From 5d36cbb886c9baa9496665630b5af0be5919936b Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 13 Nov 2012 23:18:52 -0500 Subject: Refactored str2bool(). The str2bool() in pkiconfig.py has been moved into pkihelper.py for better clarity. Ticket #380 --- base/deploy/src/scriptlets/configuration.jy | 5 +- base/deploy/src/scriptlets/configuration.py | 4 +- base/deploy/src/scriptlets/finalization.py | 10 ++-- .../deploy/src/scriptlets/infrastructure_layout.py | 2 +- base/deploy/src/scriptlets/initialization.py | 2 +- base/deploy/src/scriptlets/instance_layout.py | 2 +- base/deploy/src/scriptlets/pkiconfig.py | 4 -- base/deploy/src/scriptlets/pkihelper.py | 37 +++++++------- base/deploy/src/scriptlets/pkijython.py | 45 ++++++++--------- base/deploy/src/scriptlets/pkiparser.py | 57 +++++++++++----------- base/deploy/src/scriptlets/security_databases.py | 2 +- base/deploy/src/scriptlets/selinux_setup.py | 2 +- base/deploy/src/scriptlets/slot_substitution.py | 2 +- base/deploy/src/scriptlets/subsystem_layout.py | 2 +- base/deploy/src/scriptlets/webapp_deployment.py | 2 +- 15 files changed, 90 insertions(+), 88 deletions(-) diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy index a9c7d5037..60d92a759 100644 --- a/base/deploy/src/scriptlets/configuration.jy +++ b/base/deploy/src/scriptlets/configuration.jy @@ -10,6 +10,7 @@ import sys import pkijython as jyutil import pkiconfig as config from pkiconfig import PKIConfig +import pkihelper as util import pkimessages as log @@ -35,7 +36,7 @@ def main(argv): sensitive = pickle.loads(argv[2]) # Optionally enable a java debugger (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): + if util.str2bool(master['pki_enable_java_debugger']): config.wait_to_attach_an_external_java_debugger() @@ -105,7 +106,7 @@ def main(argv): return rv elif master['pki_instance_type'] == "Tomcat": if master['pki_subsystem'] == "CA": - if config.str2bool(master['pki_external']): + if util.str2bool(master['pki_external']): print "%s '%s %s' %s" %\ (log.PKI_JYTHON_INDENTATION_2, PKIConfig.PKI_DEPLOYMENT_EXTERNAL_CA, diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index 07914b970..c9a68884a 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -35,7 +35,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_configuration']): + if util.str2bool(master['pki_skip_configuration']): pkilogging.pki_log.info(log.SKIP_CONFIGURATION_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv @@ -84,7 +84,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): - if config.str2bool(master['pki_enable_java_debugger']): + if util.str2bool(master['pki_enable_java_debugger']): config.prepare_for_an_external_java_debugger( master['pki_target_tomcat_conf_instance_id']) tomcat_instance_subsystems =\ diff --git a/base/deploy/src/scriptlets/finalization.py b/base/deploy/src/scriptlets/finalization.py index f11e2ed73..36068c153 100644 --- a/base/deploy/src/scriptlets/finalization.py +++ b/base/deploy/src/scriptlets/finalization.py @@ -35,7 +35,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_FINALIZATION_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv @@ -59,7 +59,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.file.copy(master['pki_manifest'], master['pki_manifest_spawn_archive']) # Optionally, programmatically 'restart' the configured PKI instance - if config.str2bool(master['pki_restart_configured_instance']): + if util.str2bool(master['pki_restart_configured_instance']): util.systemd.restart() # Optionally, 'purge' the entire temporary client infrastructure # including the client NSS security databases and password files @@ -68,12 +68,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # placed under this infrastructure, it may accidentally # be deleted! # - if config.str2bool(master['pki_client_database_purge']): + if util.str2bool(master['pki_client_database_purge']): if util.directory.exists(master['pki_client_dir']): util.directory.delete(master['pki_client_dir']) # If instance has not been configured, print the # configuration URL to the log - if config.str2bool(master['pki_skip_configuration']): + if util.str2bool(master['pki_skip_configuration']): util.configuration_file.log_configuration_url() # Log final process messages pkilogging.pki_log.info(log.PKISPAWN_END_MESSAGE_2, @@ -83,7 +83,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.file.modify(master['pki_spawn_log'], silent=True) # If instance has not been configured, print the # configuration URL to the screen - if config.str2bool(master['pki_skip_configuration']): + if util.str2bool(master['pki_skip_configuration']): util.configuration_file.display_configuration_url() return self.rv diff --git a/base/deploy/src/scriptlets/infrastructure_layout.py b/base/deploy/src/scriptlets/infrastructure_layout.py index 5e86710f2..7726133a0 100644 --- a/base/deploy/src/scriptlets/infrastructure_layout.py +++ b/base/deploy/src/scriptlets/infrastructure_layout.py @@ -34,7 +34,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_ADMIN_DOMAIN_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/initialization.py b/base/deploy/src/scriptlets/initialization.py index b64f52f1d..abd192b63 100644 --- a/base/deploy/src/scriptlets/initialization.py +++ b/base/deploy/src/scriptlets/initialization.py @@ -39,7 +39,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): master['pki_subsystem'], master['pki_instance_id'], extra=PKIConfig.PKI_INDENTATION_LEVEL_0) - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_INITIALIZATION_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py index aae9c0a0c..0caad1d40 100644 --- a/base/deploy/src/scriptlets/instance_layout.py +++ b/base/deploy/src/scriptlets/instance_layout.py @@ -39,7 +39,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_INSTANCE_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 2544aa6cf..ee35010a6 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -136,10 +136,6 @@ pki_deployed_instance_name = None pki_root_prefix = None -# PKI Deployment Helper Functions -def str2bool(string): - return string.lower() in ("yes", "true", "t", "1") - # NOTE: To utilize the 'preparations_for_an_external_java_debugger(master)' # and 'wait_to_attach_an_external_java_debugger(master)' functions, # change 'pki_enable_java_debugger=False' to diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 6cf395e77..5b71ad6b9 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -53,6 +53,9 @@ from pkiparser import PKIConfigParser # PKI Deployment Helper Functions +def str2bool(string): + return string.lower() in ("yes", "true", "t", "1") + def pki_copytree(src, dst, symlinks=False, ignore=None): """Recursively copy a directory tree using copy2(). @@ -450,7 +453,7 @@ class configuration_file: extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of Admin Password (except for Clones) - if not config.str2bool(master['pki_clone']): + if not str2bool(master['pki_clone']): if not sensitive.has_key('pki_admin_password') or\ not len(sensitive['pki_admin_password']): pkilogging.pki_log.error( @@ -460,7 +463,7 @@ class configuration_file: extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # If required, verify existence of Backup Password - if config.str2bool(master['pki_backup_keys']): + if str2bool(master['pki_backup_keys']): if not sensitive.has_key('pki_backup_password') or\ not len(sensitive['pki_backup_password']): pkilogging.pki_log.error( @@ -488,7 +491,7 @@ class configuration_file: extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) # Verify existence of PKCS #12 Password (ONLY for Clones) - if config.str2bool(master['pki_clone']): + if str2bool(master['pki_clone']): if not sensitive.has_key('pki_clone_pkcs12_password') or\ not len(sensitive['pki_clone_pkcs12_password']): pkilogging.pki_log.error( @@ -499,9 +502,9 @@ class configuration_file: sys.exit(1) # Verify existence of Security Domain Password File # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA) - if config.str2bool(master['pki_clone']) or\ + if str2bool(master['pki_clone']) or\ not master['pki_subsystem'] == "CA" or\ - config.str2bool(master['pki_subordinate']): + str2bool(master['pki_subordinate']): if not sensitive.has_key('pki_security_domain_password') or\ not len(sensitive['pki_security_domain_password']): pkilogging.pki_log.error( @@ -526,30 +529,30 @@ class configuration_file: # Silently verify the existence of 'mutually exclusive' data if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if master['pki_subsystem'] == "CA": - if config.str2bool(master['pki_clone']) and\ - config.str2bool(master['pki_external']) and\ - config.str2bool(master['pki_subordinate']): + if str2bool(master['pki_clone']) and\ + str2bool(master['pki_external']) and\ + str2bool(master['pki_subordinate']): pkilogging.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, master['pki_deployment_cfg'], extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) - elif config.str2bool(master['pki_clone']) and\ - config.str2bool(master['pki_external']): + elif str2bool(master['pki_clone']) and\ + str2bool(master['pki_external']): pkilogging.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, master['pki_deployment_cfg'], extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) - elif config.str2bool(master['pki_clone']) and\ - config.str2bool(master['pki_subordinate']): + elif str2bool(master['pki_clone']) and\ + str2bool(master['pki_subordinate']): pkilogging.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, master['pki_deployment_cfg'], extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) - elif config.str2bool(master['pki_external']) and\ - config.str2bool(master['pki_subordinate']): + elif str2bool(master['pki_external']) and\ + str2bool(master['pki_subordinate']): pkilogging.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, master['pki_deployment_cfg'], @@ -568,7 +571,7 @@ class configuration_file: # 'True' or 'False', etc.) of ALL required "value" parameters. # if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(master['pki_clone']): + if str2bool(master['pki_clone']): # Verify existence of clone parameters if not master.has_key('pki_ds_base_dn') or\ not len(master['pki_ds_base_dn']): @@ -680,7 +683,7 @@ class configuration_file: extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) elif master['pki_subsystem'] == "CA" and\ - config.str2bool(master['pki_external']): + str2bool(master['pki_external']): if not master.has_key('pki_external_step_two') or\ not len(master['pki_external_step_two']): pkilogging.pki_log.error( @@ -689,7 +692,7 @@ class configuration_file: master['pki_deployment_cfg'], extra=PKIConfig.PKI_INDENTATION_LEVEL_2) sys.exit(1) - if not config.str2bool(master['pki_step_two']): + if not str2bool(master['pki_step_two']): if not master.has_key('pki_external_csr_path') or\ not len(master['pki_external_csr_path']): pkilogging.pki_log.error( diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py index 3753c9e49..306f203cd 100644 --- a/base/deploy/src/scriptlets/pkijython.py +++ b/base/deploy/src/scriptlets/pkijython.py @@ -152,6 +152,7 @@ from netscape.security.x509 import X500Name # PKI Python Imports import pkiconfig as config from pkiconfig import PKIConfig +import pkihelper as util import pkimessages as log @@ -182,7 +183,7 @@ def generateCRMFRequest(token, keysize, subjectdn, dualkey): # 1st : Encryption key s1.addElement(crmfMsg) # 2nd : Signing Key - if config.str2bool(dualkey): + if util.str2bool(dualkey): javasystem.out.println(log.PKI_JYTHON_IS_DUALKEY) seq1 = SEQUENCE() certReqSigning = CertRequest(INTEGER(1), certTemplate, seq1) @@ -326,17 +327,17 @@ class rest_client: data.setBindDN(self.master['pki_ds_bind_dn']) data.setDatabase(self.master['pki_ds_database']) data.setBindpwd(self.sensitive['pki_ds_password']) - if config.str2bool(self.master['pki_ds_remove_data']): + if util.str2bool(self.master['pki_ds_remove_data']): data.setRemoveData("true") else: data.setRemoveData("false") - if config.str2bool(self.master['pki_ds_secure_connection']): + if util.str2bool(self.master['pki_ds_secure_connection']): data.setSecureConn("true") else: data.setSecureConn("false") def set_backup_parameters(self, data): - if config.str2bool(self.master['pki_backup_keys']): + if util.str2bool(self.master['pki_backup_keys']): data.setBackupKeys("true") data.setBackupFile(self.master['pki_backup_keys_p12']) data.setBackupPassword(self.sensitive['pki_backup_password']) @@ -352,7 +353,7 @@ class rest_client: data.setAdminSubjectDN(self.master['pki_admin_subject_dn']) if self.master['pki_admin_cert_request_type'] == "crmf": data.setAdminCertRequestType("crmf") - if config.str2bool(self.master['pki_admin_dualkey']): + if util.str2bool(self.master['pki_admin_dualkey']): crmf_request = generateCRMFRequest( token, self.master['pki_admin_keysize'], @@ -428,14 +429,14 @@ class rest_client: # Hierarchy if master['pki_instance_type'] == "Tomcat": if master['pki_subsystem'] == "CA": - if config.str2bool(master['pki_clone']): + if util.str2bool(master['pki_clone']): # Cloned CA # alee - is this correct? data.setHierarchy("root") - elif config.str2bool(master['pki_external']): + elif util.str2bool(master['pki_external']): # External CA data.setHierarchy("join") - elif config.str2bool(master['pki_subordinate']): + elif util.str2bool(master['pki_subordinate']): # Subordinate CA data.setHierarchy("join") else: @@ -444,20 +445,20 @@ class rest_client: # Cloning parameters if master['pki_instance_type'] == "Tomcat": - if config.str2bool(master['pki_clone']): + if util.str2bool(master['pki_clone']): self.set_cloning_parameters(data) else: data.setIsClone("false") # Security Domain if master['pki_subsystem'] != "CA" or\ - config.str2bool(master['pki_clone']) or\ - config.str2bool(master['pki_subordinate']): + util.str2bool(master['pki_clone']) or\ + util.str2bool(master['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or # Subordinate CA self.set_existing_security_domain(data) - elif not config.str2bool(master['pki_external']): + elif not util.str2bool(master['pki_external']): # PKI CA self.set_new_security_domain(data) @@ -467,14 +468,14 @@ class rest_client: if master['pki_instance_type'] == "Tomcat": self.set_backup_parameters(data) - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): self.set_admin_parameters(token, data) # Issuing CA Information if master['pki_subsystem'] != "CA" or\ - config.str2bool(master['pki_clone']) or\ - config.str2bool(master['pki_subordinate']) or\ - config.str2bool(master['pki_external']): + util.str2bool(master['pki_clone']) or\ + util.str2bool(master['pki_subordinate']) or\ + util.str2bool(master['pki_external']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, # Subordinate CA, or External CA @@ -485,14 +486,14 @@ class rest_client: # Create 'CA Signing Certificate' if master['pki_subsystem'] == "CA": - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): cert = self.create_system_cert("ca_signing") cert.setSigningAlgorithm( master['pki_ca_signing_signing_algorithm']) systemCerts.add(cert) # Create 'OCSP Signing Certificate' - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): if master['pki_subsystem'] == "CA" or\ master['pki_subsystem'] == "OCSP": # External CA, Subordinate CA, PKI CA, or PKI OCSP @@ -521,12 +522,12 @@ class rest_client: systemCerts.add(cert3) # Create 'Subsystem Certificate' - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): cert4 = self.create_system_cert("subsystem") systemCerts.add(cert4) # Create 'Audit Signing Certificate' - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): if master['pki_subsystem'] != "RA": cert5 = self.create_system_cert("audit_signing") cert5.setSigningAlgorithm( @@ -534,7 +535,7 @@ class rest_client: systemCerts.add(cert5) # Create DRM Transport and storage Certificates - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): if master['pki_subsystem'] == "KRA": cert6 = self.create_system_cert("transport") systemCerts.add(cert6) @@ -568,7 +569,7 @@ class rest_client: javasystem.out.println(log.PKI_JYTHON_CDATA_REQUEST + " " +\ cdata.getRequest()) # Cloned PKI subsystems do not return an Admin Certificate - if not config.str2bool(master['pki_clone']): + if not util.str2bool(master['pki_clone']): admin_cert = response.getAdminCert().getCert() javasystem.out.println(log.PKI_JYTHON_RESPONSE_ADMIN_CERT +\ " " + admin_cert) diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 9ac4be2ae..7846537df 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -33,6 +33,7 @@ import time # PKI Deployment Imports import pkiconfig as config from pkiconfig import PKIConfig +import pkihelper as util import pkilogging import pkimessages as log @@ -1181,7 +1182,7 @@ class PKIConfigParser: config.pki_master_dict['PKI_PIDDIR_SLOT'] =\ os.path.join("/var/run/pki", "tomcat") - if config.str2bool(config.pki_master_dict['pki_enable_proxy']): + if util.str2bool(config.pki_master_dict['pki_enable_proxy']): config.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ "" config.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ @@ -1469,21 +1470,21 @@ class PKIConfigParser: if not len(config.pki_master_dict['pki_subsystem_name']): if config.pki_master_dict['pki_subsystem'] in\ PKIConfig.PKI_TOMCAT_SUBSYSTEMS and \ - config.str2bool(config.pki_master_dict['pki_clone']): + util.str2bool(config.pki_master_dict['pki_clone']): config.pki_master_dict['pki_subsystem_name'] =\ PKIConfig.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\ config.pki_subsystem + " " +\ config.pki_master_dict['pki_hostname'] + " " +\ config.pki_master_dict['pki_https_port'] elif config.pki_subsystem == "CA" and \ - config.str2bool(config.pki_master_dict['pki_external']): + util.str2bool(config.pki_master_dict['pki_external']): config.pki_master_dict['pki_subsystem_name'] =\ PKIConfig.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\ config.pki_subsystem + " " +\ config.pki_master_dict['pki_hostname'] + " " +\ config.pki_master_dict['pki_https_port'] elif config.pki_subsystem == "CA" and \ - config.str2bool(config.pki_master_dict['pki_subordinate']): + util.str2bool(config.pki_master_dict['pki_subordinate']): config.pki_master_dict['pki_subsystem_name'] =\ PKIConfig.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\ config.pki_subsystem + " " +\ @@ -1495,8 +1496,8 @@ class PKIConfigParser: config.pki_master_dict['pki_hostname'] + " " +\ config.pki_master_dict['pki_https_port'] if config.pki_subsystem != "CA" or\ - config.str2bool(config.pki_master_dict['pki_clone']) or\ - config.str2bool(config.pki_master_dict['pki_subordinate']): + util.str2bool(config.pki_master_dict['pki_clone']) or\ + util.str2bool(config.pki_master_dict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or # Subordinate CA @@ -1520,7 +1521,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_security_domain_uri'] config.pki_master_dict['pki_issuing_ca'] =\ config.pki_master_dict['pki_security_domain_uri'] - elif config.str2bool(config.pki_master_dict['pki_external']): + elif util.str2bool(config.pki_master_dict['pki_external']): # External CA # # NOTE: External CA's DO NOT require a security domain @@ -1562,7 +1563,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_ds_database'] # config.pki_master_dict['pki_ds_hostname'] # - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if not len(config.pki_master_dict['pki_ds_base_dn']): # if the instance is NOT a clone, create a default BASE DN # of "o=${pki_instance_id}"; the reason that this default @@ -1610,7 +1611,7 @@ class PKIConfigParser: # config.pki_sensitive_dict['pki_backup_password'] # config.pki_master_dict['pki_backup_keys'] # - if config.str2bool(config.pki_master_dict['pki_backup_keys']): + if util.str2bool(config.pki_master_dict['pki_backup_keys']): # NOTE: ALWAYS store the PKCS #12 backup keys file # in with the NSS "server" security databases config.pki_master_dict['pki_backup_keys_p12'] =\ @@ -1668,9 +1669,9 @@ class PKIConfigParser: config.pki_master_dict['pki_security_domain_name'] +\ " " + "ID" elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": - if config.str2bool( + if util.str2bool( config.pki_master_dict['pki_external']): # External CA config.pki_master_dict['pki_admin_nickname'] =\ @@ -1731,9 +1732,9 @@ class PKIConfigParser: "," + "o=" +\ config.pki_master_dict['pki_security_domain_name'] elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": - if config.str2bool( + if util.str2bool( config.pki_master_dict['pki_external']): # External CA config.pki_master_dict['pki_admin_subject_dn'] =\ @@ -1813,7 +1814,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_ca_signing_token'] # if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": # config.pki_master_dict['pki_ca_signing_nickname'] if not len(config.pki_master_dict\ @@ -1823,13 +1824,13 @@ class PKIConfigParser: config.pki_master_dict['pki_instance_id'] + " " +\ config.pki_subsystem # config.pki_master_dict['pki_ca_signing_subject_dn'] - if config.str2bool(config.pki_master_dict['pki_external']): + if util.str2bool(config.pki_master_dict['pki_external']): # External CA if not len(config.pki_master_dict\ ['pki_ca_signing_subject_dn']): config.pki_master_dict['pki_ca_signing_subject_dn']\ = "cn=" + "External CA Signing Certificate" - elif config.str2bool( + elif util.str2bool( config.pki_master_dict['pki_subordinate']): # Subordinate CA if not len(config.pki_master_dict\ @@ -1882,7 +1883,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_ocsp_signing_token'] # if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "CA": if not len(config.pki_master_dict\ ['pki_ocsp_signing_nickname']): @@ -1890,14 +1891,14 @@ class PKIConfigParser: "ocspSigningCert" + " " + "cert-" +\ config.pki_master_dict['pki_instance_id'] + " " +\ config.pki_subsystem - if config.str2bool(config.pki_master_dict['pki_external']): + if util.str2bool(config.pki_master_dict['pki_external']): # External CA if not len(config.pki_master_dict\ ['pki_ocsp_signing_subject_dn']): config.pki_master_dict\ ['pki_ocsp_signing_subject_dn'] =\ "cn=" + "External CA OCSP Signing Certificate" - elif config.str2bool( + elif util.str2bool( config.pki_master_dict['pki_subordinate']): # Subordinate CA if not len(config.pki_master_dict\ @@ -1983,7 +1984,7 @@ class PKIConfigParser: config.pki_master_dict['pki_security_domain_name'] elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if config.pki_master_dict['pki_subsystem'] == "CA" and\ - config.str2bool(config.pki_master_dict['pki_external']): + util.str2bool(config.pki_master_dict['pki_external']): # External CA config.pki_master_dict['pki_ssl_server_subject_dn'] =\ "cn=" + config.pki_master_dict['pki_hostname'] +\ @@ -2050,7 +2051,7 @@ class PKIConfigParser: config.pki_master_dict['pki_subsystem_token'] =\ "Internal Key Storage Token" elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if not len(config.pki_master_dict['pki_subsystem_nickname']): config.pki_master_dict['pki_subsystem_nickname'] =\ "subsystemCert" + " " + "cert-" +\ @@ -2058,12 +2059,12 @@ class PKIConfigParser: config.pki_subsystem if not len(config.pki_master_dict['pki_subsystem_subject_dn']): if config.pki_master_dict['pki_subsystem'] == "CA": - if config.str2bool( + if util.str2bool( config.pki_master_dict['pki_external']): # External CA config.pki_master_dict['pki_subsystem_subject_dn']\ = "cn=" + "External CA Subsystem Certificate" - elif config.str2bool( + elif util.str2bool( config.pki_master_dict['pki_subordinate']): # Subordinate CA config.pki_master_dict['pki_subsystem_subject_dn']\ @@ -2151,7 +2152,7 @@ class PKIConfigParser: config.pki_master_dict['pki_audit_signing_token'] =\ "Internal Key Storage Token" elif config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if not len(config.pki_master_dict\ ['pki_audit_signing_nickname']): config.pki_master_dict['pki_audit_signing_nickname'] =\ @@ -2161,13 +2162,13 @@ class PKIConfigParser: if not len(config.pki_master_dict\ ['pki_audit_signing_subject_dn']): if config.pki_master_dict['pki_subsystem'] == "CA": - if config.str2bool( + if util.str2bool( config.pki_master_dict['pki_external']): # External CA config.pki_master_dict\ ['pki_audit_signing_subject_dn'] =\ "cn=" + "External CA Audit Signing Certificate" - elif config.str2bool( + elif util.str2bool( config.pki_master_dict['pki_subordinate']): # Subordinate CA config.pki_master_dict\ @@ -2232,7 +2233,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_transport_token'] # if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "KRA": # PKI KRA if not len(config.pki_master_dict\ @@ -2277,7 +2278,7 @@ class PKIConfigParser: # config.pki_master_dict['pki_storage_token'] # if config.pki_subsystem in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if not config.str2bool(config.pki_master_dict['pki_clone']): + if not util.str2bool(config.pki_master_dict['pki_clone']): if config.pki_master_dict['pki_subsystem'] == "KRA": # PKI KRA if not len(config.pki_master_dict['pki_storage_nickname']): diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index 5e4cb718b..19da1d5df 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -35,7 +35,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_SECURITY_DATABASES_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 130593953..57c335ee1 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -42,7 +42,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): selinux.restorecon(master['pki_instance_configuration_path'], True) def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py index 7e3971ab1..e0451f327 100644 --- a/base/deploy/src/scriptlets/slot_substitution.py +++ b/base/deploy/src/scriptlets/slot_substitution.py @@ -35,7 +35,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_SLOT_ASSIGNMENT_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/subsystem_layout.py b/base/deploy/src/scriptlets/subsystem_layout.py index 65b760fc2..22d569906 100644 --- a/base/deploy/src/scriptlets/subsystem_layout.py +++ b/base/deploy/src/scriptlets/subsystem_layout.py @@ -34,7 +34,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): rv = 0 def spawn(self): - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_SUBSYSTEM_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py index 3f487be58..d707d48ea 100644 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ b/base/deploy/src/scriptlets/webapp_deployment.py @@ -39,7 +39,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: - if config.str2bool(master['pki_skip_installation']): + if util.str2bool(master['pki_skip_installation']): pkilogging.pki_log.info(log.SKIP_WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=PKIConfig.PKI_INDENTATION_LEVEL_1) -- cgit