Use consistent, specific nickname for the IPA CA certificate.

Also fix some imports for sha. We have a compat module for it, use it. ticket 181
2025-01-22 14:23:19 -06:00 · 2010-09-28 23:10:25 -04:00 · 2010-09-28 23:10:25 -04:00 · 3703062ab2
commit 3703062ab2
parent 3127df2aee
5 changed files with 14 additions and 14 deletions
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@ -21,10 +21,12 @@ from ipapython import ipautil
 from ipapython import nsslib
 from ipalib import pkcs10
 import tempfile
-import sha
+from ipalib.compat import sha1
 import shutil
 import os

+CA_NICKNAME = "IPA CA"
+
 class CertDB(object):
    """
    To be used for temporary NSS databases only. If temporary is set then
@ -64,7 +66,7 @@ class CertDB(object):
        return ipautil.run(new_args, stdin)

    def generate_random(self):
-        return sha.sha(ipautil.ipa_generate_password()).hexdigest()
+        return sha1(ipautil.ipa_generate_password()).hexdigest()

    def create_noise_file(self):
        """
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@ -36,6 +36,7 @@ import urllib
 import xml.dom.minidom
 import stat
 from ipapython import dogtag
+from ipapython.certdb import CA_NICKNAME
 from ipalib import pkcs10
 import subprocess

@ -381,7 +382,7 @@ class CAInstance(service.Service):
        # The same database is used for mod_nss because the NSS context
        # will already have been initialized by Apache by the time
        # mod_python wants to do things.
-        self.canickname = "CA certificate"
+        self.canickname = CA_NICKNAME
        self.basedn = "o=ipaca"
        self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-")
        self.ra_agent_db = "/etc/httpd/alias"
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@ -33,6 +33,7 @@ from ipapython import dogtag
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython import certmonger
+from ipapython.certdb import CA_NICKNAME
 from ipalib import pkcs10
 from ConfigParser import RawConfigParser, MissingSectionHeaderError
 import service
@ -44,12 +45,7 @@ import nss.nss as nss

 from ipalib import api

-# The sha module is deprecated in Python 2.6, replaced by hashlib. Try
-# that first and fall back to sha.sha if it isn't available.
-try:
-    from hashlib import sha256 as sha
-except ImportError:
-    from sha import sha
+from ipalib.compat import sha1

 CA_SERIALNO="/var/lib/ipa/ca_serialno"

@ -195,7 +191,7 @@ class CertDB(object):
        else:
            self.subject_format = "CN=%s,O=IPA"

-        self.cacert_name = "CA certificate"
+        self.cacert_name = CA_NICKNAME
        self.valid_months = "120"
        self.keysize = "1024"

@ -268,7 +264,7 @@ class CertDB(object):
        os.chmod(fname, perms)

    def gen_password(self):
-        return sha(ipautil.ipa_generate_password()).hexdigest()
+        return sha1(ipautil.ipa_generate_password()).hexdigest()

    def run_certutil(self, args, stdin=None):
        new_args = ["/usr/bin/certutil", "-d", self.secdir]
@ -857,7 +853,7 @@ class CertDB(object):
            else:
                raise RuntimeError("unknown error import pkcs#12 file")

-    def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname="CA certificate"):
+    def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=CA_NICKNAME):
        ipautil.run(["/usr/bin/pk12util", "-d", self.secdir,
                     "-o", pkcs12_fname,
                     "-n", nickname,
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -522,7 +522,7 @@ class DsInstance(service.Service):
        first have to shut down the directory server in case it has
        opened the cert db read-only.  Then we use the CertDB class
        to add the CA cert.  We have to provide a nickname, and we
-        do not use 'CA certificate' since that's the default, so
+        do not use 'IPA CA' since that's the default, so
        we use 'Imported CA' if none specified.  Then we restart
        the server."""
        # first make sure we have a valid cacert_fname
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@ -39,6 +39,7 @@ from ipalib import Backend
 from ipalib import errors
 from ipalib import x509
 from ipalib import pkcs10
+from ipapython.certdb import CA_NICKNAME
 import subprocess
 import os
 import re
@ -156,7 +157,7 @@ class ra(rabase.rabase):
                "/usr/bin/certutil",
                "-C",
                "-d", self.sec_dir,
-                "-c", "CA certificate",
+                "-c", CA_NICKNAME,
                "-i", csr_name,
                "-o", cert_name,
                "-m", str(serialno),