diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-04-07 19:45:10 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-11 18:05:26 +0200 |
commit | 9e3551fdb2c8d1f1bd7ad57249752c8ad6aece32 (patch) | |
tree | 2c94843b6dbceb9aa635625d0e0605cb799a1e6d /base/server/python/pki/server | |
parent | 0c8aedd8a79841751005c531cf6cfbc08a4fd4dd (diff) | |
download | pki-9e3551fdb2c8d1f1bd7ad57249752c8ad6aece32.tar.gz pki-9e3551fdb2c8d1f1bd7ad57249752c8ad6aece32.tar.xz pki-9e3551fdb2c8d1f1bd7ad57249752c8ad6aece32.zip |
Added FIPS-compliant password generator.
A new function has been added to generate a random password that
meets FIPS requirements for a strong password. This function is
used to generate NSS database password during installation.
https://pagure.io/dogtagpki/issue/2556
Change-Id: I64dd36125ec968f6253f90835e6065325d720032
Diffstat (limited to 'base/server/python/pki/server')
-rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index e05e0be31..df04ff8f0 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -583,12 +583,6 @@ class PKIConfigParser: self.deployer.flatten_master_dict() - # Generate random 'pin's for use as security database passwords - # and add these to the "sensitive" key value pairs read in from - # the configuration file - pin_low = 100000000000 - pin_high = 999999999999 - instance = pki.server.PKIInstance(self.mdict['pki_instance_name']) instance.load() @@ -604,11 +598,9 @@ class PKIConfigParser: # otherwise, generate a random password else: - self.mdict['pki_pin'] = \ - random.randint(pin_low, pin_high) + self.mdict['pki_pin'] = pki.generate_password() - self.mdict['pki_client_pin'] = \ - random.randint(pin_low, pin_high) + self.mdict['pki_client_pin'] = pki.generate_password() pkilogging.sensitive_parameters = \ self.mdict['sensitive_parameters'].split() |