diff options
5 files changed, 11 insertions, 178 deletions
diff --git a/base/java-tools/man/man1/pki-securitydomain.1 b/base/java-tools/man/man1/pki-securitydomain.1 index a8c36c556..cbefa7568 100644 --- a/base/java-tools/man/man1/pki-securitydomain.1 +++ b/base/java-tools/man/man1/pki-securitydomain.1 @@ -20,7 +20,6 @@ pki-securitydomain \- Command-Line Interface for managing Certificate System sec .SH SYNOPSIS .nf \fBpki\fR [CLI options] \fBsecuritydomain\fR -\fBpki\fR [CLI options] \fBsecuritydomain-get-install-token\fR [command options] \fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options] .fi @@ -33,11 +32,6 @@ The \fBpki-securitydomain\fR commands provide command-line interfaces to manage This command is to list available security domain commands. .RE .PP -\fBpki\fR [CLI options] \fBsecuritydomain-get-install-token\fR [command options] -.RS 4 -This command is to get an installation token. -.RE -.PP \fBpki\fR [CLI options] \fBsecuritydomain-show\fR [command options] .RS 4 This command is to show the contents of the security domain. @@ -49,9 +43,7 @@ The CLI options are described in \fBpki\fR(1). .SH OPERATIONS To view available security domain commands, type \fBpki securitydomain\fP. To view each command's usage, type \fB pki securitydomain-<command> \-\-help\fP. -To get an installation token (used when installing a new subsystem within a security domain): - -\fBpki <security domain admin authentication> securitydomain-get-install-token \-\-hostname <hostname> \-\-subsystem <subsystem>\fP +." To get an installation token (used when installing a new subsystem within a security domain): To show the contents of the security domain: diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java index 224e215a8..b1a359788 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java @@ -35,7 +35,6 @@ public class SecurityDomainCLI extends CLI { public SecurityDomainCLI(CLI parent) { super("securitydomain", "Security domain commands", parent); - addModule(new SecurityDomainGetInstallTokenCLI(this)); addModule(new SecurityDomainShowCLI(this)); } diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainGetInstallTokenCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainGetInstallTokenCLI.java deleted file mode 100644 index 86e722aaa..000000000 --- a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainGetInstallTokenCLI.java +++ /dev/null @@ -1,98 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -package com.netscape.cmstools.system; - -import java.net.InetAddress; -import java.util.Arrays; - -import org.apache.commons.cli.CommandLine; -import org.apache.commons.cli.Option; - -import com.netscape.certsrv.system.InstallToken; -import com.netscape.cmstools.cli.CLI; -import com.netscape.cmstools.cli.MainCLI; - -/** - * @author Endi S. Dewata - */ -public class SecurityDomainGetInstallTokenCLI extends CLI { - - public SecurityDomainCLI securityDomainCLI; - - public SecurityDomainGetInstallTokenCLI(SecurityDomainCLI securityDomainCLI) { - super("get-install-token", "Get install token", securityDomainCLI); - this.securityDomainCLI = securityDomainCLI; - - createOptions(); - } - - public void printHelp() { - formatter.printHelp(getFullName() + " --subsystem <subsystem> [OPTIONS...]", options); - } - - public void createOptions() { - Option option = new Option(null, "hostname", true, "Hostname"); - option.setArgName("hostname"); - options.addOption(option); - - option = new Option(null, "subsystem", true, "Subsystem"); - option.setArgName("subsystem"); - option.setRequired(true); - options.addOption(option); - } - - public void execute(String[] args) throws Exception { - // Always check for "--help" prior to parsing - if (Arrays.asList(args).contains("--help")) { - // Display usage - printHelp(); - System.exit(0); - } - - CommandLine cmd = null; - - try { - cmd = parser.parse(options, args); - - } catch (Exception e) { - System.err.println("Error: " + e.getMessage()); - printHelp(); - System.exit(-1); - } - - String[] cmdArgs = cmd.getArgs(); - - if (cmdArgs.length != 0) { - System.err.println("Error: Too many arguments specified."); - printHelp(); - System.exit(-1); - } - - String hostname = cmd.getOptionValue("hostname"); - if (hostname == null) { - hostname = InetAddress.getLocalHost().getHostName(); - } - - String subsystem = cmd.getOptionValue("subsystem"); - - InstallToken token = securityDomainCLI.securityDomainClient.getInstallToken(hostname, subsystem); - - MainCLI.printMessage("Install token: \"" + token.getToken() + "\""); - } -} diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index b9d48eea3..e6f001910 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3232,67 +3232,6 @@ class SecurityDomain: return None - def get_installation_token(self, secuser, secpass, critical_failure=True): - if not secuser or not secpass: - return None - - # process this PKI subsystem instance's 'CS.cfg' - cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) - - # assign key name/value pairs - machinename = cs_cfg.get('service.machineName') - cstype = cs_cfg.get('cs.type', '') - sechost = cs_cfg.get('securitydomain.host') - secadminport = cs_cfg.get('securitydomain.httpsadminport') - #secselect = cs_cfg.get('securitydomain.select') - Selected - # security domain - - command = ["/bin/pki", - "-p", str(secadminport), - "-h", sechost, - "-P", "https", - "-u", secuser, - "-w", secpass, - "-d", self.mdict['pki_database_path'], - "securitydomain-get-install-token", - "--hostname", machinename, - "--subsystem", cstype] - try: - output = subprocess.check_output( - command, - stderr=subprocess.STDOUT, - shell=True) - - token_list = re.findall("Install token: \"(.*)\"", output) - if not token_list: - config.pki_log.error( - log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, - str(sechost), - str(secadminport), - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error( - log.PKI_SUBPROCESS_ERROR_1, output, - extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure: - raise Exception( - log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 % - (str(sechost), str(secadminport))) - else: - token = token_list[0] - return token - except subprocess.CalledProcessError as exc: - config.pki_log.error( - log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, - str(sechost), - str(secadminport), - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure: - raise - return None - class Systemd(object): """PKI Deployment Execution Management Class""" diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 0aa4e1c4a..c209bf9c2 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -1,6 +1,6 @@ #!/usr/bin/python -t # Authors: -# Matthew Harmsen <mharmsen@redhat.com> +# Matthew Harmsen <mharmsen@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -49,9 +49,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.mdict['pki_subsystem'] == "CA" or\ - config.str2bool(deployer.mdict['pki_standalone'])) and\ - config.str2bool(deployer.mdict['pki_external_step_two']): + if (deployer.mdict['pki_subsystem'] == "CA" or \ + config.str2bool(deployer.mdict['pki_standalone'])) and \ + config.str2bool(deployer.mdict['pki_external_step_two']): # verify that this External CA (Step 2), or Stand-alone PKI # (Step 2) currently EXISTS for this "instance" deployer.instance.verify_subsystem_exists() @@ -96,10 +96,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # get ports to remove selinux context deployer.configuration_file.populate_non_default_ports() - # get deinstallation token - token = deployer.security_domain.get_installation_token( - config.pki_secdomain_user, config.pki_secdomain_pass) - # remove kra connector from CA if this is a KRA deployer.kra_connector.deregister() @@ -114,7 +110,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # instance's security domain may be a part of a # tightly-coupled shared instance. # - deployer.security_domain.deregister(token) + + # Previously we obtained the token through a command line interface + # no longer supported. Thus we assume no token and the deregister op will + # take place without the token using an alternate method. + + deployer.security_domain.deregister(None) # ALWAYS Stop this Tomcat PKI Process deployer.systemd.stop() return self.rv |