def replace_http_cert(self): """ Replace the current HTTP cert-key pair with another one from a PKCS#12 file """ # pass in `host_name` to perform # `NSSDatabase.verify_server_cert_validity()`` cert, key, ca_cert = self.load_pkcs12( ca_chain_fname=paths.IPA_CA_CRT, host_name=api.env.host ) key_passwd_path = paths.HTTPD_PASSWD_FILE_FMT.format(host=api.env.host) req_id = self.replace_key_cert_files( cert, key, cert_fname=paths.HTTPD_CERT_FILE, key_fname=paths.HTTPD_KEY_FILE, ca_cert=ca_cert, passwd_fname=key_passwd_path, cmgr_post_command='restart_httpd') if req_id is not None: certmonger.add_principal( req_id, 'HTTP/{host}'.format(host=api.env.host)) certmonger.add_subject(req_id, cert.subject)
def replace_http_cert(self): """ Replace the current HTTP cert-key pair with another one from a PKCS#12 file """ # pass in `host_name` to perform # `NSSDatabase.verify_server_cert_validity()`` cert, key, ca_cert = self.load_pkcs12( ca_chain_fname=paths.IPA_CA_CRT, host_name=api.env.host ) key_passwd_path = paths.HTTPD_PASSWD_FILE_FMT.format(host=api.env.host) req_id = self.replace_key_cert_files( cert, key, cert_fname=paths.HTTPD_CERT_FILE, key_fname=paths.HTTPD_KEY_FILE, ca_cert=ca_cert, passwd_fname=key_passwd_path, cmgr_post_command='restart_httpd') if req_id is not None: certmonger.add_principal( req_id, 'HTTP/{host}'.format(host=api.env.host)) certmonger.add_subject(req_id, str(DN(cert.subject)))
def track_server_cert(self, nickname, principal, password_file=None, command=None): """ Tell certmonger to track the given certificate nickname. If command is not a full path then it is prefixed with /usr/lib[64]/ipa/certmonger. """ if command is not None and not os.path.isabs(command): command = paths.CERTMONGER_COMMAND_TEMPLATE % (command) try: request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command) except RuntimeError as e: root_logger.error( "certmonger failed starting to track certificate: %s" % str(e)) return cert = self.get_cert_from_db(nickname) cert_obj = x509.load_certificate(cert) subject = str(DN(cert_obj.subject)) certmonger.add_principal(request_id, principal) certmonger.add_subject(request_id, subject)
def start_tracking_certificates(self): cert = x509.load_certificate_from_file(paths.HTTPD_CERT_FILE) if certs.is_ipa_issued_cert(api, cert): request_id = certmonger.start_tracking( certpath=(paths.HTTPD_CERT_FILE, paths.HTTPD_KEY_FILE), post_command='restart_httpd', storage='FILE' ) subject = str(DN(cert.subject)) certmonger.add_principal(request_id, self.principal) certmonger.add_subject(request_id, subject) else: logger.debug("Will not track HTTP server cert %s as it is not " "issued by IPA", cert.subject)
def start_tracking_certificates(self): cert = x509.load_certificate_from_file(paths.HTTPD_CERT_FILE) if certs.is_ipa_issued_cert(api, cert): request_id = certmonger.start_tracking( certpath=(paths.HTTPD_CERT_FILE, paths.HTTPD_KEY_FILE), post_command='restart_httpd', storage='FILE') subject = str(DN(cert.subject)) certmonger.add_principal(request_id, self.principal) certmonger.add_subject(request_id, subject) else: logger.debug( "Will not track HTTP server cert %s as it is not " "issued by IPA", cert.subject)
def track_server_cert(self, nickname, principal, password_file=None, command=None): """ Tell certmonger to track the given certificate nickname. """ try: request_id = certmonger.start_tracking( self.secdir, nickname=nickname, pinfile=password_file, post_command=command) except RuntimeError as e: root_logger.error("certmonger failed starting to track certificate: %s" % str(e)) return cert = self.get_cert_from_db(nickname) cert_obj = x509.load_certificate(cert) subject = str(DN(cert_obj.subject)) certmonger.add_principal(request_id, principal) certmonger.add_subject(request_id, subject)
def track_server_cert(self, nickname, principal, password_file=None, command=None): """ Tell certmonger to track the given certificate nickname. """ try: request_id = certmonger.start_tracking( self.secdir, nickname=nickname, pinfile=password_file, post_command=command) except RuntimeError as e: logger.error("certmonger failed starting to track certificate: %s", str(e)) return cert = self.get_cert_from_db(nickname) subject = str(DN(cert.subject)) certmonger.add_principal(request_id, principal) certmonger.add_subject(request_id, subject)
def start_tracking_certificates(self): key_passwd_file = paths.HTTPD_PASSWD_FILE_FMT.format(host=api.env.host) cert = x509.load_certificate_from_file(paths.HTTPD_CERT_FILE) if certs.is_ipa_issued_cert(api, cert): request_id = certmonger.start_tracking( certpath=(paths.HTTPD_CERT_FILE, paths.HTTPD_KEY_FILE), post_command='restart_httpd', storage='FILE', profile=dogtag.DEFAULT_PROFILE, pinfile=key_passwd_file, dns=[self.fqdn, f'{IPA_CA_RECORD}.{api.env.domain}'], ) subject = str(DN(cert.subject)) certmonger.add_principal(request_id, self.principal) certmonger.add_subject(request_id, subject) else: logger.debug("Will not track HTTP server cert %s as it is not " "issued by IPA", cert.subject)
def track_server_cert(self, nickname, principal, password_file=None, command=None): """ Tell certmonger to track the given certificate nickname. If command is not a full path then it is prefixed with /usr/lib[64]/ipa/certmonger. """ if command is not None and not os.path.isabs(command): command = paths.CERTMONGER_COMMAND_TEMPLATE % (command) try: request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command) except RuntimeError as e: root_logger.error("certmonger failed starting to track certificate: %s" % str(e)) return cert = self.get_cert_from_db(nickname) cert_obj = x509.load_certificate(cert) subject = str(DN(cert_obj.subject)) certmonger.add_principal(request_id, principal) certmonger.add_subject(request_id, subject)