diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-06 05:08:07 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-11 06:51:04 +0200 |
commit | 1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3 (patch) | |
tree | ede6596ce8e6a5dcc7c7373057f2a398eea707fc /base | |
parent | de9337900e898da0a2de38c5d044722a26fcceee (diff) | |
download | pki-1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3.tar.gz pki-1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3.tar.xz pki-1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3.zip |
Refactored ConfigClient.configure_pki_data().
The ConfigClient.configure_pki_data() has been modified to return
the server response to the caller to allow more flexibility in
processing the configuration result.
The code that handles system certificate requests generated by the
server has been moved into configuration.py.
https://pagure.io/dogtagpki/issue/2280
Change-Id: Id902fcc10fbdcb270e3b00e219c3356d1319bde1
Diffstat (limited to 'base')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 98 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 105 |
2 files changed, 107 insertions, 96 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index cf2a7486c..d7de53fb1 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3835,6 +3835,7 @@ class ConfigClient: self.san_inject = config.str2bool(self.mdict['pki_san_inject']) def configure_pki_data(self, data): + config.pki_log.info( log.PKI_CONFIG_CONFIGURING_PKI_DATA, extra=config.PKI_INDENTATION_LEVEL_2) @@ -3846,101 +3847,8 @@ class ConfigClient: subsystem=self.mdict['pki_subsystem_type'], trust_env=False) - try: - client = pki.system.SystemConfigClient(connection) - response = client.configure(data) - - config.pki_log.debug( - log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']), - extra=config.PKI_INDENTATION_LEVEL_2) - try: - certs = response['systemCerts'] - except KeyError: - # no system certs created - config.pki_log.debug( - "No new system certificates generated.", - extra=config.PKI_INDENTATION_LEVEL_2) - certs = [] - - if not isinstance(certs, list): - certs = [certs] - for cdata in certs: - if self.standalone and not self.external_step_two: - # Stand-alone PKI (Step 1) - if cdata['tag'].lower() == "audit_signing": - # Save Stand-alone PKI 'Audit Signing Certificate' CSR - # (Step 1) - self.save_system_csr( - cdata['request'], - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1, - self.mdict['pki_external_audit_signing_csr_path'], - self.subsystem) - elif cdata['tag'].lower() == "signing": - # Save Stand-alone PKI OCSP 'OCSP Signing Certificate' - # CSR (Step 1) - self.save_system_csr( - cdata['request'], - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING, - self.mdict['pki_external_signing_csr_path']) - elif cdata['tag'].lower() == "sslserver": - # Save Stand-alone PKI 'SSL Server Certificate' CSR - # (Step 1) - self.save_system_csr( - cdata['request'], - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1, - self.mdict['pki_external_sslserver_csr_path'], - self.subsystem) - elif cdata['tag'].lower() == "storage": - # Save Stand-alone PKI KRA 'Storage Certificate' CSR - # (Step 1) - self.save_system_csr( - cdata['request'], - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE, - self.mdict['pki_external_storage_csr_path']) - elif cdata['tag'].lower() == "subsystem": - # Save Stand-alone PKI 'Subsystem Certificate' CSR - # (Step 1) - self.save_system_csr( - cdata['request'], - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1, - self.mdict['pki_external_subsystem_csr_path'], - self.subsystem) - elif cdata['tag'].lower() == "transport": - # Save Stand-alone PKI KRA 'Transport Certificate' CSR - # (Step 1) - self.save_system_csr( - cdata['request'], - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT, - self.mdict['pki_external_transport_csr_path']) - else: - config.pki_log.debug( - log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug( - log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug( - log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'], - extra=config.PKI_INDENTATION_LEVEL_2) - - # Cloned PKI subsystems do not return an Admin Certificate - if not self.clone: - if self.standalone: - if not self.external_step_two: - # NOTE: Do nothing for Stand-alone PKI (Step 1) - # as this has already been addressed - # in 'set_admin_parameters()' - pass - else: - admin_cert = response['adminCert']['cert'] - self.process_admin_cert(admin_cert) - elif not config.str2bool(self.mdict['pki_import_admin_cert']): - admin_cert = response['adminCert']['cert'] - self.process_admin_cert(admin_cert) - - except: - - raise + client = pki.system.SystemConfigClient(connection) + return client.configure(data) def process_admin_cert(self, admin_cert): config.pki_log.debug( diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index c9166f1ee..8c6b52368 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -96,8 +96,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): existing = deployer.configuration_file.existing external = deployer.configuration_file.external + standalone = deployer.configuration_file.standalone step_one = deployer.configuration_file.external_step_one step_two = deployer.configuration_file.external_step_two + clone = deployer.configuration_file.clone try: if external and step_one: # external CA step 1 only @@ -384,9 +386,110 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): data = deployer.config_client.construct_pki_configuration_data() # Configure the subsystem - deployer.config_client.configure_pki_data( + response = deployer.config_client.configure_pki_data( json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) + config.pki_log.debug( + log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']), + extra=config.PKI_INDENTATION_LEVEL_2) + + try: + certs = response['systemCerts'] + except KeyError: + # no system certs created + config.pki_log.debug( + "No new system certificates generated.", + extra=config.PKI_INDENTATION_LEVEL_2) + certs = [] + + if not isinstance(certs, list): + certs = [certs] + + for cdata in certs: + + if standalone and not step_two: + + # Stand-alone PKI (Step 1) + + if cdata['tag'].lower() == "audit_signing": + # Save Stand-alone PKI 'Audit Signing Certificate' CSR + # (Step 1) + deployer.config_client.save_system_csr( + cdata['request'], + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1, + deployer.mdict['pki_external_audit_signing_csr_path'], + subsystem.name) + + elif cdata['tag'].lower() == "signing": + # Save Stand-alone PKI OCSP 'OCSP Signing Certificate' + # CSR (Step 1) + deployer.config_client.save_system_csr( + cdata['request'], + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING, + deployer.mdict['pki_external_signing_csr_path']) + + elif cdata['tag'].lower() == "sslserver": + # Save Stand-alone PKI 'SSL Server Certificate' CSR + # (Step 1) + deployer.config_client.save_system_csr( + cdata['request'], + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1, + deployer.mdict['pki_external_sslserver_csr_path'], + subsystem.name) + + elif cdata['tag'].lower() == "storage": + # Save Stand-alone PKI KRA 'Storage Certificate' CSR + # (Step 1) + deployer.config_client.save_system_csr( + cdata['request'], + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE, + deployer.mdict['pki_external_storage_csr_path']) + + elif cdata['tag'].lower() == "subsystem": + # Save Stand-alone PKI 'Subsystem Certificate' CSR + # (Step 1) + deployer.config_client.save_system_csr( + cdata['request'], + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1, + deployer.mdict['pki_external_subsystem_csr_path'], + subsystem.name) + + elif cdata['tag'].lower() == "transport": + # Save Stand-alone PKI KRA 'Transport Certificate' CSR + # (Step 1) + deployer.config_client.save_system_csr( + cdata['request'], + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT, + deployer.mdict['pki_external_transport_csr_path']) + + else: + config.pki_log.debug( + log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'], + extra=config.PKI_INDENTATION_LEVEL_2) + + # Cloned PKI subsystems do not return an Admin Certificate + if not clone: + + if standalone: + if not step_two: + # NOTE: Do nothing for Stand-alone PKI (Step 1) + # as this has already been addressed + # in 'set_admin_parameters()' + pass + else: + admin_cert = response['adminCert']['cert'] + deployer.config_client.process_admin_cert(admin_cert) + + elif not config.str2bool(deployer.mdict['pki_import_admin_cert']): + admin_cert = response['adminCert']['cert'] + deployer.config_client.process_admin_cert(admin_cert) + def destroy(self, deployer): config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__, |