diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 16:02:48 -0500 |
commit | 5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 (patch) | |
tree | dd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/scriptlets/configuration.jy | |
parent | cef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff) | |
download | pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.gz pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.xz pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/configuration.jy')
-rw-r--r-- | base/deploy/src/scriptlets/configuration.jy | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy index bf89a0170..80543b856 100644 --- a/base/deploy/src/scriptlets/configuration.jy +++ b/base/deploy/src/scriptlets/configuration.jy @@ -23,15 +23,9 @@ from com.netscape.certsrv.client import ClientConfig def main(argv): rv = 0 - # Establish 'master' and 'sensitive' as two separate PKI jython dictionaries - master = dict() - sensitive = dict() - # Import the master dictionary from 'pkispawn' master = pickle.loads(argv[1]) - - # Import the sensitive data dictionary from 'pkispawn' - sensitive = pickle.loads(argv[2]) + sensitive_parameters = master['sensitive_parameters'].split() # Optionally enable a java debugger (e. g. - 'eclipse'): if config.str2bool(master['pki_enable_java_debugger']): @@ -63,8 +57,12 @@ def main(argv): (log.PKI_JYTHON_INDENTATION_2, javasystem.getProperties()['java.class.path']) for key in master: + if key in sensitive_parameters: + value = 'XXXXXXXX' + else: + value = master[key] print "%s '%s' = '%s'" %\ - (log.PKI_JYTHON_INDENTATION_2, key, master[key]) + (log.PKI_JYTHON_INDENTATION_2, key, value) # Initialize token jyutil.security_databases.initialize_token( @@ -84,8 +82,7 @@ def main(argv): # Establish REST Client client = jyutil.rest_client.initialize( client_config, - master, - sensitive) + master) # Construct PKI Subsystem Configuration Data data = None |