summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkijython.py
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-08-08 13:41:46 -0700
committerAde Lee <alee@redhat.com>2012-08-13 11:39:47 -0400
commit0198bf929702b756214b5f509ffe677ca58bf650 (patch)
treeffb32272ca63e9fe56d54b10d8d78e905f89c7e1 /base/deploy/src/scriptlets/pkijython.py
parent2542a14178a7bbb8c1c2d98121ee317ee929bf85 (diff)
downloadpki-0198bf929702b756214b5f509ffe677ca58bf650.tar.gz
pki-0198bf929702b756214b5f509ffe677ca58bf650.tar.xz
pki-0198bf929702b756214b5f509ffe677ca58bf650.zip
PKI Deployment Scriptlets
* TRAC Ticket #184 - Dogtag 10: Update PKI Deployment to handle cloning CA/KRA/OCSP/TKS . . . * TRAC Ticket #285 - Dogtag 10: Fix installation issues for KRA, OCSP, and TKS
Diffstat (limited to 'base/deploy/src/scriptlets/pkijython.py')
-rw-r--r--base/deploy/src/scriptlets/pkijython.py63
1 files changed, 32 insertions, 31 deletions
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index e08b4901e..5adc7e022 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -180,7 +180,7 @@ def generateCRMFRequest(token, keysize, subjectdn, dualkey):
# 1st : Encryption key
s1.addElement(crmfMsg)
# 2nd : Signing Key
- if dualkey:
+ if config.str2bool(dualkey):
javasystem.out.println(log.PKI_JYTHON_IS_DUALKEY)
seq1 = SEQUENCE()
certReqSigning = CertRequest(INTEGER(1), certTemplate, seq1)
@@ -338,36 +338,28 @@ class rest_client:
data.setIsClone("false")
# Security Domain Information
#
- # NOTE: External CA's DO NOT require a security domain
- if master['pki_instance_type'] == "Tomcat":
- if master['pki_subsystem'] == "CA":
- if not config.str2bool(master['pki_clone']) and\
- not config.str2bool(master['pki_subordinate']):
- # PKI CA
- data.setSecurityDomainType(
- ConfigurationData.NEW_DOMAIN)
- data.setSecurityDomainName(
- master['pki_security_domain_name'])
- else:
- # PKI Cloned or Subordinate CA
- data.setSecurityDomainType(
- ConfigurationData.EXISTING_DOMAIN)
- data.setSecurityDomainUri(
- master['pki_security_domain_uri'])
- data.setSecurityDomainUser(
- master['pki_security_domain_user'])
- data.setSecurityDomainPassword(
- sensitive['pki_security_domain_password'])
- else:
- # PKI KRA, OCSP, or TKS
- data.setSecurityDomainType(
- ConfigurationData.EXISTING_DOMAIN)
- data.setSecurityDomainUri(
- master['pki_security_domain_uri'])
- data.setSecurityDomainUser(
- master['pki_security_domain_user'])
- data.setSecurityDomainPassword(
- sensitive['pki_security_domain_password'])
+ # NOTE: External CA's DO NOT require a security domain
+ #
+ if master['pki_subsystem'] != "CA" or\
+ config.str2bool(master['pki_clone']) or\
+ config.str2bool(master['pki_subordinate']):
+ # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
+ # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
+ # Subordinate CA
+ data.setSecurityDomainType(
+ ConfigurationData.EXISTING_DOMAIN)
+ data.setSecurityDomainUri(
+ master['pki_security_domain_uri'])
+ data.setSecurityDomainUser(
+ master['pki_security_domain_user'])
+ data.setSecurityDomainPassword(
+ sensitive['pki_security_domain_password'])
+ elif not config.str2bool(master['pki_external']):
+ # PKI CA
+ data.setSecurityDomainType(
+ ConfigurationData.NEW_DOMAIN)
+ data.setSecurityDomainName(
+ master['pki_security_domain_name'])
# Directory Server Information
if master['pki_subsystem'] != "RA":
data.setDsHost(master['pki_ds_hostname'])
@@ -420,6 +412,15 @@ class rest_client:
else:
javasystem.out.println(log.PKI_JYTHON_CRMF_SUPPORT_ONLY)
javasystem.exit(1)
+ # Issuing CA Information
+ if master['pki_subsystem'] != "CA" or\
+ config.str2bool(master['pki_clone']) or\
+ config.str2bool(master['pki_subordinate']) or\
+ config.str2bool(master['pki_external']):
+ # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
+ # CA Clone, KRA Clone, OCSP Clone, TKS Clone,
+ # Subordinate CA, or External CA
+ data.setIssuingCA(master['pki_issuing_ca'])
# Create system certs
systemCerts = ArrayList()
# Create 'CA Signing Certificate'