Fixed installation summary for existing CA.

The pkispawn has been modified to display the proper summary for
external CA and existing CA cases.

https://fedorahosted.org/pki/ticket/456
(cherry picked from commit 66a4b7e635a4456a102221049c58c461d3429093)

3 files changed, 26 insertions, 10 deletions

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index e8591398d..07a5ce4dd 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -492,6 +492,7 @@ class ConfigurationFile:
         self.external = config.str2bool(self.mdict['pki_external'])
         self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two'])
         self.external_step_two = not self.external_step_one
+        self.external_csr_path = self.mdict['pki_external_csr_path']
 
         if self.external:
             # generic extension support in CSR - for external CA
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index ba8cff68e..16c6ae5da 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -96,6 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         external = deployer.configuration_file.external
         step_one = deployer.configuration_file.external_step_one
         step_two = deployer.configuration_file.external_step_two
+        external_csr_path = deployer.configuration_file.external_csr_path
 
         try:
             if external and step_one: # external/existing CA step 1
@@ -127,16 +128,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
                 # If filename specified, generate CA cert request and
                 # import it into CS.cfg.
-                request_file = deployer.mdict['pki_external_csr_path']
-                if request_file:
+                if external_csr_path:
                     nssdb.create_request(
                         subject_dn=deployer.mdict['pki_ca_signing_subject_dn'],
-                        request_file=request_file,
+                        request_file=external_csr_path,
                         key_type=key_type,
                         key_size=key_size,
                         curve=curve,
                         hash_alg=hash_alg)
-                    with open(request_file) as f:
+                    with open(external_csr_path) as f:
                         signing_csr = f.read()
                     signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
                     subsystem.config['ca.signing.certreq'] = signing_csr
@@ -150,9 +150,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             elif external and step_two: # external/existing CA step 2
 
                 # If specified, import existing CA cert request into CS.cfg.
-                request_file = deployer.mdict['pki_external_csr_path']
-                if request_file:
-                    with open(request_file) as f:
+                if external_csr_path:
+                    with open(external_csr_path) as f:
                         signing_csr = f.read()
                     signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
                     subsystem.config['ca.signing.certreq'] = signing_csr
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index 3b09e0f20..967d5f5e5 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -613,9 +613,13 @@ def main(argv):
 
     external = deployer.configuration_file.external
     step_one = deployer.configuration_file.external_step_one
+    external_csr_path = deployer.configuration_file.external_csr_path
 
     if external and step_one:
-        print_step_one_information(parser.mdict)
+        if external_csr_path:
+            print_external_ca_step_one_information(parser.mdict)
+        else:
+            print_existing_ca_step_one_information(parser.mdict)
     else:
         print_install_information(parser.mdict)
 
@@ -627,7 +631,7 @@ def set_port(parser, tag, prompt, existing_data):
         parser.read_text(prompt, config.pki_subsystem, tag)
 
 
-def print_step_one_information(mdict):
+def print_external_ca_step_one_information(mdict):
 
     print(log.PKI_SPAWN_INFORMATION_HEADER)
     print("      The %s subsystem of the '%s' instance is still incomplete." %
@@ -638,7 +642,19 @@ def print_step_one_information(mdict):
           % mdict['pki_external_csr_path'])
     print()
     print("      Submit the CSR to an external CA to generate a CA certificate\n"
-          "      for this subsystem.")
+          "      for this subsystem. Import the CA certificate and the certificate\n"
+          "      chain, then continue the installation.")
+    print(log.PKI_SPAWN_INFORMATION_FOOTER)
+
+
+def print_existing_ca_step_one_information(mdict):
+
+    print(log.PKI_SPAWN_INFORMATION_HEADER)
+    print("      The %s subsystem of the '%s' instance is still incomplete." %
+          (config.pki_subsystem, mdict['pki_instance_name']))
+    print()
+    print("      Import an existing CA certificate with the key and the CSR, and\n"
+          "      the certificate chain if available, then continue the installation.")
     print(log.PKI_SPAWN_INFORMATION_FOOTER)