summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-07-06 05:08:07 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-07-11 06:51:04 +0200
commit1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3 (patch)
treeede6596ce8e6a5dcc7c7373057f2a398eea707fc /base
parentde9337900e898da0a2de38c5d044722a26fcceee (diff)
downloadpki-1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3.tar.gz
pki-1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3.tar.xz
pki-1d91c7c4b9fab6df5670145bbc8f562c1a2a59f3.zip
Refactored ConfigClient.configure_pki_data().
The ConfigClient.configure_pki_data() has been modified to return the server response to the caller to allow more flexibility in processing the configuration result. The code that handles system certificate requests generated by the server has been moved into configuration.py. https://pagure.io/dogtagpki/issue/2280 Change-Id: Id902fcc10fbdcb270e3b00e219c3356d1319bde1
Diffstat (limited to 'base')
-rw-r--r--base/server/python/pki/server/deployment/pkihelper.py98
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/configuration.py105
2 files changed, 107 insertions, 96 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index cf2a7486c..d7de53fb1 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -3835,6 +3835,7 @@ class ConfigClient:
self.san_inject = config.str2bool(self.mdict['pki_san_inject'])
def configure_pki_data(self, data):
+
config.pki_log.info(
log.PKI_CONFIG_CONFIGURING_PKI_DATA,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -3846,101 +3847,8 @@ class ConfigClient:
subsystem=self.mdict['pki_subsystem_type'],
trust_env=False)
- try:
- client = pki.system.SystemConfigClient(connection)
- response = client.configure(data)
-
- config.pki_log.debug(
- log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']),
- extra=config.PKI_INDENTATION_LEVEL_2)
- try:
- certs = response['systemCerts']
- except KeyError:
- # no system certs created
- config.pki_log.debug(
- "No new system certificates generated.",
- extra=config.PKI_INDENTATION_LEVEL_2)
- certs = []
-
- if not isinstance(certs, list):
- certs = [certs]
- for cdata in certs:
- if self.standalone and not self.external_step_two:
- # Stand-alone PKI (Step 1)
- if cdata['tag'].lower() == "audit_signing":
- # Save Stand-alone PKI 'Audit Signing Certificate' CSR
- # (Step 1)
- self.save_system_csr(
- cdata['request'],
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1,
- self.mdict['pki_external_audit_signing_csr_path'],
- self.subsystem)
- elif cdata['tag'].lower() == "signing":
- # Save Stand-alone PKI OCSP 'OCSP Signing Certificate'
- # CSR (Step 1)
- self.save_system_csr(
- cdata['request'],
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING,
- self.mdict['pki_external_signing_csr_path'])
- elif cdata['tag'].lower() == "sslserver":
- # Save Stand-alone PKI 'SSL Server Certificate' CSR
- # (Step 1)
- self.save_system_csr(
- cdata['request'],
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1,
- self.mdict['pki_external_sslserver_csr_path'],
- self.subsystem)
- elif cdata['tag'].lower() == "storage":
- # Save Stand-alone PKI KRA 'Storage Certificate' CSR
- # (Step 1)
- self.save_system_csr(
- cdata['request'],
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE,
- self.mdict['pki_external_storage_csr_path'])
- elif cdata['tag'].lower() == "subsystem":
- # Save Stand-alone PKI 'Subsystem Certificate' CSR
- # (Step 1)
- self.save_system_csr(
- cdata['request'],
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1,
- self.mdict['pki_external_subsystem_csr_path'],
- self.subsystem)
- elif cdata['tag'].lower() == "transport":
- # Save Stand-alone PKI KRA 'Transport Certificate' CSR
- # (Step 1)
- self.save_system_csr(
- cdata['request'],
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT,
- self.mdict['pki_external_transport_csr_path'])
- else:
- config.pki_log.debug(
- log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'],
- extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.debug(
- log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'],
- extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.debug(
- log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'],
- extra=config.PKI_INDENTATION_LEVEL_2)
-
- # Cloned PKI subsystems do not return an Admin Certificate
- if not self.clone:
- if self.standalone:
- if not self.external_step_two:
- # NOTE: Do nothing for Stand-alone PKI (Step 1)
- # as this has already been addressed
- # in 'set_admin_parameters()'
- pass
- else:
- admin_cert = response['adminCert']['cert']
- self.process_admin_cert(admin_cert)
- elif not config.str2bool(self.mdict['pki_import_admin_cert']):
- admin_cert = response['adminCert']['cert']
- self.process_admin_cert(admin_cert)
-
- except:
-
- raise
+ client = pki.system.SystemConfigClient(connection)
+ return client.configure(data)
def process_admin_cert(self, admin_cert):
config.pki_log.debug(
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index c9166f1ee..8c6b52368 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -96,8 +96,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
existing = deployer.configuration_file.existing
external = deployer.configuration_file.external
+ standalone = deployer.configuration_file.standalone
step_one = deployer.configuration_file.external_step_one
step_two = deployer.configuration_file.external_step_two
+ clone = deployer.configuration_file.clone
try:
if external and step_one: # external CA step 1 only
@@ -384,9 +386,110 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
data = deployer.config_client.construct_pki_configuration_data()
# Configure the subsystem
- deployer.config_client.configure_pki_data(
+ response = deployer.config_client.configure_pki_data(
json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
+ config.pki_log.debug(
+ log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']),
+ extra=config.PKI_INDENTATION_LEVEL_2)
+
+ try:
+ certs = response['systemCerts']
+ except KeyError:
+ # no system certs created
+ config.pki_log.debug(
+ "No new system certificates generated.",
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ certs = []
+
+ if not isinstance(certs, list):
+ certs = [certs]
+
+ for cdata in certs:
+
+ if standalone and not step_two:
+
+ # Stand-alone PKI (Step 1)
+
+ if cdata['tag'].lower() == "audit_signing":
+ # Save Stand-alone PKI 'Audit Signing Certificate' CSR
+ # (Step 1)
+ deployer.config_client.save_system_csr(
+ cdata['request'],
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1,
+ deployer.mdict['pki_external_audit_signing_csr_path'],
+ subsystem.name)
+
+ elif cdata['tag'].lower() == "signing":
+ # Save Stand-alone PKI OCSP 'OCSP Signing Certificate'
+ # CSR (Step 1)
+ deployer.config_client.save_system_csr(
+ cdata['request'],
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING,
+ deployer.mdict['pki_external_signing_csr_path'])
+
+ elif cdata['tag'].lower() == "sslserver":
+ # Save Stand-alone PKI 'SSL Server Certificate' CSR
+ # (Step 1)
+ deployer.config_client.save_system_csr(
+ cdata['request'],
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1,
+ deployer.mdict['pki_external_sslserver_csr_path'],
+ subsystem.name)
+
+ elif cdata['tag'].lower() == "storage":
+ # Save Stand-alone PKI KRA 'Storage Certificate' CSR
+ # (Step 1)
+ deployer.config_client.save_system_csr(
+ cdata['request'],
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE,
+ deployer.mdict['pki_external_storage_csr_path'])
+
+ elif cdata['tag'].lower() == "subsystem":
+ # Save Stand-alone PKI 'Subsystem Certificate' CSR
+ # (Step 1)
+ deployer.config_client.save_system_csr(
+ cdata['request'],
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1,
+ deployer.mdict['pki_external_subsystem_csr_path'],
+ subsystem.name)
+
+ elif cdata['tag'].lower() == "transport":
+ # Save Stand-alone PKI KRA 'Transport Certificate' CSR
+ # (Step 1)
+ deployer.config_client.save_system_csr(
+ cdata['request'],
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT,
+ deployer.mdict['pki_external_transport_csr_path'])
+
+ else:
+ config.pki_log.debug(
+ log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+
+ # Cloned PKI subsystems do not return an Admin Certificate
+ if not clone:
+
+ if standalone:
+ if not step_two:
+ # NOTE: Do nothing for Stand-alone PKI (Step 1)
+ # as this has already been addressed
+ # in 'set_admin_parameters()'
+ pass
+ else:
+ admin_cert = response['adminCert']['cert']
+ deployer.config_client.process_admin_cert(admin_cert)
+
+ elif not config.str2bool(deployer.mdict['pki_import_admin_cert']):
+ admin_cert = response['adminCert']['cert']
+ deployer.config_client.process_admin_cert(admin_cert)
+
def destroy(self, deployer):
config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
generated by cgit (git 2.34.1) at 2024-04-24 09:27:31 +0000