1 files changed, 30 insertions, 2 deletions

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 14b96ba36..66a76c75d 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -25,6 +25,7 @@ import traceback
 
 from ipapython import certmonger
 from ipapython import dogtag
+from ipapython import ipaldap
 from ipapython import ipautil
 from ipapython import services as ipaservices
 from ipapython.dn import DN
@@ -66,6 +67,9 @@ class DogtagInstance(service.Service):
     CA, KRA, and eventually TKS and TPS.
     """
 
+    ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
+    AGENT_P12_PATH = '/root/ca-agent.p12'
+
     def __init__(self, realm, subsystem, service_desc, dogtag_constants=None):
         if dogtag_constants is None:
             dogtag_constants = dogtag.configured_constants()
@@ -84,6 +88,7 @@ class DogtagInstance(service.Service):
         self.clone = False
 
         self.basedn = DN(('o', 'ipa%s' % subsystem.lower()))
+        self.admin_user = DN(('uid', 'admin'), ('ou', 'people'), ('o', 'ipaca'))
         self.agent_db = tempfile.mkdtemp(prefix="tmp-")
         self.ds_port = DEFAULT_DSPORT
         self.server_root = dogtag_constants.SERVER_ROOT
@@ -109,7 +114,7 @@ class DogtagInstance(service.Service):
             self.server_root, self.dogtag_constants.PKI_INSTANCE_NAME,
             self.subsystem.lower()))
 
-    def spawn_instance(self, cfg_file):
+    def spawn_instance(self, cfg_file, nolog_list=None):
         """
         Create and configure a new Dogtag instance using pkispawn.
         Passes in a configuration file with IPA-specific
@@ -118,7 +123,10 @@ class DogtagInstance(service.Service):
         subsystem = self.subsystem
 
         # Define the things we don't want logged
-        nolog = (self.admin_password, self.dm_password,)
+        if nolog_list is None:
+            nolog_list = []
+        nolog_list.extend([self.admin_password, self.dm_password])
+        nolog = tuple(nolog_list)
 
         args = ["/usr/sbin/pkispawn",
                 "-s", subsystem,
@@ -330,3 +338,23 @@ class DogtagInstance(service.Service):
                 base64.b64encode(cert),
                 quotes=False,
                 separator='=')
+
+    def get_admin_cert(self):
+        """
+        Get the certificate for the admin user by checking the ldap entry
+        for the user
+        """
+        root_logger.debug('Trying to find the certificate for the admin user')
+        conn = None
+
+        try:
+            conn = ipaldap.IPAdmin(self.fqdn, self.ds_port)
+            conn.do_simple_bind(DN(('cn', 'Directory Manager')), self.dm_password)
+
+            entry_attrs = conn.get_entry(self.admin_user, ['usercertificate'])
+            admin_cert = entry_attrs.get('usercertificate')[0]
+        finally:
+            if conn is not None:
+                conn.unbind()
+
+        return base64.b64encode(admin_cert)
\ No newline at end of file