Add PKISubsystem.csr_file()

edewata · Jan 13, 2024 · 3e3cf5e · 3e3cf5e
1 parent 0a08100
commit 3e3cf5e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 29 deletions.
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
@@ -1487,12 +1487,8 @@ def import_master_config(self, subsystem):
     def store_master_cert_request(self, subsystem, key, csr):
 
         csr_pem = pki.nssdb.convert_csr(csr, 'base64', 'pem')
-
-        cert_id = key.split('.')[1]
-        if cert_id != 'sslserver' and cert_id != 'subsystem':
-            cert_id = subsystem.name + '_' + cert_id
-
-        csr_path = self.instance.csr_file(cert_id)
+        tag = key.split('.')[1]
+        csr_path = subsystem.csr_file(tag)
 
         self.file.create(csr_path)
         with open(csr_path, 'w', encoding='utf-8') as f:
@@ -2090,15 +2086,12 @@ def import_system_cert_request(self, subsystem, tag):
             # no CSR file to import
             return
 
-        if tag != 'sslserver' and tag != 'subsystem':
-            tag = subsystem.name + '_' + tag
-
         logger.info('Importing CSR for %s from %s', tag, source_path)
 
         if not os.path.exists(source_path):
             raise Exception('Invalid path in %s: %s' % (param, source_path))
 
-        dest_path = self.instance.csr_file(tag)
+        dest_path = subsystem.csr_file(tag)
 
         if os.path.realpath(source_path) == os.path.realpath(dest_path):
             # CSR already imported
@@ -2876,12 +2869,7 @@ def create_cert_setup_request(self, subsystem, tag, cert):
 
         request.systemCert.keyAlgorithm = subsystem.config['preop.cert.%s.keyalgorithm' % tag]
 
-        if tag != 'sslserver' and tag != 'subsystem':
-            csr_name = subsystem.name + '_' + tag
-        else:
-            csr_name = tag
-
-        csr_path = self.instance.csr_file(csr_name)
+        csr_path = subsystem.csr_file(tag)
 
         # load existing CSR if exists
         if os.path.exists(csr_path):
@@ -3037,14 +3025,9 @@ def generate_csr(self,
 
             shutil.move(csr_pathname, csr_path)
 
-        if tag != 'sslserver' and tag != 'subsystem':
-            csr_name = subsystem.name + '_' + tag
-        else:
-            csr_name = tag
-
         self.file.copy(
             old_name=csr_path,
-            new_name=self.instance.csr_file(csr_name),
+            new_name=subsystem.csr_file(tag),
             overwrite_flag=True)
 
     def create_cert_request(self, nssdb, tag, request):

diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py
@@ -141,6 +141,15 @@ def registry_dir(self):
     def default_cfg(self):
         return os.path.join(self.registry_dir, 'default.cfg')
 
+    def csr_file(self, tag):
+
+        if tag != 'sslserver' and tag != 'subsystem':
+            cert_id = self.name + '_' + tag
+        else:
+            cert_id = tag
+
+        return self.instance.csr_file(tag)
+
     def create(self, exist_ok=False):
 
         # Create /var/lib/pki/<instance>/<subsystem>
@@ -386,12 +395,7 @@ def store_system_cert_request(self, cert):
 
         self.instance.makedirs(self.instance.certs_dir, exist_ok=True)
 
-        if tag != 'sslserver' and tag != 'subsystem':
-            csr_name = self.name + '_' + tag
-        else:
-            csr_name = tag
-
-        csr_file = self.instance.csr_file(csr_name)
+        csr_file = self.csr_file(tag)
         with open(csr_file, "w", encoding='utf-8') as f:
             f.write(csr_pem)
 
@@ -1073,7 +1077,7 @@ def temp_cert_create(self, nssdb, cert_tag, serial, new_cert_file):
 
         logger.debug('CA signing cert nickname: %s', nickname)
 
-        csr_file = self.instance.csr_file(cert_tag)
+        csr_file = self.csr_file(cert_tag)
         logger.debug('Reusing existing CSR in %s', csr_file)
 
         # --keyUsage