Add new add_cert method for adding certificates to NSSDatabase and CertDB.

Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and
remove add_single_pem_cert.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Jan Cholasta 2014-06-12 11:16:52 +02:00 committed by Petr Viktorin
parent feecdb4cdc
commit 88706c5674
2 changed files with 13 additions and 15 deletions

View File

@ -232,7 +232,7 @@ class NSSDatabase(object):
)
cert, st = find_cert_from_txt(certs)
self.add_single_pem_cert(nickname, flags, cert)
self.add_cert(cert, nickname, flags, pem=True)
try:
find_cert_from_txt(certs, st)
@ -242,12 +242,11 @@ class NSSDatabase(object):
raise ValueError('%s contains more than one certificate' %
location)
def add_single_pem_cert(self, nick, flags, cert):
"""Import a cert in PEM format"""
self.run_certutil(["-A", "-n", nick,
"-t", flags,
"-a"],
stdin=cert)
def add_cert(self, cert, nick, flags, pem=False):
args = ["-A", "-n", nick, "-t", flags]
if pem:
args.append("-a")
self.run_certutil(args, stdin=cert)
def delete_cert(self, nick):
self.run_certutil(["-D", "-n", nick])
@ -500,7 +499,7 @@ class CertDB(object):
else:
nick = str(subject_dn)
tf = ',,'
self.nssdb.add_single_pem_cert(nick, tf, cert)
self.nssdb.add_cert(cert, nick, tf, pem=True)
except RuntimeError:
break
@ -737,6 +736,9 @@ class CertDB(object):
f.write(cert)
f.close()
def add_cert(self, cert, nick, flags, pem=False):
self.nssdb.add_cert(cert, nick, flags, pem)
def import_cert(self, cert_fname, nickname):
"""
Load a certificate from a PEM file and add minimal trust.

View File

@ -216,21 +216,17 @@ class CACertManage(admintool.AdminTool):
with certs.NSSDatabase() as tmpdb:
pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
tmpdb.create_db(pw.name)
tmpdb.add_single_pem_cert(
'IPA CA', 'C,,', x509.make_pem(base64.b64encode(old_cert)))
tmpdb.add_cert(old_cert, 'IPA CA', 'C,,')
try:
tmpdb.add_single_pem_cert(
'IPA CA', 'C,,', x509.make_pem(base64.b64encode(cert)))
tmpdb.add_cert(cert, 'IPA CA', 'C,,')
except ipautil.CalledProcessError, e:
raise admintool.ScriptError(
"Not compatible with the current CA certificate: %s", e)
ca_certs = x509.load_certificate_chain_from_file(ca_filename)
for ca_cert in ca_certs:
tmpdb.add_single_pem_cert(
str(ca_cert.subject), 'C,,',
x509.make_pem(base64.b64encode(ca_cert.der_data)))
tmpdb.add_cert(ca_cert.der_data, str(ca_cert.subject), 'C,,')
del ca_certs
del ca_cert