diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2017-01-06 14:19:12 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-02-17 10:14:23 +0100 |
| commit | b20b0489ea06931bfa7d46bdbd6623bc3f09219b (patch) | |
| tree | 7472a2b5a6f2fde41e83c08d0510603028f413ae | |
| parent | ca457eb5ce12291f555f1bf771114d6d7d191987 (diff) | |
| download | freeipa-b20b0489ea06931bfa7d46bdbd6623bc3f09219b.tar.gz freeipa-b20b0489ea06931bfa7d46bdbd6623bc3f09219b.tar.xz freeipa-b20b0489ea06931bfa7d46bdbd6623bc3f09219b.zip | |
custodiainstance: don't use IPA-specific CertDB
Replaced CertDB with NSSDatabase.
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | ipaserver/install/custodiainstance.py | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index a0bb399d5..1be53994a 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -2,16 +2,16 @@ from ipaserver.secrets.kem import IPAKEMKeys from ipaserver.secrets.client import CustodiaClient -from ipaserver.install.certs import CertDB from ipaplatform.paths import paths from ipaplatform.constants import constants from ipaserver.install.service import SimpleServiceInstance from ipapython import ipautil from ipapython.ipa_log_manager import root_logger +from ipapython.certdb import NSSDatabase from ipaserver.install import installutils from ipaserver.install import ldapupdate from ipaserver.install import sysupgrade -from base64 import b64encode, b64decode +from base64 import b64decode from jwcrypto.common import json_decode import functools import shutil @@ -129,13 +129,9 @@ class CustodiaInstance(SimpleServiceInstance): # Temporary nssdb tmpnssdir = tempfile.mkdtemp(dir=paths.TMP) + tmpdb = NSSDatabase(tmpnssdir) + tmpdb.create_db() try: - # Temporary nssdb password - nsspwfile = os.path.join(tmpnssdir, 'nsspwfile') - with open(nsspwfile, 'w+') as f: - f.write(b64encode(os.urandom(16))) - f.flush() - # Cert file password crtpwfile = os.path.join(tmpnssdir, 'crtpwfile') with open(crtpwfile, 'w+') as f: @@ -152,21 +148,20 @@ class CustodiaInstance(SimpleServiceInstance): with open(pk12file, 'w+') as f: f.write(b64decode(v['pkcs12 data'])) ipautil.run([paths.PK12UTIL, - '-d', tmpnssdir, - '-k', nsspwfile, + '-d', tmpdb.secdir, + '-k', tmpdb.pwd_file, '-n', nickname, '-i', pk12file, '-w', pk12pwfile]) # Add CA certificates - tmpdb = CertDB(self.realm, nssdir=tmpnssdir) self.suffix = ipautil.realm_to_suffix(self.realm) self.import_ca_certs(tmpdb, True) # Now that we gathered all certs, re-export ipautil.run([paths.PKCS12EXPORT, - '-d', tmpnssdir, - '-p', nsspwfile, + '-d', tmpdb.secdir, + '-p', tmpdb.pwd_file, '-w', crtpwfile, '-o', cacerts_file]) |