diff options
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 1 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 13 | ||||
-rwxr-xr-x | base/server/sbin/pkispawn | 22 |
3 files changed, 26 insertions, 10 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index e8591398d..07a5ce4dd 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -492,6 +492,7 @@ class ConfigurationFile: self.external = config.str2bool(self.mdict['pki_external']) self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two']) self.external_step_two = not self.external_step_one + self.external_csr_path = self.mdict['pki_external_csr_path'] if self.external: # generic extension support in CSR - for external CA diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index ba8cff68e..16c6ae5da 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -96,6 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): external = deployer.configuration_file.external step_one = deployer.configuration_file.external_step_one step_two = deployer.configuration_file.external_step_two + external_csr_path = deployer.configuration_file.external_csr_path try: if external and step_one: # external/existing CA step 1 @@ -127,16 +128,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # If filename specified, generate CA cert request and # import it into CS.cfg. - request_file = deployer.mdict['pki_external_csr_path'] - if request_file: + if external_csr_path: nssdb.create_request( subject_dn=deployer.mdict['pki_ca_signing_subject_dn'], - request_file=request_file, + request_file=external_csr_path, key_type=key_type, key_size=key_size, curve=curve, hash_alg=hash_alg) - with open(request_file) as f: + with open(external_csr_path) as f: signing_csr = f.read() signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr @@ -150,9 +150,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif external and step_two: # external/existing CA step 2 # If specified, import existing CA cert request into CS.cfg. - request_file = deployer.mdict['pki_external_csr_path'] - if request_file: - with open(request_file) as f: + if external_csr_path: + with open(external_csr_path) as f: signing_csr = f.read() signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 3b09e0f20..967d5f5e5 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -613,9 +613,13 @@ def main(argv): external = deployer.configuration_file.external step_one = deployer.configuration_file.external_step_one + external_csr_path = deployer.configuration_file.external_csr_path if external and step_one: - print_step_one_information(parser.mdict) + if external_csr_path: + print_external_ca_step_one_information(parser.mdict) + else: + print_existing_ca_step_one_information(parser.mdict) else: print_install_information(parser.mdict) @@ -627,7 +631,7 @@ def set_port(parser, tag, prompt, existing_data): parser.read_text(prompt, config.pki_subsystem, tag) -def print_step_one_information(mdict): +def print_external_ca_step_one_information(mdict): print(log.PKI_SPAWN_INFORMATION_HEADER) print(" The %s subsystem of the '%s' instance is still incomplete." % @@ -638,7 +642,19 @@ def print_step_one_information(mdict): % mdict['pki_external_csr_path']) print() print(" Submit the CSR to an external CA to generate a CA certificate\n" - " for this subsystem.") + " for this subsystem. Import the CA certificate and the certificate\n" + " chain, then continue the installation.") + print(log.PKI_SPAWN_INFORMATION_FOOTER) + + +def print_existing_ca_step_one_information(mdict): + + print(log.PKI_SPAWN_INFORMATION_HEADER) + print(" The %s subsystem of the '%s' instance is still incomplete." % + (config.pki_subsystem, mdict['pki_instance_name'])) + print() + print(" Import an existing CA certificate with the key and the CSR, and\n" + " the certificate chain if available, then continue the installation.") print(log.PKI_SPAWN_INFORMATION_FOOTER) |