summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiparser.py
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-07-03 17:52:33 -0700
committerMatthew Harmsen <mharmsen@redhat.com>2012-07-19 10:15:56 -0700
commit0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 (patch)
tree79c0152be9f49069e977d0156283dbed746e7cfb /base/deploy/src/scriptlets/pkiparser.py
parent32b2670ba16084896e10ae27f7ce7b50313e375a (diff)
downloadpki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.gz
pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.xz
pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.zip
PKI Deployment Scriptlets
* Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py1251
1 files changed, 1205 insertions, 46 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 0add192f7..5abfdc064 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -53,22 +53,18 @@ def process_command_line_arguments(argv):
required=True, metavar='<subsystem>',
help='where <subsystem> is '
'CA, KRA, OCSP, RA, TKS, or TPS')
+ if os.path.basename(argv[0]) == 'pkispawn':
+ mandatory.add_argument('-f',
+ dest='pkideployment_cfg', action='store',
+ nargs=1, required=True, metavar='<file>',
+ help='specifies configuration filename')
optional = parser.add_argument_group('optional arguments')
optional.add_argument('--dry_run',
dest='pki_dry_run_flag', action='store_true',
help='do not actually perform any actions')
- optional.add_argument('-f',
- dest='pkideployment_cfg', action='store',
- nargs=1, metavar='<file>',
- help='overrides default configuration filename')
optional.add_argument('-h', '--help',
dest='help', action='help',
help='show this help message and exit')
- optional.add_argument('-p',
- dest='pki_root_prefix', action='store',
- nargs=1, metavar='<prefix>',
- help='directory prefix to specify local directory '
- '[TEST ONLY]')
if os.path.basename(argv[0]) == 'pkispawn':
optional.add_argument('-u',
dest='pki_update_flag', action='store_true',
@@ -98,6 +94,12 @@ def process_command_line_arguments(argv):
dest='custom_pki_ajp_port', action='store',
nargs=1, metavar='<port>',
help='AJP port (CA, KRA, OCSP, TKS)')
+ test = parser.add_argument_group('test arguments')
+ test.add_argument('-p',
+ dest='pki_root_prefix', action='store',
+ nargs=1, metavar='<prefix>',
+ help='directory prefix to specify local directory '
+ '[TEST ONLY]')
args = parser.parse_args()
config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
@@ -187,7 +189,7 @@ def process_command_line_arguments(argv):
print
parser.print_help()
parser.exit(-1);
- if not args.pkideployment_cfg is None:
+ if os.path.basename(argv[0]) == 'pkispawn':
config.pkideployment_cfg = str(args.pkideployment_cfg).strip('[\']')
elif os.path.basename(argv[0]) == 'pkidestroy':
# NOTE: When performing 'pkidestroy', a configuration file must be
@@ -258,6 +260,9 @@ def read_pki_configuration_file():
# Make keys case-sensitive!
parser.optionxform = str
parser.read(config.pkideployment_cfg)
+ config.pki_sensitive_dict = dict(parser._sections['Sensitive'])
+ config.pki_mandatory_dict = dict(parser._sections['Mandatory'])
+ config.pki_optional_dict = dict(parser._sections['Optional'])
config.pki_common_dict = dict(parser._sections['Common'])
if config.pki_subsystem == "CA":
config.pki_web_server_dict = dict(parser._sections['Tomcat'])
@@ -278,6 +283,9 @@ def read_pki_configuration_file():
config.pki_web_server_dict = dict(parser._sections['Apache'])
config.pki_subsystem_dict = dict(parser._sections['TPS'])
# Insert empty record into dictionaries for "pretty print" statements
+ # NEVER print "sensitive" key value pairs!!!
+ config.pki_mandatory_dict[0] = None
+ config.pki_optional_dict[0] = None
config.pki_common_dict[0] = None
config.pki_web_server_dict[0] = None
config.pki_subsystem_dict[0] = None
@@ -297,13 +305,19 @@ def compose_pki_master_dictionary():
config.pki_certificate_timestamp
config.pki_master_dict['pki_architecture'] = config.pki_architecture
config.pki_master_dict['pki_hostname'] = config.pki_hostname
+ config.pki_master_dict['pki_dns_domainname'] =\
+ config.pki_dns_domainname
config.pki_master_dict['pki_pin'] = config.pki_pin
config.pki_master_dict['pki_client_pin'] = config.pki_client_pin
config.pki_master_dict['pki_one_time_pin'] = config.pki_one_time_pin
config.pki_master_dict['pki_dry_run_flag'] = config.pki_dry_run_flag
config.pki_master_dict['pki_jython_log_level'] =\
config.pki_jython_log_level
+ config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
# Configuration file name/value pairs
+ # NEVER add "sensitive" key value pairs to the master dictionary!!!
+ config.pki_master_dict.update(config.pki_mandatory_dict)
+ config.pki_master_dict.update(config.pki_optional_dict)
config.pki_master_dict.update(config.pki_common_dict)
config.pki_master_dict.update(config.pki_web_server_dict)
config.pki_master_dict.update(config.pki_subsystem_dict)
@@ -357,8 +371,7 @@ def compose_pki_master_dictionary():
# (e. g. Tomcat: "tomcat", "example.com-tomcat")
# (e. g. Apache: "apache", "example.com-apache")
#
- if not config.pki_master_dict['pki_admin_domain_name'] is None and\
- not config.pki_master_dict['pki_admin_domain_name'] is '':
+ if len(config.pki_master_dict['pki_admin_domain_name']):
config.pki_master_dict['pki_instance_id'] =\
config.pki_master_dict['pki_admin_domain_name'] +\
"-" + config.pki_master_dict['pki_instance_name']
@@ -458,6 +471,9 @@ def compose_pki_master_dictionary():
os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
"ca",
"emails")
+ config.pki_master_dict['pki_source_flatfile_txt'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "flatfile.txt")
config.pki_master_dict['pki_source_profiles'] =\
os.path.join(config.PKI_DEPLOYMENT_SOURCE_ROOT,
"ca",
@@ -465,6 +481,43 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_source_proxy_conf'] =\
os.path.join(config.pki_master_dict['pki_source_conf_path'],
"proxy.conf")
+ config.pki_master_dict['pki_source_registry_cfg'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "registry.cfg")
+ # '*.profile'
+ config.pki_master_dict['pki_source_admincert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "adminCert.profile")
+ config.pki_master_dict['pki_source_caauditsigningcert_profile']\
+ = os.path.join(
+ config.pki_master_dict['pki_source_conf_path'],
+ "caAuditSigningCert.profile")
+ config.pki_master_dict['pki_source_cacert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "caCert.profile")
+ config.pki_master_dict['pki_source_caocspcert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "caOCSPCert.profile")
+ config.pki_master_dict['pki_source_servercert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "serverCert.profile")
+ config.pki_master_dict['pki_source_subsystemcert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "subsystemCert.profile")
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ # '*.profile'
+ config.pki_master_dict['pki_source_servercert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "serverCert.profile")
+ config.pki_master_dict['pki_source_storagecert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "storageCert.profile")
+ config.pki_master_dict['pki_source_subsystemcert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "subsystemCert.profile")
+ config.pki_master_dict['pki_source_transportcert_profile'] =\
+ os.path.join(config.pki_master_dict['pki_source_conf_path'],
+ "transportCert.profile")
# PKI top-level file system layout name/value pairs
# NOTE: Never use 'os.path.join()' whenever 'pki_root_prefix'
# is being prepended!!!
@@ -498,12 +551,14 @@ def compose_pki_master_dictionary():
if config.pki_master_dict['pki_subsystem'] in\
config.PKI_APACHE_SUBSYSTEMS:
# Apache instance base name/value pairs
+ config.pki_master_dict['pki_instance_type'] = "Apache"
# Apache instance log name/value pairs
# Apache instance configuration name/value pairs
# Apache instance registry name/value pairs
config.pki_master_dict['pki_instance_type_registry_path'] =\
- os.path.join(config.pki_master_dict['pki_registry_path'],
- "apache")
+ os.path.join(
+ config.pki_master_dict['pki_registry_path'],
+ config.pki_master_dict['pki_instance_type'].lower())
config.pki_master_dict['pki_instance_registry_path'] =\
os.path.join(
config.pki_master_dict['pki_instance_type_registry_path'],
@@ -513,12 +568,16 @@ def compose_pki_master_dictionary():
elif config.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
# Tomcat instance base name/value pairs
+ config.pki_master_dict['pki_instance_type'] = "Tomcat"
config.pki_master_dict['pki_tomcat_common_path'] =\
os.path.join(config.pki_master_dict['pki_instance_path'],
"common")
config.pki_master_dict['pki_tomcat_common_lib_path'] =\
os.path.join(config.pki_master_dict['pki_tomcat_common_path'],
"lib")
+ config.pki_master_dict['pki_tomcat_tmpdir_path'] =\
+ os.path.join(config.pki_master_dict['pki_instance_path'],
+ "temp")
config.pki_master_dict['pki_tomcat_webapps_path'] =\
os.path.join(config.pki_master_dict['pki_instance_path'],
"webapps")
@@ -529,28 +588,43 @@ def compose_pki_master_dictionary():
os.path.join(
config.pki_master_dict['pki_tomcat_webapps_root_path'],
"WEB-INF")
- config.pki_master_dict['pki_tomcat_webapps_webinf_path'] =\
- os.path.join(config.pki_master_dict['pki_tomcat_webapps_path'],
- "WEB-INF")
- config.pki_master_dict['pki_tomcat_webapps_webinf_classes_path'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_webapps_webinf_path'],
- "classes")
- config.pki_master_dict['pki_tomcat_webapps_webinf_lib_path'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_webapps_webinf_path'],
- "lib")
config.pki_master_dict['pki_tomcat_webapps_root_webinf_web_xml'] =\
os.path.join(
config.pki_master_dict\
['pki_tomcat_webapps_root_webinf_path'],
"web.xml")
+ config.pki_master_dict['pki_tomcat_work_path'] =\
+ os.path.join(config.pki_master_dict['pki_instance_path'],
+ "work")
+ config.pki_master_dict['pki_tomcat_work_catalina_path'] =\
+ os.path.join(config.pki_master_dict['pki_tomcat_work_path'],
+ "Catalina")
+ config.pki_master_dict['pki_tomcat_work_catalina_host_path'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_work_catalina_path'],
+ "localhost")
+ config.pki_master_dict['pki_tomcat_work_catalina_host_run_path'] =\
+ os.path.join(
+ config.pki_master_dict\
+ ['pki_tomcat_work_catalina_host_path'],
+ "_")
+ config.pki_master_dict\
+ ['pki_tomcat_work_catalina_host_subsystem_path'] =\
+ os.path.join(
+ config.pki_master_dict\
+ ['pki_tomcat_work_catalina_host_path'],
+ config.pki_master_dict['pki_subsystem'].lower())
# Tomcat instance log name/value pairs
# Tomcat instance configuration name/value pairs
+ config.pki_master_dict['pki_instance_log4j_properties'] =\
+ os.path.join(
+ config.pki_master_dict['pki_instance_configuration_path'],
+ "log4j.properties")
# Tomcat instance registry name/value pairs
config.pki_master_dict['pki_instance_type_registry_path'] =\
- os.path.join(config.pki_master_dict['pki_registry_path'],
- "tomcat")
+ os.path.join(
+ config.pki_master_dict['pki_registry_path'],
+ config.pki_master_dict['pki_instance_type'].lower())
config.pki_master_dict['pki_instance_registry_path'] =\
os.path.join(
config.pki_master_dict['pki_instance_type_registry_path'],
@@ -562,9 +636,205 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_tomcat_lib_link'] =\
os.path.join(config.pki_master_dict['pki_instance_path'],
"lib")
+ config.pki_master_dict['pki_tomcat_lib_log4j_properties_link'] =\
+ os.path.join(config.pki_master_dict['pki_tomcat_lib_path'],
+ "log4j.properties")
config.pki_master_dict['pki_instance_systemd_link'] =\
os.path.join(config.pki_master_dict['pki_instance_path'],
config.pki_master_dict['pki_instance_id'])
+ # Tomcat instance common lib jars
+ if config.pki_master_dict['pki_architecture'] == 64:
+ config.pki_master_dict['pki_jss_jar'] =\
+ os.path.join("/usr/lib64/java",
+ "jss4.jar")
+ config.pki_master_dict['pki_symkey_jar'] =\
+ os.path.join("/usr/lib64/java",
+ "symkey.jar")
+ else:
+ config.pki_master_dict['pki_jss_jar'] =\
+ os.path.join("/usr/lib/java",
+ "jss4.jar")
+ config.pki_master_dict['pki_symkey_jar'] =\
+ os.path.join("/usr/lib/java",
+ "symkey.jar")
+ config.pki_master_dict['pki_apache_commons_collections_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "apache-commons-collections.jar")
+ config.pki_master_dict['pki_apache_commons_lang_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "apache-commons-lang.jar")
+ config.pki_master_dict['pki_apache_commons_logging_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "apache-commons-logging.jar")
+ config.pki_master_dict['pki_commons_codec_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "commons-codec.jar")
+ config.pki_master_dict['pki_httpclient_jar'] =\
+ os.path.join(
+ config.PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT,
+ "httpclient.jar")
+ config.pki_master_dict['pki_javassist_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "javassist.jar")
+ config.pki_master_dict['pki_resteasy_jaxrs_api_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ "jaxrs-api.jar")
+ config.pki_master_dict['pki_jettison_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "jettison.jar")
+ config.pki_master_dict['pki_ldapjdk_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "ldapjdk.jar")
+ config.pki_master_dict['pki_certsrv_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-certsrv.jar")
+ config.pki_master_dict['pki_cmsbundle'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-cmsbundle.jar")
+ config.pki_master_dict['pki_cmscore'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-cmscore.jar")
+ config.pki_master_dict['pki_cms'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-cms.jar")
+ config.pki_master_dict['pki_cmsutil'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-cmsutil.jar")
+ config.pki_master_dict['pki_nsutil'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-nsutil.jar")
+ config.pki_master_dict['pki_resteasy_jaxb_provider_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ "resteasy-jaxb-provider.jar")
+ config.pki_master_dict['pki_resteasy_jaxrs_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ "resteasy-jaxrs.jar")
+ config.pki_master_dict['pki_resteasy_jettison_provider_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
+ "resteasy-jettison-provider.jar")
+ config.pki_master_dict['pki_scannotation_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "scannotation.jar")
+ config.pki_master_dict['pki_tomcatjss_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "tomcatjss.jar")
+ config.pki_master_dict['pki_velocity_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "velocity.jar")
+ config.pki_master_dict['pki_xerces_j2_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "xerces-j2.jar")
+ config.pki_master_dict['pki_xml_commons_apis_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "xml-commons-apis.jar")
+ config.pki_master_dict['pki_xml_commons_resolver_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT,
+ "xml-commons-resolver.jar")
+ # Tomcat instance common lib jar symbolic links
+ config.pki_master_dict['pki_jss_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "jss4.jar")
+ config.pki_master_dict['pki_symkey_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "symkey.jar")
+ config.pki_master_dict['pki_apache_commons_collections_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "apache-commons-collections.jar")
+ config.pki_master_dict['pki_apache_commons_lang_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "apache-commons-lang.jar")
+ config.pki_master_dict['pki_apache_commons_logging_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "apache-commons-logging.jar")
+ config.pki_master_dict['pki_commons_codec_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "apache-commons-codec.jar")
+ config.pki_master_dict['pki_httpclient_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "httpclient.jar")
+ config.pki_master_dict['pki_javassist_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "javassist.jar")
+ config.pki_master_dict['pki_resteasy_jaxrs_api_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "jaxrs-api.jar")
+ config.pki_master_dict['pki_jettison_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "jettison.jar")
+ config.pki_master_dict['pki_ldapjdk_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "ldapjdk.jar")
+ config.pki_master_dict['pki_certsrv_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-certsrv.jar")
+ config.pki_master_dict['pki_cmsbundle_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-cmsbundle.jar")
+ config.pki_master_dict['pki_cmscore_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-cmscore.jar")
+ config.pki_master_dict['pki_cms_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-cms.jar")
+ config.pki_master_dict['pki_cmsutil_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-cmsutil.jar")
+ config.pki_master_dict['pki_nsutil_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-nsutil.jar")
+ config.pki_master_dict['pki_resteasy_jaxb_provider_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "resteasy-jaxb-provider.jar")
+ config.pki_master_dict['pki_resteasy_jaxrs_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "resteasy-jaxrs.jar")
+ config.pki_master_dict['pki_resteasy_jettison_provider_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "resteasy-jettison-provider.jar")
+ config.pki_master_dict['pki_scannotation_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "scannotation.jar")
+ config.pki_master_dict['pki_tomcatjss_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "tomcatjss.jar")
+ config.pki_master_dict['pki_velocity_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "velocity.jar")
+ config.pki_master_dict['pki_xerces_j2_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "xerces-j2.jar")
+ config.pki_master_dict['pki_xml_commons_apis_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "xml-commons-apis.jar")
+ config.pki_master_dict['pki_xml_commons_resolver_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "xml-commons-resolver.jar")
# Instance layout NSS security database name/value pairs
config.pki_master_dict['pki_database_path'] =\
os.path.join(
@@ -612,9 +882,6 @@ def compose_pki_master_dictionary():
elif config.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
# Instance-based Tomcat PKI subsystem base name/value pairs
- config.pki_master_dict['pki_tomcat_webapps_subsystem_path'] =\
- os.path.join(config.pki_master_dict['pki_tomcat_webapps_path'],
- config.pki_master_dict['pki_subsystem'].lower())
if config.pki_master_dict['pki_subsystem'] == "CA":
config.pki_master_dict['pki_subsystem_emails_path'] =\
os.path.join(config.pki_master_dict['pki_subsystem_path'],
@@ -632,18 +899,6 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem_tomcat_webapps_link'] =\
os.path.join(config.pki_master_dict['pki_subsystem_path'],
"webapps")
- config.pki_master_dict\
- ['pki_tomcat_webapps_subsystem_webinf_classes_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
- "WEB-INF",
- "classes")
- config.pki_master_dict\
- ['pki_tomcat_webapps_subsystem_webinf_lib_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
- "WEB-INF",
- "lib")
# Instance-based Apache/Tomcat PKI subsystem convenience symbolic links
config.pki_master_dict['pki_subsystem_database_link'] =\
os.path.join(config.pki_master_dict['pki_subsystem_path'],
@@ -654,6 +909,78 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem_logs_link'] =\
os.path.join(config.pki_master_dict['pki_subsystem_path'],
"logs")
+ # PKI Target (war file) name/value pairs
+ if config.pki_master_dict['pki_subsystem'] in\
+ config.PKI_TOMCAT_SUBSYSTEMS:
+ # Tomcat PKI subsystem war file base name/value pairs
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_path'] =\
+ os.path.join(config.pki_master_dict['pki_tomcat_webapps_path'],
+ config.pki_master_dict['pki_subsystem'].lower())
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_classes_path'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
+ "WEB-INF",
+ "classes")
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
+ "WEB-INF",
+ "lib")
+ # Tomcat PKI subsystem war file convenience symbolic links
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ config.pki_master_dict['pki_ca_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-ca.jar")
+ # config.pki_master_dict['pki_ca_jar_link'] =\
+ # os.path.join(
+ # config.pki_master_dict\
+ # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ # "pki-ca.jar")
+ config.pki_master_dict['pki_ca_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-ca.jar")
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ config.pki_master_dict['pki_kra_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-kra.jar")
+ # config.pki_master_dict['pki_kra_jar_link'] =\
+ # os.path.join(
+ # config.pki_master_dict\
+ # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ # "pki-kra.jar")
+ config.pki_master_dict['pki_kra_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-kra.jar")
+ elif config.pki_master_dict['pki_subsystem'] == "OCSP":
+ config.pki_master_dict['pki_ocsp_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-ocsp.jar")
+ # config.pki_master_dict['pki_ocsp_jar_link'] =\
+ # os.path.join(
+ # config.pki_master_dict\
+ # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ # "pki-ocsp.jar")
+ config.pki_master_dict['pki_ocsp_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-ocsp.jar")
+ elif config.pki_master_dict['pki_subsystem'] == "TKS":
+ config.pki_master_dict['pki_tks_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-tks.jar")
+ # config.pki_master_dict['pki_tks_jar_link'] =\
+ # os.path.join(
+ # config.pki_master_dict\
+ # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ # "pki-tks.jar")
+ config.pki_master_dict['pki_tks_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_common_lib_path'],
+ "pki-tks.jar")
# PKI Target (slot substitution) name/value pairs
config.pki_master_dict['pki_target_cs_cfg'] =\
os.path.join(
@@ -699,12 +1026,50 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
"WEB-INF",
"web.xml")
+ config.pki_master_dict['pki_target_subsystem_web_xml_orig'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
+ "WEB-INF",
+ "web.xml.orig")
# subystem-specific slot substitution name/value pairs
if config.pki_master_dict['pki_subsystem'] == "CA":
+ config.pki_master_dict['pki_target_flatfile_txt'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "flatfile.txt")
config.pki_master_dict['pki_target_proxy_conf'] =\
os.path.join(config.pki_master_dict\
['pki_subsystem_configuration_path'],
"proxy.conf")
+ config.pki_master_dict['pki_target_registry_cfg'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "registry.cfg")
+ # '*.profile'
+ config.pki_master_dict['pki_target_admincert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "adminCert.profile")
+ config.pki_master_dict['pki_target_caauditsigningcert_profile']\
+ = os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "caAuditSigningCert.profile")
+ config.pki_master_dict['pki_target_cacert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "caCert.profile")
+ config.pki_master_dict['pki_target_caocspcert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "caOCSPCert.profile")
+ config.pki_master_dict['pki_target_servercert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "serverCert.profile")
+ config.pki_master_dict['pki_target_subsystemcert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "subsystemCert.profile")
# in-place slot substitution name/value pairs
config.pki_master_dict['pki_target_profileselect_template'] =\
os.path.join(
@@ -713,6 +1078,24 @@ def compose_pki_master_dictionary():
"ee",
config.pki_master_dict['pki_subsystem'].lower(),
"ProfileSelect.template")
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ # '*.profile'
+ config.pki_master_dict['pki_target_servercert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "serverCert.profile")
+ config.pki_master_dict['pki_target_storagecert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "storageCert.profile")
+ config.pki_master_dict['pki_target_subsystemcert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "subsystemCert.profile")
+ config.pki_master_dict['pki_target_transportcert_profile'] =\
+ os.path.join(config.pki_master_dict\
+ ['pki_subsystem_configuration_path'],
+ "transportCert.profile")
# Slot assignment name/value pairs
# NOTE: Master key == Slots key; Master value ==> Slots value
config.pki_master_dict['PKI_INSTANCE_ID_SLOT'] =\
@@ -830,6 +1213,8 @@ def compose_pki_master_dictionary():
"tomcat")
config.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\
config.pki_master_dict['pki_proxy_https_port']
+ config.pki_master_dict['PKI_TMPDIR_SLOT'] =\
+ config.pki_master_dict['pki_tomcat_tmpdir_path']
config.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\
config.pki_master_dict['pki_proxy_http_port']
config.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\
@@ -846,6 +1231,8 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_security_manager']
config.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] =\
config.pki_master_dict['pki_target_server_xml']
+ config.pki_master_dict['PKI_SUBSYSTEM_DIR_SLOT'] =\
+ config.pki_master_dict['pki_subsystem'].lower() + "/"
config.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] =\
config.pki_master_dict['pki_subsystem'].lower()
config.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] =\
@@ -924,6 +1311,10 @@ def compose_pki_master_dictionary():
"+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +\
"+TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
# Shared Apache/Tomcat NSS security database name/value pairs
+ config.pki_master_dict['pki_shared_pfile'] =\
+ os.path.join(
+ config.pki_master_dict['pki_instance_configuration_path'],
+ "pfile")
config.pki_master_dict['pki_shared_password_conf'] =\
os.path.join(
config.pki_master_dict['pki_instance_configuration_path'],
@@ -941,13 +1332,13 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_self_signed_nickname'] =\
"Server-Cert cert-" + config.pki_master_dict['pki_instance_id']
config.pki_master_dict['pki_self_signed_subject'] =\
- "CN=" + config.pki_master_dict['pki_hostname'] + "," +\
- "O=" + config.pki_master_dict['pki_certificate_timestamp']
+ "cn=" + config.pki_master_dict['pki_hostname'] + "," +\
+ "o=" + config.pki_master_dict['pki_certificate_timestamp']
config.pki_master_dict['pki_self_signed_serial_number'] = 0
config.pki_master_dict['pki_self_signed_validity_period'] = 12
config.pki_master_dict['pki_self_signed_issuer_name'] =\
- "CN=" + config.pki_master_dict['pki_hostname'] + "," +\
- "O=" + config.pki_master_dict['pki_certificate_timestamp']
+ "cn=" + config.pki_master_dict['pki_hostname'] + "," +\
+ "o=" + config.pki_master_dict['pki_certificate_timestamp']
config.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu"
config.pki_master_dict['pki_self_signed_noise_file'] =\
os.path.join(
@@ -992,10 +1383,778 @@ def compose_pki_master_dictionary():
"pki",
"deployment",
"configuration.jy")
+ config.pki_master_dict['pki_jython_base_uri'] =\
+ "https" + "://" + config.pki_master_dict['pki_hostname'] + ":" +\
+ config.pki_master_dict['pki_https_port'] + "/" +\
+ config.pki_master_dict['pki_subsystem'].lower() + "/" + "pki"
+ # Jython scriptlet
+ # 'Security Domain' Configuration name/value pairs
+ #
+ # Apache - [RA], [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_security_domain_type']
+ # config.pki_master_dict['pki_security_domain_uri']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_security_domain_https_port']
+ # config.pki_master_dict['pki_security_domain_password']
+ # config.pki_master_dict['pki_security_domain_user']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_security_domain_hostname']
+ # config.pki_master_dict['pki_security_domain_name']
+ #
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if config.pki_subsystem == "CA":
+ if config.str2bool(config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict['pki_security_domain_type'] = "new"
+ if not len(config.pki_master_dict\
+ ['pki_security_domain_name']):
+ config.pki_master_dict['pki_security_domain_name'] =\
+ "External CA Security Domain"
+ elif not config.str2bool(config.pki_master_dict['pki_clone'])\
+ and not\
+ config.str2bool(config.pki_master_dict['pki_subordinate']):
+ # PKI CA
+ config.pki_master_dict['pki_security_domain_type'] = "new"
+ if not len(config.pki_master_dict\
+ ['pki_security_domain_name']):
+ config.pki_master_dict['pki_security_domain_name'] =\
+ config.pki_master_dict['pki_dns_domainname'] +\
+ " " + "Security Domain"
+ else:
+ # PKI Cloned or Subordinate CA
+ config.pki_master_dict['pki_security_domain_type'] =\
+ "existing"
+ if not len(config.pki_master_dict\
+ ['pki_security_domain_hostname']):
+ # Guess that it is the local host
+ config.pki_master_dict['pki_security_domain_hostname']\
+ = config.pki_master_dict['pki_hostname']
+ config.pki_master_dict['pki_security_domain_uri'] =\
+ "https" + "://" +\
+ config.pki_master_dict['pki_security_domain_hostname']\
+ + ":" + config.pki_security_domain_https_port
+ else:
+ # PKI KRA, OCSP, or TKS
+ config.pki_master_dict['pki_security_domain_type'] = "existing"
+ if not len(config.pki_master_dict\
+ ['pki_security_domain_hostname']):
+ # Guess that it is the local host
+ config.pki_master_dict['pki_security_domain_hostname'] =\
+ config.pki_master_dict['pki_hostname']
+ config.pki_master_dict['pki_security_domain_uri'] =\
+ "https" + "://" +\
+ config.pki_master_dict['pki_security_domain_hostname'] +\
+ ":" +\
+ config.pki_master_dict['pki_security_domain_https_port']
+ # Jython scriptlet
+ # 'Directory Server' Configuration name/value pairs
+ #
+ # Apache - [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_ds_bind_dn']
+ # config.pki_master_dict['pki_ds_http_port']
+ # config.pki_master_dict['pki_ds_https_port']
+ # config.pki_master_dict['pki_ds_password']
+ # config.pki_master_dict['pki_ds_remove_data']
+ # config.pki_master_dict['pki_ds_secure_connection']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_ds_base_dn']
+ # config.pki_master_dict['pki_ds_database']
+ # config.pki_master_dict['pki_ds_hostname']
+ #
+ if not len(config.pki_master_dict['pki_ds_base_dn']):
+ config.pki_master_dict['pki_ds_base_dn'] =\
+ "o=" + config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict['pki_ds_database']):
+ config.pki_master_dict['pki_ds_database'] =\
+ "o=" + config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict['pki_ds_hostname']):
+ # Guess that the Directory Server resides on the local host
+ config.pki_master_dict['pki_ds_hostname'] =\
+ config.pki_master_dict['pki_hostname']
+ # Jython scriptlet
+ # 'Backup' Configuration name/value pairs
+ #
+ # Apache - [RA], [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_backup_keys']
+ # config.pki_master_dict['pki_backup_password']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_backup_file']
+ #
+ if config.str2bool(config.pki_master_dict['pki_backup_keys']):
+ if not len(config.pki_master_dict['pki_backup_file']):
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ if config.str2bool(
+ config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict['pki_backup_file'] =\
+ "/tmp" + "/" + "externalca.p12" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ elif config.str2bool(
+ config.pki_master_dict['pki_subordinate']):
+ # Subordinate CA
+ config.pki_master_dict['pki_backup_file'] =\
+ "/tmp" + "/" + "subca.p12" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ else:
+ # PKI CA
+ config.pki_master_dict['pki_backup_file'] =\
+ "/tmp" + "/" + "ca.p12" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ # PKI KRA
+ config.pki_master_dict['pki_backup_file'] =\
+ "/tmp" + "/" + "kra.p12" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ elif config.pki_master_dict['pki_subsystem'] == "OCSP":
+ # PKI OCSP
+ config.pki_master_dict['pki_backup_file'] =\
+ "/tmp" + "/" + "ocsp.p12" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ elif config.pki_master_dict['pki_subsystem'] == "TKS":
+ # PKI TKS
+ config.pki_master_dict['pki_backup_file'] =\
+ "/tmp" + "/" + "tks.p12" + "." +\
+ config.pki_master_dict['pki_timestamp']
+ # Jython scriptlet
+ # 'Admin Certificate' Configuration name/value pairs
+ #
+ # Apache - [RA], [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_admin_cert_request_type']
+ # config.pki_master_dict['pki_admin_dualkey']
+ # config.pki_master_dict['pki_admin_keysize']
+ # config.pki_master_dict['pki_admin_name']
+ # config.pki_master_dict['pki_admin_password']
+ # config.pki_master_dict['pki_admin_uid']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_admin_email']
+ # config.pki_master_dict['pki_admin_subject_dn']
+ #
+ config.pki_master_dict['pki_admin_profile_id'] = "caAdminCert"
+ if not len(config.pki_master_dict['pki_admin_email']):
+ config.pki_master_dict['pki_admin_email'] =\
+ config.pki_master_dict['pki_admin_name'] + "@" +\
+ config.pki_master_dict['pki_dns_domainname']
+ if not len(config.pki_master_dict['pki_admin_subject_dn']):
+ if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_master_dict['pki_subsystem'] == "RA":
+ # PKI RA
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "RA Administrator" + "," +\
+ "uid=" + config.pki_master_dict['pki_admin_uid'] +\
+ "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "TPS":
+ # PKI TPS
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "TPS Administrator" + "," +\
+ "uid=" + config.pki_master_dict['pki_admin_uid'] +\
+ "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ # PKI CA, Subordinate CA, or External CA
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "CA Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] + "," +\
+ "uid=" + config.pki_master_dict['pki_admin_uid'] +\
+ "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ # PKI KRA
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "KRA Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] + "," +\
+ "uid=" + config.pki_master_dict['pki_admin_uid'] +\
+ "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "OCSP":
+ # PKI OCSP
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "OCSP Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] + "," +\
+ "uid=" + config.pki_master_dict['pki_admin_uid'] +\
+ "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "TKS":
+ # PKI TKS
+ config.pki_master_dict['pki_admin_subject_dn'] =\
+ "cn=" + "TKS Administrator of Instance" + " " +\
+ config.pki_master_dict['pki_instance_id'] + "," +\
+ "uid=" + config.pki_master_dict['pki_admin_uid'] +\
+ "," + "e=" +\
+ config.pki_master_dict['pki_admin_email'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ # Jython scriptlet
+ # 'CA Signing Certificate' Configuration name/value pairs
+ #
+ # Tomcat - [CA]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_ca_signing_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_ca_signing_key_algorithm']
+ # config.pki_master_dict['pki_ca_signing_key_size']
+ # config.pki_master_dict['pki_ca_signing_key_type']
+ # config.pki_master_dict['pki_ca_signing_signing_algorithm']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_ca_signing_nickname']
+ # config.pki_master_dict['pki_ca_signing_subject_dn']
+ # config.pki_master_dict['pki_ca_signing_token']
+ #
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ # config.pki_master_dict['pki_ca_signing_nickname']
+ if not len(config.pki_master_dict\
+ ['pki_ca_signing_nickname']):
+ config.pki_master_dict['pki_ca_signing_nickname'] =\
+ "caSigningCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ # config.pki_master_dict['pki_ca_signing_subject_dn']
+ if config.str2bool(config.pki_master_dict['pki_external']):
+ # External CA
+ if not len(config.pki_master_dict\
+ ['pki_ca_signing_subject_dn']):
+ config.pki_master_dict['pki_ca_signing_subject_dn']\
+ = "cn=" + "External CA Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.str2bool(
+ config.pki_master_dict['pki_subordinate']):
+ # Subordinate CA
+ if not len(config.pki_master_dict\
+ ['pki_ca_signing_subject_dn']):
+ config.pki_master_dict['pki_ca_signing_subject_dn']\
+ = "cn=" + "SubCA Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ else:
+ # PKI CA
+ if not len(config.pki_master_dict\
+ ['pki_ca_signing_subject_dn']):
+ config.pki_master_dict['pki_ca_signing_subject_dn']\
+ = "cn=" + "CA Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ # config.pki_master_dict['pki_ca_signing_tag']
+ config.pki_master_dict['pki_ca_signing_tag'] =\
+ "signing"
+ # config.pki_master_dict['pki_ca_signing_token']
+ if not len(config.pki_master_dict['pki_ca_signing_token']):
+ config.pki_master_dict['pki_ca_signing_token'] =\
+ "Internal Key Storage Token"
+ # Jython scriptlet
+ # 'OCSP Signing Certificate' Configuration name/value pairs
+ #
+ # Tomcat - [CA], [OCSP]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_ocsp_signing_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_ocsp_signing_key_algorithm']
+ # config.pki_master_dict['pki_ocsp_signing_key_size']
+ # config.pki_master_dict['pki_ocsp_signing_key_type']
+ # config.pki_master_dict['pki_ocsp_signing_signing_algorithm']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_ocsp_signing_nickname']
+ # config.pki_master_dict['pki_ocsp_signing_subject_dn']
+ # config.pki_master_dict['pki_ocsp_signing_token']
+ #
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_nickname']):
+ config.pki_master_dict['pki_ocsp_signing_nickname'] =\
+ "ocspSigningCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if config.str2bool(config.pki_master_dict['pki_external']):
+ # External CA
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn']):
+ config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn'] =\
+ "cn=" + "External CA OCSP Signing Certificate"\
+ + "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.str2bool(
+ config.pki_master_dict['pki_subordinate']):
+ # Subordinate CA
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn']):
+ config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn'] =\
+ "cn=" + "SubCA OCSP Signing Certificate"\
+ + "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ else:
+ # PKI CA
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn']):
+ config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn'] =\
+ "cn=" + "CA OCSP Signing Certificate"\
+ + "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ config.pki_master_dict['pki_ocsp_signing_tag'] =\
+ "ocsp_signing"
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_token']):
+ config.pki_master_dict['pki_ocsp_signing_token'] =\
+ "Internal Key Storage Token"
+ elif config.pki_master_dict['pki_subsystem'] == "OCSP":
+ # PKI OCSP
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_nickname']):
+ config.pki_master_dict['pki_ocsp_signing_nickname'] =\
+ "ocspSigningCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_subject_dn']):
+ config.pki_master_dict['pki_ocsp_signing_subject_dn'] =\
+ "cn=" + "OCSP Signing Certificate" + "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_ocsp_signing_tag'] =\
+ "signing"
+ if not len(config.pki_master_dict\
+ ['pki_ocsp_signing_token']):
+ config.pki_master_dict['pki_ocsp_signing_token'] =\
+ "Internal Key Storage Token"
+ # Jython scriptlet
+ # 'SSL Server Certificate' Configuration name/value pairs
+ #
+ # Apache - [RA], [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_ssl_server_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_ssl_server_key_algorithm']
+ # config.pki_master_dict['pki_ssl_server_key_size']
+ # config.pki_master_dict['pki_ssl_server_key_type']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_ssl_server_nickname']
+ # config.pki_master_dict['pki_ssl_server_subject_dn']
+ # config.pki_master_dict['pki_ssl_server_token']
+ #
+ if not len(config.pki_master_dict['pki_ssl_server_nickname']):
+ config.pki_master_dict['pki_ssl_server_nickname'] =\
+ "Server-Cert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict['pki_ssl_server_subject_dn']):
+ if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ config.pki_master_dict['pki_ssl_server_subject_dn'] =\
+ "cn=" + config.pki_master_dict['pki_hostname'] +\
+ "," + "ou=" + config.pki_master_dict['pki_instance_id'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ config.pki_master_dict['pki_ssl_server_subject_dn'] =\
+ "cn=" + config.pki_master_dict['pki_hostname'] +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_ssl_server_tag'] = "sslserver"
+ if not len(config.pki_master_dict['pki_ssl_server_token']):
+ config.pki_master_dict['pki_ssl_server_token'] =\
+ "Internal Key Storage Token"
+ # Jython scriptlet
+ # 'Subsystem Certificate' Configuration name/value pairs
+ #
+ # Apache - [RA], [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_subsystem_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_subsystem_key_algorithm']
+ # config.pki_master_dict['pki_subsystem_key_size']
+ # config.pki_master_dict['pki_subsystem_key_type']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_subsystem_nickname']
+ # config.pki_master_dict['pki_subsystem_subject_dn']
+ # config.pki_master_dict['pki_subsystem_token']
+ #
+ if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if not len(config.pki_master_dict['pki_subsystem_nickname']):
+ config.pki_master_dict['pki_subsystem_nickname'] =\
+ "subsystemCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict['pki_subsystem_subject_dn']):
+ if config.pki_master_dict['pki_subsystem'] == "RA":
+ # PKI RA
+ config.pki_master_dict['pki_subsystem_subject_dn'] =\
+ "cn=" + "RA Subsystem Certificate" +\
+ "," + "ou=" + config.pki_master_dict['pki_instance_id']\
+ + "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "TPS":
+ # PKI TPS
+ config.pki_master_dict['pki_subsystem_subject_dn'] =\
+ "cn=" + "TPS Subsystem Certificate" +\
+ "," + "ou=" + config.pki_master_dict['pki_instance_id']\
+ + "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_subsystem_tag'] = "subsystem"
+ if not len(config.pki_master_dict['pki_subsystem_token']):
+ config.pki_master_dict['pki_subsystem_token'] =\
+ "Internal Key Storage Token"
+ elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if not len(config.pki_master_dict['pki_subsystem_nickname']):
+ config.pki_master_dict['pki_subsystem_nickname'] =\
+ "subsystemCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict['pki_subsystem_subject_dn']):
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ if config.str2bool(
+ config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict['pki_subsystem_subject_dn']\
+ = "cn=" + "External CA Subsystem Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.str2bool(
+ config.pki_master_dict['pki_subordinate']):
+ # Subordinate CA
+ config.pki_master_dict['pki_subsystem_subject_dn']\
+ = "cn=" + "SubCA Subsystem Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ else:
+ # PKI CA
+ config.pki_master_dict['pki_subsystem_subject_dn']\
+ = "cn=" + "CA Subsystem Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ # PKI KRA
+ config.pki_master_dict['pki_subsystem_subject_dn'] =\
+ "cn=" + "DRM Subsystem Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "OCSP":
+ # PKI OCSP
+ config.pki_master_dict['pki_subsystem_subject_dn'] =\
+ "cn=" + "OCSP Subsystem Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "TKS":
+ # PKI TKS
+ config.pki_master_dict['pki_subsystem_subject_dn'] =\
+ "cn=" + "TKS Subsystem Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ config.pki_master_dict['pki_subsystem_tag'] = "subsystem"
+ if not len(config.pki_master_dict['pki_subsystem_token']):
+ config.pki_master_dict['pki_subsystem_token'] =\
+ "Internal Key Storage Token"
+ # Jython scriptlet
+ # 'Audit Signing Certificate' Configuration name/value pairs
+ #
+ # Apache - [TPS]
+ # Tomcat - [CA], [KRA], [OCSP], [TKS]
+ # - [External CA]
+ # - [Subordinate CA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_audit_signing_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_audit_signing_key_algorithm']
+ # config.pki_master_dict['pki_audit_signing_key_size']
+ # config.pki_master_dict['pki_audit_signing_key_type']
+ # config.pki_master_dict['pki_audit_signing_signing_algorithm']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_audit_signing_nickname']
+ # config.pki_master_dict['pki_audit_signing_subject_dn']
+ # config.pki_master_dict['pki_audit_signing_token']
+ #
+ if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
+ if config.pki_master_dict['pki_subsystem'] != "RA":
+ if not len(config.pki_master_dict\
+ ['pki_audit_signing_nickname']):
+ config.pki_master_dict['pki_audit_signing_nickname'] =\
+ "auditSigningCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict\
+ ['pki_audit_signing_subject_dn']):
+ config.pki_master_dict['pki_audit_signing_subject_dn'] =\
+ "cn=" + "TPS Audit Signing Certificate" +\
+ "," + "ou=" + config.pki_master_dict['pki_instance_id']\
+ + "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_audit_signing_tag'] =\
+ "audit_signing"
+ if not len(config.pki_master_dict['pki_audit_signing_token']):
+ config.pki_master_dict['pki_audit_signing_token'] =\
+ "Internal Key Storage Token"
+ elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if not len(config.pki_master_dict\
+ ['pki_audit_signing_nickname']):
+ config.pki_master_dict['pki_audit_signing_nickname'] =\
+ "auditSigningCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict\
+ ['pki_audit_signing_subject_dn']):
+ if config.pki_master_dict['pki_subsystem'] == "CA":
+ if config.str2bool(
+ config.pki_master_dict['pki_external']):
+ # External CA
+ config.pki_master_dict\
+ ['pki_audit_signing_subject_dn'] =\
+ "cn=" + "External CA Audit Signing Certificate"\
+ + "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.str2bool(
+ config.pki_master_dict['pki_subordinate']):
+ # Subordinate CA
+ config.pki_master_dict\
+ ['pki_audit_signing_subject_dn'] =\
+ "cn=" + "SubCA Audit Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ else:
+ # PKI CA
+ config.pki_master_dict\
+ ['pki_audit_signing_subject_dn'] =\
+ "cn=" + "CA Audit Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict\
+ ['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "KRA":
+ # PKI KRA
+ config.pki_master_dict['pki_audit_signing_subject_dn']\
+ = "cn=" + "DRM Audit Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "OCSP":
+ # PKI OCSP
+ config.pki_master_dict['pki_audit_signing_subject_dn']\
+ = "cn=" + "OCSP Audit Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ elif config.pki_master_dict['pki_subsystem'] == "TKS":
+ # PKI TKS
+ config.pki_master_dict['pki_audit_signing_subject_dn']\
+ = "cn=" + "TKS Audit Signing Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_audit_signing_tag'] =\
+ "audit_signing"
+ if not len(config.pki_master_dict['pki_audit_signing_token']):
+ config.pki_master_dict['pki_audit_signing_token'] =\
+ "Internal Key Storage Token"
+ # Jython scriptlet
+ # 'DRM Transport Certificate' Configuration name/value pairs
+ #
+ # Tomcat - [KRA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_transport_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_transport_key_algorithm']
+ # config.pki_master_dict['pki_transport_key_size']
+ # config.pki_master_dict['pki_transport_key_type']
+ # config.pki_master_dict['pki_transport_signing_algorithm']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_transport_nickname']
+ # config.pki_master_dict['pki_transport_subject_dn']
+ # config.pki_master_dict['pki_transport_token']
+ #
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if config.pki_master_dict['pki_subsystem'] == "KRA":
+ # PKI KRA
+ if not len(config.pki_master_dict\
+ ['pki_transport_nickname']):
+ config.pki_master_dict['pki_transport_nickname'] =\
+ "transportCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict\
+ ['pki_transport_subject_dn']):
+ config.pki_master_dict['pki_transport_subject_dn']\
+ = "cn=" + "DRM Transport Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_transport_tag'] =\
+ "transport"
+ if not len(config.pki_master_dict['pki_transport_token']):
+ config.pki_master_dict['pki_transport_token'] =\
+ "Internal Key Storage Token"
+ # Jython scriptlet
+ # 'DRM Storage Certificate' Configuration name/value pairs
+ #
+ # Tomcat - [KRA]
+ #
+ # The following variables are defined below:
+ #
+ # config.pki_master_dict['pki_storage_tag']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and are NOT redefined below:
+ #
+ # config.pki_master_dict['pki_storage_key_algorithm']
+ # config.pki_master_dict['pki_storage_key_size']
+ # config.pki_master_dict['pki_storage_key_type']
+ # config.pki_master_dict['pki_storage_signing_algorithm']
+ #
+ # The following variables are established via the specified PKI
+ # deployment configuration file and potentially overridden below:
+ #
+ # config.pki_master_dict['pki_storage_nickname']
+ # config.pki_master_dict['pki_storage_subject_dn']
+ # config.pki_master_dict['pki_storage_token']
+ #
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ if not config.str2bool(config.pki_master_dict['pki_clone']):
+ if config.pki_master_dict['pki_subsystem'] == "KRA":
+ # PKI KRA
+ if not len(config.pki_master_dict['pki_storage_nickname']):
+ config.pki_master_dict['pki_storage_nickname'] =\
+ "storageCert" + " " + "cert-" +\
+ config.pki_master_dict['pki_instance_id']
+ if not len(config.pki_master_dict\
+ ['pki_storage_subject_dn']):
+ config.pki_master_dict['pki_storage_subject_dn']\
+ = "cn=" + "DRM Storage Certificate" +\
+ "," + "o=" +\
+ config.pki_master_dict['pki_security_domain_name']
+ config.pki_master_dict['pki_storage_tag'] =\
+ "storage"
+ if not len(config.pki_master_dict['pki_storage_token']):
+ config.pki_master_dict['pki_storage_token'] =\
+ "Internal Key Storage Token"
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
+ except KeyError as err:
+ config.pki_log.error(log.PKIHELPER_DICTIONARY_MASTER_MISSING_KEY_1,
+ err, extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
return