diff options
author | David Kupka <dkupka@redhat.com> | 2014-09-03 09:07:16 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-05 10:51:42 +0200 |
commit | 6d94cdf250c470bf77a0e769ea30a90fa5815b81 (patch) | |
tree | 499bd2ba7ddc4cd5311b35070e8f7db9a85b8b88 /ipaserver/install/certs.py | |
parent | 62a255949377d4a6b3cc197462223b5b0495d18d (diff) | |
download | freeipa-6d94cdf250c470bf77a0e769ea30a90fa5815b81.tar.gz freeipa-6d94cdf250c470bf77a0e769ea30a90fa5815b81.tar.xz freeipa-6d94cdf250c470bf77a0e769ea30a90fa5815b81.zip |
Use certmonger D-Bus API instead of messing with its files.
FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.
>=certmonger-0.75.13 is needed for this to work.
https://fedorahosted.org/freeipa/ticket/4280
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 26 |
1 files changed, 3 insertions, 23 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 6569f5144..4d508cde8 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -547,46 +547,26 @@ class CertDB(object): else: libpath = 'lib' command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command) - cmonger = services.knownservices.certmonger - cmonger.enable() - services.knownservices.messagebus.start() - cmonger.start() try: - (stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file, command) - except (ipautil.CalledProcessError, RuntimeError), e: + request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command) + except RuntimeError, e: root_logger.error("certmonger failed starting to track certificate: %s" % str(e)) return - cmonger.stop() cert = self.get_cert_from_db(nickname) nsscert = x509.load_certificate(cert, dbdir=self.secdir) subject = str(nsscert.subject) - m = re.match('New tracking request "(\d+)" added', stdout) - if not m: - root_logger.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout)) - raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir)) - request_id = m.group(1) - certmonger.add_principal(request_id, principal) certmonger.add_subject(request_id, subject) - cmonger.start() - def untrack_server_cert(self, nickname): """ Tell certmonger to stop tracking the given certificate nickname. """ - - # Always start certmonger. We can't untrack something if it isn't - # running - cmonger = services.knownservices.certmonger - services.knownservices.messagebus.start() - cmonger.start() try: certmonger.stop_tracking(self.secdir, nickname=nickname) - except (ipautil.CalledProcessError, RuntimeError), e: + except RuntimeError, e: root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e)) - cmonger.stop() def create_server_cert(self, nickname, hostname, other_certdb=None, subject=None): """ |