From d923d27ddf875c1197ec619d964bd656de1ecb29 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 24 Jun 2015 16:19:55 -0400 Subject: [PATCH] Fixed Modutil.is_security_module_registered(). Due to issues with HSM the Modutil.is_security_module_registered() has been modified to the get the list of all registered modules and then use it to check if a module is registered. https://fedorahosted.org/pki/ticket/1444 --- .../python/pki/server/deployment/pkihelper.py | 90 +++++++++++----------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 42ca0d9cffc2913f253aa3936db8fbf27a5bbf49..7b11f3d8e20c286b33c70c31829afcd6629d0310 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -2688,56 +2688,56 @@ class Modutil: def __init__(self, deployer): self.mdict = deployer.mdict - def is_security_module_registered(self, path, modulename, - prefix=None, critical_failure=True): - status = False - try: - # Compose this "modutil" command - command = ["modutil"] - # Provide a path to the NSS security databases - if path: - command.extend(["-dbdir", path]) - else: - config.pki_log.error( - log.PKIHELPER_MODUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MODUTIL_MISSING_PATH) - # Add optional security database prefix - if prefix is not None: - command.extend(["--dbprefix", prefix]) - # Append '-nocertdb' switch - command.extend(["-nocertdb"]) - # Specify a 'modulename' - if modulename: - command.extend(["-list", modulename]) - else: - config.pki_log.error( - log.PKIHELPER_MODUTIL_MISSING_MODULENAME, - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MODUTIL_MISSING_MODULENAME) - # Display this "modutil" command - config.pki_log.info( - log.PKIHELPER_REGISTERED_SECURITY_MODULE_CHECK_1, - ' '.join(command), + def is_security_module_registered(self, path, modulename, prefix=None): + + if not path: + config.pki_log.error( + log.PKIHELPER_MODUTIL_MISSING_PATH, extra=config.PKI_INDENTATION_LEVEL_2) - # Execute this "modutil" command - subprocess.check_call(command) - # 'modulename' is already registered - status = True - config.pki_log.info( - log.PKIHELPER_REGISTERED_SECURITY_MODULE_1, modulename, + raise Exception(log.PKIHELPER_MODUTIL_MISSING_PATH) + + if not modulename: + config.pki_log.error( + log.PKIHELPER_MODUTIL_MISSING_MODULENAME, extra=config.PKI_INDENTATION_LEVEL_2) - except subprocess.CalledProcessError as exc: - # 'modulename' is not registered + raise Exception(log.PKIHELPER_MODUTIL_MISSING_MODULENAME) + + command = [ + 'modutil', + '-list', + '-dbdir', path, + '-nocertdb']) + + if prefix: + command.extend(['--dbprefix', prefix]) + + config.pki_log.info( + log.PKIHELPER_REGISTERED_SECURITY_MODULE_CHECK_1, + ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) + + # execute command + p = subprocess.Popen(command, stdout=subprocess.PIPE) + (output, error) = p.communicate() + + p.wait() + # ignore return code due to issues with HSM + # https://fedorahosted.org/pki/ticket/1444 + + # find modules from lines such as '1. NSS Internal PKCS #11 Module' + modules = re.findall(r'^ +\d+\. +(.*)$', output, re.MULTILINE) + + if modulename not in modules: config.pki_log.info( log.PKIHELPER_UNREGISTERED_SECURITY_MODULE_1, modulename, extra=config.PKI_INDENTATION_LEVEL_2) - except OSError as exc: - config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure: - raise - return status + return False + + config.pki_log.info( + log.PKIHELPER_REGISTERED_SECURITY_MODULE_1, modulename, + extra=config.PKI_INDENTATION_LEVEL_2) + return True + def register_security_module(self, path, modulename, libfile, prefix=None, critical_failure=True): -- 1.9.3