diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-12-12 04:10:54 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-01-08 19:55:50 +0100 |
| commit | 449e4357e733a70e8f27f65f69ca8f0f7c8b5b21 (patch) | |
| tree | 29e9635ba3e322f4d466c7de854a37d704597f85 /base/server/python | |
| parent | 9d64c0b8e58fa4bb1b5504167b7d80b90e0ae1ff (diff) | |
| download | pki-449e4357e733a70e8f27f65f69ca8f0f7c8b5b21.tar.gz pki-449e4357e733a70e8f27f65f69ca8f0f7c8b5b21.tar.xz pki-449e4357e733a70e8f27f65f69ca8f0f7c8b5b21.zip | |
Fixed external CA case for IPA compatibility.
The installation code for external CA case has been fixed such
that IPA can detect step 1 completion properly.
The code that handles certificate data conversion has been fixed
to reformat base-64 data for PEM output properly.
The installation summary for step 1 has been updated to provide
more accurate information.
https://fedorahosted.org/pki/ticket/456
Diffstat (limited to 'base/server/python')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 7 | ||||
| -rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 10 |
2 files changed, 12 insertions, 5 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 9c9b40454..7a1a8c7d1 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -502,15 +502,18 @@ class ConfigurationFile: # generic extension support in CSR - for external CA self.add_req_ext = config.str2bool( self.mdict['pki_req_ext_add']) + self.external = config.str2bool(self.mdict['pki_external']) + self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two']) + self.external_step_two = not self.external_step_one + if self.external: # generic extension support in CSR - for external CA if self.add_req_ext: self.req_ext_oid = self.mdict['pki_req_ext_oid'] self.req_ext_critical = self.mdict['pki_req_ext_critical'] self.req_ext_data = self.mdict['pki_req_ext_data'] - self.external_step_two = config.str2bool( - self.mdict['pki_external_step_two']) + self.skip_configuration = config.str2bool( self.mdict['pki_skip_configuration']) self.standalone = config.str2bool(self.mdict['pki_standalone']) diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index b8b8fc691..a80239374 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -94,9 +94,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): token = deployer.mdict['pki_token_name'] nssdb = instance.open_nssdb(token) - external = config.str2bool(deployer.mdict['pki_external']) - step_one = not config.str2bool(deployer.mdict['pki_external_step_two']) - step_two = not step_one + external = deployer.configuration_file.external + step_one = deployer.configuration_file.external_step_one + step_two = deployer.configuration_file.external_step_two try: if external and step_one: # external/existing CA step 1 @@ -142,6 +142,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr + # This is needed by IPA to detect step 1 completion. + # See is_step_one_done() in ipaserver/install/cainstance.py. + subsystem.config['preop.ca.type'] = 'otherca' + subsystem.save() elif external and step_two: # external/existing CA step 2 |