summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-12-18 16:05:55 -0500
committerAde Lee <alee@redhat.com>2012-12-19 00:07:04 -0500
commit62033f12b40e6eb3270c352e966a7461f152dfd6 (patch)
treea3547ccefdfc74d86530360bf5685abf32cf95d1
parentc3fdb8ffc11938514d96760c9a62d619f90cbcca (diff)
downloadpki-62033f12b40e6eb3270c352e966a7461f152dfd6.tar.gz
pki-62033f12b40e6eb3270c352e966a7461f152dfd6.tar.xz
pki-62033f12b40e6eb3270c352e966a7461f152dfd6.zip
Make admin cert p12 file location configurable
Ticket 437. Also moved a bunch of client path parameters to default.cfg template file.
-rw-r--r--base/deploy/etc/default.cfg13
-rw-r--r--base/deploy/src/scriptlets/pkijython.py5
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py61
3 files changed, 18 insertions, 61 deletions
diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg
index d619cdc94..d99faf2c4 100644
--- a/base/deploy/etc/default.cfg
+++ b/base/deploy/etc/default.cfg
@@ -66,6 +66,7 @@ destroy_scriplets=
# pki_https_port=443
# pki_http_port=80
+pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert
pki_admin_cert_request_type=crmf
pki_admin_dualkey=False
pki_admin_keysize=2048
@@ -78,10 +79,10 @@ pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_token=Internal Key Storage Token
pki_backup_keys=False
pki_backup_password=
-pki_client_database_dir=
+pki_client_admin_cert_p12=%(pki_client_dir)s/%(pki_subsystem_type)s_admin_cert.p12
pki_client_database_password=
pki_client_database_purge=True
-pki_client_dir=
+pki_client_dir=%(home_dir)s/.pki/%(pki_instance_name)s
pki_client_pkcs12_password=
pki_ds_bind_dn=cn=Directory Manager
pki_ds_ldap_port=389
@@ -117,6 +118,14 @@ pki_user=pkiuser
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
+pki_client_database_dir=%(pki_client_subsystem_dir)s/alias
+pki_client_subsystem_dir=%(pki_client_dir)s/%(pki_subsystem_type)s
+pki_client_password_conf=%(pki_client_subsystem_dir)s/password.conf
+pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.conf
+pki_client_cert_database=%(pki_client_database_dir)s/cert8.db
+pki_client_key_database=%(pki_client_database_dir)s/key3.db
+pki_client_secmod_database=%(pki_client_database_dir)s/secmod.db
+pki_client_admin_cert=%(pki_subsystem_type)s_admin.cert
pki_source_conf_path=/usr/share/pki/%(pki_subsystem_type)s/conf
pki_source_setup_path=/usr/share/pki/setup
pki_source_server_path=/usr/share/pki/server/conf
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index e6a4a915e..fac352fdb 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -613,6 +613,11 @@ class rest_client:
log.PKI_JYTHON_ADMIN_CERT_IMPORT +\
" " + "'" + command + "'")
os.system(command)
+
+ # create directory for p12 file if it does not exist
+ self.mkdirs(os.path.dirname(
+ master['pki_client_admin_cert_p12']))
+
# Export the Administration Certificate from the
# client NSS security database into a PKCS #12 file
command = "pk12util" + " " +\
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 2a4111f91..ba4f376da 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -213,6 +213,7 @@ class PKIConfigParser:
'pki_root_prefix' : config.pki_root_prefix,
'resteasy_lib': resteasy_lib,
'arch_java_lib': arch_java_lib,
+ 'home_dir': os.path.expanduser("~"),
'pki_hostname': config.pki_hostname}
self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
@@ -698,69 +699,11 @@ class PKIConfigParser:
os.path.join(
config.pki_master_dict['pki_subsystem_configuration_path'],
"password.conf")
- # Client NSS security database name/value pairs
- #
- # The following variables are established via the specified PKI
- # deployment configuration file and is NOT redefined below:
- #
- # config.pki_master_dict['pki_client_pkcs12_password']
- # config.pki_master_dict['pki_client_database_purge']
- #
- # The following variables are established via the specified PKI
- # deployment configuration file and potentially overridden below:
- #
- # config.pki_master_dict['pki_client_dir']
- # config.pki_master_dict['pki_client_subsystem_dir']
- #
+
if not len(config.pki_master_dict['pki_client_database_password']):
# use randomly generated client 'pin'
config.pki_master_dict['pki_client_database_password'] =\
str(config.pki_master_dict['pki_client_pin'])
- if not len(config.pki_master_dict['pki_client_dir']):
- config.pki_master_dict['pki_client_dir'] =\
- os.path.join(
- os.path.expanduser("~"), ".pki",
- config.pki_master_dict['pki_instance_name'])
- config.pki_master_dict['pki_client_subsystem_dir'] =\
- os.path.join(
- config.pki_master_dict['pki_client_dir'],
- config.pki_master_dict['pki_subsystem'].lower())
- if not len(config.pki_master_dict['pki_client_database_dir']):
- config.pki_master_dict['pki_client_database_dir'] =\
- os.path.join(
- config.pki_master_dict['pki_client_subsystem_dir'],
- "alias")
- config.pki_master_dict['pki_client_password_conf'] =\
- os.path.join(
- config.pki_master_dict['pki_client_subsystem_dir'],
- "password.conf")
- config.pki_master_dict['pki_client_pkcs12_password_conf'] =\
- os.path.join(
- config.pki_master_dict['pki_client_subsystem_dir'],
- "pkcs12_password.conf")
- config.pki_master_dict['pki_client_cert_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_dir'],
- "cert8.db")
- config.pki_master_dict['pki_client_key_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_dir'],
- "key3.db")
- config.pki_master_dict['pki_client_secmod_database'] =\
- os.path.join(config.pki_master_dict['pki_client_database_dir'],
- "secmod.db")
- config.pki_master_dict['pki_client_admin_cert'] =\
- config.pki_master_dict['pki_subsystem'].lower() + "_" +\
- "admin" + "." + "cert"
-
- config.pki_master_dict['pki_client_admin_cert_p12'] =\
- config.pki_master_dict['pki_client_dir'] + "/" +\
- config.pki_master_dict['pki_subsystem'].lower() + "_" +\
- "admin" + "_" + "cert" + "." + "p12"
-
- if not 'pki_admin_cert_file' in config.pki_master_dict or\
- not len(config.pki_master_dict['pki_admin_cert_file']):
- config.pki_master_dict['pki_admin_cert_file'] =\
- config.pki_master_dict['pki_client_dir'] +\
- "/ca_admin.cert"
# Jython scriptlet name/value pairs
config.pki_master_dict['pki_jython_configuration_scriptlet'] =\