CertDB: add API for non-destructive initialization from PKCS#12 bundle

`create_from_pkcs12` method of CertDB was re-creating NSS database files
during PKCS#12 bundle import. This may cause bugs because the file permissions
could be re-set to wrong values causing subtle bugs. Modify the class API so
that the server cert chain can be imported while preserving existing FS
attributes.

https://fedorahosted.org/freeipa/ticket/6429

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Babinsky 2016-10-25 15:51:06 +02:00 committed by Jan Cholasta
parent 7279ef1d0f
commit 2fdc2d0cb7

View File

@ -588,6 +588,14 @@ class CertDB(object):
self.create_noise_file()
self.create_passwd_file(passwd)
self.create_certdbs()
self.init_from_pkcs12(
pkcs12_fname,
pkcs12_passwd,
ca_file=ca_file,
trust_flags=trust_flags)
def init_from_pkcs12(self, pkcs12_fname, pkcs12_passwd,
ca_file=None, trust_flags=None):
self.import_pkcs12(pkcs12_fname, pkcs12_passwd)
server_certs = self.find_server_certs()
if len(server_certs) == 0: