diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2015-05-13 21:33:02 -0600 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-05-13 21:35:14 -0600 |
| commit | 7f5e5076d6e88d096b69b8269f638e8dd7e3ee63 (patch) | |
| tree | be467fcd58a3db45e2681a0ce7fa2f2450068ad2 /base/server/python/pki/server/deployment/pkihelper.py | |
| parent | ccf2eb507471a9f19a1768befadeff404c96635e (diff) | |
| download | pki-7f5e5076d6e88d096b69b8269f638e8dd7e3ee63.tar.gz pki-7f5e5076d6e88d096b69b8269f638e8dd7e3ee63.tar.xz pki-7f5e5076d6e88d096b69b8269f638e8dd7e3ee63.zip | |
modify contents of serverCertNick.conf
- PKI TRAC Ticket #1370 - pkispawn: installation with HSM from external CA
should hold off prepending token name in serverCertNick.conf till phase 2
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 5527d7f94..0c7a19fc2 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -2696,6 +2696,49 @@ class PK12util: return +class ServerCertNickConf: + """PKI Deployment serverCertNick.conf Class""" + + # In the future, this class will be used exclusively to manage the + # creation and modification of the 'serverCertNick.conf' file + # replacing the current 'pkispawn' method of copying a template and + # using slot-substitution to establish its contents. + def __init__(self, deployer): + self.mdict = deployer.mdict + self.hsm_enable = config.str2bool(self.mdict['pki_hsm_enable']) + self.external = config.str2bool(self.mdict['pki_external']) + self.nickname = self.mdict['pki_self_signed_nickname'] + self.servercertnick_conf = self.mdict['pki_target_servercertnick_conf'] + self.standalone = config.str2bool(self.mdict['pki_standalone']) + self.step_two = config.str2bool(self.mdict['pki_external_step_two']) + self.token_name = self.mdict['pki_token_name'] + + def modify(self): + # Modify contents of 'serverCertNick.conf' + if self.hsm_enable and (self.external or self.standalone): + try: + # overwrite value inside 'serverCertNick.conf' + with open(self.servercertnick_conf, "w") as fd: + ssl_server_nickname = None + if self.step_two: + # use final HSM name + ssl_server_nickname = (self.token_name + ":" + + self.nickname) + else: + # use softokn name + ssl_server_nickname = self.nickname + fd.write(ssl_server_nickname); + config.pki_log.info( + log.PKIHELPER_SERVERCERTNICK_CONF_2, + self.servercertnick_conf, + ssl_server_nickname, + extra=config.PKI_INDENTATION_LEVEL_2) + except OSError as exc: + config.pki_log.error(log.PKI_OSERROR_1, exc, + extra=config.PKI_INDENTATION_LEVEL_2) + raise + + class KRAConnector: """PKI Deployment KRA Connector Class""" @@ -4345,6 +4388,7 @@ class PKIDeployer: self.pk12util = PK12util(self) self.kra_connector = KRAConnector(self) self.security_domain = SecurityDomain(self) + self.servercertnick_conf = ServerCertNickConf(self) self.systemd = Systemd(self) self.tps_connector = TPSConnector(self) self.config_client = ConfigClient(self) |