summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-12-18 16:05:55 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-12-18 17:12:07 -0500
commit150ce6b942ac15adb3e8e84c72a23a9a01b6e0a1 (patch)
treedf9d60b10f90fc97e2dac62648200b0aa642bd11
parent4c3d1f947eb49ebabc7894bbe69a817333e4cf76 (diff)
downloadpki-alee-101.zip
pki-alee-101.tar.gz
pki-alee-101.tar.xz
Make admin cert p12 file location configurablealee-101
Ticket 437. Also moved a bunch of client path parameters to default.cfg template file.
-rw-r--r--base/deploy/etc/default.cfg13
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py61
2 files changed, 13 insertions, 61 deletions
diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg
index d619cdc..d99faf2 100644
--- a/base/deploy/etc/default.cfg
+++ b/base/deploy/etc/default.cfg
@@ -66,6 +66,7 @@ destroy_scriplets=
# pki_https_port=443
# pki_http_port=80
+pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert
pki_admin_cert_request_type=crmf
pki_admin_dualkey=False
pki_admin_keysize=2048
@@ -78,10 +79,10 @@ pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_token=Internal Key Storage Token
pki_backup_keys=False
pki_backup_password=
-pki_client_database_dir=
+pki_client_admin_cert_p12=%(pki_client_dir)s/%(pki_subsystem_type)s_admin_cert.p12
pki_client_database_password=
pki_client_database_purge=True
-pki_client_dir=
+pki_client_dir=%(home_dir)s/.pki/%(pki_instance_name)s
pki_client_pkcs12_password=
pki_ds_bind_dn=cn=Directory Manager
pki_ds_ldap_port=389
@@ -117,6 +118,14 @@ pki_user=pkiuser
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
+pki_client_database_dir=%(pki_client_subsystem_dir)s/alias
+pki_client_subsystem_dir=%(pki_client_dir)s/%(pki_subsystem_type)s
+pki_client_password_conf=%(pki_client_subsystem_dir)s/password.conf
+pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.conf
+pki_client_cert_database=%(pki_client_database_dir)s/cert8.db
+pki_client_key_database=%(pki_client_database_dir)s/key3.db
+pki_client_secmod_database=%(pki_client_database_dir)s/secmod.db
+pki_client_admin_cert=%(pki_subsystem_type)s_admin.cert
pki_source_conf_path=/usr/share/pki/%(pki_subsystem_type)s/conf
pki_source_setup_path=/usr/share/pki/setup
pki_source_server_path=/usr/share/pki/server/conf
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 2a4111f..ba4f376 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -213,6 +213,7 @@ class PKIConfigParser:
'pki_root_prefix' : config.pki_root_prefix,
'resteasy_lib': resteasy_lib,
'arch_java_lib': arch_java_lib,
+ 'home_dir': os.path.expanduser("~"),
'pki_hostname': config.pki_hostname}
self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
@@ -698,69 +699,11 @@ class PKIConfigParser:
os.path.join(
config.pki_master_dict['pki_subsystem_configuration_path'],
"password.conf")
- # Client NSS security database name/value pairs
- #
- # The following variables are established via the specified PKI
- # deployment configuration file and is NOT redefined below:
- #
- # config.pki_master_dict['pki_client_pkcs12_password']
- # config.pki_master_dict['pki_client_database_purge']
- #
- # The following variables are established via the specified PKI
- # deployment configuration file and potentially overridden below:
- #
- # config.pki_master_dict['pki_client_dir']
- # config.pki_master_dict['pki_client_subsystem_dir']
- #
+
if not len(config.pki_master_dict['pki_client_database_password']):
# use randomly generated client 'pin'
config.pki_master_dict['pki_client_database_password'] =\
str(config.pki_master_dict['pki_client_pin'])
- if not len(config.pki_master_dict['pki_client_dir']):
- config.pki_master_dict['pki_client_dir'] =\
- os.path.join(
- os.path.expanduser("~"), ".pki",
- config.pki_master_dict['pki_instance_name'])
- config.pki_master_dict['pki_client_subsystem_dir'] =\
- os.path.join(
- config.pki_master_dict['pki_client_dir'],
- config.pki_master_dict['pki_subsystem'].lower())
- if not len(config.pki_master_dict['pki_client_database_dir']):
- config.pki_master_dict['pki_client_database_dir'] =\
- os.path.join(
- config.pki_master_dict['pki_client_subsystem_dir'],
- "alias")
- config.pki_master_dict['pki_client_password_conf'] =\
- os.path.join(
- config.pki_master_dict['pki_client_subsystem_dir'],
- "password.conf")
- config.pki_master_dict['pki_client_pkcs12_password_conf'] =\
- os.path.join(
- config.pki_master_dict['pki_client_subsystem_dir'],
- "pkcs12_password.conf")
- config.pki_master_dict['pki_client_cert_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_dir'],
- "cert8.db")
- config.pki_master_dict['pki_client_key_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_dir'],
- "key3.db")
- config.pki_master_dict['pki_client_secmod_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_dir'],
- "secmod.db")
- config.pki_master_dict['pki_client_admin_cert'] =\
- config.pki_master_dict['pki_subsystem'].lower() + "_" +\
- "admin" + "." + "cert"
-
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- config.pki_master_dict['pki_client_dir'] + "/" +\
- config.pki_master_dict['pki_subsystem'].lower() + "_" +\
- "admin" + "_" + "cert" + "." + "p12"
-
- if not 'pki_admin_cert_file' in config.pki_master_dict or\
- not len(config.pki_master_dict['pki_admin_cert_file']):
- config.pki_master_dict['pki_admin_cert_file'] =\
- config.pki_master_dict['pki_client_dir'] +\
- "/ca_admin.cert"
# Jython scriptlet name/value pairs
config.pki_master_dict['pki_jython_configuration_scriptlet'] =\