summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/security_databases.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/src/scriptlets/security_databases.py')
-rw-r--r--base/deploy/src/scriptlets/security_databases.py50
1 files changed, 41 insertions, 9 deletions
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py
index f32b7e497..1a08fdccb 100644
--- a/base/deploy/src/scriptlets/security_databases.py
+++ b/base/deploy/src/scriptlets/security_databases.py
@@ -27,7 +27,7 @@ import pkimessages as log
import pkiscriptlet
-# PKI Deployment Security Database Classes
+# PKI Deployment Security Databases Scriptlet
class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
rv = 0
@@ -36,11 +36,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
extra=config.PKI_INDENTATION_LEVEL_1)
if not config.pki_dry_run_flag:
util.password.create_password_conf(
- master['pki_shared_password_conf'])
+ master['pki_shared_password_conf'],
+ master['pki_pin'])
util.file.modify(master['pki_shared_password_conf'])
util.certutil.create_security_databases(
master['pki_database_path'],
- master['pki_shared_password_conf'])
+ master['pki_cert_database'],
+ master['pki_key_database'],
+ master['pki_secmod_database'],
+ password_file=master['pki_shared_password_conf'])
util.file.modify(master['pki_cert_database'], perms=\
config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
util.file.modify(master['pki_key_database'], perms=\
@@ -49,6 +53,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
rv = util.certutil.verify_certificate_exists(
master['pki_database_path'],
+ master['pki_cert_database'],
+ master['pki_key_database'],
+ master['pki_secmod_database'],
master['pki_self_signed_token'],
master['pki_self_signed_nickname'],
password_file=master['pki_shared_password_conf'])
@@ -58,6 +65,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_self_signed_noise_bytes'])
util.certutil.generate_self_signed_certificate(
master['pki_database_path'],
+ master['pki_cert_database'],
+ master['pki_key_database'],
+ master['pki_secmod_database'],
master['pki_self_signed_token'],
master['pki_self_signed_nickname'],
master['pki_self_signed_subject'],
@@ -70,12 +80,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.file.delete(master['pki_self_signed_noise_file'])
else:
util.password.create_password_conf(
- master['pki_shared_password_conf'])
+ master['pki_shared_password_conf'],
+ master['pki_pin'])
util.certutil.create_security_databases(
master['pki_database_path'],
- master['pki_shared_password_conf'])
+ master['pki_cert_database'],
+ master['pki_key_database'],
+ master['pki_secmod_database'],
+ password_file=master['pki_shared_password_conf'])
rv = util.certutil.verify_certificate_exists(
master['pki_database_path'],
+ master['pki_cert_database'],
+ master['pki_key_database'],
+ master['pki_secmod_database'],
master['pki_self_signed_token'],
master['pki_self_signed_nickname'],
password_file=master['pki_shared_password_conf'])
@@ -85,6 +102,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_self_signed_noise_bytes'])
util.certutil.generate_self_signed_certificate(
master['pki_database_path'],
+ master['pki_cert_database'],
+ master['pki_key_database'],
+ master['pki_secmod_database'],
master['pki_self_signed_token'],
master['pki_self_signed_nickname'],
master['pki_self_signed_subject'],
@@ -112,16 +132,28 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.SECURITY_DATABASES_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
if not config.pki_dry_run_flag:
- if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
- util.instance.pki_subsystem_instances() == 0:
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ util.instance.apache_instances() == 0:
+ util.file.delete(master['pki_cert_database'])
+ util.file.delete(master['pki_key_database'])
+ util.file.delete(master['pki_secmod_database'])
+ util.file.delete(master['pki_shared_password_conf'])
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ util.instance.tomcat_instances() == 0:
util.file.delete(master['pki_cert_database'])
util.file.delete(master['pki_key_database'])
util.file.delete(master['pki_secmod_database'])
util.file.delete(master['pki_shared_password_conf'])
else:
# ALWAYS display correct information (even during dry_run)
- if master['pki_subsystem'] in config.PKI_SUBSYSTEMS and\
- util.instance.pki_subsystem_instances() == 1:
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ util.instance.apache_instances() == 1:
+ util.file.delete(master['pki_cert_database'])
+ util.file.delete(master['pki_key_database'])
+ util.file.delete(master['pki_secmod_database'])
+ util.file.delete(master['pki_shared_password_conf'])
+ elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ util.instance.tomcat_instances() == 1:
util.file.delete(master['pki_cert_database'])
util.file.delete(master['pki_key_database'])
util.file.delete(master['pki_secmod_database'])