diff options
Diffstat (limited to 'base/server/src/engine/pkiparser.py')
-rw-r--r-- | base/server/src/engine/pkiparser.py | 398 |
1 files changed, 199 insertions, 199 deletions
diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index a180db507..7ad8ad3fe 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -48,7 +48,7 @@ import pki.system class PKIConfigParser: COMMENT_CHAR = '#' - OPTION_CHAR = '=' + OPTION_CHAR = '=' def __init__(self, description, epilog): self.pki_config = None @@ -128,8 +128,8 @@ class PKIConfigParser: if len(config.pki_root_prefix) > 0: if not os.path.exists(config.pki_root_prefix) or\ not os.path.isdir(config.pki_root_prefix): - print "ERROR: " +\ - log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\ + print "ERROR: " + \ + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % \ config.pki_root_prefix print self.arg_parser.print_help() @@ -138,8 +138,8 @@ class PKIConfigParser: # always default that configuration file exists if not os.path.exists(config.default_deployment_cfg) or\ not os.path.isfile(config.default_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + print "ERROR: " + \ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.default_deployment_cfg print self.arg_parser.print_help() @@ -149,8 +149,8 @@ class PKIConfigParser: # verify user configuration file exists if not os.path.exists(config.user_deployment_cfg) or\ not os.path.isfile(config.user_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + print "ERROR: " + \ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.user_deployment_cfg print parser.arg_parser.print_help() @@ -403,7 +403,7 @@ class PKIConfigParser: info = sd.getSecurityDomainInfo() except requests.exceptions.HTTPError as e: config.pki_log.info( - "unable to access security domain through REST interface. " +\ + "unable to access security domain through REST interface. " + \ "Trying old interface. " + str(e), extra=config.PKI_INDENTATION_LEVEL_2) info = sd.getOldSecurityDomainInfo() @@ -422,7 +422,7 @@ class PKIConfigParser: code = e.response.status_code if code == 404 or code == 501: config.pki_log.warning( - "unable to validate security domain user/password " +\ + "unable to validate security domain user/password " + \ "through REST interface. Interface not available", extra=config.PKI_INDENTATION_LEVEL_2) else: @@ -432,25 +432,25 @@ class PKIConfigParser: "Create a single master PKI dictionary from the sectional dictionaries" try: # 'pkispawn'/'pkidestroy' name/value pairs - self.pki_master_dict['pki_deployment_executable'] =\ + self.pki_master_dict['pki_deployment_executable'] = \ config.pki_deployment_executable self.pki_master_dict['pki_install_time'] = config.pki_install_time self.pki_master_dict['pki_timestamp'] = config.pki_timestamp - self.pki_master_dict['pki_certificate_timestamp'] =\ + self.pki_master_dict['pki_certificate_timestamp'] = \ config.pki_certificate_timestamp self.pki_master_dict['pki_architecture'] = config.pki_architecture self.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg self.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - self.pki_master_dict['pki_deployed_instance_name'] =\ + self.pki_master_dict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file - pin_low = 100000000000 + pin_low = 100000000000 pin_high = 999999999999 - self.pki_master_dict['pki_pin'] =\ + self.pki_master_dict['pki_pin'] = \ random.randint(pin_low, pin_high) - self.pki_master_dict['pki_client_pin'] =\ + self.pki_master_dict['pki_client_pin'] = \ random.randint(pin_low, pin_high) self.flatten_master_dict() @@ -458,11 +458,11 @@ class PKIConfigParser: pkilogging.sensitive_parameters = self.pki_master_dict['sensitive_parameters'].split() # PKI Target (slot substitution) name/value pairs - self.pki_master_dict['pki_target_cs_cfg'] =\ + self.pki_master_dict['pki_target_cs_cfg'] = \ os.path.join( self.pki_master_dict['pki_subsystem_configuration_path'], "CS.cfg") - self.pki_master_dict['pki_target_registry'] =\ + self.pki_master_dict['pki_target_registry'] = \ os.path.join(self.pki_master_dict['pki_instance_registry_path'], self.pki_master_dict['pki_instance_name']) if self.pki_master_dict['pki_subsystem'] == "CA" and\ @@ -474,7 +474,7 @@ class PKIConfigParser: os.path.isfile(self.pki_master_dict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( self.pki_master_dict['pki_target_cs_cfg']) - self.pki_master_dict['pki_one_time_pin'] =\ + self.pki_master_dict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') else: config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, @@ -485,92 +485,92 @@ class PKIConfigParser: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from # the configuration file - self.pki_master_dict['pki_one_time_pin'] =\ + self.pki_master_dict['pki_one_time_pin'] = \ ''.join(random.choice(string.ascii_letters + string.digits)\ for x in range(20)) if self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_target_catalina_properties'] =\ + self.pki_master_dict['pki_target_catalina_properties'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "catalina.properties") - self.pki_master_dict['pki_target_servercertnick_conf'] =\ + self.pki_master_dict['pki_target_servercertnick_conf'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "serverCertNick.conf") - self.pki_master_dict['pki_target_server_xml'] =\ + self.pki_master_dict['pki_target_server_xml'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "server.xml") - self.pki_master_dict['pki_target_context_xml'] =\ + self.pki_master_dict['pki_target_context_xml'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "context.xml") - self.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\ - self.pki_master_dict['pki_root_prefix'] +\ - "/etc/sysconfig/" +\ + self.pki_master_dict['pki_target_tomcat_conf_instance_id'] = \ + self.pki_master_dict['pki_root_prefix'] + \ + "/etc/sysconfig/" + \ self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['pki_target_tomcat_conf'] =\ + self.pki_master_dict['pki_target_tomcat_conf'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "tomcat.conf") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_velocity_properties'] =\ + self.pki_master_dict['pki_target_velocity_properties'] = \ os.path.join( self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "velocity.properties") - self.pki_master_dict['pki_target_subsystem_web_xml'] =\ + self.pki_master_dict['pki_target_subsystem_web_xml'] = \ os.path.join( self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml") - self.pki_master_dict['pki_target_subsystem_web_xml_orig'] =\ + self.pki_master_dict['pki_target_subsystem_web_xml_orig'] = \ os.path.join( self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml.orig") # subystem-specific slot substitution name/value pairs if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['pki_target_flatfile_txt'] =\ + self.pki_master_dict['pki_target_flatfile_txt'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "flatfile.txt") - self.pki_master_dict['pki_target_proxy_conf'] =\ + self.pki_master_dict['pki_target_proxy_conf'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "proxy.conf") - self.pki_master_dict['pki_target_registry_cfg'] =\ + self.pki_master_dict['pki_target_registry_cfg'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "registry.cfg") # '*.profile' - self.pki_master_dict['pki_target_admincert_profile'] =\ + self.pki_master_dict['pki_target_admincert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "adminCert.profile") self.pki_master_dict['pki_target_caauditsigningcert_profile']\ - = os.path.join(self.pki_master_dict\ + = os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caAuditSigningCert.profile") - self.pki_master_dict['pki_target_cacert_profile'] =\ + self.pki_master_dict['pki_target_cacert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caCert.profile") - self.pki_master_dict['pki_target_caocspcert_profile'] =\ + self.pki_master_dict['pki_target_caocspcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caOCSPCert.profile") - self.pki_master_dict['pki_target_servercert_profile'] =\ + self.pki_master_dict['pki_target_servercert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] =\ + self.pki_master_dict['pki_target_subsystemcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_profileselect_template'] =\ + self.pki_master_dict['pki_target_profileselect_template'] = \ os.path.join( self.pki_master_dict\ ['pki_tomcat_webapps_subsystem_path'], @@ -579,30 +579,30 @@ class PKIConfigParser: "ProfileSelect.template") elif self.pki_master_dict['pki_subsystem'] == "KRA": # '*.profile' - self.pki_master_dict['pki_target_servercert_profile'] =\ + self.pki_master_dict['pki_target_servercert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_storagecert_profile'] =\ + self.pki_master_dict['pki_target_storagecert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "storageCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] =\ + self.pki_master_dict['pki_target_subsystemcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") - self.pki_master_dict['pki_target_transportcert_profile'] =\ + self.pki_master_dict['pki_target_transportcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "transportCert.profile") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value - self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] = \ self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \ os.path.join(self.pki_master_dict['pki_instance_path'], self.pki_master_dict['pki_instance_name']) - self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] =\ + self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] = \ os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], self.pki_master_dict['pki_instance_name']) if self.pki_master_dict['pki_subsystem'] in\ @@ -618,10 +618,10 @@ class PKIConfigParser: self.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None self.pki_master_dict['NSS_CONF_SLOT'] = None self.pki_master_dict['OBJ_EXT_SLOT'] = None - self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ + self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "apache") - self.pki_master_dict['PKI_PIDDIR_SLOT'] =\ + self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "apache") self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" @@ -638,244 +638,244 @@ class PKIConfigParser: self.pki_master_dict['TPS_DIR_SLOT'] = None elif self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['INSTALL_TIME_SLOT'] =\ + self.pki_master_dict['INSTALL_TIME_SLOT'] = \ self.pki_master_dict['pki_install_time'] - self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] self.pki_master_dict\ - ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" self.pki_master_dict\ - ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ + ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\ + self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ "want" - self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_AJP_PORT_SLOT'] =\ + self.pki_master_dict['PKI_AJP_PORT_SLOT'] = \ self.pki_master_dict['pki_ajp_port'] - self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] =\ + self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] =\ + self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] = \ self.pki_master_dict['pki_ca_hostname'] - self.pki_master_dict['PKI_CA_PORT_SLOT'] =\ + self.pki_master_dict['PKI_CA_PORT_SLOT'] = \ self.pki_master_dict['pki_ca_port'] - self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] =\ + self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] = \ self.pki_master_dict['pki_pin'] - self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] =\ + self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] = \ self.pki_master_dict['pki_target_cs_cfg'] self.pki_master_dict\ - ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ + ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "-->" self.pki_master_dict\ - ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\ + ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] self.pki_master_dict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] =\ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" self.pki_master_dict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] =\ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_GROUP_SLOT'] =\ + self.pki_master_dict['PKI_GROUP_SLOT'] = \ self.pki_master_dict['pki_group'] - self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] = \ self.pki_master_dict['pki_instance_path'] - self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] = \ self.pki_master_dict['pki_path'] - self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ + self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "tomcat") - self.pki_master_dict['PKI_HOSTNAME_SLOT'] =\ + self.pki_master_dict['PKI_HOSTNAME_SLOT'] = \ self.pki_master_dict['pki_hostname'] self.pki_master_dict\ - ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ + ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "<!--" self.pki_master_dict\ - ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\ + ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_PIDDIR_SLOT'] =\ + self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "tomcat") if config.str2bool(self.pki_master_dict['pki_enable_proxy']): - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_proxy_https_port'] - self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_proxy_http_port'] - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "" else: - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "-->" self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = "" self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_TMPDIR_SLOT'] =\ + self.pki_master_dict['PKI_TMPDIR_SLOT'] = \ self.pki_master_dict['pki_tomcat_tmpdir_path'] - self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] =\ + self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] = \ self.pki_master_dict['resteasy_lib'] - self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\ + self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] = \ self.pki_master_dict['pki_one_time_pin'] - self.pki_master_dict['PKI_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Secure" - self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ - "<!-- " +\ - "Shared Ports: Agent, EE, and Admin Secure Port Connector " +\ + self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + "<!-- " + \ + "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \ "-->" - self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] =\ + self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] = \ self.pki_master_dict['pki_security_manager'] - self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] =\ + self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] = \ self.pki_master_dict['pki_target_server_xml'] - self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] =\ + self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] =\ + self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ self.pki_master_dict['pki_subsystem'].lower() - self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] =\ - "pki-tomcatd" + "@" +\ + self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ + "pki-tomcatd" + "@" + \ self.pki_master_dict['pki_instance_name'] + ".service" - self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_http_port'] - self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unsecure" - self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ "<!-- Shared Ports: Unsecure Port Connector -->" - self.pki_master_dict['PKI_USER_SLOT'] =\ + self.pki_master_dict['PKI_USER_SLOT'] = \ self.pki_master_dict['pki_user'] - self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] =\ + self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = \ "tomcat" - self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] =\ + self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] = \ "webapps" - self.pki_master_dict['TOMCAT_CFG_SLOT'] =\ + self.pki_master_dict['TOMCAT_CFG_SLOT'] = \ self.pki_master_dict['pki_target_tomcat_conf'] - self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] =\ + self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ os.path.join( self.pki_master_dict['pki_tomcat_common_lib_path'], "*.jar") - self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\ + self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] = \ self.pki_master_dict['pki_instance_log_path'] - self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\ + self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] = \ "/var/run/pki/tomcat/" + self.pki_master_dict['pki_instance_name'] + ".pid" - self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\ + self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] = \ self.pki_master_dict['pki_tomcat_server_port'] - self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\ - "-SSL2_RC4_128_WITH_MD5," +\ - "-SSL2_RC4_128_EXPORT40_WITH_MD5," +\ - "-SSL2_RC2_128_CBC_WITH_MD5," +\ - "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," +\ - "-SSL2_DES_64_CBC_WITH_MD5," +\ + self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ + "-SSL2_RC4_128_WITH_MD5," + \ + "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ + "-SSL2_RC2_128_CBC_WITH_MD5," + \ + "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \ + "-SSL2_DES_64_CBC_WITH_MD5," + \ "-SSL2_DES_192_EDE3_CBC_WITH_MD5" - self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] =\ - "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," +\ - "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," +\ - "+SSL3_RSA_WITH_RC4_128_SHA," +\ - "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," +\ - "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+SSL3_RSA_WITH_DES_CBC_SHA," +\ - "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," +\ - "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," +\ - "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," +\ - "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," +\ - "-SSL3_RSA_WITH_NULL_MD5," +\ - "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," +\ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\ + self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ + "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \ + "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \ + "+SSL3_RSA_WITH_RC4_128_SHA," + \ + "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \ + "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+SSL3_RSA_WITH_DES_CBC_SHA," + \ + "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \ + "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \ + "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \ + "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \ + "-SSL3_RSA_WITH_NULL_MD5," + \ + "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] =\ - "ssl2=true," +\ - "ssl3=true," +\ + self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] = \ + "ssl2=true," + \ + "ssl3=true," + \ "tls=true" - self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] =\ - "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," +\ - "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," +\ - "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," +\ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_RSA_WITH_AES_128_CBC_SHA," +\ - "+TLS_RSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +\ - "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +\ - "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +\ - "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +\ - "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +\ + self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] = \ + "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS']=\ + self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ self.pki_master_dict\ ['pki_random_serial_numbers_enable'].lower() # Shared Apache/Tomcat NSS security database name/value pairs - self.pki_master_dict['pki_shared_pfile'] =\ + self.pki_master_dict['pki_shared_pfile'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "pfile") - self.pki_master_dict['pki_shared_password_conf'] =\ + self.pki_master_dict['pki_shared_password_conf'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "password.conf") - self.pki_master_dict['pki_cert_database'] =\ + self.pki_master_dict['pki_cert_database'] = \ os.path.join(self.pki_master_dict['pki_database_path'], "cert8.db") - self.pki_master_dict['pki_key_database'] =\ + self.pki_master_dict['pki_key_database'] = \ os.path.join(self.pki_master_dict['pki_database_path'], "key3.db") - self.pki_master_dict['pki_secmod_database'] =\ + self.pki_master_dict['pki_secmod_database'] = \ os.path.join(self.pki_master_dict['pki_database_path'], "secmod.db") self.pki_master_dict['pki_self_signed_token'] = "internal" - self.pki_master_dict['pki_self_signed_nickname'] =\ + self.pki_master_dict['pki_self_signed_nickname'] = \ self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['pki_self_signed_subject'] =\ - "cn=" + self.pki_master_dict['pki_hostname'] + "," +\ + self.pki_master_dict['pki_self_signed_subject'] = \ + "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ "o=" + self.pki_master_dict['pki_certificate_timestamp'] self.pki_master_dict['pki_self_signed_serial_number'] = 0 self.pki_master_dict['pki_self_signed_validity_period'] = 12 - self.pki_master_dict['pki_self_signed_issuer_name'] =\ - "cn=" + self.pki_master_dict['pki_hostname'] + "," +\ + self.pki_master_dict['pki_self_signed_issuer_name'] = \ + "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ "o=" + self.pki_master_dict['pki_certificate_timestamp'] self.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" - self.pki_master_dict['pki_self_signed_noise_file'] =\ + self.pki_master_dict['pki_self_signed_noise_file'] = \ os.path.join( self.pki_master_dict['pki_subsystem_configuration_path'], "noise") self.pki_master_dict['pki_self_signed_noise_bytes'] = 1024 # Shared Apache/Tomcat NSS security database convenience symbolic links self.pki_master_dict\ - ['pki_subsystem_configuration_password_conf_link'] =\ + ['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( self.pki_master_dict['pki_subsystem_configuration_path'], "password.conf") if not len(self.pki_master_dict['pki_client_database_password']): # use randomly generated client 'pin' - self.pki_master_dict['pki_client_database_password'] =\ + self.pki_master_dict['pki_client_database_password'] = \ str(self.pki_master_dict['pki_client_pin']) # Configuration scriptlet @@ -918,13 +918,13 @@ class PKIConfigParser: # use the CA admin uid if it's defined if self.pki_config.has_option('CA', 'pki_admin_uid') and\ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] =\ + self.pki_master_dict['pki_security_domain_user'] = \ self.pki_config.get('CA', 'pki_admin_uid') # or use the Default admin uid if it's defined elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\ len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] =\ + self.pki_master_dict['pki_security_domain_user'] = \ self.pki_config.get('DEFAULT', 'pki_admin_uid') # otherwise use the default CA admin uid @@ -938,9 +938,9 @@ class PKIConfigParser: # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA self.pki_master_dict['pki_security_domain_type'] = "existing" - self.pki_master_dict['pki_security_domain_uri'] =\ - "https" + "://" +\ - self.pki_master_dict['pki_security_domain_hostname'] + ":" +\ + self.pki_master_dict['pki_security_domain_uri'] = \ + "https" + "://" + \ + self.pki_master_dict['pki_security_domain_hostname'] + ":" + \ self.pki_master_dict['pki_security_domain_https_port'] elif config.str2bool(self.pki_master_dict['pki_external']): @@ -981,9 +981,9 @@ class PKIConfigParser: if config.str2bool(self.pki_master_dict['pki_backup_keys']): # NOTE: ALWAYS store the PKCS #12 backup keys file # in with the NSS "server" security databases - self.pki_master_dict['pki_backup_keys_p12'] =\ - self.pki_master_dict['pki_database_path'] + "/" +\ - self.pki_master_dict['pki_subsystem'].lower() + "_" +\ + self.pki_master_dict['pki_backup_keys_p12'] = \ + self.pki_master_dict['pki_database_path'] + "/" + \ + self.pki_master_dict['pki_subsystem'].lower() + "_" + \ "backup" + "_" + "keys" + "." + "p12" self.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" @@ -1003,23 +1003,23 @@ class PKIConfigParser: self.pki_master_dict['pki_storage_tag'] = "storage" # Finalization name/value pairs - self.pki_master_dict['pki_default_deployment_cfg_replica'] =\ + self.pki_master_dict['pki_default_deployment_cfg_replica'] = \ os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], config.DEFAULT_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_replica'] =\ + self.pki_master_dict['pki_user_deployment_cfg_replica'] = \ os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], config.USER_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ - "spawn" + "_" +\ - config.USER_DEPLOYMENT_CONFIGURATION + "." +\ + self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] = \ + self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + "spawn" + "_" + \ + config.USER_DEPLOYMENT_CONFIGURATION + "." + \ self.pki_master_dict['pki_timestamp'] - self.pki_master_dict['pki_manifest'] =\ - self.pki_master_dict['pki_subsystem_registry_path'] + "/" +\ + self.pki_master_dict['pki_manifest'] = \ + self.pki_master_dict['pki_subsystem_registry_path'] + "/" + \ "manifest" - self.pki_master_dict['pki_manifest_spawn_archive'] =\ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ - "spawn" + "_" + "manifest" + "." +\ + self.pki_master_dict['pki_manifest_spawn_archive'] = \ + self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + "spawn" + "_" + "manifest" + "." + \ self.pki_master_dict['pki_timestamp'] # Construct the configuration URL containing the one-time pin # and add this to the "sensitive" key value pairs read in from @@ -1029,7 +1029,7 @@ class PKIConfigParser: # parameter that may be stored in a log file and displayed # to the screen. # - self.pki_master_dict['pki_configuration_url'] =\ + self.pki_master_dict['pki_configuration_url'] = \ "https://{}:{}/{}/{}?pin={}".format( self.pki_master_dict['pki_hostname'], self.pki_master_dict['pki_https_port'], @@ -1039,17 +1039,17 @@ class PKIConfigParser: # Compose this "systemd" execution management command if self.pki_master_dict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] =\ - "systemctl" + " " +\ - "restart" + " " +\ - "pki-apached" + "@" +\ + self.pki_master_dict['pki_registry_initscript_command'] = \ + "systemctl" + " " + \ + "restart" + " " + \ + "pki-apached" + "@" + \ self.pki_master_dict['pki_instance_name'] + "." + "service" elif self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] =\ - "systemctl" + " " +\ - "restart" + " " +\ - "pki-tomcatd" + "@" +\ + self.pki_master_dict['pki_registry_initscript_command'] = \ + "systemctl" + " " + \ + "restart" + " " + \ + "pki-tomcatd" + "@" + \ self.pki_master_dict['pki_instance_name'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, |