From 47bb8cc090559d78d60f9da387afc0096da317f7 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Oct 26 2018 21:03:20 +0000
Subject: Backport No missing token in verify_certificate_exists


Signed-off-by: Alexander Scheel <ascheel@redhat.com>

---

diff --git a/pki-core.spec b/pki-core.spec
index 814cdee..8391a22 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -34,6 +34,10 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 #     > pki-VERSION-RELEASE.patch
 # Patch: pki-VERSION-RELEASE.patch
 
+# TODO: The following patch has landed in master and is necessary to fix
+# FreeIPA integration. Please remove next time PKI is released.
+Patch1: tiran-fix-certutil-token.patch
+
 ################################################################################
 # NSS
 ################################################################################
diff --git a/tiran-fix-certutil-token.patch b/tiran-fix-certutil-token.patch
new file mode 100644
index 0000000..31cddae
--- /dev/null
+++ b/tiran-fix-certutil-token.patch
@@ -0,0 +1,45 @@
+From 0fba3c2710ee14f2d4ddb2bd401ed6d592f3f2b8 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <cheimes@redhat.com>
+Date: Thu, 25 Oct 2018 15:10:06 +0200
+Subject: [PATCH] No missing token in verify_certificate_exists
+
+Remove the missing token check from verify_certificate_exists. It was
+the one place that was not adopted to use blank token as default.
+
+Change-Id: Ic192e0699ff32af474976039af08e1503925dfd1
+See: 17677ae4d2cda456b64ec67e2b25ba63f4a58a70
+Fixes: https://pagure.io/dogtagpki/issue/3073
+Signed-off-by: Christian Heimes <cheimes@redhat.com>
+---
+ base/server/python/pki/server/deployment/pkihelper.py   | 5 -----
+ base/server/python/pki/server/deployment/pkimessages.py | 1 -
+ 2 files changed, 6 deletions(-)
+
+diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
+index 0346559da..3c7dbab7a 100644
+--- a/base/server/python/pki/server/deployment/pkihelper.py
++++ b/base/server/python/pki/server/deployment/pkihelper.py
+@@ -2436,11 +2436,6 @@ def verify_certificate_exists(self, path, token, nickname,
+             #   Specify the 'token'
+             if token:
+                 command.extend(["-h", token])
+-            else:
+-                config.pki_log.error(
+-                    log.PKIHELPER_CERTUTIL_MISSING_TOKEN,
+-                    extra=config.PKI_INDENTATION_LEVEL_2)
+-                raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN)
+             #   Specify the nickname of this self-signed certificate
+             if nickname:
+                 command.extend(["-n", nickname])
+diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
+index a2723b04d..d6597e28d 100644
+--- a/base/server/python/pki/server/deployment/pkimessages.py
++++ b/base/server/python/pki/server/deployment/pkimessages.py
+@@ -188,7 +188,6 @@
+ PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER = \
+     "certutil:  Missing '-m serial-number' option!"
+ PKIHELPER_CERTUTIL_MISSING_SUBJECT = "certutil:  Missing '-s subject' option!"
+-PKIHELPER_CERTUTIL_MISSING_TOKEN = "certutil:  Missing '-h token' option!"
+ PKIHELPER_CERTUTIL_MISSING_TRUSTARGS = \
+     "certutil:  Missing '-t trustargs' option!"
+ PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD = \