summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiparser.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py176
1 files changed, 38 insertions, 138 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index bf22a4d18..dd1f93bd3 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -1455,157 +1455,57 @@ def compose_pki_master_dictionary():
# The following variables are established via the specified PKI
# deployment configuration file and potentially overridden below:
#
+ # config.pki_master_dict['pki_issuing_ca']
# config.pki_master_dict['pki_security_domain_hostname']
# config.pki_master_dict['pki_security_domain_name']
# config.pki_master_dict['pki_subsystem_name']
#
- if config.pki_subsystem in config.PKI_APACHE_SUBSYSTEMS:
- # PKI RA or TPS
+ if not len(config.pki_master_dict['pki_subsystem_name']):
+ config.pki_master_dict['pki_subsystem_name'] =\
+ config.pki_subsystem + " " +\
+ config.pki_master_dict['pki_hostname'] + " " +\
+ config.pki_master_dict['pki_https_port']
+ if config.pki_subsystem != "CA" or\
+ config.str2bool(config.pki_master_dict['pki_clone']) or\
+ config.str2bool(config.pki_master_dict['pki_subordinate']):
+ # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
+ # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
+ # Subordinate CA
config.pki_master_dict['pki_security_domain_type'] = "existing"
- if not len(config.pki_master_dict['pki_security_domain_hostname']):
- # Guess that it is the local host
+ if not len(config.pki_master_dict['pki_security_domain_name']):
+ # Guess that the security domain resides on the local host
+ config.pki_master_dict['pki_security_domain_name'] =\
+ config.pki_master_dict['pki_dns_domainname'] + " " +\
+ "Security Domain"
+ if not\
+ len(config.pki_master_dict['pki_security_domain_hostname']):
+ # Guess that the security domain resides on the local host
config.pki_master_dict['pki_security_domain_hostname'] =\
config.pki_master_dict['pki_hostname']
config.pki_master_dict['pki_security_domain_uri'] =\
"https" + "://" +\
config.pki_master_dict['pki_security_domain_hostname'] + ":" +\
config.pki_master_dict['pki_security_domain_https_port']
+ if not len(config.pki_master_dict['pki_issuing_ca']):
+ # Guess that it is the same as the
+ # config.pki_master_dict['pki_security_domain_uri']
+ config.pki_master_dict['pki_issuing_ca'] =\
+ config.pki_master_dict['pki_security_domain_uri']
+ elif config.str2bool(config.pki_master_dict['pki_external']):
+ # External CA
+ #
+ # NOTE: External CA's DO NOT require a security domain
+ #
+ if not len(config.pki_master_dict['pki_issuing_ca']):
+ config.pki_master_dict['pki_issuing_ca'] = "External CA"
+ else:
+ # PKI CA
+ config.pki_master_dict['pki_security_domain_type'] = "new"
if not len(config.pki_master_dict['pki_security_domain_name']):
- # Guess that security domain is on the local host
+ # Guess that the security domain resides on the local host
config.pki_master_dict['pki_security_domain_name'] =\
- config.pki_master_dict['pki_dns_domainname'] +\
- " " + "Security Domain"
- elif config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
- if config.pki_subsystem == "CA":
- if config.str2bool(config.pki_master_dict['pki_external']):
- # External CA
- #
- # NOTE: External CA's DO NOT require a security domain
- if not len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "External CA" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- elif not config.str2bool(config.pki_master_dict['pki_clone'])\
- and not\
- config.str2bool(config.pki_master_dict['pki_subordinate']):
- # PKI CA
- config.pki_master_dict['pki_security_domain_type'] = "new"
- if not len(config.pki_master_dict\
- ['pki_security_domain_name']):
- config.pki_master_dict['pki_security_domain_name'] =\
- config.pki_master_dict['pki_dns_domainname'] +\
- " " + "Security Domain"
- if not len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "PKI CA" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- # PKI Cloned or Subordinate CA
- config.pki_master_dict['pki_security_domain_type'] =\
- "existing"
- if not len(config.pki_master_dict\
- ['pki_security_domain_hostname']):
- # Guess that it is the local host
- config.pki_master_dict['pki_security_domain_hostname']\
- = config.pki_master_dict['pki_hostname']
- config.pki_master_dict['pki_security_domain_uri'] =\
- "https" + "://" +\
- config.pki_master_dict['pki_security_domain_hostname']\
- + ":" +\
- config.pki_master_dict['pki_security_domain_https_port']
- if not len(config.pki_master_dict\
- ['pki_security_domain_name']):
- # Guess that security domain is on the local host
- config.pki_master_dict['pki_security_domain_name']\
- = config.pki_master_dict['pki_dns_domainname']\
- + " " + "Security Domain"
- if config.str2bool(config.pki_master_dict['pki_clone']):
- # Cloned CA
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "Cloned CA" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- # Subordinate CA
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "Subordinate CA" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- # PKI or Cloned KRA, OCSP, or TKS
- config.pki_master_dict['pki_security_domain_type'] = "existing"
- if not len(config.pki_master_dict\
- ['pki_security_domain_hostname']):
- # Guess that it is the local host
- config.pki_master_dict['pki_security_domain_hostname'] =\
- config.pki_master_dict['pki_hostname']
- config.pki_master_dict['pki_security_domain_uri'] =\
- "https" + "://" +\
- config.pki_master_dict['pki_security_domain_hostname'] +\
- ":" +\
- config.pki_master_dict['pki_security_domain_https_port']
- if not len(config.pki_master_dict['pki_security_domain_name']):
- # Guess that security domain is on the local host
- config.pki_master_dict['pki_security_domain_name'] =\
- config.pki_master_dict['pki_dns_domainname'] +\
- " " + "Security Domain"
- if config.pki_subsystem == "KRA":
- if config.str2bool(config.pki_master_dict['pki_clone']):
- # Cloned KRA
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "Cloned KRA" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- # PKI KRA
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "PKI KRA" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- elif config.pki_subsystem == "OCSP":
- if config.str2bool(config.pki_master_dict['pki_clone']):
- # Cloned OCSP
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "Cloned OCSP" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- # PKI OCSP
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "PKI OCSP" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- elif config.pki_subsystem == "TKS":
- if config.str2bool(config.pki_master_dict['pki_clone']):
- # Cloned TKS
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "Cloned TKS" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- # PKI TKS
- if not\
- len(config.pki_master_dict['pki_subsystem_name']):
- config.pki_master_dict['pki_subsystem_name'] =\
- "PKI TKS" + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
+ config.pki_master_dict['pki_dns_domainname'] + " " +\
+ "Security Domain"
# Jython scriptlet
# 'Directory Server' Configuration name/value pairs
#
generated by cgit (git 2.34.1) at 2024-04-18 19:26:12 +0000