Hi All, Please review this patch.
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io
From ebda787c714e950e682ef42177a18927b8398c1f Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Thu, 30 Jun 2016 15:18:24 +0530 Subject: [PATCH] Added condition for checking instance id in kra commands Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- base/server/python/pki/server/__init__.py | 28 ++++++++++++++++++++-------- base/server/python/pki/server/cli/kra.py | 25 ++++++++++++++++++++++--- 2 files changed, 42 insertions(+), 11 deletions(-) diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 454408f6ad54202a5a94809dede2a08e43078a3a..00c79c281a9e0598dd91239ba5a1ddcbb52150b4 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -32,6 +32,7 @@ import re import shutil import subprocess import tempfile +import sys import pki import pki.nssdb @@ -187,8 +188,9 @@ class PKISubsystem(object): nickname = cert['nickname'] token = cert['token'] - if token and token.lower() in ['internal', 'internal key storage token']: - token = None + if token and token.lower() in ['internal', + 'internal key storage token']: + token = 'internal' nssdb_password = self.instance.get_token_password(token) @@ -224,6 +226,10 @@ class PKISubsystem(object): subprocess.check_call(cmd) + except subprocess.CalledProcessError as e: + print("ERROR: Command '%s' exited with return " + "code %d" % (" ".join(cmd), e.returncode)) + sys.exit(e.returncode) finally: shutil.rmtree(tmpdir) @@ -237,8 +243,9 @@ class PKISubsystem(object): nickname = cert['nickname'] token = cert['token'] - if token and token.lower() in ['internal', 'internal key storage token']: - token = None + if token and token.lower() in ['internal', + 'internal key storage token']: + token = 'internal' nssdb_password = self.instance.get_token_password(token) @@ -286,7 +293,10 @@ class PKISubsystem(object): ]) subprocess.check_call(cmd) - + except subprocess.CalledProcessError as e: + print("ERROR: Command '%s' exited with return " + "code %d" % (" ".join(cmd), e.returncode)) + sys.exit(e.returncode) finally: shutil.rmtree(tmpdir) @@ -562,7 +572,8 @@ class PKIInstance(object): def get_token_password(self, token='internal'): # determine the password name for the token - if token.lower() in ['internal', 'internal key storage token']: + if token and token.lower() in ['internal', + 'internal key storage token']: name = 'internal' else: @@ -616,8 +627,9 @@ class PKIInstance(object): nickname = cert.nickname token = cert.token - if token and token.lower() in ['internal', 'internal key storage token']: - token = None + if token and token.lower() in ['internal', + 'internal key storage token']: + token = 'internal' nssdb_password = self.get_token_password(token) diff --git a/base/server/python/pki/server/cli/kra.py b/base/server/python/pki/server/cli/kra.py index b4f0df43f39078618b58be74087b520c7d874b48..8f043276a453e9b364f2f7ace8fdf0e29c73fd38 100644 --- a/base/server/python/pki/server/cli/kra.py +++ b/base/server/python/pki/server/cli/kra.py @@ -132,9 +132,16 @@ class KRAClonePrepareCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + if not instance.is_valid(): + print("ERROR: Invalid instance '%s' provided" % instance_name) + sys.exit(1) instance.load() subsystem = instance.get_subsystem('kra') + if not subsystem: + print("ERROR: No KRA subsystem configured for '%s' " + "instance id" % instance_name) + sys.exit(1) tmpdir = tempfile.mkdtemp() @@ -142,7 +149,6 @@ class KRAClonePrepareCLI(pki.cli.CLI): pkcs12_password_file = os.path.join(tmpdir, 'pkcs12_password.txt') with open(pkcs12_password_file, 'w') as f: f.write(pkcs12_password) - subsystem.export_system_cert( 'subsystem', pkcs12_file, pkcs12_password_file, new_file=True) subsystem.export_system_cert( @@ -235,12 +241,16 @@ class KRADBVLVFindCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + if not instance.is_valid(): + print("ERROR: Invalid instance '%s' provided" % instance_name) + sys.exit(1) instance.load() subsystem = instance.get_subsystem('kra') - if not subsystem: - raise Exception('Subsystem not found') + print("ERROR: No KRA subsystem configured for '%s' " + "instance id" % instance_name) + sys.exit(1) self.find_vlv(subsystem, bind_dn, bind_password) @@ -347,6 +357,9 @@ class KRADBVLVAddCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + if not instance.is_valid(): + print("ERROR: Invalid instance '%s' provided" % instance_name) + sys.exit(1) instance.load() self.add_vlv(instance, bind_dn, bind_password) @@ -442,6 +455,9 @@ class KRADBVLVDeleteCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + if not instance.is_valid(): + print("ERROR: Invalid instance '%s' provided" % instance_name) + sys.exit(1) instance.load() self.delete_vlv(instance, bind_dn, bind_password) @@ -557,6 +573,9 @@ class KRADBVLVReindexCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) + if not instance.is_valid(): + print("ERROR: Invalid instance '%s' provided" % instance_name) + sys.exit(1) instance.load() self.reindex_vlv(instance, bind_dn, bind_password) -- 2.7.4
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel