Update log messages in PKIDeployer

edewata · Jul 26, 2023 · 0f08477 · 0f08477
1 parent 003bba7
commit 0f08477
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
@@ -572,8 +572,11 @@ def import_server_pkcs12(self, subsystem):
 
         pki_server_pkcs12_path = self.mdict['pki_server_pkcs12_path']
         if not pki_server_pkcs12_path:
+            # no PKCS #12 file to import
             return
 
+        logger.info('Importing certs and keys from %s', pki_server_pkcs12_path)
+
         pki_server_pkcs12_password = self.mdict['pki_server_pkcs12_password']
         if not pki_server_pkcs12_password:
             raise Exception('Missing pki_server_pkcs12_password property')
@@ -618,12 +621,13 @@ def import_clone_pkcs12(self, subsystem):
         '''
 
         pki_clone_pkcs12_path = self.mdict['pki_clone_pkcs12_path']
-
         if not pki_clone_pkcs12_path:
+            # no PKCS #12 file to import
             return
 
-        pki_clone_pkcs12_password = self.mdict['pki_clone_pkcs12_password']
+        logger.info('Importing certs and keys from %s', pki_clone_pkcs12_path)
 
+        pki_clone_pkcs12_password = self.mdict['pki_clone_pkcs12_password']
         if not pki_clone_pkcs12_password:
             raise Exception('Missing pki_clone_pkcs12_password property')
 
@@ -645,8 +649,6 @@ def import_clone_pkcs12(self, subsystem):
                 password_file=pki_shared_pfile)
 
             try:
-                logger.info('Importing certificates from %s:', pki_clone_pkcs12_path)
-
                 # The PKCS12 class requires an NSS database to run. For simplicity
                 # it uses the NSS database that has just been created.
                 pkcs12 = pki.pkcs12.PKCS12(
@@ -1883,10 +1885,16 @@ def import_system_cert_request(self, subsystem, tag):
         cert_id = self.get_cert_id(subsystem, tag)
 
         csr_path = self.mdict.get('pki_%s_csr_path' % cert_id)
-        if not csr_path or not os.path.exists(csr_path):
+        if not csr_path:
+            # no CSR file to import
             return
 
-        logger.info('Importing %s CSR from %s', tag, csr_path)
+        logger.info('Importing CSR for %s from %s', tag, csr_path)
+
+        b64_csr = subsystem.config.get('%s.%s.certreq' % (subsystem.name, tag))
+        if b64_csr:
+            logger.error('CSR for %s already exists', tag)
+            raise Exception('CSR for %s already exists' % tag)
 
         with open(csr_path, encoding='utf-8') as f:
             csr_data = f.read()