summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/security_databases.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/security_databases.py')
-rw-r--r--base/deploy/src/scriptlets/security_databases.py89
1 files changed, 83 insertions, 6 deletions
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index 093e5ec36..f32b7e497 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -22,6 +22,7 @@
# PKI Deployment Imports
import pkiconfig as config
from pkiconfig import pki_master_dict as master
+import pkihelper as util
import pkimessages as log
import pkiscriptlet
@@ -33,20 +34,96 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
def spawn(self):
config.pki_log.info(log.SECURITY_DATABASES_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- config.pki_log.info("NOT YET IMPLEMENTED",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ if not config.pki_dry_run_flag:
+ util.password.create_password_conf(
+ master['pki_shared_password_conf'])
+ util.file.modify(master['pki_shared_password_conf'])
+ util.certutil.create_security_databases(
+ master['pki_database_path'],
+ master['pki_shared_password_conf'])
+ util.file.modify(master['pki_cert_database'], perms=\
+ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ util.file.modify(master['pki_key_database'], perms=\
+ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ util.file.modify(master['pki_secmod_database'], perms=\
+ config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ rv = util.certutil.verify_certificate_exists(
+ master['pki_database_path'],
+ master['pki_self_signed_token'],
+ master['pki_self_signed_nickname'],
+ password_file=master['pki_shared_password_conf'])
+ if not rv:
+ util.file.generate_noise_file(
+ master['pki_self_signed_noise_file'],
+ master['pki_self_signed_noise_bytes'])
+ util.certutil.generate_self_signed_certificate(
+ master['pki_database_path'],
+ master['pki_self_signed_token'],
+ master['pki_self_signed_nickname'],
+ master['pki_self_signed_subject'],
+ master['pki_self_signed_serial_number'],
+ master['pki_self_signed_validity_period'],
+ master['pki_self_signed_issuer_name'],
+ master['pki_self_signed_trustargs'],
+ master['pki_self_signed_noise_file'],
+ password_file=master['pki_shared_password_conf'])
+ util.file.delete(master['pki_self_signed_noise_file'])
+ else:
+ util.password.create_password_conf(
+ master['pki_shared_password_conf'])
+ util.certutil.create_security_databases(
+ master['pki_database_path'],
+ master['pki_shared_password_conf'])
+ rv = util.certutil.verify_certificate_exists(
+ master['pki_database_path'],
+ master['pki_self_signed_token'],
+ master['pki_self_signed_nickname'],
+ password_file=master['pki_shared_password_conf'])
+ if not rv:
+ util.file.generate_noise_file(
+ master['pki_self_signed_noise_file'],
+ master['pki_self_signed_noise_bytes'])
+ util.certutil.generate_self_signed_certificate(
+ master['pki_database_path'],
+ master['pki_self_signed_token'],
+ master['pki_self_signed_nickname'],
+ master['pki_self_signed_subject'],
+ master['pki_self_signed_serial_number'],
+ master['pki_self_signed_validity_period'],
+ master['pki_self_signed_issuer_name'],
+ master['pki_self_signed_trustargs'],
+ master['pki_self_signed_noise_file'],
+ password_file=master['pki_shared_password_conf'])
return self.rv
def respawn(self):
config.pki_log.info(log.SECURITY_DATABASES_RESPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- config.pki_log.info("NOT YET IMPLEMENTED",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ util.file.modify(master['pki_shared_password_conf'])
+ util.file.modify(master['pki_cert_database'],
+ perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ util.file.modify(master['pki_key_database'],
+ perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
+ util.file.modify(master['pki_secmod_database'],
+ perms=config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
return self.rv
def destroy(self):
config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
- config.pki_log.info("NOT YET IMPLEMENTED",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ if not config.pki_dry_run_flag:
+ if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
+ util.instance.pki_subsystem_instances() == 0:
+ util.file.delete(master['pki_cert_database'])
+ util.file.delete(master['pki_key_database'])
+ util.file.delete(master['pki_secmod_database'])
+ util.file.delete(master['pki_shared_password_conf'])
+ else:
+ # ALWAYS display correct information (even during dry_run)
+ if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
+ util.instance.pki_subsystem_instances() == 1:
+ util.file.delete(master['pki_cert_database'])
+ util.file.delete(master['pki_key_database'])
+ util.file.delete(master['pki_secmod_database'])
+ util.file.delete(master['pki_shared_password_conf'])
return self.rv
generated by cgit (git 2.34.1) at 2024-04-27 21:42:02 +0000