Change the structure of the client directory.

We need to keep the admin cert and p12 file in case the client directory is purged.
author: Ade Lee <alee@redhat.com> 2012-12-03 00:28:53 -0500
committer: Ade Lee <alee@redhat.com> 2012-12-03 09:08:57 -0500
commit: 35dc1009494453803d22573ef876c8b418a609d3 (patch)
tree: 8584ea7bab0f45fe9154265a1a1285044cd045b6 /base/deploy/src/scriptlets
parent: 03a6350687e033461306d6b9000ef8ea34af96f9 (diff)
3 files changed, 15 insertions, 14 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index 2d7797b06..16b63122f 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -41,7 +41,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
         # Place "slightly" less restrictive permissions on
         # the top-level client directory ONLY
-        util.directory.create(master['pki_client_dir'],
+        util.directory.create(master['pki_client_subsystem_dir'],
             uid=0, gid=0,
             perms=config.PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS)
         # Since 'certutil' does NOT strip the 'token=' portion of
diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py
index 62d92a626..55a007bca 100644
--- a/base/deploy/src/scriptlets/finalization.py
+++ b/base/deploy/src/scriptlets/finalization.py
@@ -67,8 +67,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         #               be deleted!
         #
         if config.str2bool(master['pki_client_database_purge']):
-            if util.directory.exists(master['pki_client_dir']):
-                util.directory.delete(master['pki_client_dir'])
+            if util.directory.exists(master['pki_client_subsystem_dir']):
+                util.directory.delete(master['pki_client_subsystem_dir'])
         # If instance has not been configured, print the
         # configuration URL to the log
         if config.str2bool(master['pki_skip_configuration']):
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index edb2fd556..a99425960 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -1366,6 +1366,7 @@ class PKIConfigParser:
             #
             #         config.pki_master_dict['pki_client_database_password']
             #         config.pki_master_dict['pki_client_dir']
+            #         config.pki_master_dict['pki_client_subsystem_dir']
             #
             if not len(config.pki_master_dict['pki_client_database_password']):
                 # use randomly generated client 'pin'
@@ -1375,20 +1376,23 @@ class PKIConfigParser:
                 config.pki_master_dict['pki_client_dir'] =\
                     os.path.join(
                         os.path.expanduser("~"), ".pki",
-                        config.pki_master_dict['pki_instance_id'] + "_" +\
-                        config.pki_master_dict['pki_subsystem'].lower())
+                        config.pki_master_dict['pki_instance_id'])
+            config.pki_master_dict['pki_client_subsystem_dir'] =\
+                os.path.join(
+                    config.pki_master_dict['pki_client_dir'],
+                    config.pki_master_dict['pki_subsystem'].lower())
             if not len(config.pki_master_dict['pki_client_database_dir']):
                 config.pki_master_dict['pki_client_database_dir'] =\
                     os.path.join(
-                        config.pki_master_dict['pki_client_dir'],
+                        config.pki_master_dict['pki_client_subsystem_dir'],
                         "alias")
             config.pki_master_dict['pki_client_password_conf'] =\
                 os.path.join(
-                    config.pki_master_dict['pki_client_dir'],
+                    config.pki_master_dict['pki_client_subsystem_dir'],
                     "password.conf")
             config.pki_master_dict['pki_client_pkcs12_password_conf'] =\
                 os.path.join(
-                    config.pki_master_dict['pki_client_dir'],
+                    config.pki_master_dict['pki_client_subsystem_dir'],
                     "pkcs12_password.conf")
             config.pki_master_dict['pki_client_cert_database'] =\
                 os.path.join(config.pki_master_dict['pki_client_database_dir'],
@@ -1402,19 +1406,16 @@ class PKIConfigParser:
             config.pki_master_dict['pki_client_admin_cert'] =\
                 config.pki_master_dict['pki_subsystem'].lower() + "_" +\
                 "admin" + "." + "cert"
-            # NOTE:  ALWAYS store the PKCS #12 "client" Admin Cert file
-            #        in with the NSS "server" security databases
+
             config.pki_master_dict['pki_client_admin_cert_p12'] =\
-                config.pki_master_dict['pki_database_path'] + "/" +\
+                config.pki_master_dict['pki_client_dir'] + "/" +\
                 config.pki_master_dict['pki_subsystem'].lower() + "_" +\
                 "admin" + "_" + "cert" + "." + "p12"
 
-            # the admin cert is stored with the NSS server databases 
-            # in case we want to use a common admin user cert
             if not 'pki_admin_cert_file' in config.pki_master_dict or\
                not len(config.pki_master_dict['pki_admin_cert_file']):
                 config.pki_master_dict['pki_admin_cert_file'] =\
-                    config.pki_master_dict['pki_database_path'] +\
+                    config.pki_master_dict['pki_client_dir'] +\
                     "/ca_admin.cert"
 
             # Jython scriptlet name/value pairs
author	Ade Lee <alee@redhat.com>	2012-12-03 00:28:53 -0500
committer	Ade Lee <alee@redhat.com>	2012-12-03 09:08:57 -0500
commit	35dc1009494453803d22573ef876c8b418a609d3 (patch)
tree	8584ea7bab0f45fe9154265a1a1285044cd045b6 /base/deploy/src/scriptlets
parent	03a6350687e033461306d6b9000ef8ea34af96f9 (diff)