Beispiel #1
0
    def track_server_cert(self,
                          nickname,
                          principal,
                          password_file=None,
                          command=None):
        """
        Tell certmonger to track the given certificate nickname.

        If command is not a full path then it is prefixed with
        /usr/lib[64]/ipa/certmonger.
        """
        if command is not None and not os.path.isabs(command):
            command = paths.CERTMONGER_COMMAND_TEMPLATE % (command)
        try:
            request_id = certmonger.start_tracking(nickname, self.secdir,
                                                   password_file, command)
        except RuntimeError as e:
            root_logger.error(
                "certmonger failed starting to track certificate: %s" % str(e))
            return

        cert = self.get_cert_from_db(nickname)
        nsscert = x509.load_certificate(cert, dbdir=self.secdir)
        subject = str(nsscert.subject)
        certmonger.add_principal(request_id, principal)
        certmonger.add_subject(request_id, subject)
Beispiel #2
0
    def track_server_cert(self, nickname, principal, password_file=None, command=None):
        """
        Tell certmonger to track the given certificate nickname.

        If command is not a full path then it is prefixed with
        /usr/lib[64]/ipa/certmonger.
        """
        if command is not None and not os.path.isabs(command):
            command = paths.CERTMONGER_COMMAND_TEMPLATE % (command)
        try:
            request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command)
        except RuntimeError as e:
            root_logger.error("certmonger failed starting to track certificate: %s" % str(e))
            return

        cert = self.get_cert_from_db(nickname)
        nsscert = x509.load_certificate(cert, dbdir=self.secdir)
        subject = str(nsscert.subject)
        certmonger.add_principal(request_id, principal)
        certmonger.add_subject(request_id, subject)
Beispiel #3
0
        except (ipautil.CalledProcessError, RuntimeError), e:
            root_logger.error("certmonger failed starting to track certificate: %s" % str(e))
            return

        cmonger.stop()
        cert = self.get_cert_from_db(nickname)
        nsscert = x509.load_certificate(cert, dbdir=self.secdir)
        subject = str(nsscert.subject)
        m = re.match('New tracking request "(\d+)" added', stdout)
        if not m:
            root_logger.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout))
            raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir))
        request_id = m.group(1)

        certmonger.add_principal(request_id, principal)
        certmonger.add_subject(request_id, subject)

        cmonger.start()

    def untrack_server_cert(self, nickname):
        """
        Tell certmonger to stop tracking the given certificate nickname.
        """

        # Always start certmonger. We can't untrack something if it isn't
        # running
        cmonger = ipaservices.knownservices.certmonger
        ipaservices.knownservices.messagebus.start()
        cmonger.start()
        try:
            certmonger.stop_tracking(self.secdir, nickname=nickname)
Beispiel #4
0
        cmonger.stop()
        cert = self.get_cert_from_db(nickname)
        nsscert = x509.load_certificate(cert, dbdir=self.secdir)
        subject = str(nsscert.subject)
        m = re.match('New tracking request "(\d+)" added', stdout)
        if not m:
            root_logger.error('Didn\'t get new %s request, got %s' %
                              (cmonger.service_name, stdout))
            raise RuntimeError(
                '%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.'
                % (cmonger.service_name, nickname, self.secdir))
        request_id = m.group(1)

        certmonger.add_principal(request_id, principal)
        certmonger.add_subject(request_id, subject)

        cmonger.start()

    def untrack_server_cert(self, nickname):
        """
        Tell certmonger to stop tracking the given certificate nickname.
        """

        # Always start certmonger. We can't untrack something if it isn't
        # running
        cmonger = ipaservices.knownservices.certmonger
        ipaservices.knownservices.messagebus.start()
        cmonger.start()
        try:
            certmonger.stop_tracking(self.secdir, nickname=nickname)