From f39c6ee54496f1378d580303b4d470370922ab5e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Jul 30 2014 14:04:21 +0000
Subject: Add new NSSDatabase method get_cert for getting certs from NSS databases.


Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

---

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 815f3bf..f958e36 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -211,9 +211,21 @@ class NSSDatabase(object):
                 raise RuntimeError(
                     "Setting trust on %s failed" % root_nickname)
 
+    def get_cert(self, nickname, pem=False):
+        args = ['-L', '-n', nickname]
+        if pem:
+            args.append('-a')
+        else:
+            args.append('-r')
+        try:
+            cert, err, returncode = self.run_certutil(args)
+        except ipautil.CalledProcessError:
+            raise RuntimeError("Failed to get %s" % nickname)
+        return cert
+
     def export_pem_cert(self, nickname, location):
         """Export the given cert to PEM file in the given location"""
-        cert, err, returncode = self.run_certutil(["-L", "-n", nickname, "-a"])
+        cert = self.get_cert(nickname)
         with open(location, "w+") as fd:
             fd.write(cert)
         os.chmod(location, 0444)