Fixed pki-server cert CLI.

The pki-server cert CLI has been changed such that it can run based on the list of certificates defined in CS.cfg even if the certificate themselves are not available yet in the NSS database. The security_databases.py has been modified to store the system cert nicknames and token names in CS.cfg such that the pki-server cert CLI can be used to export certificates during installation. https://pagure.io/dogtagpki/issue/203 Change-Id: I046cfa7d45e2d0ae7b6de353d0840db0899789f7
dogtagpki · Feb 27, 2018 · 61bec69 · 61bec69
1 parent 25a3e94
commit 61bec69
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
@@ -809,13 +809,16 @@ def get_cert(self, nickname, output_format='pem'):
 
     def get_cert_info(self, nickname):
 
-        cert = dict()
-
         cert_pem = self.get_cert(nickname)
 
+        if not cert_pem:
+            return None
+
         cert_obj = x509.load_pem_x509_certificate(
             cert_pem, backend=default_backend())
 
+        cert = dict()
+
         cert["serial_number"] = cert_obj.serial_number
 
         cert["issuer"] = pki.convert_x509_name_to_dn(cert_obj.issuer)

diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
@@ -155,7 +155,12 @@ def find_system_certs(self):
 
         cert_ids = self.config['%s.cert.list' % self.name].split(',')
         for cert_id in cert_ids:
+
             cert = self.create_subsystem_cert_object(cert_id)
+
+            if not cert:
+                continue
+
             certs.append(cert)
 
         return certs
@@ -185,7 +190,8 @@ def create_subsystem_cert_object(self, cert_id):
         nssdb = self.instance.open_nssdb(token)
         try:
             cert_info = nssdb.get_cert_info(nickname)
-            cert.update(cert_info)
+            if cert_info:
+                cert.update(cert_info)
         finally:
             nssdb.close()
 

diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
@@ -217,8 +217,13 @@ def spawn(self, deployer):
 
             # store nickname
             nickname = deployer.mdict['pki_%s_nickname' % deploy_tag]
+            subsystem.config['%s.%s.nickname' % (subsystem.name, config_tag)] = nickname
             subsystem.config['preop.cert.%s.nickname' % config_tag] = nickname
 
+            # store tokenname
+            tokenname = deployer.mdict['pki_%s_token' % deploy_tag]
+            subsystem.config['%s.%s.tokenname' % (subsystem.name, config_tag)] = tokenname
+
             # store subject DN
             subject_dn = deployer.mdict['pki_%s_subject_dn' % deploy_tag]
             subsystem.config['preop.cert.%s.dn' % config_tag] = subject_dn