diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 8e92ef082..e346a2b92 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -265,8 +265,7 @@ def install_step_0(standalone, replica_config, options): 'certmap.conf', 'subject_base', str(subject_base)) dsinstance.write_certmap_conf(realm_name, ca_subject) - ca = cainstance.CAInstance(realm_name, paths.IPA_RADB_DIR, - host_name=host_name) + ca = cainstance.CAInstance(realm_name, host_name=host_name) ca.configure_instance(host_name, dm_password, dm_password, subject_base=subject_base, ca_subject=ca_subject, @@ -293,8 +292,7 @@ def install_step_1(standalone, replica_config, options): subject_base = options._subject_base basedn = ipautil.realm_to_suffix(realm_name) - ca = cainstance.CAInstance(realm_name, paths.IPA_RADB_DIR, - host_name=host_name) + ca = cainstance.CAInstance(realm_name, host_name=host_name) ca.stop('pki-tomcat') @@ -356,7 +354,7 @@ def install_step_1(standalone, replica_config, options): def uninstall(): - ca_instance = cainstance.CAInstance(api.env.realm, paths.IPA_RADB_DIR) + ca_instance = cainstance.CAInstance(api.env.realm) ca_instance.stop_tracking_certificates() if ca_instance.is_configured(): ca_instance.uninstall() diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 3c86b9154..c9c4cb84a 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -294,7 +294,7 @@ class CAInstance(DogtagInstance): ('caSigningCert cert-pki-ca', 'ipaCACertRenewal')) server_cert_name = 'Server-Cert cert-pki-ca' - def __init__(self, realm=None, ra_db=None, host_name=None): + def __init__(self, realm=None, host_name=None): super(CAInstance, self).__init__( realm=realm, subsystem="CA", @@ -313,11 +313,8 @@ class CAInstance(DogtagInstance): self.canickname = get_ca_nickname(realm) else: self.canickname = None - self.ra_agent_db = ra_db - if self.ra_agent_db is not None: - self.ra_agent_pwd = self.ra_agent_db + "/pwdfile.txt" - else: - self.ra_agent_pwd = None + self.ra_agent_db = paths.IPA_RADB_DIR + self.ra_agent_pwd = os.path.join(self.ra_agent_db, "pwdfile.txt") self.ra_cert = None self.requestId = None self.log = log_mgr.get_logger(self) @@ -738,16 +735,6 @@ class CAInstance(DogtagInstance): conn.disconnect() - def __run_certutil(self, args, database=None, pwd_file=None, stdin=None, - **kwargs): - if not database: - database = self.ra_agent_db - if not pwd_file: - pwd_file = self.ra_agent_pwd - new_args = [paths.CERTUTIL, "-d", database, "-f", pwd_file] - new_args = new_args + args - return ipautil.run(new_args, stdin, nolog=(pwd_file,), **kwargs) - def __get_ca_chain(self): try: return dogtag.get_ca_certchain(ca_host=self.fqdn) @@ -787,7 +774,7 @@ class CAInstance(DogtagInstance): else: nick = str(subject_dn) trust_flags = ',,' - self.__run_certutil( + certdb.run_certutil( ['-A', '-t', trust_flags, '-n', nick, '-a', '-i', chain_file.name] ) @@ -848,7 +835,8 @@ class CAInstance(DogtagInstance): post_command='renew_ra_cert') self.requestId = str(reqId) - result = self.__run_certutil( + certdb = certs.CertDB(self.realm) + result = certdb.run_certutil( ['-L', '-n', 'ipaCert', '-a'], capture_output=True) self.ra_cert = x509.strip_header(result.output) self.ra_cert = "\n".join( @@ -1013,8 +1001,8 @@ class CAInstance(DogtagInstance): ca='dogtag-ipa-ca-renew-agent', nickname='ipaCert', pin=None, - pinfile=os.path.join(paths.IPA_RADB_DIR, 'pwdfile.txt'), - secdir=paths.IPA_RADB_DIR, + pinfile=self.ra_agent_pwd, + secdir=self.ra_agent_db, pre_command='renew_ra_cert_pre', post_command='renew_ra_cert') except RuntimeError as e: @@ -1033,7 +1021,7 @@ class CAInstance(DogtagInstance): certmonger.stop_tracking(self.nss_db, nickname=nickname) try: - certmonger.stop_tracking(paths.IPA_RADB_DIR, nickname='ipaCert') + certmonger.stop_tracking(self.ra_agent_db, nickname='ipaCert') except RuntimeError as e: root_logger.error( "certmonger failed to stop tracking certificate: %s", e) @@ -1859,5 +1847,5 @@ if __name__ == "__main__": standard_logging_setup("install.log") ds = dsinstance.DsInstance() - ca = CAInstance("EXAMPLE.COM", paths.HTTPD_ALIAS_DIR) + ca = CAInstance("EXAMPLE.COM") ca.configure_instance("catest.example.com", "password", "password") diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index e5d9de4d7..5ecd83678 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1540,7 +1540,7 @@ def upgrade_configuration(): sub_dict['SUBJECT_BASE'] = subject_base ca = cainstance.CAInstance( - api.env.realm, paths.IPA_RADB_DIR, host_name=api.env.host) + api.env.realm, host_name=api.env.host) ca_running = ca.is_running() # create passswd.txt file in PKI_TOMCAT_ALIAS_DIR if it does not exist