summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-11-06 18:59:47 -0800
committerMatthew Harmsen <mharmsen@redhat.com>2012-11-08 09:57:21 -0800
commit1e15712d2a6c45d2dd2ac64b3b76a757ca9de2e8 (patch)
tree83a2c5dbaf952e3526a746f0d40db72ea6316dc5
parentcb209df95c4dee11f2a912e20b417fa3bc41c88f (diff)
downloadpki-1e15712d2a6c45d2dd2ac64b3b76a757ca9de2e8.tar.gz
pki-1e15712d2a6c45d2dd2ac64b3b76a757ca9de2e8.tar.xz
pki-1e15712d2a6c45d2dd2ac64b3b76a757ca9de2e8.zip
Enable Subordinate CA
* TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA
-rw-r--r--base/deploy/src/scriptlets/configuration.jy11
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py5
-rw-r--r--base/deploy/src/scriptlets/pkimessages.py3
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py27
4 files changed, 30 insertions, 16 deletions
diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy
index 0f5968bce..7180c4546 100644
--- a/base/deploy/src/scriptlets/configuration.jy
+++ b/base/deploy/src/scriptlets/configuration.jy
@@ -109,19 +109,12 @@ def main(argv):
if config.str2bool(master['pki_external']):
print "%s '%s %s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
- log.PKI_JYTHON_EXTERNAL_CA,
- master['pki_subsystem'],
- log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
- return rv
- elif config.str2bool(master['pki_subordinate']):
- print "%s '%s %s' %s" %\
- (log.PKI_JYTHON_INDENTATION_2,
- log.PKI_JYTHON_SUBORDINATE_CA,
+ config.PKI_DEPLOYMENT_EXTERNAL_CA,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
else:
- # PKI or Cloned CA
+ # PKI, Subordinate, or Cloned CA
data = jyutil.rest_client.construct_pki_configuration_data(
token)
else:
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index bfc5b3249..ba411933d 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -88,6 +88,11 @@ PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg"
PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
"/usr/share/pki/deployment/config/pkislots.cfg"
+# subtypes of PKI subsystems
+PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned"
+PKI_DEPLOYMENT_EXTERNAL_CA = "External"
+PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate"
+
# default ports (for defined selinux policy)
PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080
PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443
diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py
index becbea63e..435f7d10e 100644
--- a/base/deploy/src/scriptlets/pkimessages.py
+++ b/base/deploy/src/scriptlets/pkimessages.py
@@ -287,14 +287,12 @@ PKI_JYTHON_CDATA_TAG = "tag:"
PKI_JYTHON_CDATA_CERT = "cert:"
PKI_JYTHON_CDATA_REQUEST = "request:"
PKI_JYTHON_CHMOD = "performing chmod:"
-PKI_JYTHON_CLONED_PKI_SUBSYSTEM = "Cloned"
PKI_JYTHON_CONFIGURING_PKI_DATA = "configuring PKI configuration data for"
PKI_JYTHON_CONSTRUCTING_PKI_DATA = "constructing PKI configuration data for"
PKI_JYTHON_CRMF_SUPPORT_ONLY = "only the 'crmf' certificate request type "\
"is currently supported"
PKI_JYTHON_IS_DUALKEY = "dualkey = true"
PKI_JYTHON_EXCEPTION_PARSER = "Problem parsing"
-PKI_JYTHON_EXTERNAL_CA = "External"
PKI_JYTHON_INDENTATION_0 = "pkispawn : JYTHON "
PKI_JYTHON_INDENTATION_1 = "pkispawn : JYTHON ..."
PKI_JYTHON_INDENTATION_2 = "pkispawn : JYTHON ......."
@@ -311,7 +309,6 @@ PKI_JYTHON_RESPONSE_ADMIN_CERT = "adminCert:"
PKI_JYTHON_RESPONSE_STATUS = "status:"
PKI_JYTHON_TOKEN_LOGIN_EXCEPTION = "Exception in logging into token:"
PKI_JYTHON_NOT_YET_IMPLEMENTED = "NOT YET IMPLEMENTED"
-PKI_JYTHON_SUBORDINATE_CA = "Subordinate"
# PKI Deployment "Scriptlet" Messages
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index ac77c9f87..cdc3b5f79 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -1455,10 +1455,29 @@ def compose_pki_master_dictionary():
if not len(config.pki_master_dict['pki_security_domain_user']):
config.pki_master_dict['pki_security_domain_user'] = "caadmin"
if not len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- config.pki_subsystem + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ config.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\
+ config.pki_subsystem + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ elif config.str2bool(config.pki_master_dict['pki_external']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ config.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\
+ config.pki_subsystem + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ elif config.str2bool(config.pki_master_dict['pki_subordinate']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ config.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\
+ config.pki_subsystem + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ config.pki_master_dict['pki_subsystem_name'] =\
+ config.pki_subsystem + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
if config.pki_subsystem != "CA" or\
config.str2bool(config.pki_master_dict['pki_clone']) or\
config.str2bool(config.pki_master_dict['pki_subordinate']):