From c5312d0b44b5f58ba5b92aba85b89e405213e8a8 Mon Sep 17 00:00:00 2001

From: Dinesh Prasanth M K <dmoluguw@redhat.com>

Date: Fri, 23 Jun 2017 15:57:29 -0400

Subject: [PATCH] Patch for "pki-server subsystem-cert-update" command

Currently, the --cert option has not been implemented for

`pki-server subsystem-cert-update` command. The --cert takes

certificate name that needs to be added to the NSS database

and replaces the existing certificate (if exists) in the

database

https://pagure.io/dogtagpki/issue/2756

Change-Id: If8be9edd55a673230f86e213fc803be365e55a92

(cherry picked from commit d762073c4b5bcd4f9f30e3b8439983a497a77c97)

---

 base/server/python/pki/server/cli/subsystem.py | 29 +++++++++++++++++++++++++-

 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py

index 10af8ca..a9857ba 100644

--- a/base/server/python/pki/server/cli/subsystem.py

+++ b/base/server/python/pki/server/cli/subsystem.py

@@ -741,6 +741,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):

         print('  -i, --instance <instance ID>    Instance ID (default: pki-tomcat).')

         print('  -v, --verbose                   Run in verbose mode.')

         print('      --help                      Show help message.')

+        print('      --cert <certificate>        New certificate to be added')

         print()

     def execute(self, argv):

@@ -748,7 +749,8 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):

         try:

             opts, args = getopt.gnu_getopt(argv, 'i:v', [

                 'instance=',

-                'verbose', 'help'])

+                'verbose', 'help',

+                'cert='])

         except getopt.GetoptError as e:

             print('ERROR: ' + str(e))

@@ -756,6 +758,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):

             sys.exit(1)

         instance_name = 'pki-tomcat'

+        cert_file = None

         for o, a in opts:

             if o in ('-i', '--instance'):

@@ -768,6 +771,9 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):

                 self.usage()

                 sys.exit()

+            elif o == '--cert':

+                cert_file = a

+

             else:

                 print('ERROR: unknown option ' + o)

                 self.usage()

@@ -807,6 +813,27 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):

         token = subsystem_cert['token']

         nssdb = instance.open_nssdb(token)

+

+        if cert_file:

+            if not os.path.isfile(cert_file):

+                print('ERROR: %s certificate does not exist.' % cert_file)

+                self.usage()

+                sys.exit(1)

+

+            data = nssdb.get_cert(

+                nickname=subsystem_cert['nickname'],

+                output_format='base64')

+

+            if data:

+                if self.verbose:

+                    print('Removing old %s certificate from database.' % subsystem_cert['nickname'])

+                nssdb.remove_cert(nickname=subsystem_cert['nickname'])

+            if self.verbose:

+                print('Adding new %s certificate into database.' % subsystem_cert['nickname'])

+            nssdb.add_cert(

+                nickname=subsystem_cert['nickname'],

+                cert_file=cert_file)

+

         data = nssdb.get_cert(

             nickname=subsystem_cert['nickname'],

             output_format='base64')

-- 

1.8.3.1