certdb: provide meaningful err msg for wrong PIN

ipa-server-install or ipa-replica-install do not provide a meaningful error message in CA-less mode when the install fails because of a wrong PIN. Update the err msg so that it provides a hint to the user. Fixes https://pagure.io/freeipa/issue/5378 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2024-12-23 07:33:27 -06:00 · 2018-10-02 16:14:05 +02:00 · 2018-10-02 16:14:05 +02:00 · 9e1c26c755
commit 9e1c26c755
parent 341a12054a
1 changed files with 34 additions and 7 deletions
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@ -221,6 +221,24 @@ KEY_RE = re.compile(
 )


+class Pkcs12ImportIncorrectPasswordError(RuntimeError):
+    """ Raised when import_pkcs12 fails because of a wrong password.
+    """
+    pass
+
+
+class Pkcs12ImportOpenError(RuntimeError):
+    """ Raised when import_pkcs12 fails trying to open the file.
+    """
+    pass
+
+
+class Pkcs12ImportUnknownError(RuntimeError):
+    """ Raised when import_pkcs12 fails because of an unknown error.
+    """
+    pass
+
+
 class NSSDatabase:
    """A general-purpose wrapper around a NSS cert database

@ -578,13 +596,15 @@ class NSSDatabase:
        try:
            self.run_pk12util(args)
        except ipautil.CalledProcessError as e:
-            if e.returncode == 17:
-                raise RuntimeError("incorrect password for pkcs#12 file %s" %
-                    pkcs12_filename)
+            if e.returncode == 17 or e.returncode == 18:
+                raise Pkcs12ImportIncorrectPasswordError(
+                    "incorrect password for pkcs#12 file %s" % pkcs12_filename)
            elif e.returncode == 10:
-                raise RuntimeError("Failed to open %s" % pkcs12_filename)
+                raise Pkcs12ImportOpenError(
+                    "Failed to open %s" % pkcs12_filename)
            else:
-                raise RuntimeError("unknown error import pkcs#12 file %s" %
+                raise Pkcs12ImportUnknownError(
+                    "unknown error import pkcs#12 file %s" %
                    pkcs12_filename)
        finally:
            if pkcs12_password_file is not None:
@ -722,8 +742,13 @@ class NSSDatabase:
            if import_keys:
                try:
                    self.import_pkcs12(filename, key_password)
-                except RuntimeError:
+                except Pkcs12ImportUnknownError:
+                    # the file may not be a PKCS#12 file,
+                    # go to the generic error about unrecognized format
                    pass
+                except RuntimeError as e:
+                    raise RuntimeError("Failed to load %s: %s" %
+                                       (filename, str(e)))
                else:
                    if key_file:
                        raise RuntimeError(
@ -749,7 +774,9 @@ class NSSDatabase:

                    continue

-            raise RuntimeError("Failed to load %s" % filename)
+            # Supported formats were tried but none succeeded
+            raise RuntimeError("Failed to load %s: unrecognized format" %
+                               filename)

        if import_keys and not key_file:
            raise RuntimeError(