diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-01-22 00:03:39 +0100 |
---|---|---|
committer | Matthew Harmsen <mharmsen@pki.usersys.redhat.com> | 2016-02-22 20:20:03 -0700 |
commit | 5207fe7a28462f24ba47301a717af15057f3be0e (patch) | |
tree | 81a922edbf1276c3779732652eedcda4289424f0 | |
parent | 576c3afbe96aed07d994533767f1b4aec1b88e4c (diff) | |
download | pki-5207fe7a28462f24ba47301a717af15057f3be0e.tar.gz pki-5207fe7a28462f24ba47301a717af15057f3be0e.tar.xz pki-5207fe7a28462f24ba47301a717af15057f3be0e.zip |
Fixed installation summary for existing CA.
The pkispawn has been modified to display the proper summary for
external CA and existing CA cases.
https://fedorahosted.org/pki/ticket/456
(cherry picked from commit 66a4b7e635a4456a102221049c58c461d3429093)
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 1 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 13 | ||||
-rwxr-xr-x | base/server/sbin/pkispawn | 22 |
3 files changed, 26 insertions, 10 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index e8591398d..07a5ce4dd 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -492,6 +492,7 @@ class ConfigurationFile: self.external = config.str2bool(self.mdict['pki_external']) self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two']) self.external_step_two = not self.external_step_one + self.external_csr_path = self.mdict['pki_external_csr_path'] if self.external: # generic extension support in CSR - for external CA diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index ba8cff68e..16c6ae5da 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -96,6 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): external = deployer.configuration_file.external step_one = deployer.configuration_file.external_step_one step_two = deployer.configuration_file.external_step_two + external_csr_path = deployer.configuration_file.external_csr_path try: if external and step_one: # external/existing CA step 1 @@ -127,16 +128,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # If filename specified, generate CA cert request and # import it into CS.cfg. - request_file = deployer.mdict['pki_external_csr_path'] - if request_file: + if external_csr_path: nssdb.create_request( subject_dn=deployer.mdict['pki_ca_signing_subject_dn'], - request_file=request_file, + request_file=external_csr_path, key_type=key_type, key_size=key_size, curve=curve, hash_alg=hash_alg) - with open(request_file) as f: + with open(external_csr_path) as f: signing_csr = f.read() signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr @@ -150,9 +150,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif external and step_two: # external/existing CA step 2 # If specified, import existing CA cert request into CS.cfg. - request_file = deployer.mdict['pki_external_csr_path'] - if request_file: - with open(request_file) as f: + if external_csr_path: + with open(external_csr_path) as f: signing_csr = f.read() signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 3b09e0f20..967d5f5e5 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -613,9 +613,13 @@ def main(argv): external = deployer.configuration_file.external step_one = deployer.configuration_file.external_step_one + external_csr_path = deployer.configuration_file.external_csr_path if external and step_one: - print_step_one_information(parser.mdict) + if external_csr_path: + print_external_ca_step_one_information(parser.mdict) + else: + print_existing_ca_step_one_information(parser.mdict) else: print_install_information(parser.mdict) @@ -627,7 +631,7 @@ def set_port(parser, tag, prompt, existing_data): parser.read_text(prompt, config.pki_subsystem, tag) -def print_step_one_information(mdict): +def print_external_ca_step_one_information(mdict): print(log.PKI_SPAWN_INFORMATION_HEADER) print(" The %s subsystem of the '%s' instance is still incomplete." % @@ -638,7 +642,19 @@ def print_step_one_information(mdict): % mdict['pki_external_csr_path']) print() print(" Submit the CSR to an external CA to generate a CA certificate\n" - " for this subsystem.") + " for this subsystem. Import the CA certificate and the certificate\n" + " chain, then continue the installation.") + print(log.PKI_SPAWN_INFORMATION_FOOTER) + + +def print_existing_ca_step_one_information(mdict): + + print(log.PKI_SPAWN_INFORMATION_HEADER) + print(" The %s subsystem of the '%s' instance is still incomplete." % + (config.pki_subsystem, mdict['pki_instance_name'])) + print() + print(" Import an existing CA certificate with the key and the CSR, and\n" + " the certificate chain if available, then continue the installation.") print(log.PKI_SPAWN_INFORMATION_FOOTER) |