diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-18 12:00:15 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:01:38 +0200 |
commit | bbf962299d23071f238eadbbec4922100cc7c6e8 (patch) | |
tree | 585090ef42039643782765c581bc97c7d818d79c /ipa-client/ipaclient/ipa_certupdate.py | |
parent | b764e9d3e6fcd380c9420c2d442293fdd12ec5dc (diff) | |
download | freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.tar.gz freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.tar.xz freeipa-bbf962299d23071f238eadbbec4922100cc7c6e8.zip |
Use NSSDatabase instead of direct certutil calls in client code
https://fedorahosted.org/freeipa/ticket/4416
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipa-client/ipaclient/ipa_certupdate.py')
-rw-r--r-- | ipa-client/ipaclient/ipa_certupdate.py | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py index 57dbf200b..f7b0e29ba 100644 --- a/ipa-client/ipaclient/ipa_certupdate.py +++ b/ipa-client/ipaclient/ipa_certupdate.py @@ -22,7 +22,7 @@ import tempfile import shutil from ipapython import (admintool, ipautil, ipaldap, sysrestore, dogtag, - certmonger) + certmonger, certdb) from ipaplatform import services from ipaplatform.paths import paths from ipaplatform.tasks import tasks @@ -72,11 +72,10 @@ class CertUpdate(admintool.AdminTool): self.update_file(paths.IPA_CA_CRT, certs) self.update_db(paths.IPA_NSSDB_DIR, certs) + sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR) for nickname in ('IPA CA', 'External CA cert'): try: - ipautil.run([paths.CERTUTIL, '-D', - '-d', paths.NSS_DB_DIR, - '-n', nickname]) + sys_db.delete_cert(nickname) except ipautil.CalledProcessError, e: pass @@ -165,15 +164,12 @@ class CertUpdate(admintool.AdminTool): self.log.error("failed to update %s: %s", filename, e) def update_db(self, path, certs): + db = certdb.NSSDatabase(path) for cert, nickname, trusted, eku in certs: trust_flags = certstore.key_policy_to_trust_flags( trusted, True, eku) try: - ipautil.run([paths.CERTUTIL, '-A', - '-d', path, - '-n', nickname, - '-t', trust_flags], - stdin=cert) + db.add_cert(cert, nickname, trust_flags) except ipautil.CalledProcessError, e: self.log.error( "failed to update %s in %s: %s", nickname, path, e) |