Check for file permissions after the ca/cert-show is complete
The commands ca-show and cert-show provide the ability to direct
the certificate output to a file. If the requested object was
not present then this resulted in a zero-length file.
This is because the check to determine if the file was writable,
by opening it, was done prior to the operation to retrieve
the entry.
So move the check after the data retrieval.
Also convert cert-show to be more consistent with ca-show.
I considered cleaning up the empty file afterward but IMHO we
shouldn't touch the file until we're ready to write. This
costs an API roundtrip but its a small price to pay for
potentially protecting existing data.
Fixes: https://pagure.io/freeipa/issue/9562
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>