Set paths for default instance

With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385
author: Ade Lee <alee@redhat.com> 2012-10-26 12:36:14 -0400
committer: Ade Lee <alee@redhat.com> 2012-11-04 22:12:57 -0500
commit: db9537d210a20b90115374e5b406db6c9658bc3a (patch)
tree: 0adfb22bd00842c2e3cae2b46ddbf7caa313b19d /base/deploy/src/scriptlets/pkijython.py
parent: d9a9e23aae83f1d3d6c0e5968097fde12cfff3d2 (diff)
download: pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.gz
pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.xz
pki-db9537d210a20b90115374e5b406db6c9658bc3a.zip
1 files changed, 68 insertions, 1 deletions
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index e984e0377..6f71cb88b 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -193,6 +193,28 @@ def generateCRMFRequest(token, keysize, subjectdn, dualkey):
         Req1 = Utils.base64encode(encoded)
         return Req1
 
+COMMENT_CHAR = '#'
+OPTION_CHAR =  '='
+def read_simple_configuration_file(filename):
+    values = {}
+    f = open(filename)
+    for line in f:
+        # First, remove comments:
+        if COMMENT_CHAR in line:
+            # split on comment char, keep only the part before
+            line, comment = line.split(COMMENT_CHAR, 1)
+        # Second, find lines with an name=value:
+        if OPTION_CHAR in line:
+            # split on name char:
+            name, value = line.split(OPTION_CHAR, 1)
+            # strip spaces:
+            name = name.strip()
+            value = value.strip()
+            # store in dictionary:
+            values[name] = value
+    f.close()
+    return values
+
 
 # PKI Deployment 'security databases' Class
 class security_databases:
@@ -361,6 +383,36 @@ class rest_client:
         cert.setToken(self.master["pki_%s_token" % tag])
         return cert
 
+    def retrieve_existing_server_cert(self, cfg_file):
+        cs_cfg = read_simple_configuration_file(cfg_file)
+        cstype = cs_cfg.get('cs.type').lower()
+        cert = SystemCertData()
+        cert.setTag(self.master["pki_ssl_server_tag"])
+        cert.setKeyAlgorithm(self.master["pki_ssl_server_key_algorithm"])
+        cert.setKeySize(self.master["pki_ssl_server_key_size"])
+        cert.setKeyType(self.master["pki_ssl_server_key_type"])
+        cert.setNickname(cs_cfg.get(cstype + ".sslserver.nickname"))
+        cert.setCert(cs_cfg.get(cstype + ".sslserver.cert"))
+        cert.setRequest(cs_cfg.get(cstype + ".sslserver.certreq"))
+        cert.setSubjectDN(self.master["pki_ssl_server_subject_dn"])
+        cert.setToken(cs_cfg.get(cstype + ".sslserver.tokenname"))
+        return cert
+
+    def tomcat_instance_subsystems(self):
+        # Return list of PKI subsystems in the specified tomcat instance
+        rv = []
+        try:
+            for subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+                path = self.master['pki_instance_path'] + "/" + subsystem.lower()
+                if os.path.exists(path) and os.path.isdir(path):
+                    rv.append(subsystem)
+        except Exception, e:
+            javasystem.out.println(
+                log.PKI_JYTHON_JAVA_CONFIGURATION_EXCEPTION + " " + str(e))
+            javasystem.exit(1)
+        return rv
+
+
     def construct_pki_configuration_data(self, token):
         data = None
         master = self.master
@@ -455,7 +507,21 @@ class rest_client:
 
             # Create 'SSL Server Certificate'
             # all subsystems
-            cert3 = self.create_system_cert("ssl_server")
+
+            # create new sslserver cert only if this is a new instance
+            cert3 = None
+            system_list = self.tomcat_instance_subsystems()
+            if len(system_list) >= 2:
+                data.setGenerateServerCert("false")
+                for subsystem in system_list:
+                    dst = master['pki_instance_path'] + '/conf/' +\
+                        subsystem.lower() + '/CS.cfg' 
+                    if subsystem != master['pki_subsystem'] and \
+                       os.path.exists(dst):
+                        cert3 = self.retrieve_existing_server_cert(dst)
+                        break
+            else:
+                cert3 = self.create_system_cert("ssl_server")
             systemCerts.add(cert3)
 
             # Create 'Subsystem Certificate'
@@ -481,6 +547,7 @@ class rest_client:
                     systemCerts.add(cert7)
 
             data.setSystemCerts(systemCerts)
+
         return data
 
     def configure_pki_data(self, data):
author	Ade Lee <alee@redhat.com>	2012-10-26 12:36:14 -0400
committer	Ade Lee <alee@redhat.com>	2012-11-04 22:12:57 -0500
commit	db9537d210a20b90115374e5b406db6c9658bc3a (patch)
tree	0adfb22bd00842c2e3cae2b46ddbf7caa313b19d /base/deploy/src/scriptlets/pkijython.py
parent	d9a9e23aae83f1d3d6c0e5968097fde12cfff3d2 (diff)
download	pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.gz pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.xz pki-db9537d210a20b90115374e5b406db6c9658bc3a.zip