summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiparser.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py94
1 files changed, 82 insertions, 12 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 6c4574add..e824c8ac9 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -261,8 +261,6 @@ def read_pki_configuration_file():
parser.optionxform = str
parser.read(config.pkideployment_cfg)
config.pki_sensitive_dict = dict(parser._sections['Sensitive'])
- config.pki_mandatory_dict = dict(parser._sections['Mandatory'])
- config.pki_optional_dict = dict(parser._sections['Optional'])
config.pki_common_dict = dict(parser._sections['Common'])
if config.pki_subsystem == "CA":
config.pki_web_server_dict = dict(parser._sections['Tomcat'])
@@ -284,8 +282,6 @@ def read_pki_configuration_file():
config.pki_subsystem_dict = dict(parser._sections['TPS'])
# Insert empty record into dictionaries for "pretty print" statements
# NEVER print "sensitive" key value pairs!!!
- config.pki_mandatory_dict[0] = None
- config.pki_optional_dict[0] = None
config.pki_common_dict[0] = None
config.pki_web_server_dict[0] = None
config.pki_subsystem_dict[0] = None
@@ -316,8 +312,6 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_deployment_cfg'] = config.pkideployment_cfg
# Configuration file name/value pairs
# NEVER add "sensitive" key value pairs to the master dictionary!!!
- config.pki_master_dict.update(config.pki_mandatory_dict)
- config.pki_master_dict.update(config.pki_optional_dict)
config.pki_master_dict.update(config.pki_common_dict)
config.pki_master_dict.update(config.pki_web_server_dict)
config.pki_master_dict.update(config.pki_subsystem_dict)
@@ -1435,6 +1429,7 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_subsystem'].lower() + "/" + "pki"
# Jython scriptlet
# 'Security Domain' Configuration name/value pairs
+ # 'Subsystem Name' Configuration name/value pairs
#
# Apache - [RA], [TPS]
# Tomcat - [CA], [KRA], [OCSP], [TKS]
@@ -1459,16 +1454,19 @@ def compose_pki_master_dictionary():
#
# config.pki_master_dict['pki_security_domain_hostname']
# config.pki_master_dict['pki_security_domain_name']
+ # config.pki_master_dict['pki_subsystem_name']
#
if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
if config.pki_subsystem == "CA":
if config.str2bool(config.pki_master_dict['pki_external']):
# External CA
- config.pki_master_dict['pki_security_domain_type'] = "new"
- if not len(config.pki_master_dict\
- ['pki_security_domain_name']):
- config.pki_master_dict['pki_security_domain_name'] =\
- "External CA Security Domain"
+ #
+ # NOTE: External CA's DO NOT require a security domain
+ if not len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "External CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
elif not config.str2bool(config.pki_master_dict['pki_clone'])\
and not\
config.str2bool(config.pki_master_dict['pki_subordinate']):
@@ -1479,6 +1477,11 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_security_domain_name'] =\
config.pki_master_dict['pki_dns_domainname'] +\
" " + "Security Domain"
+ if not len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
else:
# PKI Cloned or Subordinate CA
config.pki_master_dict['pki_security_domain_type'] =\
@@ -1492,8 +1495,24 @@ def compose_pki_master_dictionary():
"https" + "://" +\
config.pki_master_dict['pki_security_domain_hostname']\
+ ":" + config.pki_security_domain_https_port
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned CA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # Subordinate CA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Subordinate CA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
else:
- # PKI KRA, OCSP, or TKS
+ # PKI or Cloned KRA, OCSP, or TKS
config.pki_master_dict['pki_security_domain_type'] = "existing"
if not len(config.pki_master_dict\
['pki_security_domain_hostname']):
@@ -1505,6 +1524,57 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_security_domain_hostname'] +\
":" +\
config.pki_master_dict['pki_security_domain_https_port']
+ if config.pki_subsystem == "KRA":
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned KRA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned KRA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # PKI KRA
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI KRA" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ elif config.pki_subsystem == "OCSP":
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned OCSP
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned OCSP" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # PKI OCSP
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI OCSP" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ elif config.pki_subsystem == "TKS":
+ if config.str2bool(config.pki_master_dict['pki_clone']):
+ # Cloned TKS
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "Cloned TKS" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ else:
+ # PKI TKS
+ if not\
+ len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ "PKI TKS" + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
# Jython scriptlet
# 'Directory Server' Configuration name/value pairs
#
generated by cgit (git 2.34.1) at 2024-04-26 07:55:55 +0000