Properly handle non-existent cert files

https://fedorahosted.org/freeipa/ticket/3785

ipaserver/install/certs.py

@@ -188,6 +188,8 @@ class NSSDatabase(object):
             if e.returncode == 17:
                 raise RuntimeError("incorrect password for pkcs#12 file %s" %
                     pkcs12_filename)
+            elif e.returncode == 10:
+                raise RuntimeError("Failed to open %s" % pkcs12_filename)
             else:
                 raise RuntimeError("unknown error import pkcs#12 file %s" %
                     pkcs12_filename)
@@ -206,6 +208,8 @@ class NSSDatabase(object):
         except ipautil.CalledProcessError, e:
             if e.returncode == 17:
                 raise RuntimeError("incorrect password for pkcs#12 file")
+            elif e.returncode == 10:
+                raise RuntimeError("Failed to open %s" % pkcs12_fname)
             else:
                 raise RuntimeError("unknown error using pkcs#12 file")
 
@@ -255,8 +259,13 @@ class NSSDatabase(object):
 
         The file must contain exactly one certificate.
         """
+        try:
             with open(location) as fd:
                 certs = fd.read()
+        except IOError as e:
+            raise RuntimeError(
+                "Failed to open %s: %s" % (location, e.strerror)
+            )
 
         cert, st = find_cert_from_txt(certs)
         self.add_single_pem_cert(nickname, flags, cert)

ipaserver/install/installutils.py

@@ -721,7 +721,7 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
         ca_cert_name = 'The Root CA'
         try:
             nssdb.import_pem_cert(ca_cert_name, "CT,C,C", ca_file)
-        except ValueError, e:
+        except (ValueError, RuntimeError) as e:
             raise ScriptError(str(e))
 
         # Import everything in the PKCS#12