Create Firefox configuration extension on CA-less install

Create:
* kerberosauth.xpi
* krb.js

even when --http_pkcs12 option is used.

https://fedorahosted.org/freeipa/ticket/3747

4 files changed, 33 insertions, 26 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 1ea0f92d8..c013c2984 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -216,19 +216,21 @@ def install_http(config, auto_redirect):
         auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt")
 
     # Now copy the autoconfiguration files
-    if ipautil.file_exists(config.dir + "/preferences.html"):
-        try:
-            shutil.copy(config.dir + "/preferences.html", "/usr/share/ipa/html/preferences.html")
-            shutil.copy(config.dir + "/configure.jar", "/usr/share/ipa/html/configure.jar")
-            if ipautil.file_exists(config.dir + "/krb.js"):
-                shutil.copy(
-                    config.dir + "/krb.js", "/usr/share/ipa/html/krb.js")
-                shutil.copy(
-                    config.dir + "/kerberosauth.xpi",
-                    "/usr/share/ipa/html/kerberosauth.xpi")
-        except Exception, e:
-            print "error copying files: " + str(e)
-            sys.exit(1)
+    try:
+        if ipautil.file_exists(config.dir + "/preferences.html"):
+            shutil.copy(config.dir + "/preferences.html",
+                        "/usr/share/ipa/html/preferences.html")
+        if ipautil.file_exists(config.dir + "/configure.jar"):
+            shutil.copy(config.dir + "/configure.jar",
+                        "/usr/share/ipa/html/configure.jar")
+        if ipautil.file_exists(config.dir + "/krb.js"):
+            shutil.copy(config.dir + "/krb.js",
+                        "/usr/share/ipa/html/krb.js")
+            shutil.copy(config.dir + "/kerberosauth.xpi",
+                        "/usr/share/ipa/html/kerberosauth.xpi")
+    except Exception, e:
+        print "error copying files: " + str(e)
+        sys.exit(1)
 
     http.setup_firefox_extension(config.realm_name, config.domain_name)
 
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 9ddde5d7b..cc88a0b19 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1103,12 +1103,12 @@ def main():
     http = httpinstance.HTTPInstance(fstore)
     if options.http_pkcs12:
         http.create_instance(
-            realm_name, host_name, domain_name, dm_password, autoconfig=False,
+            realm_name, host_name, domain_name, dm_password,
             pkcs12_info=http_pkcs12_info, subject_base=options.subject,
             auto_redirect=options.ui_redirect, ca_file=ca_file)
     else:
         http.create_instance(
-            realm_name, host_name, domain_name, dm_password, autoconfig=True,
+            realm_name, host_name, domain_name, dm_password,
             subject_base=options.subject, auto_redirect=options.ui_redirect)
     ipaservices.restore_context("/var/cache/ipa/sessions")
 
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 375016262..14fa9cc6f 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -313,15 +313,19 @@ class HTTPInstance(service.Service):
             pwd = pwdfile.read()
 
         # Setup configure.jar
-        tmpdir = tempfile.mkdtemp(prefix="tmp-")
-        target_fname = '/usr/share/ipa/html/configure.jar'
-        shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
-        db.run_signtool(["-k", "Signing-Cert",
-                         "-Z", target_fname,
-                         "-e", ".html", "-p", pwd,
-                         tmpdir])
-        shutil.rmtree(tmpdir)
-        os.chmod(target_fname, 0644)
+        if db.has_nickname('Signing-Cert'):
+            tmpdir = tempfile.mkdtemp(prefix="tmp-")
+            target_fname = '/usr/share/ipa/html/configure.jar'
+            shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir)
+            db.run_signtool(["-k", "Signing-Cert",
+                            "-Z", target_fname,
+                            "-e", ".html", "-p", pwd,
+                            tmpdir])
+            shutil.rmtree(tmpdir)
+            os.chmod(target_fname, 0644)
+        else:
+            root_logger.warning('Object-signing certificate was not found; '
+                'therefore, configure.jar was not created.')
 
         self.setup_firefox_extension(self.realm, self.domain, force=True)
 
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index b6b063332..f6af28e3a 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -338,8 +338,9 @@ class ReplicaPrepare(admintool.AdminTool):
             self.copy_info_file("/usr/share/ipa/html/krb.js", "krb.js")
             self.copy_info_file(
                 "/usr/share/ipa/html/kerberosauth.xpi", "kerberosauth.xpi")
-            self.copy_info_file(
-                "/usr/share/ipa/html/configure.jar", "configure.jar")
+        jar_filename = "/usr/share/ipa/html/configure.jar"
+        if ipautil.file_exists(jar_filename):
+            self.copy_info_file(jar_filename, "configure.jar")
         cacert_filename = "/var/kerberos/krb5kdc/cacert.pem"
         if ipautil.file_exists(cacert_filename):
             self.copy_info_file(cacert_filename, "cacert.pem")