Add pki_pin only when needed

If both the pki-tomcat NSS database and its password.conf have been
created, don't try to override the password.conf file.

https://pagure.io/freeipa/issue/6839

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Stanislav Laznicka
2017-04-03 14:08:46 +02:00
committed by Tomas Krizek
parent 6c2772dde5
commit 1aa77fe389
2 changed files with 14 additions and 6 deletions

View File

@@ -541,9 +541,13 @@ class CAInstance(DogtagInstance):
# CA key algorithm
config.set("CA", "pki_ca_signing_key_algorithm", self.ca_signing_algorithm)
if not (os.path.isdir(paths.PKI_TOMCAT_ALIAS_DIR) and
os.path.isfile(paths.PKI_TOMCAT_PASSWORD_CONF)):
# generate pin which we know can be used for FIPS NSS database
pki_pin = ipautil.ipa_generate_password()
config.set("CA", "pki_pin", pki_pin)
else:
pki_pin = None
if self.clone:

View File

@@ -235,9 +235,13 @@ class KRAInstance(DogtagInstance):
"KRA", "pki_share_dbuser_dn",
str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))
if not (os.path.isdir(paths.PKI_TOMCAT_ALIAS_DIR) and
os.path.isfile(paths.PKI_TOMCAT_PASSWORD_CONF)):
# generate pin which we know can be used for FIPS NSS database
pki_pin = ipautil.ipa_generate_password()
config.set("KRA", "pki_pin", pki_pin)
else:
pki_pin = None
_p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP)