diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 10:24:48 -0500 |
commit | 310a30f230eae7fd34d8a41e54ee3125ffb91046 (patch) | |
tree | f6e390ddf170d933f9c22f471afad129150fb840 /base/deploy/src/scriptlets/configuration.jy | |
parent | 3683d2a0647ff09508d0cf1f0553a35870c110db (diff) | |
download | pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.gz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.xz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/configuration.jy')
-rw-r--r-- | base/deploy/src/scriptlets/configuration.jy | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy index bf89a0170..80543b856 100644 --- a/base/deploy/src/scriptlets/configuration.jy +++ b/base/deploy/src/scriptlets/configuration.jy @@ -23,15 +23,9 @@ from com.netscape.certsrv.client import ClientConfig def main(argv): rv = 0 - # Establish 'master' and 'sensitive' as two separate PKI jython dictionaries - master = dict() - sensitive = dict() - # Import the master dictionary from 'pkispawn' master = pickle.loads(argv[1]) - - # Import the sensitive data dictionary from 'pkispawn' - sensitive = pickle.loads(argv[2]) + sensitive_parameters = master['sensitive_parameters'].split() # Optionally enable a java debugger (e. g. - 'eclipse'): if config.str2bool(master['pki_enable_java_debugger']): @@ -63,8 +57,12 @@ def main(argv): (log.PKI_JYTHON_INDENTATION_2, javasystem.getProperties()['java.class.path']) for key in master: + if key in sensitive_parameters: + value = 'XXXXXXXX' + else: + value = master[key] print "%s '%s' = '%s'" %\ - (log.PKI_JYTHON_INDENTATION_2, key, master[key]) + (log.PKI_JYTHON_INDENTATION_2, key, value) # Initialize token jyutil.security_databases.initialize_token( @@ -84,8 +82,7 @@ def main(argv): # Establish REST Client client = jyutil.rest_client.initialize( client_config, - master, - sensitive) + master) # Construct PKI Subsystem Configuration Data data = None |