diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-09-08 20:06:19 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-09-08 21:15:07 +0200 |
| commit | b0a4981937abb1a3decad7decc0a788473464039 (patch) | |
| tree | 1ca437a9d9a1f5717bc0a1976ab5bdc8faab9313 /base/server/python/pki/server | |
| parent | 238d14bb8790037c8d1ca6d9123362ba3bb9fbf1 (diff) | |
| download | pki-b0a4981937abb1a3decad7decc0a788473464039.tar.gz pki-b0a4981937abb1a3decad7decc0a788473464039.tar.xz pki-b0a4981937abb1a3decad7decc0a788473464039.zip | |
Removed support for creating system certificates in different tokens.
The patch that added the support for creating system certificates
in different tokens causes issues in certain cases, so for now it
has been reverted.
https://fedorahosted.org/pki/ticket/2449
Diffstat (limited to 'base/server/python/pki/server')
| -rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index 97f6d3e60..64ee4e5f6 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -39,31 +39,6 @@ import pki.util # PKI Deployment Configuration Scriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - def store_cert_tokens(self, subsystem, deployer): - - subsystem.config[subsystem.name + '.audit_signing.tokenname'] = ( - deployer.mdict['pki_audit_signing_token']) - subsystem.config[subsystem.name + '.sslserver.tokenname'] = ( - deployer.mdict['pki_ssl_server_token']) - subsystem.config[subsystem.name + '.subsystem.tokenname'] = ( - deployer.mdict['pki_subsystem_token']) - - if subsystem.name == 'ca': - subsystem.config['ca.signing.tokenname'] = ( - deployer.mdict['pki_ca_signing_token']) - subsystem.config['ca.ocsp_signing.tokenname'] = ( - deployer.mdict['pki_ocsp_signing_token']) - - elif subsystem.name == 'kra': - subsystem.config['kra.storage.tokenname'] = ( - deployer.mdict['pki_storage_token']) - subsystem.config['kra.transport.tokenname'] = ( - deployer.mdict['pki_transport_token']) - - elif subsystem.name == 'ocsp': - subsystem.config['ocsp.signing.tokenname'] = ( - deployer.mdict['pki_ocsp_signing_token']) - def spawn(self, deployer): if config.str2bool(deployer.mdict['pki_skip_configuration']): @@ -290,14 +265,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): nickname=signing_nickname, output_format='base64') subsystem.config['ca.signing.nickname'] = signing_nickname + subsystem.config['ca.signing.tokenname'] = ( + deployer.mdict['pki_ca_signing_token']) subsystem.config['ca.signing.cert'] = signing_cert_data subsystem.config['ca.signing.cacertnickname'] = signing_nickname subsystem.config['ca.signing.defaultSigningAlgorithm'] = ( deployer.mdict['pki_ca_signing_signing_algorithm']) - # Store cert tokens in CS.cfg. - self.store_cert_tokens(subsystem, deployer) - subsystem.save() # verify the signing certificate @@ -308,7 +282,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): instance, 'ca') verifier.verify_certificate('signing') - else: # other installation types + else: # self-signed CA # To be implemented in ticket #1692. @@ -316,10 +290,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Self sign CA cert. # Import self-signed CA cert into NSS database. - # Store cert tokens in CS.cfg. - self.store_cert_tokens(subsystem, deployer) - - subsystem.save() + pass finally: nssdb.close() |