From 63e18ecfe383827678cf77463520463ca7a4d821 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 13 Dec 2016 10:32:32 -0500
Subject: Separate RA cert store from the HTTP cert store

This is in preparation for separating out the user under which the
ipa api framework runs as.

This commit also removes certs.NSS_DIR to avoid confusion and replaces
it where appropriate with the correct NSS DB directory, either the old
HTTPD_ALIAS_DIR ot the RA DB IPA_RADB_DIR. In some cases its use is
removed altogether as it was simply not necessary.

https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 ipaserver/plugins/dogtag.py | 8 ++++----
 ipaserver/plugins/rabase.py | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'ipaserver/plugins')

diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 2f9fd4b37..6ff6d292c 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1242,8 +1242,8 @@ class RestClient(Backend):
             self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
             self.pwd_file = self.sec_dir + os.sep + '.pwd'
         else:
-            self.sec_dir = paths.HTTPD_ALIAS_DIR
-            self.pwd_file = paths.ALIAS_PWDFILE_TXT
+            self.sec_dir = paths.IPA_RADB_DIR
+            self.pwd_file = os.path.join(paths.IPA_RADB_DIR, 'pwdfile.txt')
         self.noise_file = self.sec_dir + os.sep + '.noise'
         self.ipa_key_size = "2048"
         self.ipa_certificate_nickname = "ipaCert"
@@ -2015,8 +2015,8 @@ class kra(Backend):
             raise RuntimeError('KRA service is not enabled')
 
         crypto = cryptoutil.NSSCryptoProvider(
-            paths.HTTPD_ALIAS_DIR,
-            password_file=paths.ALIAS_PWDFILE_TXT)
+            paths.IPA_RADB_DIR,
+            password_file=os.path.join(paths.IPA_RADB_DIR, 'pwdfile.txt'))
 
         # TODO: obtain KRA host & port from IPA service list or point to KRA load balancer
         # https://fedorahosted.org/freeipa/ticket/4557
diff --git a/ipaserver/plugins/rabase.py b/ipaserver/plugins/rabase.py
index 736c16698..8f2c8c388 100644
--- a/ipaserver/plugins/rabase.py
+++ b/ipaserver/plugins/rabase.py
@@ -44,8 +44,8 @@ class rabase(Backend):
             self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
             self.pwd_file = self.sec_dir + os.sep + '.pwd'
         else:
-            self.sec_dir = paths.HTTPD_ALIAS_DIR
-            self.pwd_file = paths.ALIAS_PWDFILE_TXT
+            self.sec_dir = paths.IPA_RADB_DIR
+            self.pwd_file = os.path.join(paths.IPA_RADB_DIR, 'pwdfile.txt')
         super(rabase, self).__init__(api)
 
 
-- 
cgit