PKI Deployment Scriptlets

* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .

1 files changed, 15 insertions, 47 deletions

diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy
index 0746d40fc..d06119ada 100644
--- a/base/deploy/src/scriptlets/configuration.jy
+++ b/base/deploy/src/scriptlets/configuration.jy
@@ -23,12 +23,16 @@ from com.netscape.cms.client.cli import ClientConfig
 def main(argv):
     rv = 0
 
-    # Establish 'master' as the PKI jython dictionary
+    # Establish 'master' and 'sensitive' as two separate PKI jython dictionaries
     master = dict()
+    sensitive = dict()
 
     # Import the master dictionary from 'pkispawn'
     master = pickle.loads(argv[1])
 
+    # Import the sensitive data dictionary from 'pkispawn'
+    sensitive = pickle.loads(argv[2])
+
     # Optionally enable a java debugger (e. g. - 'eclipse'):
     if config.str2bool(master['pki_enable_java_debugger']):
         config.wait_to_attach_an_external_java_debugger()
@@ -64,13 +68,13 @@ def main(argv):
 
     # Initialize token
     jyutil.security_databases.initialize_token(
-        master['pki_client_database_path'],
+        master['pki_client_database_dir'],
         master['pki_dry_run_flag'],
         master['pki_jython_log_level'])
 
     # Log into token
     token = jyutil.security_databases.log_into_token(
-                master['pki_client_database_path'],
+                master['pki_client_database_dir'],
                 master['pki_client_password_conf'],
                 master['pki_dry_run_flag'],
                 master['pki_jython_log_level'])
@@ -124,54 +128,18 @@ def main(argv):
                        log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
                 return self.rv
             else:
+                # CA
                 data = jyutil.rest_client.construct_pki_configuration_data(
-                           master, token)
-        elif master['pki_subsystem'] == "KRA":
-            if config.str2bool(master['pki_clone']):
-                print "%s '%s %s' %s" %\
-                      (log.PKI_JYTHON_INDENTATION_2,
-                       log.PKI_JYTHON_CLONED_PKI_SUBSYSTEM,
-                       master['pki_subsystem'],
-                       log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
-                return self.rv
-            else:
-                print "%s '%s' %s" %\
-                      (log.PKI_JYTHON_INDENTATION_2,
-                       master['pki_subsystem'],
-                       log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
-                return self.rv
-        elif master['pki_subsystem'] == "OCSP":
-            if config.str2bool(master['pki_clone']):
-                print "%s '%s %s' %s" %\
-                      (log.PKI_JYTHON_INDENTATION_2,
-                       log.PKI_JYTHON_CLONED_PKI_SUBSYSTEM,
-                       master['pki_subsystem'],
-                       log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
-                return self.rv
-            else:
-                print "%s '%s' %s" %\
-                      (log.PKI_JYTHON_INDENTATION_2,
-                       master['pki_subsystem'],
-                       log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
-                return self.rv
-        elif master['pki_subsystem'] == "TKS":
-            if config.str2bool(master['pki_clone']):
-                print "%s '%s %s' %s" %\
-                      (log.PKI_JYTHON_INDENTATION_2,
-                       log.PKI_JYTHON_CLONED_PKI_SUBSYSTEM,
-                       master['pki_subsystem'],
-                       log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
-                return self.rv
-            else:
-                print "%s '%s' %s" %\
-                      (log.PKI_JYTHON_INDENTATION_2,
-                       master['pki_subsystem'],
-                       log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
-                return self.rv
+                           master, sensitive, token)
+        else:
+            # KRA, OCSP, or TKS
+            data = jyutil.rest_client.construct_pki_configuration_data(
+                       master, sensitive, token)
 
     # Formulate PKI Subsystem Configuration Data Response
     jyutil.rest_client.configure_pki_data(data,
-                                          master)
+                                          master,
+                                          sensitive)
 
 
 if __name__ == "__main__":