mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Remove ra_db argument from CAInstance init
The ra_db argument to CAInstance init is a constant so it can be removed. This constant corresponds to the default CertDB directory and since CertDB now passes passwords to its inner NSSDatabase instance we do need to care about having our own run_certutil() method. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
parent
b367c3a622
commit
728a6bd422
@ -265,8 +265,7 @@ def install_step_0(standalone, replica_config, options):
|
||||
'certmap.conf', 'subject_base', str(subject_base))
|
||||
dsinstance.write_certmap_conf(realm_name, ca_subject)
|
||||
|
||||
ca = cainstance.CAInstance(realm_name, paths.IPA_RADB_DIR,
|
||||
host_name=host_name)
|
||||
ca = cainstance.CAInstance(realm_name, host_name=host_name)
|
||||
ca.configure_instance(host_name, dm_password, dm_password,
|
||||
subject_base=subject_base,
|
||||
ca_subject=ca_subject,
|
||||
@ -293,8 +292,7 @@ def install_step_1(standalone, replica_config, options):
|
||||
subject_base = options._subject_base
|
||||
basedn = ipautil.realm_to_suffix(realm_name)
|
||||
|
||||
ca = cainstance.CAInstance(realm_name, paths.IPA_RADB_DIR,
|
||||
host_name=host_name)
|
||||
ca = cainstance.CAInstance(realm_name, host_name=host_name)
|
||||
|
||||
ca.stop('pki-tomcat')
|
||||
|
||||
@ -356,7 +354,7 @@ def install_step_1(standalone, replica_config, options):
|
||||
|
||||
|
||||
def uninstall():
|
||||
ca_instance = cainstance.CAInstance(api.env.realm, paths.IPA_RADB_DIR)
|
||||
ca_instance = cainstance.CAInstance(api.env.realm)
|
||||
ca_instance.stop_tracking_certificates()
|
||||
if ca_instance.is_configured():
|
||||
ca_instance.uninstall()
|
||||
|
@ -294,7 +294,7 @@ class CAInstance(DogtagInstance):
|
||||
('caSigningCert cert-pki-ca', 'ipaCACertRenewal'))
|
||||
server_cert_name = 'Server-Cert cert-pki-ca'
|
||||
|
||||
def __init__(self, realm=None, ra_db=None, host_name=None):
|
||||
def __init__(self, realm=None, host_name=None):
|
||||
super(CAInstance, self).__init__(
|
||||
realm=realm,
|
||||
subsystem="CA",
|
||||
@ -313,11 +313,8 @@ class CAInstance(DogtagInstance):
|
||||
self.canickname = get_ca_nickname(realm)
|
||||
else:
|
||||
self.canickname = None
|
||||
self.ra_agent_db = ra_db
|
||||
if self.ra_agent_db is not None:
|
||||
self.ra_agent_pwd = self.ra_agent_db + "/pwdfile.txt"
|
||||
else:
|
||||
self.ra_agent_pwd = None
|
||||
self.ra_agent_db = paths.IPA_RADB_DIR
|
||||
self.ra_agent_pwd = os.path.join(self.ra_agent_db, "pwdfile.txt")
|
||||
self.ra_cert = None
|
||||
self.requestId = None
|
||||
self.log = log_mgr.get_logger(self)
|
||||
@ -738,16 +735,6 @@ class CAInstance(DogtagInstance):
|
||||
|
||||
conn.disconnect()
|
||||
|
||||
def __run_certutil(self, args, database=None, pwd_file=None, stdin=None,
|
||||
**kwargs):
|
||||
if not database:
|
||||
database = self.ra_agent_db
|
||||
if not pwd_file:
|
||||
pwd_file = self.ra_agent_pwd
|
||||
new_args = [paths.CERTUTIL, "-d", database, "-f", pwd_file]
|
||||
new_args = new_args + args
|
||||
return ipautil.run(new_args, stdin, nolog=(pwd_file,), **kwargs)
|
||||
|
||||
def __get_ca_chain(self):
|
||||
try:
|
||||
return dogtag.get_ca_certchain(ca_host=self.fqdn)
|
||||
@ -787,7 +774,7 @@ class CAInstance(DogtagInstance):
|
||||
else:
|
||||
nick = str(subject_dn)
|
||||
trust_flags = ',,'
|
||||
self.__run_certutil(
|
||||
certdb.run_certutil(
|
||||
['-A', '-t', trust_flags, '-n', nick, '-a',
|
||||
'-i', chain_file.name]
|
||||
)
|
||||
@ -848,7 +835,8 @@ class CAInstance(DogtagInstance):
|
||||
post_command='renew_ra_cert')
|
||||
|
||||
self.requestId = str(reqId)
|
||||
result = self.__run_certutil(
|
||||
certdb = certs.CertDB(self.realm)
|
||||
result = certdb.run_certutil(
|
||||
['-L', '-n', 'ipaCert', '-a'], capture_output=True)
|
||||
self.ra_cert = x509.strip_header(result.output)
|
||||
self.ra_cert = "\n".join(
|
||||
@ -1013,8 +1001,8 @@ class CAInstance(DogtagInstance):
|
||||
ca='dogtag-ipa-ca-renew-agent',
|
||||
nickname='ipaCert',
|
||||
pin=None,
|
||||
pinfile=os.path.join(paths.IPA_RADB_DIR, 'pwdfile.txt'),
|
||||
secdir=paths.IPA_RADB_DIR,
|
||||
pinfile=self.ra_agent_pwd,
|
||||
secdir=self.ra_agent_db,
|
||||
pre_command='renew_ra_cert_pre',
|
||||
post_command='renew_ra_cert')
|
||||
except RuntimeError as e:
|
||||
@ -1033,7 +1021,7 @@ class CAInstance(DogtagInstance):
|
||||
certmonger.stop_tracking(self.nss_db, nickname=nickname)
|
||||
|
||||
try:
|
||||
certmonger.stop_tracking(paths.IPA_RADB_DIR, nickname='ipaCert')
|
||||
certmonger.stop_tracking(self.ra_agent_db, nickname='ipaCert')
|
||||
except RuntimeError as e:
|
||||
root_logger.error(
|
||||
"certmonger failed to stop tracking certificate: %s", e)
|
||||
@ -1859,5 +1847,5 @@ if __name__ == "__main__":
|
||||
standard_logging_setup("install.log")
|
||||
ds = dsinstance.DsInstance()
|
||||
|
||||
ca = CAInstance("EXAMPLE.COM", paths.HTTPD_ALIAS_DIR)
|
||||
ca = CAInstance("EXAMPLE.COM")
|
||||
ca.configure_instance("catest.example.com", "password", "password")
|
||||
|
@ -1540,7 +1540,7 @@ def upgrade_configuration():
|
||||
sub_dict['SUBJECT_BASE'] = subject_base
|
||||
|
||||
ca = cainstance.CAInstance(
|
||||
api.env.realm, paths.IPA_RADB_DIR, host_name=api.env.host)
|
||||
api.env.realm, host_name=api.env.host)
|
||||
ca_running = ca.is_running()
|
||||
|
||||
# create passswd.txt file in PKI_TOMCAT_ALIAS_DIR if it does not exist
|
||||
|
Loading…
Reference in New Issue
Block a user