diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2015-04-21 00:49:11 -0600 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-04-21 14:43:06 -0600 |
commit | ab5f54371519010c72f4947901c3a76cb5105e41 (patch) | |
tree | 77e80a6e48ec82e20e60fb1498da4824fdf42c08 /base/server/python/pki/server/deployment/pkihelper.py | |
parent | 16e4a5cc0133533afe1a04711cc671466170e01a (diff) | |
download | pki-ab5f54371519010c72f4947901c3a76cb5105e41.tar.gz pki-ab5f54371519010c72f4947901c3a76cb5105e41.tar.xz pki-ab5f54371519010c72f4947901c3a76cb5105e41.zip |
Add HSM passwords to pkispawn
- PKI TRAC Ticket #1200 - make sure pkispawn works with hsm (passwords)
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 5099887cc..7f46c1f8b 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -577,6 +577,15 @@ class ConfigurationFile: if not self.skip_configuration and not self.standalone: self.confirm_data_exists("pki_security_domain_password") # If required, verify existence of Token Password + if config.str2bool(self.mdict['pki_hsm_enable']): + self.confirm_data_exists("pki_hsm_libfile") + self.confirm_data_exists("pki_hsm_modulename") + self.confirm_data_exists("pki_token_name") + if self.mdict['pki_token_name'] == "internal": + config.pki_log.error( + log.PKIHELPER_UNDEFINED_HSM_TOKEN, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_HSM_TOKEN) if not self.mdict['pki_token_name'] == "internal": self.confirm_data_exists("pki_token_password") return @@ -2039,6 +2048,38 @@ class Password: raise return + def create_hsm_password_conf(self, path, pin, hsm_pin, + overwrite_flag=False, critical_failure=True): + try: + if os.path.exists(path): + if overwrite_flag: + config.pki_log.info( + log.PKIHELPER_PASSWORD_CONF_1, path, + extra=config.PKI_INDENTATION_LEVEL_2) + # overwrite the existing 'password.conf' file + with open(path, "w") as fd: + fd.write(self.mdict['pki_self_signed_token'] + + "=" + str(pin) + "\n") + fd.write("hardware-" + + self.mdict['pki_token_name'] + + "=" + str(hsm_pin)) + else: + config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, + extra=config.PKI_INDENTATION_LEVEL_2) + # create a new 'password.conf' file + with open(path, "w") as fd: + fd.write(self.mdict['pki_self_signed_token'] + + "=" + str(pin) + "\n") + fd.write("hardware-" + + self.mdict['pki_token_name'] + + "=" + str(hsm_pin)) + except OSError as exc: + config.pki_log.error(log.PKI_OSERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + if critical_failure: + raise + return + def create_client_pkcs12_password_conf(self, path, overwrite_flag=False, critical_failure=True): try: @@ -3793,6 +3834,9 @@ class ConfigClient: # Miscellaneous Configuration Information data.pin = self.mdict['pki_one_time_pin'] + if config.str2bool(self.mdict['pki_hsm_enable']): + data.token = self.mdict['pki_token_name'] + data.tokenPassword = self.mdict['pki_token_password'] data.subsystemName = self.mdict['pki_subsystem_name'] data.standAlone = self.standalone data.stepTwo = self.external_step_two |