diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2012-05-04 20:29:35 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2012-05-07 11:28:10 -0700 |
| commit | 391d345b5a6a1a905e3db4105a65dd4fdd0d19a9 (patch) | |
| tree | cf73a152055f6bbc217c42bf8a8f0396ab3fd3dd /base/deploy/src/scriptlets/security_databases.py | |
| parent | 9ad4d60592fdc37ae89672c29859b8463e183718 (diff) | |
| download | pki-391d345b5a6a1a905e3db4105a65dd4fdd0d19a9.tar.gz pki-391d345b5a6a1a905e3db4105a65dd4fdd0d19a9.tar.xz pki-391d345b5a6a1a905e3db4105a65dd4fdd0d19a9.zip | |
PKI Deployment Scriptlets
* Re-aligned code to account for revised layout documented at
http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment
* Massaged logic to comply with PKI subsystem running within
a shared instance
* Developed code to take advantage of a single shared NSS security
database model
* Completed the following two 'scriptlets':
* Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/146)
* Dogtag 10: Python 'security_databases.py' Installation Scriptlet
(https://fedorahosted.org/pki/ticket/136)
* Created several additional PKI deployment helper utilities.
Diffstat (limited to 'base/deploy/src/scriptlets/security_databases.py')
| -rw-r--r-- | base/deploy/src/scriptlets/security_databases.py | 89 |
1 files changed, 83 insertions, 6 deletions
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index 093e5ec36..f32b7e497 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -22,6 +22,7 @@ # PKI Deployment Imports import pkiconfig as config from pkiconfig import pki_master_dict as master +import pkihelper as util import pkimessages as log import pkiscriptlet @@ -33,20 +34,96 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - config.pki_log.info("NOT YET IMPLEMENTED", - extra=config.PKI_INDENTATION_LEVEL_2) + if not config.pki_dry_run_flag: + util.password.create_password_conf( + master['pki_shared_password_conf']) + util.file.modify(master['pki_shared_password_conf']) + util.certutil.create_security_databases( + master['pki_database_path'], + master['pki_shared_password_conf']) + util.file.modify(master['pki_cert_database'], perms=\ + config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + util.file.modify(master['pki_key_database'], perms=\ + config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + util.file.modify(master['pki_secmod_database'], perms=\ + config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + rv = util.certutil.verify_certificate_exists( + master['pki_database_path'], + master['pki_self_signed_token'], + master['pki_self_signed_nickname'], + password_file=master['pki_shared_password_conf']) + if not rv: + util.file.generate_noise_file( + master['pki_self_signed_noise_file'], + master['pki_self_signed_noise_bytes']) + util.certutil.generate_self_signed_certificate( + master['pki_database_path'], + master['pki_self_signed_token'], + master['pki_self_signed_nickname'], + master['pki_self_signed_subject'], + master['pki_self_signed_serial_number'], + master['pki_self_signed_validity_period'], + master['pki_self_signed_issuer_name'], + master['pki_self_signed_trustargs'], + master['pki_self_signed_noise_file'], + password_file=master['pki_shared_password_conf']) + util.file.delete(master['pki_self_signed_noise_file']) + else: + util.password.create_password_conf( + master['pki_shared_password_conf']) + util.certutil.create_security_databases( + master['pki_database_path'], + master['pki_shared_password_conf']) + rv = util.certutil.verify_certificate_exists( + master['pki_database_path'], + master['pki_self_signed_token'], + master['pki_self_signed_nickname'], + password_file=master['pki_shared_password_conf']) + if not rv: + util.file.generate_noise_file( + master['pki_self_signed_noise_file'], + master['pki_self_signed_noise_bytes']) + util.certutil.generate_self_signed_certificate( + master['pki_database_path'], + master['pki_self_signed_token'], + master['pki_self_signed_nickname'], + master['pki_self_signed_subject'], + master['pki_self_signed_serial_number'], + master['pki_self_signed_validity_period'], + master['pki_self_signed_issuer_name'], + master['pki_self_signed_trustargs'], + master['pki_self_signed_noise_file'], + password_file=master['pki_shared_password_conf']) return self.rv def respawn(self): config.pki_log.info(log.SECURITY_DATABASES_RESPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - config.pki_log.info("NOT YET IMPLEMENTED", - extra=config.PKI_INDENTATION_LEVEL_2) + util.file.modify(master['pki_shared_password_conf']) + util.file.modify(master['pki_cert_database'], + perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + util.file.modify(master['pki_key_database'], + perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) + util.file.modify(master['pki_secmod_database'], + perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) return self.rv def destroy(self): config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - config.pki_log.info("NOT YET IMPLEMENTED", - extra=config.PKI_INDENTATION_LEVEL_2) + if not config.pki_dry_run_flag: + if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + util.instance.pki_subsystem_instances() == 0: + util.file.delete(master['pki_cert_database']) + util.file.delete(master['pki_key_database']) + util.file.delete(master['pki_secmod_database']) + util.file.delete(master['pki_shared_password_conf']) + else: + # ALWAYS display correct information (even during dry_run) + if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\ + util.instance.pki_subsystem_instances() == 1: + util.file.delete(master['pki_cert_database']) + util.file.delete(master['pki_key_database']) + util.file.delete(master['pki_secmod_database']) + util.file.delete(master['pki_shared_password_conf']) return self.rv |