7ab1bcb Re-organize HSM validation to be more consistent/less duplication

Authored and Committed by rcritten 6 months ago
    Re-organize HSM validation to be more consistent/less duplication
    
    hsm_validator() was more or less bolted in place late in the
    development cycle in in order to catch some of the more common
    problems: bad token name, bad password, etc.
    
    There was a fair bit of duplication and had the side-effect of not
    reading in the token password from the --token-password-file option
    in some cases.
    
    This patch also re-adds a lost feature where an exception is raised if
    both the --token-password and --token-password-file options are passed
    in.
    
    This also needs to be enforced on initial server, replica and when
    called by ipa-kra-install. Given that each has a unique subject of
    options some duplication remains.
    
    Fixes: https://pagure.io/freeipa/issue/9603
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    
        
file modified
+38 -34
file modified
+53 -3