summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiparser.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py52
1 files changed, 36 insertions, 16 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index d8fc6d98b..ac77c9f87 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -1369,7 +1369,8 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_client_dir'] =\
os.path.join(
"/tmp",
- config.pki_master_dict['pki_instance_id'] + "_" + "client")
+ config.pki_master_dict['pki_instance_id'] + "_" +\
+ config.pki_subsystem + "_" + "client")
if not len(config.pki_master_dict['pki_client_database_dir']):
config.pki_master_dict['pki_client_database_dir'] =\
os.path.join(
@@ -1440,17 +1441,19 @@ def compose_pki_master_dictionary():
# config.pki_master_dict['pki_clone_pkcs12_path']
# config.pki_master_dict['pki_clone_uri']
# config.pki_master_dict['pki_security_domain_https_port']
- # config.pki_master_dict['pki_security_domain_user']
# config.pki_master_dict['pki_token_name']
#
# The following variables are established via the specified PKI
# deployment configuration file and potentially overridden below:
#
+ # config.pki_master_dict['pki_security_domain_user']
# config.pki_master_dict['pki_issuing_ca']
# config.pki_master_dict['pki_security_domain_hostname']
# config.pki_master_dict['pki_security_domain_name']
# config.pki_master_dict['pki_subsystem_name']
#
+ if not len(config.pki_master_dict['pki_security_domain_user']):
+ config.pki_master_dict['pki_security_domain_user'] = "caadmin"
if not len(config.pki_master_dict['pki_subsystem_name']):
config.pki_master_dict['pki_subsystem_name'] =\
config.pki_subsystem + " " +\
@@ -1534,10 +1537,12 @@ def compose_pki_master_dictionary():
# place a master and clone on the same machine (the method
# most often used for testing purposes)
config.pki_master_dict['pki_ds_base_dn'] =\
- "o=" + config.pki_master_dict['pki_instance_id']
+ "o=" + config.pki_master_dict['pki_instance_id'] +\
+ "-" + config.pki_subsystem
if not len(config.pki_master_dict['pki_ds_database']):
config.pki_master_dict['pki_ds_database'] =\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] +\
+ "-" + config.pki_subsystem
if not len(config.pki_master_dict['pki_ds_hostname']):
# Guess that the Directory Server resides on the local host
config.pki_master_dict['pki_ds_hostname'] =\
@@ -1592,17 +1597,23 @@ def compose_pki_master_dictionary():
# config.pki_master_dict['pki_admin_cert_request_type']
# config.pki_master_dict['pki_admin_dualkey']
# config.pki_master_dict['pki_admin_keysize']
- # config.pki_master_dict['pki_admin_name']
- # config.pki_master_dict['pki_admin_uid']
#
# The following variables are established via the specified PKI
# deployment configuration file and potentially overridden below:
#
+ # config.pki_master_dict['pki_admin_name']
+ # config.pki_master_dict['pki_admin_uid']
# config.pki_master_dict['pki_admin_email']
# config.pki_master_dict['pki_admin_nickname']
# config.pki_master_dict['pki_admin_subject_dn']
#
config.pki_master_dict['pki_admin_profile_id'] = "caAdminCert"
+ if not len(config.pki_master_dict['pki_admin_uid']):
+ config.pki_master_dict['pki_admin_uid'] =\
+ config.pki_subsystem.lower() + "admin"
+ if not len (config.pki_master_dict['pki_admin_name']):
+ config.pki_master_dict['pki_admin_name'] =\
+ config.pki_master_dict['pki_admin_uid']
if not len(config.pki_master_dict['pki_admin_email']):
config.pki_master_dict['pki_admin_email'] =\
config.pki_master_dict['pki_admin_name'] + "@" +\
@@ -1774,7 +1785,8 @@ def compose_pki_master_dictionary():
['pki_ca_signing_nickname']):
config.pki_master_dict['pki_ca_signing_nickname'] =\
"caSigningCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
# config.pki_master_dict['pki_ca_signing_subject_dn']
if config.str2bool(config.pki_master_dict['pki_external']):
# External CA
@@ -1841,7 +1853,8 @@ def compose_pki_master_dictionary():
['pki_ocsp_signing_nickname']):
config.pki_master_dict['pki_ocsp_signing_nickname'] =\
"ocspSigningCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if config.str2bool(config.pki_master_dict['pki_external']):
# External CA
if not len(config.pki_master_dict\
@@ -1882,7 +1895,8 @@ def compose_pki_master_dictionary():
['pki_ocsp_signing_nickname']):
config.pki_master_dict['pki_ocsp_signing_nickname'] =\
"ocspSigningCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if not len(config.pki_master_dict\
['pki_ocsp_signing_subject_dn']):
config.pki_master_dict['pki_ocsp_signing_subject_dn'] =\
@@ -1913,11 +1927,11 @@ def compose_pki_master_dictionary():
# config.pki_master_dict['pki_ssl_server_key_algorithm']
# config.pki_master_dict['pki_ssl_server_key_size']
# config.pki_master_dict['pki_ssl_server_key_type']
+ # config.pki_master_dict['pki_ssl_server_nickname']
#
# The following variables are established via the specified PKI
# deployment configuration file and potentially overridden below:
#
- # config.pki_master_dict['pki_ssl_server_nickname']
# config.pki_master_dict['pki_ssl_server_subject_dn']
# config.pki_master_dict['pki_ssl_server_token']
#
@@ -1979,7 +1993,8 @@ def compose_pki_master_dictionary():
if not len(config.pki_master_dict['pki_subsystem_nickname']):
config.pki_master_dict['pki_subsystem_nickname'] =\
"subsystemCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if not len(config.pki_master_dict['pki_subsystem_subject_dn']):
if config.pki_master_dict['pki_subsystem'] == "RA":
# PKI RA
@@ -2004,7 +2019,8 @@ def compose_pki_master_dictionary():
if not len(config.pki_master_dict['pki_subsystem_nickname']):
config.pki_master_dict['pki_subsystem_nickname'] =\
"subsystemCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if not len(config.pki_master_dict['pki_subsystem_subject_dn']):
if config.pki_master_dict['pki_subsystem'] == "CA":
if config.str2bool(
@@ -2085,7 +2101,8 @@ def compose_pki_master_dictionary():
['pki_audit_signing_nickname']):
config.pki_master_dict['pki_audit_signing_nickname'] =\
"auditSigningCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] +" " +\
+ config.pki_subsystem
if not len(config.pki_master_dict\
['pki_audit_signing_subject_dn']):
config.pki_master_dict['pki_audit_signing_subject_dn'] =\
@@ -2104,7 +2121,8 @@ def compose_pki_master_dictionary():
['pki_audit_signing_nickname']):
config.pki_master_dict['pki_audit_signing_nickname'] =\
"auditSigningCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if not len(config.pki_master_dict\
['pki_audit_signing_subject_dn']):
if config.pki_master_dict['pki_subsystem'] == "CA":
@@ -2186,7 +2204,8 @@ def compose_pki_master_dictionary():
['pki_transport_nickname']):
config.pki_master_dict['pki_transport_nickname'] =\
"transportCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if not len(config.pki_master_dict\
['pki_transport_subject_dn']):
config.pki_master_dict['pki_transport_subject_dn']\
@@ -2229,7 +2248,8 @@ def compose_pki_master_dictionary():
if not len(config.pki_master_dict['pki_storage_nickname']):
config.pki_master_dict['pki_storage_nickname'] =\
"storageCert" + " " + "cert-" +\
- config.pki_master_dict['pki_instance_id']
+ config.pki_master_dict['pki_instance_id'] + " " +\
+ config.pki_subsystem
if not len(config.pki_master_dict\
['pki_storage_subject_dn']):
config.pki_master_dict['pki_storage_subject_dn']\