Remove PKIDeployer.validate_system_cert()

The PKIDeployer.validate_system_cert() has been replaced with direct calls to PKISubsystem.validate_system_cert().
dogtagpki · Jul 26, 2023 · 4b39aa9 · 4b39aa9
1 parent 8f896af
commit 4b39aa9
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 31 deletions.
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
@@ -2246,44 +2246,24 @@ def update_system_certs(self, nssdb, subsystem):
         self.update_system_cert(nssdb, subsystem, 'subsystem')
         self.update_system_cert(nssdb, subsystem, 'audit_signing')
 
-    def validate_system_cert(self, nssdb, subsystem, tag):
+    def validate_system_certs(self, subsystem):
 
-        logger.debug('validate_system_cert')
-
-        cert_id = self.get_cert_id(subsystem, tag)
-        nickname = self.mdict['pki_%s_nickname' % cert_id]
-
-        cert_data = nssdb.get_cert(
-            nickname=nickname,
-            token=self.mdict['pki_%s_token' % cert_id],
-            output_text=True
-        )
-
-        if not cert_data:
-            return
-
-        logger.info('Validating %s certificate', tag)
-
-        subsystem.validate_system_cert(tag)
-
-    def validate_system_certs(self, nssdb, subsystem):
-
-        logger.debug('validate_system_certs')
+        logger.info('Validate system certs')
 
         if subsystem.name == 'ca':
-            self.validate_system_cert(nssdb, subsystem, 'signing')
-            self.validate_system_cert(nssdb, subsystem, 'ocsp_signing')
+            subsystem.validate_system_cert('signing')
+            subsystem.validate_system_cert('ocsp_signing')
 
         if subsystem.name == 'kra':
-            self.validate_system_cert(nssdb, subsystem, 'storage')
-            self.validate_system_cert(nssdb, subsystem, 'transport')
+            subsystem.validate_system_cert('storage')
+            subsystem.validate_system_cert('transport')
 
         if subsystem.name == 'ocsp':
-            self.validate_system_cert(nssdb, subsystem, 'signing')
+            subsystem.validate_system_cert('signing')
 
-        self.validate_system_cert(nssdb, subsystem, 'sslserver')
-        self.validate_system_cert(nssdb, subsystem, 'subsystem')
-        self.validate_system_cert(nssdb, subsystem, 'audit_signing')
+        subsystem.validate_system_cert('sslserver')
+        subsystem.validate_system_cert('subsystem')
+        subsystem.validate_system_cert('audit_signing')
 
     def record(self, name, record_type, uid, gid, perms, acls=None):
         record = manifest.Record()

diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -246,7 +246,7 @@ def spawn(self, deployer):
             system_certs = deployer.setup_system_certs(nssdb, subsystem)
             subsystem.save()
 
-            deployer.validate_system_certs(nssdb, subsystem)
+            deployer.validate_system_certs(subsystem)
 
         finally:
             nssdb.close()

diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py
@@ -335,6 +335,8 @@ def update_system_cert(self, cert):
 
     def validate_system_cert(self, tag):
 
+        logger.info('Validate %s cert', tag)
+
         cert = self.get_subsystem_cert(tag)
 
         nickname = cert['nickname']