diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-08-28 20:38:48 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-08-30 00:00:17 +0200 |
commit | 389420ad4ea9994fb54132454a14abbb83c2c35d (patch) | |
tree | 9f3b3de4543969c90cd9e104641383fd150ec3f4 /base/server/python/pki/server | |
parent | 4b48187b744f1cff2a64c4c5eb00866875a1f99d (diff) | |
download | pki-389420ad4ea9994fb54132454a14abbb83c2c35d.tar.gz pki-389420ad4ea9994fb54132454a14abbb83c2c35d.tar.xz pki-389420ad4ea9994fb54132454a14abbb83c2c35d.zip |
Fixed default token name for system certificates.
Previously when installing with HSM the token name has to be
specified for each system certificate in the pki_<cert>_token
parameters. The deployment tool has been modified such that by
default it will use the token name specified in pki_token_name.
https://fedorahosted.org/pki/ticket/2423
Diffstat (limited to 'base/server/python/pki/server')
-rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 115f3ca45..6e922cf6c 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -564,6 +564,24 @@ class PKIConfigParser: root = ET.fromstring(response) return root.findtext("Status") + def normalize_cert_token(self, name): + + # get cert token + token = self.mdict.get(name) + + # if not specified, get default token name + if not token: + token = self.mdict.get('pki_token_name') + + # normalize internal token name + if not token or \ + token.lower() == 'internal' or \ + token.lower() == 'internal key storage token': + token = 'Internal Key Storage Token' + + # update cert token + self.mdict[name] = token + def compose_pki_master_dictionary(self): """ Create a single master PKI dictionary from the @@ -595,11 +613,11 @@ class PKIConfigParser: instance = pki.server.PKIInstance(self.mdict['pki_instance_name']) instance.load() - internal_password = self.mdict['pki_self_signed_token'] + internal_token = self.mdict['pki_self_signed_token'] # if instance already exists and has password, reuse the password - if internal_password in instance.passwords: - self.mdict['pki_pin'] = instance.passwords.get(internal_password) + if internal_token in instance.passwords: + self.mdict['pki_pin'] = instance.passwords.get(internal_token) # otherwise, use user-provided password if specified elif 'pki_pin' in self.mdict: @@ -1207,6 +1225,15 @@ class PKIConfigParser: # always normalize 'default' softokn name self.mdict['pki_token_name'] = "internal" + # normalize cert tokens + self.normalize_cert_token('pki_audit_signing_token') + self.normalize_cert_token('pki_ssl_server_token') + self.normalize_cert_token('pki_subsystem_token') + self.normalize_cert_token('pki_ca_signing_token') + self.normalize_cert_token('pki_ocsp_signing_token') + self.normalize_cert_token('pki_storage_token') + self.normalize_cert_token('pki_transport_token') + # if security domain user is not defined if not len(self.mdict['pki_security_domain_user']): |