summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
Diffstat (limited to 'ipapython')
-rw-r--r--ipapython/certdb.py29
1 files changed, 29 insertions, 0 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 1e6c63a15..aea50a81f 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -56,6 +56,35 @@ def create_ipa_nssdb():
os.chmod(os.path.join(db.secdir, 'secmod.db'), 0o644)
+def update_ipa_nssdb():
+ ipa_db = NSSDatabase(paths.IPA_NSSDB_DIR)
+ sys_db = NSSDatabase(paths.NSS_DB_DIR)
+
+ if not os.path.exists(os.path.join(ipa_db.secdir, 'cert8.db')):
+ create_ipa_nssdb()
+
+ for nickname, trust_flags in (('IPA CA', 'CT,C,C'),
+ ('External CA cert', 'C,,')):
+ try:
+ cert = sys_db.get_cert(nickname)
+ except RuntimeError:
+ continue
+ try:
+ ipa_db.add_cert(cert, nickname, trust_flags)
+ except ipautil.CalledProcessError as e:
+ raise RuntimeError("Failed to add %s to %s: %s" %
+ (nickname, ipa_db.secdir, e))
+
+ # Remove IPA certs from /etc/pki/nssdb
+ for nickname, trust_flags in ipa_db.list_certs():
+ while sys_db.has_nickname(nickname):
+ try:
+ sys_db.delete_cert(nickname)
+ except ipautil.CalledProcessError as e:
+ raise RuntimeError("Failed to remove %s from %s: %s" %
+ (nickname, sys_db.secdir, e))
+
+
def find_cert_from_txt(cert, start=0):
"""
Given a cert blob (str) which may or may not contian leading and
generated by cgit (git 2.34.1) at 2026-03-28 17:17:31 +0000