From 4b39aa99a4cae18663be28494042a456c8ab4a97 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 26 Jul 2023 14:20:07 -0500 Subject: [PATCH] Remove PKIDeployer.validate_system_cert() The PKIDeployer.validate_system_cert() has been replaced with direct calls to PKISubsystem.validate_system_cert(). --- .../python/pki/server/deployment/__init__.py | 40 +++++-------------- .../deployment/scriptlets/configuration.py | 2 +- base/server/python/pki/server/subsystem.py | 2 + 3 files changed, 13 insertions(+), 31 deletions(-) diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index 659fef6e482..64d768fff43 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -2246,44 +2246,24 @@ def update_system_certs(self, nssdb, subsystem): self.update_system_cert(nssdb, subsystem, 'subsystem') self.update_system_cert(nssdb, subsystem, 'audit_signing') - def validate_system_cert(self, nssdb, subsystem, tag): + def validate_system_certs(self, subsystem): - logger.debug('validate_system_cert') - - cert_id = self.get_cert_id(subsystem, tag) - nickname = self.mdict['pki_%s_nickname' % cert_id] - - cert_data = nssdb.get_cert( - nickname=nickname, - token=self.mdict['pki_%s_token' % cert_id], - output_text=True - ) - - if not cert_data: - return - - logger.info('Validating %s certificate', tag) - - subsystem.validate_system_cert(tag) - - def validate_system_certs(self, nssdb, subsystem): - - logger.debug('validate_system_certs') + logger.info('Validate system certs') if subsystem.name == 'ca': - self.validate_system_cert(nssdb, subsystem, 'signing') - self.validate_system_cert(nssdb, subsystem, 'ocsp_signing') + subsystem.validate_system_cert('signing') + subsystem.validate_system_cert('ocsp_signing') if subsystem.name == 'kra': - self.validate_system_cert(nssdb, subsystem, 'storage') - self.validate_system_cert(nssdb, subsystem, 'transport') + subsystem.validate_system_cert('storage') + subsystem.validate_system_cert('transport') if subsystem.name == 'ocsp': - self.validate_system_cert(nssdb, subsystem, 'signing') + subsystem.validate_system_cert('signing') - self.validate_system_cert(nssdb, subsystem, 'sslserver') - self.validate_system_cert(nssdb, subsystem, 'subsystem') - self.validate_system_cert(nssdb, subsystem, 'audit_signing') + subsystem.validate_system_cert('sslserver') + subsystem.validate_system_cert('subsystem') + subsystem.validate_system_cert('audit_signing') def record(self, name, record_type, uid, gid, perms, acls=None): record = manifest.Record() diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index f9c1d0ae99c..62554d704b9 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -246,7 +246,7 @@ def spawn(self, deployer): system_certs = deployer.setup_system_certs(nssdb, subsystem) subsystem.save() - deployer.validate_system_certs(nssdb, subsystem) + deployer.validate_system_certs(subsystem) finally: nssdb.close() diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index 4835b045973..18a32c85f6a 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -335,6 +335,8 @@ def update_system_cert(self, cert): def validate_system_cert(self, tag): + logger.info('Validate %s cert', tag) + cert = self.get_subsystem_cert(tag) nickname = cert['nickname']