IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

CertDB: add API for non-destructive initialization from PKCS#12 bundle

Browse Source 
`create_from_pkcs12` method of CertDB was re-creating NSS database files
during PKCS#12 bundle import. This may cause bugs because the file permissions
could be re-set to wrong values causing subtle bugs. Modify the class API so
that the server cert chain can be imported while preserving existing FS
attributes.

https://fedorahosted.org/freeipa/ticket/6429

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Babinsky 2016-10-25 15:51:06 +02:00 committed by Jan Cholasta
parent 7279ef1d0f
commit 2fdc2d0cb7
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ipaserver/install/certs.py
View File

@ -588,6 +588,14 @@ class CertDB(object):
self.create_noise_file() self.create_noise_file()
self.create_passwd_file(passwd) self.create_passwd_file(passwd)
self.create_certdbs() self.create_certdbs()
self.init_from_pkcs12(
pkcs12_fname,
pkcs12_passwd,
ca_file=ca_file,
trust_flags=trust_flags)
def init_from_pkcs12(self, pkcs12_fname, pkcs12_passwd,
ca_file=None, trust_flags=None):
self.import_pkcs12(pkcs12_fname, pkcs12_passwd) self.import_pkcs12(pkcs12_fname, pkcs12_passwd)
server_certs = self.find_server_certs() server_certs = self.find_server_certs()
if len(server_certs) == 0: if len(server_certs) == 0: