def install(self):
print("Installing CA certificate, please wait")
options = self.options
cert_filename = self.args[1]
nss_cert = None
try:
try:
nss_cert = x509.load_certificate_from_file(cert_filename)
except IOError as e:
raise admintool.ScriptError(
"Can't open \"%s\": %s" % (cert_filename, e))
except (TypeError, NSPRError, ValueError) as e:
raise admintool.ScriptError("Not a valid certificate: %s" % e)
subject = nss_cert.subject
cert = nss_cert.der_data
finally:
del nss_cert
nickname = options.nickname or str(subject)
ca_certs = certstore.get_ca_certs_nss(api.Backend.ldap2,
api.env.basedn,
api.env.realm,
False)
with certs.NSSDatabase() as tmpdb:
pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
tmpdb.create_db(pw.name)
tmpdb.add_cert(cert, nickname, 'C,,')
for ca_cert, ca_nickname, ca_trust_flags in ca_certs:
tmpdb.add_cert(ca_cert, ca_nickname, ca_trust_flags)
try:
tmpdb.verify_ca_cert_validity(nickname)
except ValueError as e:
raise admintool.ScriptError(
"Not a valid CA certificate: %s (visit "
"http://www.freeipa.org/page/Troubleshooting for "
"troubleshooting guide)" % e)
trust_flags = options.trust_flags
if ((set(trust_flags) - set(',CPTcgpuw')) or
len(trust_flags.split(',')) != 3):
raise admintool.ScriptError("Invalid trust flags")
try:
certstore.put_ca_cert_nss(
api.Backend.ldap2, api.env.basedn, cert, nickname, trust_flags)
except ValueError as e:
raise admintool.ScriptError(
"Failed to install the certificate: %s" % e)
print("CA certificate successfully installed")
def install(self):
print("Installing CA certificate, please wait")
options = self.options
cert_filename = self.args[1]
nss_cert = None
try:
try:
nss_cert = x509.load_certificate_from_file(cert_filename)
except IOError as e:
raise admintool.ScriptError("Can't open \"%s\": %s" %
(cert_filename, e))
except (TypeError, NSPRError, ValueError) as e:
raise admintool.ScriptError("Not a valid certificate: %s" % e)
subject = nss_cert.subject
cert = nss_cert.der_data
finally:
del nss_cert
nickname = options.nickname or str(subject)
ca_certs = certstore.get_ca_certs_nss(api.Backend.ldap2,
api.env.basedn, api.env.realm,
False)
with certs.NSSDatabase() as tmpdb:
pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
tmpdb.create_db(pw.name)
tmpdb.add_cert(cert, nickname, 'C,,')
for ca_cert, ca_nickname, ca_trust_flags in ca_certs:
tmpdb.add_cert(ca_cert, ca_nickname, ca_trust_flags)
try:
tmpdb.verify_ca_cert_validity(nickname)
except ValueError as e:
raise admintool.ScriptError(
"Not a valid CA certificate: %s (visit "
"http://www.freeipa.org/page/Troubleshooting for "
"troubleshooting guide)" % e)
trust_flags = options.trust_flags
if ((set(trust_flags) - set(',CPTcgpuw'))
or len(trust_flags.split(',')) != 3):
raise admintool.ScriptError("Invalid trust flags")
try:
certstore.put_ca_cert_nss(api.Backend.ldap2, api.env.basedn, cert,
nickname, trust_flags)
except ValueError as e:
raise admintool.ScriptError(
"Failed to install the certificate: %s" % e)
print("CA certificate successfully installed")
def import_ca_certs(self, db, ca_is_configured, conn=None):
if conn is None:
conn = self.admin_conn
try:
ca_certs = certstore.get_ca_certs_nss(conn, self.suffix,
self.realm, ca_is_configured)
except errors.NotFound:
pass
else:
for cert, nickname, trust_flags in ca_certs:
db.add_cert(cert, nickname, trust_flags)
def import_ca_certs(self, db, ca_is_configured, conn=None):
if conn is None:
conn = self.admin_conn
try:
ca_certs = certstore.get_ca_certs_nss(
conn, self.suffix, self.realm, ca_is_configured)
except errors.NotFound:
pass
else:
for cert, nickname, trust_flags in ca_certs:
db.add_cert(cert, nickname, trust_flags)
