Added get_cert_chain() in configuration.py

The get_cert_chain() has been added into configuration.py to retrieve the signing certificate chain from the CA.
SilleBille · Apr 30, 2020 · e688337 · e688337
1 parent 2141e8e
commit e688337
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -25,6 +25,7 @@
 import logging
 import os
 import shutil
+import subprocess
 import tempfile
 import urllib.parse
 
@@ -526,6 +527,25 @@ def import_perm_sslserver_cert(self, deployer, instance, cert):
             nssdb.close()
             shutil.rmtree(tmpdir)
 
+    def get_cert_chain(self, instance, url):
+
+        cmd = [
+            'pki',
+            '-d', instance.nssdb_dir,
+            '-f', instance.password_conf,
+            '-U', url,
+            '--ignore-cert-status', 'UNTRUSTED_ISSUER',
+            'ca-cert-signing-export',
+            '--pkcs7'
+        ]
+
+        logger.debug('Command: %s', ' '.join(cmd))
+
+        # TODO: Replace stdout/stderr with capture_output in Python 3.7.
+        result = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=True)
+
+        return result.stdout.decode()
+
     def spawn(self, deployer):
 
         external = deployer.configuration_file.external