From f54a9660c84579c9fcce93829941adf5ca7297cb Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Tue, 3 Oct 2023 13:10:37 +0200 Subject: [PATCH] cert-export read from config file or config folder The command pki-server cert-export will read the certificate and the relative request from the "/config/certs" folder if not found in other places --- base/server/python/pki/server/cli/cert.py | 28 +++++++++++++++------- base/server/python/pki/server/subsystem.py | 1 + 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/base/server/python/pki/server/cli/cert.py b/base/server/python/pki/server/cli/cert.py index 8722df821ad..316f5277b3f 100644 --- a/base/server/python/pki/server/cli/cert.py +++ b/base/server/python/pki/server/cli/cert.py @@ -959,11 +959,17 @@ def execute(self, argv): logger.info('Exporting %s certificate into %s.', cert_id, cert_file) cert_data = cert.get('data') - if cert_data is None: - logger.error('Unable to find certificate data for %s', cert_id) - sys.exit(1) + if cert_data: + cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem') + else: + crt_path = os.path.join(instance.conf_dir, 'conf', 'certs', cert_id + '.crt') + try: + with open(crt_path, 'r', encoding='utf-8') as f: + cert_data = ''.join(f.readlines()) + except FileNotFoundError: + logger.error('Unable to find certificate data for %s', cert_id) + sys.exit(1) - cert_data = pki.nssdb.convert_cert(cert_data, 'base64', 'pem') with open(cert_file, 'w', encoding='utf-8') as f: f.write(cert_data) @@ -972,11 +978,17 @@ def execute(self, argv): logger.info('Exporting %s CSR into %s.', cert_id, csr_file) cert_request = cert.get('request') - if cert_request is None: - logger.error('Unable to find certificate request for %s', cert_id) - sys.exit(1) + if cert_request: + csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem') + else: + csr_path = os.path.join(instance.conf_dir, 'conf', 'certs', cert_id + '.csr') + try: + with open(csr_path, 'r', encoding='utf-8') as f: + csr_data = ''.join(f.readlines()) + except FileNotFoundError: + logger.error('Unable to find certificate request for %s', cert_id) + sys.exit(1) - csr_data = pki.nssdb.convert_csr(cert_request, 'base64', 'pem') with open(csr_file, 'w', encoding='utf-8') as f: f.write(csr_data) diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index 235aa602668..d2ff3af4cc6 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -306,6 +306,7 @@ def get_cert_info(self, tag): cert['id'] = tag cert['nickname'] = self.config.get('%s.%s.nickname' % (self.name, tag)) cert['token'] = self.config.get('%s.%s.tokenname' % (self.name, tag)) + cert['data'] = self.config.get('%s.%s.cert' % (self.name, tag)) cert['request'] = self.config.get('%s.%s.certreq' % (self.name, tag)) cert['certusage'] = self.config.get('%s.cert.%s.certusage' % (self.name, tag))