_CA_CRT
         if ipautil.file_exists(self.certdb_fname):
@@ -629,18 +643,6 @@ class CertDB(object):
         self.create_pin_file()
         self.export_ca_cert(nickname, False)
 
-    def install_pem_from_p12(self, p12_fname, p12_passwd, pem_fname):
-        pwd = ipautil.write_tmp_file(p12_passwd)
-        ipautil.run([paths.OPENSSL, "pkcs12", "-nokeys",
-                     "-in", p12_fname, "-out", pem_fname,
-                     "-passin", "file:" + pwd.name])
-
-    def install_key_from_p12(self, p12_fname, p12_passwd, pem_fname):
-        pwd = ipautil.write_tmp_file(p12_passwd)
-        ipautil.run([paths.OPENSSL, "pkcs12", "-nodes", "-nocerts",
-                     "-in", p12_fname, "-out", pem_fname,
-                     "-passin", "file:" + pwd.name])
-
     def publish_ca_cert(self, location):
         self.nssdb.publish_ca_cert(self.cacert_name, location)
 
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 14d5c7397..6fa4b4a42 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -607,7 +607,7 @@ class ReplicaPrepare(admintool.AdminTool):
 
             try:
                 if is_kdc:
-                    db.export_pem_p12(pkcs12_fname, passwd_fname,
+                    certs.export_pem_p12(pkcs12_fname, passwd_fname,
                         nickname, os.path.join(self.dir, "kdc.pem"))
                 else:
                     db.export_pkcs12(pkcs12_fname, passwd_fname, nickname)
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 44b382126..9aa3b62e4 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -346,14 +346,11 @@ class KrbInstance(service.Service):
         self.move_service_to_host(host_principal)
 
     def setup_pkinit(self):
-        ca_db = certs.CertDB(self.realm, host_name=self.fqdn,
-                                subject_base=self.subject_base)
-
         if self.pkcs12_info:
-            ca_db.install_pem_from_p12(self.pkcs12_info[0],
+            certs.install_pem_from_p12(self.pkcs12_info[0],
                                        self.pkcs12_info[1],
                                        paths.KDC_CERT)
-            ca_db.install_key_from_p12(self.pkcs12_info[0],
+            certs.install_key_from_p12(self.pkcs12_info[0],
                                        self.pkcs12_info[1],
                                        paths.KDC_KEY)
         else:
author	Stanislav Laznicka <slaznick@redhat.com>	2017-02-27 08:43:59 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2017-03-01 09:43:41 +0000
commit	afea026a5c45ce24f3bf6da499b4d334eea3ca78 (patch)
tree	d7b6cb2a5affda9c76b5d5801224abb52e37d323
parent	0a54fac02cecad3b9e3bf8ad0c8a44df3b701857 (diff)
download	freeipa-afea026a5c45ce24f3bf6da499b4d334eea3ca78.tar.gz freeipa-afea026a5c45ce24f3bf6da499b4d334eea3ca78.tar.xz freeipa-afea026a5c45ce24f3bf6da499b4d334eea3ca78.zip