diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 15:10:31 -0500 |
commit | 719478fd34077fcbf1b6c6ad201c36ff57983490 (patch) | |
tree | dd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/scriptlets/pkijython.py | |
parent | cef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff) | |
download | pki-719478fd34077fcbf1b6c6ad201c36ff57983490.tar.gz pki-719478fd34077fcbf1b6c6ad201c36ff57983490.tar.xz pki-719478fd34077fcbf1b6c6ad201c36ff57983490.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/pkijython.py')
-rw-r--r-- | base/deploy/src/scriptlets/pkijython.py | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py index e6098b01a..e106f0141 100644 --- a/base/deploy/src/scriptlets/pkijython.py +++ b/base/deploy/src/scriptlets/pkijython.py @@ -276,12 +276,10 @@ class security_databases: class rest_client: client = None master = None - sensitive = None - def initialize(self, client_config, master, sensitive): + def initialize(self, client_config, master): try: self.master = master - self.sensitive = sensitive log_level = master['pki_jython_log_level'] if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL: print "%s %s '%s'" %\ @@ -299,7 +297,7 @@ class rest_client: data.setSecurityDomainUri(self.master['pki_security_domain_uri']) data.setSecurityDomainUser(self.master['pki_security_domain_user']) data.setSecurityDomainPassword( - self.sensitive['pki_security_domain_password']) + self.master['pki_security_domain_password']) def set_new_security_domain(self, data): data.setSecurityDomainType(ConfigurationRequest.NEW_DOMAIN) @@ -309,7 +307,7 @@ class rest_client: data.setIsClone("true") data.setCloneUri(self.master['pki_clone_uri']) data.setP12File(self.master['pki_clone_pkcs12_path']) - data.setP12Password(self.sensitive['pki_clone_pkcs12_password']) + data.setP12Password(self.master['pki_clone_pkcs12_password']) data.setReplicateSchema(self.master['pki_clone_replicate_schema']) data.setReplicationSecurity( self.master['pki_clone_replication_security']) @@ -326,7 +324,7 @@ class rest_client: data.setBaseDN(self.master['pki_ds_base_dn']) data.setBindDN(self.master['pki_ds_bind_dn']) data.setDatabase(self.master['pki_ds_database']) - data.setBindpwd(self.sensitive['pki_ds_password']) + data.setBindpwd(self.master['pki_ds_password']) if config.str2bool(self.master['pki_ds_remove_data']): data.setRemoveData("true") else: @@ -340,14 +338,14 @@ class rest_client: if config.str2bool(self.master['pki_backup_keys']): data.setBackupKeys("true") data.setBackupFile(self.master['pki_backup_keys_p12']) - data.setBackupPassword(self.sensitive['pki_backup_password']) + data.setBackupPassword(self.master['pki_backup_password']) else: data.setBackupKeys("false") def set_admin_parameters(self, token, data): data.setAdminEmail(self.master['pki_admin_email']) data.setAdminName(self.master['pki_admin_name']) - data.setAdminPassword(self.sensitive['pki_admin_password']) + data.setAdminPassword(self.master['pki_admin_password']) data.setAdminProfileID(self.master['pki_admin_profile_id']) data.setAdminUID(self.master['pki_admin_uid']) data.setAdminSubjectDN(self.master['pki_admin_subject_dn']) @@ -422,7 +420,7 @@ class rest_client: data = ConfigurationRequest() # Miscellaneous Configuration Information - data.setPin(self.sensitive['pki_one_time_pin']) + data.setPin(master['pki_one_time_pin']) data.setToken(ConfigurationRequest.TOKEN_DEFAULT) data.setSubsystemName(master['pki_subsystem_name']) |