From 2bdffa4375d3fb657e5b5a65cb326aff77e35e09 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 5 Dec 2012 07:00:21 -0500
Subject: Use DN objects for Dogtag configuration

Use our DN objects for generating DNs, instead of relying on
string operations.
---
 ipaserver/install/cainstance.py | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'ipaserver/install/cainstance.py')

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index e2112a282..e7b63f81e 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -656,7 +656,8 @@ class CAInstance(service.Service):
         config.set("CA", "pki_admin_email", "root@localhost")
         config.set("CA", "pki_admin_password", self.admin_password)
         config.set("CA", "pki_admin_nickname", "ipa-ca-agent")
-        config.set("CA", "pki_admin_subject_dn", "CN=ipa-ca-agent,%s" % self.subject_base)
+        config.set("CA", "pki_admin_subject_dn",
+            str(DN(('cn', 'ipa-ca-agent'), self.subject_base)))
 
         # Directory server
         config.set("CA", "pki_ds_ldap_port", str(self.ds_port))
@@ -665,11 +666,16 @@ class CAInstance(service.Service):
         config.set("CA", "pki_ds_database", "ipaca")
 
         # Certificate subject DN's
-        config.set("CA", "pki_subsystem_subject_dn", "CN=CA Subsystem,%s" % self.subject_base)
-        config.set("CA", "pki_ocsp_signing_subject_dn", "CN=OCSP Subsystem,%s" % self.subject_base)
-        config.set("CA", "pki_ssl_server_subject_dn", "CN=%s,%s" % (self.fqdn, self.subject_base))
-        config.set("CA", "pki_audit_signing_subject_dn", "CN=CA Audit,%s" % self.subject_base)
-        config.set("CA", "pki_ca_signing_subject_dn", "CN=Certificate Authority,%s" % self.subject_base)
+        config.set("CA", "pki_subsystem_subject_dn",
+            str(DN(('cn', 'CA Subsystem'), self.subject_base)))
+        config.set("CA", "pki_ocsp_signing_subject_dn",
+            str(DN(('cn', 'OCSP Subsystem'), self.subject_base)))
+        config.set("CA", "pki_ssl_server_subject_dn",
+            str(DN(('cn', self.fqdn), self.subject_base)))
+        config.set("CA", "pki_audit_signing_subject_dn",
+            str(DN(('cn', 'CA Audit'), self.subject_base)))
+        config.set("CA", "pki_ca_signing_subject_dn",
+            str(DN(('cn', 'Certificate Authority'), self.subject_base)))
 
         # Certificate nicknames
         config.set("CA", "pki_subsystem_nickname", "subsystemCert cert-pki-ca")
-- 
cgit