Upload CA certificate from DS NSS database in CA-less server install.

Before, the file provided in the --root-ca-file option was used directly for the upload. However, it is the same file which is imported to the NSS database, so the second code path is not necessary. Also removed now unused upload_ca_dercert method of dsinstance. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2025-02-25 18:55:28 -06:00 · 2013-10-15 17:25:34 +00:00 · 2013-10-15 17:25:34 +00:00 · 9b3055ca41
commit 9b3055ca41
parent 48539b35d7
2 changed files with 7 additions and 18 deletions
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@ -68,7 +68,7 @@ from ipapython import sysrestore
 from ipapython.ipautil import *
 from ipapython import ipautil
 from ipapython import dogtag
-from ipalib import api, errors, util, x509
+from ipalib import api, errors, util
 from ipapython.config import IPAOptionParser
 from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
 from ipalib.util import validate_domain_name
@ -1120,14 +1120,8 @@ def main():
        # This is done within stopped_service context, which restarts CA
        ca.enable_client_auth_to_db()

-        # Upload the CA cert to the directory
-        ds.upload_ca_cert()
-    else:
-        with open(options.root_ca_file) as f:
-            pem_cert = f.read()
-
-        # Upload the CA cert to the directory
-        ds.upload_ca_dercert(base64.b64decode(x509.strip_header(pem_cert)))
+    # Upload the CA cert to the directory
+    ds.upload_ca_cert()

    krb = krbinstance.KrbInstance(fstore)
    if options.pkinit_pkcs12:
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -672,22 +672,17 @@ class DsInstance(service.Service):
        dsdb = certs.NSSDatabase(nssdir=dirname)
        dsdb.export_pem_cert(nickname, location)

-    def upload_ca_cert(self, cacert_name=None):
+    def upload_ca_cert(self):
        """
        Upload the CA certificate from the NSS database to the LDAP directory.
        """

        dirname = config_dirname(self.serverid)
-        certdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
+        certdb = certs.CertDB(self.realm, nssdir=dirname,
+                              subject_base=self.subject_base)

-        if cacert_name is None:
-            cacert_name = certdb.cacert_name
-        dercert = certdb.get_cert_from_db(cacert_name, pem=False)
-        self.upload_ca_dercert(dercert)
+        dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False)

-    def upload_ca_dercert(self, dercert):
-        """Upload the CA DER certificate to the LDAP directory
-        """
        conn = ipaldap.IPAdmin(self.fqdn)
        conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password)