diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-04-28 20:02:05 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-05-03 02:48:24 +0200 |
| commit | 901141696b2206b35e498b03ff9867564057c84b (patch) | |
| tree | a906a0f970743f6c206b86ff3b28d100f9620714 | |
| parent | 1b8f5230d01499d97b874d4912c5c1a13e389c5f (diff) | |
| download | pki-901141696b2206b35e498b03ff9867564057c84b.tar.gz pki-901141696b2206b35e498b03ff9867564057c84b.tar.xz pki-901141696b2206b35e498b03ff9867564057c84b.zip | |
Simplified the code to generate/load one-time PIN.
Instead of checking various installation scenarios (e.g. external
CA step 2, standalone step 2, configuration-only mode), the code to
generate or load the one-time PIN has been simplified as follows:
* if the PIN already exists (in CS.cfg), it will be reused
* if the PIN does not exist, the code will generate a new one
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 55 |
1 files changed, 32 insertions, 23 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 4d6e0185e..ba49ceefc 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -589,14 +589,22 @@ class PKIConfigParser: # if instance already exists and has password, reuse the password if internal_password in instance.passwords: + config.pki_log.info( + 'loading existing pin', + extra=config.PKI_INDENTATION_LEVEL_2) self.mdict['pki_pin'] = instance.passwords.get(internal_password) # otherwise, use user-provided password if specified elif 'pki_pin' in self.mdict: - pass + config.pki_log.info( + 'using supplied pin', + extra=config.PKI_INDENTATION_LEVEL_2) # otherwise, generate a random password else: + config.pki_log.info( + 'generating a new pin', + extra=config.PKI_INDENTATION_LEVEL_2) self.mdict['pki_pin'] = \ random.randint(pin_low, pin_high) @@ -637,33 +645,34 @@ class PKIConfigParser: self.mdict['pki_target_registry'] = \ os.path.join(self.mdict['pki_instance_registry_path'], self.mdict['pki_instance_name']) - if config.str2bool(self.mdict['pki_external_step_two']) or\ - config.str2bool(self.mdict['pki_skip_installation']): - # For CA (External CA Step 2) and Stand-alone PKI (Step 2), - # use the 'pki_one_time_pin' established during the setup - # of (Step 1) - # - # Similarly, if the only code being processed is for - # configuration, re-use the 'pki_one_time_pin' generated - # during the installation phase - # - if os.path.exists(self.mdict['pki_target_cs_cfg'])\ - and\ - os.path.isfile(self.mdict['pki_target_cs_cfg']): - cs_cfg = self.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + + # If the one-time PIN already exists in CS.cfg from previous + # pkispawn execution (e.g. external CA step 1, standalone step 1, + # installation-only mode), reuse the existing PIN. + if os.path.exists(self.mdict['pki_target_cs_cfg']) and\ + os.path.isfile(self.mdict['pki_target_cs_cfg']): + + cs_cfg = self.read_simple_configuration_file( + self.mdict['pki_target_cs_cfg']) + + if 'preop.pin' in cs_cfg: + + config.pki_log.info( + 'loading existing one-time PIN', + extra=config.PKI_INDENTATION_LEVEL_2) + self.mdict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') - else: - config.pki_log.error( - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, - self.mdict['pki_target_cs_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) - else: + + if 'pki_one_time_pin' not in self.mdict: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from # the configuration file + + config.pki_log.info( + 'generate new one-time PIN', + extra=config.PKI_INDENTATION_LEVEL_2) + self.mdict['pki_one_time_pin'] = \ ''.join(random.choice(string.ascii_letters + string.digits) for x in range(20)) |