From 78cf94a52cba0b3205a8aacaeacfe1415a68a2c9 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 20 Aug 2013 06:44:58 +0000
Subject: [PATCH] Ask for PKCS#12 password interactively in
 ipa-server-certinstall.

https://fedorahosted.org/freeipa/ticket/3641
---
 ipaserver/install/ipa_server_certinstall.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index a87f393e1..bda054bfb 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -69,9 +69,6 @@ class ServerCertInstall(admintool.AdminTool):
 
         if not self.options.dirsrv and not self.options.http:
             self.option_parser.error("you must specify dirsrv and/or http")
-        if not self.options.pin:
-            self.option_parser.error("you must provide the password for the "
-                                     "PKCS#12 file")
 
         if len(self.args) != 1:
             self.option_parser.error("you must provide a pkcs12 filename")
@@ -86,6 +83,13 @@ class ServerCertInstall(admintool.AdminTool):
                 raise admintool.ScriptError(
                     "Directory Manager password required")
 
+        if not self.options.pin:
+            self.options.pin = installutils.read_password(
+                "Enter %s unlock" % self.args[0], confirm=False, validate=False)
+            if self.options.pin is None:
+                raise admintool.ScriptError(
+                    "%s unlock password required" % self.args[0])
+
     def run(self):
         api.bootstrap(in_server=True)
         api.finalize()