|
 |
f8ded1 |
From c5312d0b44b5f58ba5b92aba85b89e405213e8a8 Mon Sep 17 00:00:00 2001
|
|
|
f8ded1 |
From: Dinesh Prasanth M K <dmoluguw@redhat.com>
|
|
|
f8ded1 |
Date: Fri, 23 Jun 2017 15:57:29 -0400
|
|
|
f8ded1 |
Subject: [PATCH] Patch for "pki-server subsystem-cert-update" command
|
|
|
f8ded1 |
|
|
|
f8ded1 |
Currently, the --cert option has not been implemented for
|
|
|
f8ded1 |
`pki-server subsystem-cert-update` command. The --cert takes
|
|
|
f8ded1 |
certificate name that needs to be added to the NSS database
|
|
|
f8ded1 |
and replaces the existing certificate (if exists) in the
|
|
|
f8ded1 |
database
|
|
|
f8ded1 |
|
|
|
f8ded1 |
https://pagure.io/dogtagpki/issue/2756
|
|
|
f8ded1 |
|
|
|
f8ded1 |
Change-Id: If8be9edd55a673230f86e213fc803be365e55a92
|
|
|
f8ded1 |
(cherry picked from commit d762073c4b5bcd4f9f30e3b8439983a497a77c97)
|
|
|
f8ded1 |
---
|
|
|
f8ded1 |
base/server/python/pki/server/cli/subsystem.py | 29 +++++++++++++++++++++++++-
|
|
|
f8ded1 |
1 file changed, 28 insertions(+), 1 deletion(-)
|
|
|
f8ded1 |
|
|
|
f8ded1 |
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
|
|
|
f8ded1 |
index 10af8ca..a9857ba 100644
|
|
|
f8ded1 |
--- a/base/server/python/pki/server/cli/subsystem.py
|
|
|
f8ded1 |
+++ b/base/server/python/pki/server/cli/subsystem.py
|
|
|
f8ded1 |
@@ -741,6 +741,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):
|
|
|
f8ded1 |
print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).')
|
|
|
f8ded1 |
print(' -v, --verbose Run in verbose mode.')
|
|
|
f8ded1 |
print(' --help Show help message.')
|
|
|
f8ded1 |
+ print(' --cert <certificate> New certificate to be added')
|
|
|
f8ded1 |
print()
|
|
|
f8ded1 |
|
|
|
f8ded1 |
def execute(self, argv):
|
|
|
f8ded1 |
@@ -748,7 +749,8 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):
|
|
|
f8ded1 |
try:
|
|
|
f8ded1 |
opts, args = getopt.gnu_getopt(argv, 'i:v', [
|
|
|
f8ded1 |
'instance=',
|
|
|
f8ded1 |
- 'verbose', 'help'])
|
|
|
f8ded1 |
+ 'verbose', 'help',
|
|
|
f8ded1 |
+ 'cert='])
|
|
|
f8ded1 |
|
|
|
f8ded1 |
except getopt.GetoptError as e:
|
|
|
f8ded1 |
print('ERROR: ' + str(e))
|
|
|
f8ded1 |
@@ -756,6 +758,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):
|
|
|
f8ded1 |
sys.exit(1)
|
|
|
f8ded1 |
|
|
|
f8ded1 |
instance_name = 'pki-tomcat'
|
|
|
f8ded1 |
+ cert_file = None
|
|
|
f8ded1 |
|
|
|
f8ded1 |
for o, a in opts:
|
|
|
f8ded1 |
if o in ('-i', '--instance'):
|
|
|
f8ded1 |
@@ -768,6 +771,9 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):
|
|
|
f8ded1 |
self.usage()
|
|
|
f8ded1 |
sys.exit()
|
|
|
f8ded1 |
|
|
|
f8ded1 |
+ elif o == '--cert':
|
|
|
f8ded1 |
+ cert_file = a
|
|
|
f8ded1 |
+
|
|
|
f8ded1 |
else:
|
|
|
f8ded1 |
print('ERROR: unknown option ' + o)
|
|
|
f8ded1 |
self.usage()
|
|
|
f8ded1 |
@@ -807,6 +813,27 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):
|
|
|
f8ded1 |
|
|
|
f8ded1 |
token = subsystem_cert['token']
|
|
|
f8ded1 |
nssdb = instance.open_nssdb(token)
|
|
|
f8ded1 |
+
|
|
|
f8ded1 |
+ if cert_file:
|
|
|
f8ded1 |
+ if not os.path.isfile(cert_file):
|
|
|
f8ded1 |
+ print('ERROR: %s certificate does not exist.' % cert_file)
|
|
|
f8ded1 |
+ self.usage()
|
|
|
f8ded1 |
+ sys.exit(1)
|
|
|
f8ded1 |
+
|
|
|
f8ded1 |
+ data = nssdb.get_cert(
|
|
|
f8ded1 |
+ nickname=subsystem_cert['nickname'],
|
|
|
f8ded1 |
+ output_format='base64')
|
|
|
f8ded1 |
+
|
|
|
f8ded1 |
+ if data:
|
|
|
f8ded1 |
+ if self.verbose:
|
|
|
f8ded1 |
+ print('Removing old %s certificate from database.' % subsystem_cert['nickname'])
|
|
|
f8ded1 |
+ nssdb.remove_cert(nickname=subsystem_cert['nickname'])
|
|
|
f8ded1 |
+ if self.verbose:
|
|
|
f8ded1 |
+ print('Adding new %s certificate into database.' % subsystem_cert['nickname'])
|
|
|
f8ded1 |
+ nssdb.add_cert(
|
|
|
f8ded1 |
+ nickname=subsystem_cert['nickname'],
|
|
|
f8ded1 |
+ cert_file=cert_file)
|
|
|
f8ded1 |
+
|
|
|
f8ded1 |
data = nssdb.get_cert(
|
|
|
f8ded1 |
nickname=subsystem_cert['nickname'],
|
|
|
f8ded1 |
output_format='base64')
|
|
|
f8ded1 |
--
|
|
|
f8ded1 |
1.8.3.1
|
|
|
f8ded1 |
|