mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Add new add_cert method for adding certificates to NSSDatabase and CertDB.
Replace all uses of NSSDatabase method add_single_pem_cert with add_cert and remove add_single_pem_cert. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
feecdb4cdc
commit
88706c5674
@ -232,7 +232,7 @@ class NSSDatabase(object):
|
||||
)
|
||||
|
||||
cert, st = find_cert_from_txt(certs)
|
||||
self.add_single_pem_cert(nickname, flags, cert)
|
||||
self.add_cert(cert, nickname, flags, pem=True)
|
||||
|
||||
try:
|
||||
find_cert_from_txt(certs, st)
|
||||
@ -242,12 +242,11 @@ class NSSDatabase(object):
|
||||
raise ValueError('%s contains more than one certificate' %
|
||||
location)
|
||||
|
||||
def add_single_pem_cert(self, nick, flags, cert):
|
||||
"""Import a cert in PEM format"""
|
||||
self.run_certutil(["-A", "-n", nick,
|
||||
"-t", flags,
|
||||
"-a"],
|
||||
stdin=cert)
|
||||
def add_cert(self, cert, nick, flags, pem=False):
|
||||
args = ["-A", "-n", nick, "-t", flags]
|
||||
if pem:
|
||||
args.append("-a")
|
||||
self.run_certutil(args, stdin=cert)
|
||||
|
||||
def delete_cert(self, nick):
|
||||
self.run_certutil(["-D", "-n", nick])
|
||||
@ -500,7 +499,7 @@ class CertDB(object):
|
||||
else:
|
||||
nick = str(subject_dn)
|
||||
tf = ',,'
|
||||
self.nssdb.add_single_pem_cert(nick, tf, cert)
|
||||
self.nssdb.add_cert(cert, nick, tf, pem=True)
|
||||
except RuntimeError:
|
||||
break
|
||||
|
||||
@ -737,6 +736,9 @@ class CertDB(object):
|
||||
f.write(cert)
|
||||
f.close()
|
||||
|
||||
def add_cert(self, cert, nick, flags, pem=False):
|
||||
self.nssdb.add_cert(cert, nick, flags, pem)
|
||||
|
||||
def import_cert(self, cert_fname, nickname):
|
||||
"""
|
||||
Load a certificate from a PEM file and add minimal trust.
|
||||
|
@ -216,21 +216,17 @@ class CACertManage(admintool.AdminTool):
|
||||
with certs.NSSDatabase() as tmpdb:
|
||||
pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
|
||||
tmpdb.create_db(pw.name)
|
||||
tmpdb.add_single_pem_cert(
|
||||
'IPA CA', 'C,,', x509.make_pem(base64.b64encode(old_cert)))
|
||||
tmpdb.add_cert(old_cert, 'IPA CA', 'C,,')
|
||||
|
||||
try:
|
||||
tmpdb.add_single_pem_cert(
|
||||
'IPA CA', 'C,,', x509.make_pem(base64.b64encode(cert)))
|
||||
tmpdb.add_cert(cert, 'IPA CA', 'C,,')
|
||||
except ipautil.CalledProcessError, e:
|
||||
raise admintool.ScriptError(
|
||||
"Not compatible with the current CA certificate: %s", e)
|
||||
|
||||
ca_certs = x509.load_certificate_chain_from_file(ca_filename)
|
||||
for ca_cert in ca_certs:
|
||||
tmpdb.add_single_pem_cert(
|
||||
str(ca_cert.subject), 'C,,',
|
||||
x509.make_pem(base64.b64encode(ca_cert.der_data)))
|
||||
tmpdb.add_cert(ca_cert.der_data, str(ca_cert.subject), 'C,,')
|
||||
del ca_certs
|
||||
del ca_cert
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user