def import_certs(self, instance, cert_file, nickname, token, trust_args):
password = instance.get_token_password(token)
certdb = pki.nssdb.NSSDatabase(directory=instance.nssdb_dir,
password=password,
token=token)
_chain, nicks = certdb.import_cert_chain(nickname=nickname,
cert_chain_file=cert_file,
trust_attributes=trust_args)
return nicks
def validate_certificate(self, instance, cert):
logger.info(cert)
print(' Cert ID: %s' % cert['id'])
if not cert['data']:
print(' Status: ERROR: missing certificate data')
return False
nickname = cert['nickname']
if not nickname:
print(' Status: ERROR: missing nickname')
return False
print(' Nickname: %s' % nickname)
usage = cert['certusage']
if not usage:
print(' Status: ERROR: missing usage')
return False
print(' Usage: %s' % usage)
token = cert['token']
if not token:
token = pki.nssdb.INTERNAL_TOKEN_FULL_NAME
print(' Token: %s' % token)
# normalize internal token into None
token = pki.nssdb.normalize_token(token)
# get token password and store in temporary file
passwd = instance.get_token_password(token)
pwfile_handle, pwfile_path = tempfile.mkstemp()
try:
os.write(pwfile_handle, passwd.encode('utf-8'))
finally:
os.close(pwfile_handle)
try:
cmd = ['pki', '-d', instance.nssdb_dir]
fullname = nickname
if token:
cmd.extend(['--token', token])
fullname = token + ':' + fullname
cmd.extend([
'-C', pwfile_path, 'client-cert-validate', fullname,
'--certusage', usage
])
logger.info('Command: %s', ' '.join(cmd))
subprocess.check_output(cmd, stderr=subprocess.STDOUT)
print(' Status: VALID')
return True
except subprocess.CalledProcessError as e:
if e.output:
status = e.output.decode('utf-8')
else:
status = 'ERROR'
print(' Status: %s' % status)
return False
finally:
os.unlink(pwfile_path)