From c5312d0b44b5f58ba5b92aba85b89e405213e8a8 Mon Sep 17 00:00:00 2001 From: Dinesh Prasanth M K Date: Fri, 23 Jun 2017 15:57:29 -0400 Subject: [PATCH] Patch for "pki-server subsystem-cert-update" command Currently, the --cert option has not been implemented for `pki-server subsystem-cert-update` command. The --cert takes certificate name that needs to be added to the NSS database and replaces the existing certificate (if exists) in the database https://pagure.io/dogtagpki/issue/2756 Change-Id: If8be9edd55a673230f86e213fc803be365e55a92 (cherry picked from commit d762073c4b5bcd4f9f30e3b8439983a497a77c97) --- base/server/python/pki/server/cli/subsystem.py | 29 +++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 10af8ca..a9857ba 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -741,6 +741,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): print(' -i, --instance Instance ID (default: pki-tomcat).') print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') + print(' --cert New certificate to be added') print() def execute(self, argv): @@ -748,7 +749,8 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', - 'verbose', 'help']) + 'verbose', 'help', + 'cert=']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) @@ -756,6 +758,7 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): sys.exit(1) instance_name = 'pki-tomcat' + cert_file = None for o, a in opts: if o in ('-i', '--instance'): @@ -768,6 +771,9 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): self.usage() sys.exit() + elif o == '--cert': + cert_file = a + else: print('ERROR: unknown option ' + o) self.usage() @@ -807,6 +813,27 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): token = subsystem_cert['token'] nssdb = instance.open_nssdb(token) + + if cert_file: + if not os.path.isfile(cert_file): + print('ERROR: %s certificate does not exist.' % cert_file) + self.usage() + sys.exit(1) + + data = nssdb.get_cert( + nickname=subsystem_cert['nickname'], + output_format='base64') + + if data: + if self.verbose: + print('Removing old %s certificate from database.' % subsystem_cert['nickname']) + nssdb.remove_cert(nickname=subsystem_cert['nickname']) + if self.verbose: + print('Adding new %s certificate into database.' % subsystem_cert['nickname']) + nssdb.add_cert( + nickname=subsystem_cert['nickname'], + cert_file=cert_file) + data = nssdb.get_cert( nickname=subsystem_cert['nickname'], output_format='base64') -- 1.8.3.1