summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-12-03 00:28:53 -0500
committerAde Lee <alee@redhat.com>2012-12-03 09:08:57 -0500
commit35dc1009494453803d22573ef876c8b418a609d3 (patch)
tree8584ea7bab0f45fe9154265a1a1285044cd045b6
parent03a6350687e033461306d6b9000ef8ea34af96f9 (diff)
downloadpki-35dc1009494453803d22573ef876c8b418a609d3.tar.gz
pki-35dc1009494453803d22573ef876c8b418a609d3.tar.xz
pki-35dc1009494453803d22573ef876c8b418a609d3.zip
Change the structure of the client directory.
We need to keep the admin cert and p12 file in case the client directory is purged.
-rw-r--r--base/deploy/src/scriptlets/configuration.py2
-rw-r--r--base/deploy/src/scriptlets/finalization.py4
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py23
3 files changed, 15 insertions, 14 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index 2d7797b06..16b63122f 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -41,7 +41,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# Place "slightly" less restrictive permissions on
# the top-level client directory ONLY
- util.directory.create(master['pki_client_dir'],
+ util.directory.create(master['pki_client_subsystem_dir'],
uid=0, gid=0,
perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
# Since 'certutil' does NOT strip the 'token=' portion of
diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index 62d92a626..55a007bca 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -67,8 +67,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# be deleted!
#
if config.str2bool(master['pki_client_database_purge']):
- if util.directory.exists(master['pki_client_dir']):
- util.directory.delete(master['pki_client_dir'])
+ if util.directory.exists(master['pki_client_subsystem_dir']):
+ util.directory.delete(master['pki_client_subsystem_dir'])
# If instance has not been configured, print the
# configuration URL to the log
if config.str2bool(master['pki_skip_configuration']):
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index edb2fd556..a99425960 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -1366,6 +1366,7 @@ class PKIConfigParser:
#
# config.pki_master_dict['pki_client_database_password']
# config.pki_master_dict['pki_client_dir']
+ # config.pki_master_dict['pki_client_subsystem_dir']
#
if not len(config.pki_master_dict['pki_client_database_password']):
# use randomly generated client 'pin'
@@ -1375,20 +1376,23 @@ class PKIConfigParser:
config.pki_master_dict['pki_client_dir'] =\
os.path.join(
os.path.expanduser("~"), ".pki",
- config.pki_master_dict['pki_instance_id'] + "_" +\
- config.pki_master_dict['pki_subsystem'].lower())
+ config.pki_master_dict['pki_instance_id'])
+ config.pki_master_dict['pki_client_subsystem_dir'] =\
+ os.path.join(
+ config.pki_master_dict['pki_client_dir'],
+ config.pki_master_dict['pki_subsystem'].lower())
if not len(config.pki_master_dict['pki_client_database_dir']):
config.pki_master_dict['pki_client_database_dir'] =\
os.path.join(
- config.pki_master_dict['pki_client_dir'],
+ config.pki_master_dict['pki_client_subsystem_dir'],
"alias")
config.pki_master_dict['pki_client_password_conf'] =\
os.path.join(
- config.pki_master_dict['pki_client_dir'],
+ config.pki_master_dict['pki_client_subsystem_dir'],
"password.conf")
config.pki_master_dict['pki_client_pkcs12_password_conf'] =\
os.path.join(
- config.pki_master_dict['pki_client_dir'],
+ config.pki_master_dict['pki_client_subsystem_dir'],
"pkcs12_password.conf")
config.pki_master_dict['pki_client_cert_database'] =\
os.path.join(config.pki_master_dict['pki_client_database_dir'],
@@ -1402,19 +1406,16 @@ class PKIConfigParser:
config.pki_master_dict['pki_client_admin_cert'] =\
config.pki_master_dict['pki_subsystem'].lower() + "_" +\
"admin" + "." + "cert"
- # NOTE: ALWAYS store the PKCS #12 "client" Admin Cert file
- # in with the NSS "server" security databases
+
config.pki_master_dict['pki_client_admin_cert_p12'] =\
- config.pki_master_dict['pki_database_path'] + "/" +\
+ config.pki_master_dict['pki_client_dir'] + "/" +\
config.pki_master_dict['pki_subsystem'].lower() + "_" +\
"admin" + "_" + "cert" + "." + "p12"
- # the admin cert is stored with the NSS server databases
- # in case we want to use a common admin user cert
if not 'pki_admin_cert_file' in config.pki_master_dict or\
not len(config.pki_master_dict['pki_admin_cert_file']):
config.pki_master_dict['pki_admin_cert_file'] =\
- config.pki_master_dict['pki_database_path'] +\
+ config.pki_master_dict['pki_client_dir'] +\
"/ca_admin.cert"
# Jython scriptlet name/value pairs