Update cert and CSR path validation

The code that imports certs and CSRs in PKIDeployer has been
updated to no longer ignore invalid paths.

freeipa/freeipa#6951

base/server/python/pki/server/deployment/__init__.py

@@ -1914,12 +1914,7 @@ def import_system_cert_request(self, subsystem, tag):
         param = 'pki_%s_csr_path' % cert_id
         csr_path = self.mdict.get(param)
 
-        # IPA has a default value for pki_ca_signing_csr_path,
-        # so it's necessary to check whether the file actually exists.
-        # https://github.com/freeipa/freeipa/blob/master/install/share/ipaca_default.ini#L111
-        # TODO: remove the default value from IPA
-
-        if not csr_path or not os.path.exists(csr_path):
+        if not csr_path:
             # no CSR file to import
             return
 
@@ -1956,12 +1951,7 @@ def import_ca_signing_cert(self, nssdb):
         param = 'pki_ca_signing_cert_path'
         cert_file = self.mdict.get(param)
 
-        # IPA has a default value for pki_ca_signing_cert_path,
-        # so it's necessary to check whether the file actually exists.
-        # https://github.com/freeipa/freeipa/blob/master/install/share/ipaca_default.ini#L43
-        # TODO: remove the default value from IPA
-
-        if not cert_file or not os.path.exists(cert_file):
+        if not cert_file:
             # no CA signing cert file to import
             return
 
@@ -1992,12 +1982,7 @@ def import_system_cert(
         param = 'pki_%s_cert_path' % cert_id
         cert_file = self.mdict.get(param)
 
-        # IPA has a default value for pki_ca_signing_cert_path,
-        # so it's necessary to check whether the file actually exists.
-        # https://github.com/freeipa/freeipa/blob/master/install/share/ipaca_default.ini#L43
-        # TODO: remove the default value from IPA
-
-        if not cert_file or not os.path.exists(cert_file):
+        if not cert_file:
             # no system cert to import
             return