diff options
author | Ade Lee <alee@redhat.com> | 2014-09-09 15:06:31 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2014-10-01 12:43:59 -0400 |
commit | b644429de7d9649e98737113182d9fcd6912e92a (patch) | |
tree | 6448bc5712d3f28430870ab9c7b971eded8b7fbc /base/server/python/pki/server/deployment/pkihelper.py | |
parent | 67f8c07d29a329f091a6c527f8d0dc9d52439cbd (diff) | |
download | pki-b644429de7d9649e98737113182d9fcd6912e92a.tar.gz pki-b644429de7d9649e98737113182d9fcd6912e92a.tar.xz pki-b644429de7d9649e98737113182d9fcd6912e92a.zip |
Fix sub-CA installation with own security domain
Installation code failed to anticipate installation of a subordinate
CA that would host its own security domain. This patch includes changes
to python installation code, java configuration servlet and
changes to man pages.
Ticket 1132
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index b4c728a87..96048bdec 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -52,7 +52,6 @@ from .pkiconfig import pki_selinux_config_ports as ports from . import pkimanifest as manifest from . import pkimessages as log from .pkiparser import PKIConfigParser -import pki.account import pki.client import pki.system @@ -503,6 +502,9 @@ class ConfigurationFile: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_SUBORDINATE_UNSUPPORTED_1, self.subsystem) + if config.str2bool( + self.mdict['pki_subordinate_create_new_security_domain']): + self.confirm_data_exists('pki_subordinate_security_domain_name') def confirm_external_step_two(self): # ALWAYS defined via 'pkiparser.py' @@ -3414,6 +3416,7 @@ class ConfigClient: # generic extension support in CSR - for external CA self.add_req_ext = config.str2bool( self.mdict['pki_req_ext_add']) + self.security_domain_type = self.mdict['pki_security_domain_type'] def configure_pki_data(self, data): config.pki_log.info( @@ -3626,16 +3629,15 @@ class ConfigClient: self.set_hierarchy_parameters(data) # Security Domain - if ((self.subsystem != "CA" or self.clone or self.subordinate) and - not self.standalone): - # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or - # Subordinate CA + if self.security_domain_type != "new": self.set_existing_security_domain(data) else: # PKI CA, External CA, or Stand-alone PKI self.set_new_security_domain(data) + if self.subordinate: + self.set_subca_security_domain(data) + # database if self.subsystem != "RA": self.set_database_parameters(data) @@ -3943,6 +3945,13 @@ class ConfigClient: data.securityDomainType = "newdomain" data.securityDomainName = self.mdict['pki_security_domain_name'] + def set_subca_security_domain(self, data): + if config.str2bool( + self.mdict['pki_subordinate_create_new_security_domain']): + data.securityDomainType = "newsubdomain" + data.subordinateSecurityDomainName = ( + self.mdict['pki_subordinate_security_domain_name']) + def set_database_parameters(self, data): data.dsHost = self.mdict['pki_ds_hostname'] data.dsPort = self.mdict['pki_ds_ldap_port'] |