2 files changed, 10 insertions, 70 deletions

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index b9d48eea3..e6f001910 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -3232,67 +3232,6 @@ class SecurityDomain:
 
         return None
 
-    def get_installation_token(self, secuser, secpass, critical_failure=True):
-        if not secuser or not secpass:
-            return None
-
-        # process this PKI subsystem instance's 'CS.cfg'
-        cs_cfg = PKIConfigParser.read_simple_configuration_file(
-            self.mdict['pki_target_cs_cfg'])
-
-        # assign key name/value pairs
-        machinename = cs_cfg.get('service.machineName')
-        cstype = cs_cfg.get('cs.type', '')
-        sechost = cs_cfg.get('securitydomain.host')
-        secadminport = cs_cfg.get('securitydomain.httpsadminport')
-        #secselect = cs_cfg.get('securitydomain.select') - Selected
-        # security domain
-
-        command = ["/bin/pki",
-                   "-p", str(secadminport),
-                   "-h", sechost,
-                   "-P", "https",
-                   "-u", secuser,
-                   "-w", secpass,
-                   "-d", self.mdict['pki_database_path'],
-                   "securitydomain-get-install-token",
-                   "--hostname", machinename,
-                   "--subsystem", cstype]
-        try:
-            output = subprocess.check_output(
-                command,
-                stderr=subprocess.STDOUT,
-                shell=True)
-
-            token_list = re.findall("Install token: \"(.*)\"", output)
-            if not token_list:
-                config.pki_log.error(
-                    log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2,
-                    str(sechost),
-                    str(secadminport),
-                    extra=config.PKI_INDENTATION_LEVEL_2)
-                config.pki_log.error(
-                    log.PKI_SUBPROCESS_ERROR_1, output,
-                    extra=config.PKI_INDENTATION_LEVEL_2)
-                if critical_failure:
-                    raise Exception(
-                        log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 %
-                        (str(sechost), str(secadminport)))
-            else:
-                token = token_list[0]
-                return token
-        except subprocess.CalledProcessError as exc:
-            config.pki_log.error(
-                log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2,
-                str(sechost),
-                str(secadminport),
-                extra=config.PKI_INDENTATION_LEVEL_2)
-            config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
-                                 extra=config.PKI_INDENTATION_LEVEL_2)
-            if critical_failure:
-                raise
-        return None
-
 
 class Systemd(object):
     """PKI Deployment Execution Management Class"""
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
index 0aa4e1c4a..c209bf9c2 100644
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python -t
 # Authors:
-#     Matthew Harmsen <mharmsen@redhat.com>
+# Matthew Harmsen <mharmsen@redhat.com>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -49,9 +49,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         else:
             config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__,
                                 extra=config.PKI_INDENTATION_LEVEL_1)
-            if (deployer.mdict['pki_subsystem'] == "CA" or\
-                config.str2bool(deployer.mdict['pki_standalone'])) and\
-               config.str2bool(deployer.mdict['pki_external_step_two']):
+            if (deployer.mdict['pki_subsystem'] == "CA" or \
+                        config.str2bool(deployer.mdict['pki_standalone'])) and \
+                    config.str2bool(deployer.mdict['pki_external_step_two']):
                 # verify that this External CA (Step 2), or Stand-alone PKI
                 # (Step 2) currently EXISTS for this "instance"
                 deployer.instance.verify_subsystem_exists()
@@ -96,10 +96,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         # get ports to remove selinux context
         deployer.configuration_file.populate_non_default_ports()
 
-        # get deinstallation token
-        token = deployer.security_domain.get_installation_token(
-            config.pki_secdomain_user, config.pki_secdomain_pass)
-
         # remove kra connector from CA if this is a KRA
         deployer.kra_connector.deregister()
 
@@ -114,7 +110,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         #            instance's security domain may be a part of a
         #            tightly-coupled shared instance.
         #
-        deployer.security_domain.deregister(token)
+
+        # Previously we obtained the token through a command line interface
+        # no longer supported. Thus we assume no token and the deregister op will
+        # take place without the token using an alternate method.
+
+        deployer.security_domain.deregister(None)
         # ALWAYS Stop this Tomcat PKI Process
         deployer.systemd.stop()
         return self.rv