Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed NSSDatabase.import_pkcs7() for HSM.
Previously NSSDatabase.import_pkcs7() was implemented using pki client-cert-import --pkcs7 which uses JSS to import the certificate chain from a PKCS #7 file. Apparently, when it is used with HSM outside of PKI server JSS imports the certificates incorrectly. The method has been changed to use pki pkcs7-cert-export to sort and split the certificate chain into separate files. The CA certs will be imported with pki client-cert-import --ca-cert (such that the nickname will be consistently generated by JSS), and the user certificate will be imported using certutil with the nickname provided by the caller. This method seems to be working fine with HSM. https://pagure.io/dogtagpki/issue/2901 Change-Id: If04963eb6ad86737593df7d64eef8b17f7bde75f (cherry picked from commit 3d231ae)
- Loading branch information