certdb: add named trust flag constants

Add named constants for common trust flag combinations.

Use the named constants instead of trust flags strings in the code.

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

install/restart_scripts/restart_httpd

@@ -24,6 +24,7 @@ import traceback
 from ipalib import api
 from ipaplatform import services
 from ipaplatform.paths import paths
+from ipapython.certdb import TRUSTED_PEER_TRUST_FLAGS
 from ipaserver.install import certs, installutils
 
 
@@ -36,7 +37,7 @@ def _main():
     nickname = installutils.get_directive(paths.HTTPD_NSS_CONF, "NSSNickname")
 
     # Add trust flag which set certificate trusted for SSL connections.
-    db.trust_root_cert(nickname, "P,,")
+    db.trust_root_cert(nickname, TRUSTED_PEER_TRUST_FLAGS)
 
     syslog.syslog(syslog.LOG_NOTICE, 'certmonger restarted httpd')
 

install/tools/ipa-replica-conncheck

@@ -549,7 +549,9 @@ def main():
                             data = ca_cert.public_bytes(
                                 serialization.Encoding.DER)
                             nss_db.add_cert(
-                                data, str(DN(ca_cert.subject)), 'C,,')
+                                data,
+                                str(DN(ca_cert.subject)),
+                                certdb.EXTERNAL_CA_TRUST_FLAGS)
 
                     api.bootstrap(context='client',
                                   confdir=paths.ETC_IPA,