diff options
| author | Ade Lee <alee@redhat.com> | 2014-06-06 21:46:04 +0800 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-06-10 20:54:26 +0700 |
| commit | cfb1486b7693b208c99f1853763404b2b5f68322 (patch) | |
| tree | c18a9656029b43f93d5fb51fcf6d65b0b3d843d3 /base/server/python/pki/server/deployment/pkiparser.py | |
| parent | d2980374a6c241b507f21a6acb4ec04a19241025 (diff) | |
| download | pki-cfb1486b7693b208c99f1853763404b2b5f68322.tar.gz pki-cfb1486b7693b208c99f1853763404b2b5f68322.tar.xz pki-cfb1486b7693b208c99f1853763404b2b5f68322.zip | |
Modify master_dict to mdict to improve readability
Most of the install python scripts do not meet PEP8 including
being less than 80 chars. Changing master_dict to mdict helps
fix this and improves or at least does not degrade readability.
Diffstat (limited to 'base/server/python/pki/server/deployment/pkiparser.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 782 |
1 files changed, 391 insertions, 391 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 2759ceeef..620c9bdb5 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -90,8 +90,8 @@ class PKIConfigParser: self.authdb_connection = None # Master and Slot dictionaries - self.pki_master_dict = dict() - self.pki_slots_dict = dict() + self.mdict = dict() + self.slots_dict = dict() # PKI Deployment Helper Functions def process_command_line_arguments(self): @@ -254,7 +254,7 @@ class PKIConfigParser: options=None, sign=':', allow_empty=True, case_sensitive=True): if default is None and key is not None: - default = self.pki_master_dict[key] + default = self.mdict[key] if default: message = message + ' [' + default + ']' message = ' ' * self.indent + message + sign + ' ' @@ -369,11 +369,11 @@ class PKIConfigParser: def flatten_master_dict(self): - self.pki_master_dict.update(__name__="PKI Master Dictionary") + self.mdict.update(__name__="PKI Master Dictionary") default_dict = dict(self.pki_config.items('DEFAULT')) default_dict[0] = None - self.pki_master_dict.update(default_dict) + self.mdict.update(default_dict) web_server_dict = None if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: @@ -385,31 +385,31 @@ class PKIConfigParser: if web_server_dict: web_server_dict[0] = None - self.pki_master_dict.update(web_server_dict) + self.mdict.update(web_server_dict) if self.pki_config.has_section(config.pki_subsystem): subsystem_dict = dict(self.pki_config.items(config.pki_subsystem)) subsystem_dict[0] = None - self.pki_master_dict.update(subsystem_dict) + self.mdict.update(subsystem_dict) def ds_connect(self): - hostname = self.pki_master_dict['pki_ds_hostname'] + hostname = self.mdict['pki_ds_hostname'] - if config.str2bool(self.pki_master_dict['pki_ds_secure_connection']): + if config.str2bool(self.mdict['pki_ds_secure_connection']): protocol = 'ldaps' - port = self.pki_master_dict['pki_ds_ldaps_port'] + port = self.mdict['pki_ds_ldaps_port'] else: protocol = 'ldap' - port = self.pki_master_dict['pki_ds_ldap_port'] + port = self.mdict['pki_ds_ldap_port'] self.ds_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) def ds_bind(self): self.ds_connection.simple_bind_s( - self.pki_master_dict['pki_ds_bind_dn'], - self.pki_master_dict['pki_ds_password']) + self.mdict['pki_ds_bind_dn'], + self.mdict['pki_ds_password']) def ds_search(self, key=None): if key is None: @@ -437,7 +437,7 @@ class PKIConfigParser: self.ds_bind() self.ds_search() try: - results = self.ds_search(self.pki_master_dict['pki_ds_base_dn']) + results = self.ds_search(self.mdict['pki_ds_base_dn']) if results is None or len(results) == 0: base_dn_exists = False @@ -453,8 +453,8 @@ class PKIConfigParser: def sd_connect(self): self.sd_connection = pki.client.PKIConnection( protocol='https', - hostname=self.pki_master_dict['pki_security_domain_hostname'], - port=self.pki_master_dict['pki_security_domain_https_port'], + hostname=self.mdict['pki_security_domain_hostname'], + port=self.mdict['pki_security_domain_https_port'], subsystem='ca') def sd_get_info(self): @@ -471,8 +471,8 @@ class PKIConfigParser: def sd_authenticate(self): self.sd_connection.authenticate( - self.pki_master_dict['pki_security_domain_user'], - self.pki_master_dict['pki_security_domain_password']) + self.mdict['pki_security_domain_user'], + self.mdict['pki_security_domain_password']) account = pki.account.AccountClient(self.sd_connection) try: @@ -490,10 +490,10 @@ class PKIConfigParser: def authdb_connect(self): - hostname = self.pki_master_dict['pki_authdb_hostname'] - port = self.pki_master_dict['pki_authdb_port'] + hostname = self.mdict['pki_authdb_hostname'] + port = self.mdict['pki_authdb_port'] - if config.str2bool(self.pki_master_dict['pki_authdb_secure_conn']): + if config.str2bool(self.mdict['pki_authdb_secure_conn']): protocol = 'ldaps' else: protocol = 'ldap' @@ -504,7 +504,7 @@ class PKIConfigParser: def authdb_base_dn_exists(self): try: results = self.authdb_connection.search_s( - self.pki_master_dict['pki_authdb_basedn'], + self.mdict['pki_authdb_basedn'], ldap.SCOPE_BASE) if results is None or len(results) == 0: @@ -516,7 +516,7 @@ class PKIConfigParser: return False def get_server_status(self, system_type, system_uri): - parse = urlparse(self.pki_master_dict[system_uri]) + parse = urlparse(self.mdict[system_uri]) conn = pki.client.PKIConnection( protocol=parse.scheme, hostname=parse.hostname, @@ -531,410 +531,410 @@ class PKIConfigParser: "Create a single master PKI dictionary from the sectional dictionaries" try: # 'pkispawn'/'pkidestroy' name/value pairs - self.pki_master_dict['pki_deployment_executable'] = \ + self.mdict['pki_deployment_executable'] = \ config.pki_deployment_executable - self.pki_master_dict['pki_install_time'] = config.pki_install_time - self.pki_master_dict['pki_timestamp'] = config.pki_timestamp - self.pki_master_dict['pki_certificate_timestamp'] = \ + self.mdict['pki_install_time'] = config.pki_install_time + self.mdict['pki_timestamp'] = config.pki_timestamp + self.mdict['pki_certificate_timestamp'] = \ config.pki_certificate_timestamp - self.pki_master_dict['pki_architecture'] = config.pki_architecture - self.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg - self.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - self.pki_master_dict['pki_deployed_instance_name'] = \ + self.mdict['pki_architecture'] = config.pki_architecture + self.mdict['pki_default_deployment_cfg'] = config.default_deployment_cfg + self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg + self.mdict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file pin_low = 100000000000 pin_high = 999999999999 - self.pki_master_dict['pki_pin'] = \ + self.mdict['pki_pin'] = \ random.randint(pin_low, pin_high) - self.pki_master_dict['pki_client_pin'] = \ + self.mdict['pki_client_pin'] = \ random.randint(pin_low, pin_high) self.flatten_master_dict() - pkilogging.sensitive_parameters = self.pki_master_dict['sensitive_parameters'].split() + pkilogging.sensitive_parameters = self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not self.pki_master_dict.has_key('pki_enable_access_log') or\ - not len(self.pki_master_dict['pki_enable_access_log']): - self.pki_master_dict['pki_enable_access_log'] = "false" - if not self.pki_master_dict.has_key('pki_external') or\ - not len(self.pki_master_dict['pki_external']): - self.pki_master_dict['pki_external'] = "false" - if not self.pki_master_dict.has_key('pki_external_step_two') or\ - not len(self.pki_master_dict['pki_external_step_two']): - self.pki_master_dict['pki_external_step_two'] = "false" - if not self.pki_master_dict.has_key('pki_standalone') or\ - not len(self.pki_master_dict['pki_standalone']): - self.pki_master_dict['pki_standalone'] = "false" - if not self.pki_master_dict.has_key('pki_subordinate') or\ - not len(self.pki_master_dict['pki_subordinate']): - self.pki_master_dict['pki_subordinate'] = "false" + if not self.mdict.has_key('pki_enable_access_log') or\ + not len(self.mdict['pki_enable_access_log']): + self.mdict['pki_enable_access_log'] = "false" + if not self.mdict.has_key('pki_external') or\ + not len(self.mdict['pki_external']): + self.mdict['pki_external'] = "false" + if not self.mdict.has_key('pki_external_step_two') or\ + not len(self.mdict['pki_external_step_two']): + self.mdict['pki_external_step_two'] = "false" + if not self.mdict.has_key('pki_standalone') or\ + not len(self.mdict['pki_standalone']): + self.mdict['pki_standalone'] = "false" + if not self.mdict.has_key('pki_subordinate') or\ + not len(self.mdict['pki_subordinate']): + self.mdict['pki_subordinate'] = "false" # PKI Target (slot substitution) name/value pairs - self.pki_master_dict['pki_target_cs_cfg'] = \ + self.mdict['pki_target_cs_cfg'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "CS.cfg") - self.pki_master_dict['pki_target_registry'] = \ - os.path.join(self.pki_master_dict['pki_instance_registry_path'], - self.pki_master_dict['pki_instance_name']) - if (config.str2bool(self.pki_master_dict['pki_external_step_two'])): + self.mdict['pki_target_registry'] = \ + os.path.join(self.mdict['pki_instance_registry_path'], + self.mdict['pki_instance_name']) + if (config.str2bool(self.mdict['pki_external_step_two'])): # For CA (External CA Step 2) and Stand-alone PKI (Step 2), # use the 'pki_one_time_pin' established during the setup # of (Step 1) - if os.path.exists(self.pki_master_dict['pki_target_cs_cfg'])\ + if os.path.exists(self.mdict['pki_target_cs_cfg'])\ and\ - os.path.isfile(self.pki_master_dict['pki_target_cs_cfg']): + os.path.isfile(self.mdict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( - self.pki_master_dict['pki_target_cs_cfg']) - self.pki_master_dict['pki_one_time_pin'] = \ + self.mdict['pki_target_cs_cfg']) + self.mdict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') else: config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, - self.pki_master_dict['pki_target_cs_cfg'], + self.mdict['pki_target_cs_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) else: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from # the configuration file - self.pki_master_dict['pki_one_time_pin'] = \ + self.mdict['pki_one_time_pin'] = \ ''.join(random.choice(string.ascii_letters + string.digits)\ for x in range(20)) - if self.pki_master_dict['pki_subsystem'] in\ + if self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_target_catalina_properties'] = \ + self.mdict['pki_target_catalina_properties'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "catalina.properties") - self.pki_master_dict['pki_target_servercertnick_conf'] = \ + self.mdict['pki_target_servercertnick_conf'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "serverCertNick.conf") - self.pki_master_dict['pki_target_server_xml'] = \ + self.mdict['pki_target_server_xml'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "server.xml") - self.pki_master_dict['pki_target_context_xml'] = \ + self.mdict['pki_target_context_xml'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "context.xml") - self.pki_master_dict['pki_target_tomcat_conf_instance_id'] = \ - self.pki_master_dict['pki_root_prefix'] + \ + self.mdict['pki_target_tomcat_conf_instance_id'] = \ + self.mdict['pki_root_prefix'] + \ "/etc/sysconfig/" + \ - self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['pki_target_tomcat_conf'] = \ + self.mdict['pki_instance_name'] + self.mdict['pki_target_tomcat_conf'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "tomcat.conf") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_velocity_properties'] = \ + self.mdict['pki_target_velocity_properties'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "velocity.properties") - self.pki_master_dict['pki_target_subsystem_web_xml'] = \ + self.mdict['pki_target_subsystem_web_xml'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml") - self.pki_master_dict['pki_target_subsystem_web_xml_orig'] = \ + self.mdict['pki_target_subsystem_web_xml_orig'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml.orig") # subystem-specific slot substitution name/value pairs - if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['pki_target_flatfile_txt'] = \ - os.path.join(self.pki_master_dict\ + if self.mdict['pki_subsystem'] == "CA": + self.mdict['pki_target_flatfile_txt'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "flatfile.txt") - self.pki_master_dict['pki_target_proxy_conf'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_proxy_conf'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "proxy.conf") - self.pki_master_dict['pki_target_registry_cfg'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_registry_cfg'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "registry.cfg") # '*.profile' - self.pki_master_dict['pki_target_admincert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_admincert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "adminCert.profile") - self.pki_master_dict['pki_target_caauditsigningcert_profile']\ - = os.path.join(self.pki_master_dict\ + self.mdict['pki_target_caauditsigningcert_profile']\ + = os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "caAuditSigningCert.profile") - self.pki_master_dict['pki_target_cacert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_cacert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "caCert.profile") - self.pki_master_dict['pki_target_caocspcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_caocspcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "caOCSPCert.profile") - self.pki_master_dict['pki_target_servercert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_servercert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_subsystemcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_profileselect_template'] = \ + self.mdict['pki_target_profileselect_template'] = \ os.path.join( - self.pki_master_dict\ + self.mdict\ ['pki_tomcat_webapps_subsystem_path'], "ee", - self.pki_master_dict['pki_subsystem'].lower(), + self.mdict['pki_subsystem'].lower(), "ProfileSelect.template") - elif self.pki_master_dict['pki_subsystem'] == "KRA": + elif self.mdict['pki_subsystem'] == "KRA": # '*.profile' - self.pki_master_dict['pki_target_servercert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_servercert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_storagecert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_storagecert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "storageCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_subsystemcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") - self.pki_master_dict['pki_target_transportcert_profile'] = \ - os.path.join(self.pki_master_dict\ + self.mdict['pki_target_transportcert_profile'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "transportCert.profile") - elif self.pki_master_dict['pki_subsystem'] == "TPS": - self.pki_master_dict['pki_target_registry_cfg'] = \ - os.path.join(self.pki_master_dict\ + elif self.mdict['pki_subsystem'] == "TPS": + self.mdict['pki_target_registry_cfg'] = \ + os.path.join(self.mdict\ ['pki_subsystem_configuration_path'], "registry.cfg") - self.pki_master_dict['pki_target_phone_home_xml'] = \ + self.mdict['pki_target_phone_home_xml'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "phoneHome.xml") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value - self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] = \ - self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \ - os.path.join(self.pki_master_dict['pki_instance_path'], - self.pki_master_dict['pki_instance_name']) - self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] = \ - os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], - self.pki_master_dict['pki_instance_name']) - if self.pki_master_dict['pki_subsystem'] in\ + self.mdict['PKI_INSTANCE_NAME_SLOT'] = \ + self.mdict['pki_instance_name'] + self.mdict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \ + os.path.join(self.mdict['pki_instance_path'], + self.mdict['pki_instance_name']) + self.mdict['PKI_REGISTRY_FILE_SLOT'] = \ + os.path.join(self.mdict['pki_subsystem_registry_path'], + self.mdict['pki_instance_name']) + if self.mdict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - self.pki_master_dict['FORTITUDE_APACHE_SLOT'] = None - self.pki_master_dict['FORTITUDE_AUTH_MODULES_SLOT'] = None - self.pki_master_dict['FORTITUDE_DIR_SLOT'] = None - self.pki_master_dict['FORTITUDE_LIB_DIR_SLOT'] = None - self.pki_master_dict['FORTITUDE_MODULE_SLOT'] = None - self.pki_master_dict['FORTITUDE_NSS_MODULES_SLOT'] = None - self.pki_master_dict['HTTPD_CONF_SLOT'] = None - self.pki_master_dict['LIB_PREFIX_SLOT'] = None - self.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None - self.pki_master_dict['NSS_CONF_SLOT'] = None - self.pki_master_dict['OBJ_EXT_SLOT'] = None - self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ + self.mdict['FORTITUDE_APACHE_SLOT'] = None + self.mdict['FORTITUDE_AUTH_MODULES_SLOT'] = None + self.mdict['FORTITUDE_DIR_SLOT'] = None + self.mdict['FORTITUDE_LIB_DIR_SLOT'] = None + self.mdict['FORTITUDE_MODULE_SLOT'] = None + self.mdict['FORTITUDE_NSS_MODULES_SLOT'] = None + self.mdict['HTTPD_CONF_SLOT'] = None + self.mdict['LIB_PREFIX_SLOT'] = None + self.mdict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None + self.mdict['NSS_CONF_SLOT'] = None + self.mdict['OBJ_EXT_SLOT'] = None + self.mdict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "apache") - self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ + self.mdict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "apache") - self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" - self.pki_master_dict['PORT_SLOT'] = None - self.pki_master_dict['PROCESS_ID_SLOT'] = None - self.pki_master_dict['REQUIRE_CFG_PL_SLOT'] = None - self.pki_master_dict['SECURE_PORT_SLOT'] = None - self.pki_master_dict['SECURITY_LIBRARIES_SLOT'] = None - self.pki_master_dict['PKI_HOSTNAME_SLOT'] = None - self.pki_master_dict['SERVER_ROOT_SLOT'] = None - self.pki_master_dict['SYSTEM_LIBRARIES_SLOT'] = None - self.pki_master_dict['SYSTEM_USER_LIBRARIES_SLOT'] = None - self.pki_master_dict['TMP_DIR_SLOT'] = None - elif self.pki_master_dict['pki_subsystem'] in\ + self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" + self.mdict['PORT_SLOT'] = None + self.mdict['PROCESS_ID_SLOT'] = None + self.mdict['REQUIRE_CFG_PL_SLOT'] = None + self.mdict['SECURE_PORT_SLOT'] = None + self.mdict['SECURITY_LIBRARIES_SLOT'] = None + self.mdict['PKI_HOSTNAME_SLOT'] = None + self.mdict['SERVER_ROOT_SLOT'] = None + self.mdict['SYSTEM_LIBRARIES_SLOT'] = None + self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None + self.mdict['TMP_DIR_SLOT'] = None + elif self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['INSTALL_TIME_SLOT'] = \ - self.pki_master_dict['pki_install_time'] - self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict\ + self.mdict['INSTALL_TIME_SLOT'] = \ + self.mdict['pki_install_time'] + self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict\ ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict\ + self.mdict\ ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ + self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ "want" - self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_AJP_PORT_SLOT'] = \ - self.pki_master_dict['pki_ajp_port'] - self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] = \ - self.pki_master_dict['pki_ca_hostname'] - self.pki_master_dict['PKI_CA_PORT_SLOT'] = \ - self.pki_master_dict['pki_ca_port'] - self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] = \ - self.pki_master_dict['pki_pin'] - self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] = \ - self.pki_master_dict['pki_target_cs_cfg'] - self.pki_master_dict\ + self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_AJP_PORT_SLOT'] = \ + self.mdict['pki_ajp_port'] + self.mdict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_CA_HOSTNAME_SLOT'] = \ + self.mdict['pki_ca_hostname'] + self.mdict['PKI_CA_PORT_SLOT'] = \ + self.mdict['pki_ca_port'] + self.mdict['PKI_CERT_DB_PASSWORD_SLOT'] = \ + self.mdict['pki_pin'] + self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \ + self.mdict['pki_target_cs_cfg'] + self.mdict\ ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict\ + self.mdict\ ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict\ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict\ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict\ + self.mdict\ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_EE_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_GROUP_SLOT'] = \ - self.pki_master_dict['pki_group'] - self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] = \ - self.pki_master_dict['pki_instance_path'] - self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] = \ - self.pki_master_dict['pki_path'] - self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ + self.mdict['PKI_GROUP_SLOT'] = \ + self.mdict['pki_group'] + self.mdict['PKI_INSTANCE_PATH_SLOT'] = \ + self.mdict['pki_instance_path'] + self.mdict['PKI_INSTANCE_ROOT_SLOT'] = \ + self.mdict['pki_path'] + self.mdict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "tomcat") - self.pki_master_dict['PKI_HOSTNAME_SLOT'] = \ - self.pki_master_dict['pki_hostname'] - self.pki_master_dict\ + self.mdict['PKI_HOSTNAME_SLOT'] = \ + self.mdict['pki_hostname'] + self.mdict\ ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict\ + self.mdict\ ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ + self.mdict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "tomcat") - if config.str2bool(self.pki_master_dict['pki_enable_proxy']): - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ + if config.str2bool(self.mdict['pki_enable_proxy']): + self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_proxy_https_port'] - self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_proxy_http_port'] - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ + self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = \ + self.mdict['pki_proxy_https_port'] + self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ + self.mdict['pki_proxy_http_port'] + self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "" else: - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = "" - self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ + self.mdict['PKI_PROXY_SECURE_PORT_SLOT'] = "" + self.mdict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" + self.mdict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "<!--" - if (config.str2bool(self.pki_master_dict['pki_standalone'])): + if (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI - self.pki_master_dict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_STANDALONE_SLOT'] = "true" + self.mdict['PKI_STANDALONE_SLOT'] = "true" else: - self.pki_master_dict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_STANDALONE_SLOT'] = "false" - if (config.str2bool(self.pki_master_dict['pki_enable_access_log'])): - self.pki_master_dict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_STANDALONE_SLOT'] = "false" + if (config.str2bool(self.mdict['pki_enable_access_log'])): + self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "" else: - self.pki_master_dict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_TMPDIR_SLOT'] = \ - self.pki_master_dict['pki_tomcat_tmpdir_path'] - self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] = \ - self.pki_master_dict['resteasy_lib'] - self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] = \ - self.pki_master_dict['pki_one_time_pin'] - self.pki_master_dict['PKI_SECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_TMPDIR_SLOT'] = \ + self.mdict['pki_tomcat_tmpdir_path'] + self.mdict['PKI_RESTEASY_LIB_SLOT'] = \ + self.mdict['resteasy_lib'] + self.mdict['PKI_RANDOM_NUMBER_SLOT'] = \ + self.mdict['pki_one_time_pin'] + self.mdict['PKI_SECURE_PORT_SLOT'] = \ + self.mdict['pki_https_port'] + self.mdict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Secure" - self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "<!-- " + \ "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \ "-->" - self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] = \ - self.pki_master_dict['pki_security_manager'] - self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] = \ - self.pki_master_dict['pki_target_server_xml'] - self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ - self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ - self.pki_master_dict['pki_subsystem'].lower() - self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ + self.mdict['PKI_SECURITY_MANAGER_SLOT'] = \ + self.mdict['pki_security_manager'] + self.mdict['PKI_SERVER_XML_CONF_SLOT'] = \ + self.mdict['pki_target_server_xml'] + self.mdict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ + self.mdict['pki_ssl_server_nickname'] + self.mdict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ + self.mdict['pki_subsystem'].lower() + self.mdict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ "pki-tomcatd" + "@" + \ - self.pki_master_dict['pki_instance_name'] + ".service" - self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] = \ - self.pki_master_dict['pki_http_port'] - self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['pki_instance_name'] + ".service" + self.mdict['PKI_UNSECURE_PORT_SLOT'] = \ + self.mdict['pki_http_port'] + self.mdict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unsecure" - self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ "<!-- Shared Ports: Unsecure Port Connector -->" - self.pki_master_dict['PKI_USER_SLOT'] = \ - self.pki_master_dict['pki_user'] - self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = \ + self.mdict['PKI_USER_SLOT'] = \ + self.mdict['pki_user'] + self.mdict['PKI_WEB_SERVER_TYPE_SLOT'] = \ "tomcat" - self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] = \ + self.mdict['PKI_WEBAPPS_NAME_SLOT'] = \ "webapps" - self.pki_master_dict['TOMCAT_CFG_SLOT'] = \ - self.pki_master_dict['pki_target_tomcat_conf'] - self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ + self.mdict['TOMCAT_CFG_SLOT'] = \ + self.mdict['pki_target_tomcat_conf'] + self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ os.path.join( - self.pki_master_dict['pki_tomcat_common_lib_path'], + self.mdict['pki_tomcat_common_lib_path'], "*.jar") - self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] = \ - self.pki_master_dict['pki_instance_log_path'] - self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] = \ - "/var/run/pki/tomcat/" + self.pki_master_dict['pki_instance_name'] + ".pid" - self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] = \ - self.pki_master_dict['pki_tomcat_server_port'] - self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ + self.mdict['TOMCAT_LOG_DIR_SLOT'] = \ + self.mdict['pki_instance_log_path'] + self.mdict['TOMCAT_PIDFILE_SLOT'] = \ + "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + ".pid" + self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \ + self.mdict['pki_tomcat_server_port'] + self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ "-SSL2_RC4_128_WITH_MD5," + \ "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ "-SSL2_RC2_128_CBC_WITH_MD5," + \ "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \ "-SSL2_DES_64_CBC_WITH_MD5," + \ "-SSL2_DES_192_EDE3_CBC_WITH_MD5" - self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ + self.mdict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \ "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \ "+SSL3_RSA_WITH_RC4_128_SHA," + \ @@ -949,11 +949,11 @@ class PKIConfigParser: "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] = \ + self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \ "ssl2=true," + \ "ssl3=true," + \ "tls=true" - self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] = \ + self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ @@ -977,72 +977,72 @@ class PKIConfigParser: "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" # tps parameters - self.pki_master_dict['TOKENDB_HOST_SLOT'] = \ - self.pki_master_dict['pki_ds_hostname'] + self.mdict['TOKENDB_HOST_SLOT'] = \ + self.mdict['pki_ds_hostname'] - if config.str2bool(self.pki_master_dict['pki_ds_secure_connection']): - self.pki_master_dict['TOKENDB_PORT_SLOT'] = \ - self.pki_master_dict['pki_ds_ldaps_port'] + if config.str2bool(self.mdict['pki_ds_secure_connection']): + self.mdict['TOKENDB_PORT_SLOT'] = \ + self.mdict['pki_ds_ldaps_port'] else: - self.pki_master_dict['TOKENDB_PORT_SLOT'] = \ - self.pki_master_dict['pki_ds_ldap_port'] + self.mdict['TOKENDB_PORT_SLOT'] = \ + self.mdict['pki_ds_ldap_port'] - self.pki_master_dict['TOKENDB_ROOT_SLOT'] = \ - self.pki_master_dict['pki_ds_base_dn'] + self.mdict['TOKENDB_ROOT_SLOT'] = \ + self.mdict['pki_ds_base_dn'] - self.pki_master_dict['TPS_DIR_SLOT'] = \ - self.pki_master_dict['pki_source_subsystem_path'] + self.mdict['TPS_DIR_SLOT'] = \ + self.mdict['pki_source_subsystem_path'] - if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ - self.pki_master_dict\ + if self.mdict['pki_subsystem'] == "CA": + self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ + self.mdict\ ['pki_random_serial_numbers_enable'].lower() # Shared Apache/Tomcat NSS security database name/value pairs - self.pki_master_dict['pki_shared_pfile'] = \ + self.mdict['pki_shared_pfile'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "pfile") - self.pki_master_dict['pki_shared_password_conf'] = \ + self.mdict['pki_shared_password_conf'] = \ os.path.join( - self.pki_master_dict['pki_instance_configuration_path'], + self.mdict['pki_instance_configuration_path'], "password.conf") - self.pki_master_dict['pki_cert_database'] = \ - os.path.join(self.pki_master_dict['pki_database_path'], + self.mdict['pki_cert_database'] = \ + os.path.join(self.mdict['pki_database_path'], "cert8.db") - self.pki_master_dict['pki_key_database'] = \ - os.path.join(self.pki_master_dict['pki_database_path'], + self.mdict['pki_key_database'] = \ + os.path.join(self.mdict['pki_database_path'], "key3.db") - self.pki_master_dict['pki_secmod_database'] = \ - os.path.join(self.pki_master_dict['pki_database_path'], + self.mdict['pki_secmod_database'] = \ + os.path.join(self.mdict['pki_database_path'], "secmod.db") - self.pki_master_dict['pki_self_signed_token'] = "internal" - self.pki_master_dict['pki_self_signed_nickname'] = \ - self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['pki_self_signed_subject'] = \ - "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ - "o=" + self.pki_master_dict['pki_certificate_timestamp'] - self.pki_master_dict['pki_self_signed_serial_number'] = 0 - self.pki_master_dict['pki_self_signed_validity_period'] = 12 - self.pki_master_dict['pki_self_signed_issuer_name'] = \ - "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ - "o=" + self.pki_master_dict['pki_certificate_timestamp'] - self.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" - self.pki_master_dict['pki_self_signed_noise_file'] = \ + self.mdict['pki_self_signed_token'] = "internal" + self.mdict['pki_self_signed_nickname'] = \ + self.mdict['pki_ssl_server_nickname'] + self.mdict['pki_self_signed_subject'] = \ + "cn=" + self.mdict['pki_hostname'] + "," + \ + "o=" + self.mdict['pki_certificate_timestamp'] + self.mdict['pki_self_signed_serial_number'] = 0 + self.mdict['pki_self_signed_validity_period'] = 12 + self.mdict['pki_self_signed_issuer_name'] = \ + "cn=" + self.mdict['pki_hostname'] + "," + \ + "o=" + self.mdict['pki_certificate_timestamp'] + self.mdict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" + self.mdict['pki_self_signed_noise_file'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "noise") - self.pki_master_dict['pki_self_signed_noise_bytes'] = 1024 + self.mdict['pki_self_signed_noise_bytes'] = 1024 # Shared Apache/Tomcat NSS security database convenience symbolic links - self.pki_master_dict\ + self.mdict\ ['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( - self.pki_master_dict['pki_subsystem_configuration_path'], + self.mdict['pki_subsystem_configuration_path'], "password.conf") - if not len(self.pki_master_dict['pki_client_database_password']): + if not len(self.mdict['pki_client_database_password']): # use randomly generated client 'pin' - self.pki_master_dict['pki_client_database_password'] = \ - str(self.pki_master_dict['pki_client_pin']) + self.mdict['pki_client_database_password'] = \ + str(self.mdict['pki_client_pin']) # Configuration scriptlet # 'Security Domain' Configuration name/value pairs @@ -1057,70 +1057,70 @@ class PKIConfigParser: # # The following variables are defined below: # - # self.pki_master_dict['pki_security_domain_type'] - # self.pki_master_dict['pki_security_domain_uri'] + # self.mdict['pki_security_domain_type'] + # self.mdict['pki_security_domain_uri'] # # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # self.pki_master_dict['pki_clone_pkcs12_password'] - # self.pki_master_dict['pki_security_domain_password'] - # self.pki_master_dict['pki_token_password'] - # self.pki_master_dict['pki_clone_pkcs12_path'] - # self.pki_master_dict['pki_clone_uri'] - # self.pki_master_dict['pki_security_domain_https_port'] - # self.pki_master_dict['pki_token_name'] + # self.mdict['pki_clone_pkcs12_password'] + # self.mdict['pki_security_domain_password'] + # self.mdict['pki_token_password'] + # self.mdict['pki_clone_pkcs12_path'] + # self.mdict['pki_clone_uri'] + # self.mdict['pki_security_domain_https_port'] + # self.mdict['pki_token_name'] # # The following variables are established via the specified PKI # deployment configuration file and potentially overridden below: # - # self.pki_master_dict['pki_security_domain_user'] - # self.pki_master_dict['pki_issuing_ca'] + # self.mdict['pki_security_domain_user'] + # self.mdict['pki_issuing_ca'] # # if security domain user is not defined - if not len(self.pki_master_dict['pki_security_domain_user']): + if not len(self.mdict['pki_security_domain_user']): # use the CA admin uid if it's defined if self.pki_config.has_option('CA', 'pki_admin_uid') and\ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] = \ + self.mdict['pki_security_domain_user'] = \ self.pki_config.get('CA', 'pki_admin_uid') # or use the Default admin uid if it's defined elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\ len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] = \ + self.mdict['pki_security_domain_user'] = \ self.pki_config.get('DEFAULT', 'pki_admin_uid') # otherwise use the default CA admin uid else: - self.pki_master_dict['pki_security_domain_user'] = "caadmin" + self.mdict['pki_security_domain_user'] = "caadmin" - if not config.str2bool(self.pki_master_dict['pki_skip_configuration']) and\ - (config.str2bool(self.pki_master_dict['pki_standalone'])): + if not config.str2bool(self.mdict['pki_skip_configuration']) and\ + (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI - self.pki_master_dict['pki_security_domain_type'] = "new" - self.pki_master_dict['pki_issuing_ca'] = "External CA" + self.mdict['pki_security_domain_type'] = "new" + self.mdict['pki_issuing_ca'] = "External CA" elif config.pki_subsystem != "CA" or\ - config.str2bool(self.pki_master_dict['pki_clone']) or\ - config.str2bool(self.pki_master_dict['pki_subordinate']): + config.str2bool(self.mdict['pki_clone']) or\ + config.str2bool(self.mdict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA - self.pki_master_dict['pki_security_domain_type'] = "existing" - self.pki_master_dict['pki_security_domain_uri'] = \ + self.mdict['pki_security_domain_type'] = "existing" + self.mdict['pki_security_domain_uri'] = \ "https" + "://" + \ - self.pki_master_dict['pki_security_domain_hostname'] + ":" + \ - self.pki_master_dict['pki_security_domain_https_port'] + self.mdict['pki_security_domain_hostname'] + ":" + \ + self.mdict['pki_security_domain_https_port'] - elif config.str2bool(self.pki_master_dict['pki_external']): + elif config.str2bool(self.mdict['pki_external']): # External CA - self.pki_master_dict['pki_security_domain_type'] = "new" - self.pki_master_dict['pki_issuing_ca'] = "External CA" + self.mdict['pki_security_domain_type'] = "new" + self.mdict['pki_issuing_ca'] = "External CA" else: # PKI CA - self.pki_master_dict['pki_security_domain_type'] = "new" + self.mdict['pki_security_domain_type'] = "new" # 'External CA' Configuration name/value pairs # @@ -1129,10 +1129,10 @@ class PKIConfigParser: # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # self.pki_master_dict['pki_external_ca_cert_chain_path'] - # self.pki_master_dict['pki_external_ca_cert_path'] - # self.pki_master_dict['pki_external_csr_path'] - # self.pki_master_dict['pki_external_step_two'] + # self.mdict['pki_external_ca_cert_chain_path'] + # self.mdict['pki_external_ca_cert_path'] + # self.mdict['pki_external_csr_path'] + # self.mdict['pki_external_step_two'] # # 'Backup' Configuration name/value pairs @@ -1145,59 +1145,59 @@ class PKIConfigParser: # The following variables are established via the specified PKI # deployment configuration file and are NOT redefined below: # - # self.pki_master_dict['pki_backup_password'] - # self.pki_master_dict['pki_backup_keys'] + # self.mdict['pki_backup_password'] + # self.mdict['pki_backup_keys'] # - if config.str2bool(self.pki_master_dict['pki_backup_keys']): + if config.str2bool(self.mdict['pki_backup_keys']): # NOTE: ALWAYS store the PKCS #12 backup keys file # in with the NSS "server" security databases - self.pki_master_dict['pki_backup_keys_p12'] = \ - self.pki_master_dict['pki_database_path'] + "/" + \ - self.pki_master_dict['pki_subsystem'].lower() + "_" + \ + self.mdict['pki_backup_keys_p12'] = \ + self.mdict['pki_database_path'] + "/" + \ + self.mdict['pki_subsystem'].lower() + "_" + \ "backup" + "_" + "keys" + "." + "p12" - self.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" + self.mdict['pki_admin_profile_id'] = "caAdminCert" - if not 'pki_import_admin_cert' in self.pki_master_dict: - self.pki_master_dict['pki_import_admin_cert'] = 'false' - elif not config.str2bool(self.pki_master_dict['pki_skip_configuration']) and\ - (config.str2bool(self.pki_master_dict['pki_standalone'])): + if not 'pki_import_admin_cert' in self.mdict: + self.mdict['pki_import_admin_cert'] = 'false' + elif not config.str2bool(self.mdict['pki_skip_configuration']) and\ + (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI - self.pki_master_dict['pki_import_admin_cert'] = 'false' + self.mdict['pki_import_admin_cert'] = 'false' - if (config.str2bool(self.pki_master_dict['pki_standalone'])): - self.pki_master_dict['pki_ca_signing_tag'] = "external_signing" + if (config.str2bool(self.mdict['pki_standalone'])): + self.mdict['pki_ca_signing_tag'] = "external_signing" else: - self.pki_master_dict['pki_ca_signing_tag'] = "signing" - if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['pki_ocsp_signing_tag'] = "ocsp_signing" - elif self.pki_master_dict['pki_subsystem'] == "OCSP": - self.pki_master_dict['pki_ocsp_signing_tag'] = "signing" - self.pki_master_dict['pki_ssl_server_tag'] = "sslserver" - self.pki_master_dict['pki_subsystem_tag'] = "subsystem" - self.pki_master_dict['pki_audit_signing_tag'] = "audit_signing" - self.pki_master_dict['pki_transport_tag'] = "transport" - self.pki_master_dict['pki_storage_tag'] = "storage" + self.mdict['pki_ca_signing_tag'] = "signing" + if self.mdict['pki_subsystem'] == "CA": + self.mdict['pki_ocsp_signing_tag'] = "ocsp_signing" + elif self.mdict['pki_subsystem'] == "OCSP": + self.mdict['pki_ocsp_signing_tag'] = "signing" + self.mdict['pki_ssl_server_tag'] = "sslserver" + self.mdict['pki_subsystem_tag'] = "subsystem" + self.mdict['pki_audit_signing_tag'] = "audit_signing" + self.mdict['pki_transport_tag'] = "transport" + self.mdict['pki_storage_tag'] = "storage" # Finalization name/value pairs - self.pki_master_dict['pki_default_deployment_cfg_replica'] = \ - os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], + self.mdict['pki_default_deployment_cfg_replica'] = \ + os.path.join(self.mdict['pki_subsystem_registry_path'], config.DEFAULT_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_replica'] = \ - os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], + self.mdict['pki_user_deployment_cfg_replica'] = \ + os.path.join(self.mdict['pki_subsystem_registry_path'], config.USER_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] = \ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + self.mdict['pki_user_deployment_cfg_spawn_archive'] = \ + self.mdict['pki_subsystem_archive_log_path'] + "/" + \ "spawn" + "_" + \ config.USER_DEPLOYMENT_CONFIGURATION + "." + \ - self.pki_master_dict['pki_timestamp'] - self.pki_master_dict['pki_manifest'] = \ - self.pki_master_dict['pki_subsystem_registry_path'] + "/" + \ + self.mdict['pki_timestamp'] + self.mdict['pki_manifest'] = \ + self.mdict['pki_subsystem_registry_path'] + "/" + \ "manifest" - self.pki_master_dict['pki_manifest_spawn_archive'] = \ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + self.mdict['pki_manifest_spawn_archive'] = \ + self.mdict['pki_subsystem_archive_log_path'] + "/" + \ "spawn" + "_" + "manifest" + "." + \ - self.pki_master_dict['pki_timestamp'] + self.mdict['pki_timestamp'] # Construct the configuration URL containing the one-time pin # and add this to the "sensitive" key value pairs read in from # the configuration file @@ -1206,28 +1206,28 @@ class PKIConfigParser: # parameter that may be stored in a log file and displayed # to the screen. # - self.pki_master_dict['pki_configuration_url'] = \ + self.mdict['pki_configuration_url'] = \ "https://{}:{}/{}/{}?pin={}".format( - self.pki_master_dict['pki_hostname'], - self.pki_master_dict['pki_https_port'], - self.pki_master_dict['pki_subsystem'].lower(), + self.mdict['pki_hostname'], + self.mdict['pki_https_port'], + self.mdict['pki_subsystem'].lower(), "admin/console/config/login", - self.pki_master_dict['pki_one_time_pin']) + self.mdict['pki_one_time_pin']) # Compose this "systemd" execution management command - if self.pki_master_dict['pki_subsystem'] in\ + if self.mdict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] = \ + self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ "pki-apached" + "@" + \ - self.pki_master_dict['pki_instance_name'] + "." + "service" - elif self.pki_master_dict['pki_subsystem'] in\ + self.mdict['pki_instance_name'] + "." + "service" + elif self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] = \ + self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ "pki-tomcatd" + "@" + \ - self.pki_master_dict['pki_instance_name'] + "." + "service" + self.mdict['pki_instance_name'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1256,9 +1256,9 @@ class PKIConfigParser: parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS: - self.pki_slots_dict = dict(parser.items('Apache')) + self.slots_dict = dict(parser.items('Apache')) elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_slots_dict = dict(parser.items('Tomcat')) + self.slots_dict = dict(parser.items('Tomcat')) except ConfigParser.ParsingError, err: rv = err return rv |