From 62033f12b40e6eb3270c352e966a7461f152dfd6 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 18 Dec 2012 16:05:55 -0500
Subject: Make admin cert p12 file location configurable

Ticket 437.  Also moved a bunch of client path parameters to
default.cfg template file.
---
 base/deploy/etc/default.cfg             | 13 +++++--
 base/deploy/src/scriptlets/pkijython.py |  5 +++
 base/deploy/src/scriptlets/pkiparser.py | 61 ++-------------------------------
 3 files changed, 18 insertions(+), 61 deletions(-)

diff --git a/base/deploy/etc/default.cfg b/base/deploy/etc/default.cfg
index d619cdc94..d99faf2c4 100644
--- a/base/deploy/etc/default.cfg
+++ b/base/deploy/etc/default.cfg
@@ -66,6 +66,7 @@ destroy_scriplets=
 # pki_https_port=443
 # pki_http_port=80
 
+pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert
 pki_admin_cert_request_type=crmf
 pki_admin_dualkey=False
 pki_admin_keysize=2048
@@ -78,10 +79,10 @@ pki_audit_signing_signing_algorithm=SHA256withRSA
 pki_audit_signing_token=Internal Key Storage Token
 pki_backup_keys=False
 pki_backup_password=
-pki_client_database_dir=
+pki_client_admin_cert_p12=%(pki_client_dir)s/%(pki_subsystem_type)s_admin_cert.p12
 pki_client_database_password=
 pki_client_database_purge=True
-pki_client_dir=
+pki_client_dir=%(home_dir)s/.pki/%(pki_instance_name)s
 pki_client_pkcs12_password=
 pki_ds_bind_dn=cn=Directory Manager
 pki_ds_ldap_port=389
@@ -117,6 +118,14 @@ pki_user=pkiuser
 # These are used in the processing of pkispawn and are not supposed
 # to be overwritten by user configuration files.
 #
+pki_client_database_dir=%(pki_client_subsystem_dir)s/alias
+pki_client_subsystem_dir=%(pki_client_dir)s/%(pki_subsystem_type)s
+pki_client_password_conf=%(pki_client_subsystem_dir)s/password.conf
+pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.conf
+pki_client_cert_database=%(pki_client_database_dir)s/cert8.db
+pki_client_key_database=%(pki_client_database_dir)s/key3.db
+pki_client_secmod_database=%(pki_client_database_dir)s/secmod.db
+pki_client_admin_cert=%(pki_subsystem_type)s_admin.cert
 pki_source_conf_path=/usr/share/pki/%(pki_subsystem_type)s/conf
 pki_source_setup_path=/usr/share/pki/setup
 pki_source_server_path=/usr/share/pki/server/conf
diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py
index e6a4a915e..fac352fdb 100644
--- a/base/deploy/src/scriptlets/pkijython.py
+++ b/base/deploy/src/scriptlets/pkijython.py
@@ -613,6 +613,11 @@ class rest_client:
                     log.PKI_JYTHON_ADMIN_CERT_IMPORT +\
                     " " + "'" + command + "'")
                 os.system(command)
+
+                # create directory for p12 file if it does not exist
+                self.mkdirs(os.path.dirname(
+                    master['pki_client_admin_cert_p12']))
+
                 # Export the Administration Certificate from the
                 # client NSS security database into a PKCS #12 file
                 command = "pk12util" + " " +\
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 2a4111f91..ba4f376da 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -213,6 +213,7 @@ class PKIConfigParser:
                                'pki_root_prefix' : config.pki_root_prefix,
                                'resteasy_lib': resteasy_lib,
                                'arch_java_lib': arch_java_lib,
+                               'home_dir': os.path.expanduser("~"),
                                'pki_hostname': config.pki_hostname}
 
             self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
@@ -698,69 +699,11 @@ class PKIConfigParser:
                 os.path.join(
                     config.pki_master_dict['pki_subsystem_configuration_path'],
                     "password.conf")
-            # Client NSS security database name/value pairs
-            #
-            #     The following variables are established via the specified PKI
-            #     deployment configuration file and is NOT redefined below:
-            #
-            #         config.pki_master_dict['pki_client_pkcs12_password']
-            #         config.pki_master_dict['pki_client_database_purge']
-            #
-            #     The following variables are established via the specified PKI
-            #     deployment configuration file and potentially overridden below:
-            #
-            #         config.pki_master_dict['pki_client_dir']
-            #         config.pki_master_dict['pki_client_subsystem_dir']
-            #
+
             if not len(config.pki_master_dict['pki_client_database_password']):
                 # use randomly generated client 'pin'
                 config.pki_master_dict['pki_client_database_password'] =\
                     str(config.pki_master_dict['pki_client_pin'])
-            if not len(config.pki_master_dict['pki_client_dir']):
-                config.pki_master_dict['pki_client_dir'] =\
-                    os.path.join(
-                        os.path.expanduser("~"), ".pki",
-                        config.pki_master_dict['pki_instance_name'])
-            config.pki_master_dict['pki_client_subsystem_dir'] =\
-                os.path.join(
-                    config.pki_master_dict['pki_client_dir'],
-                    config.pki_master_dict['pki_subsystem'].lower())
-            if not len(config.pki_master_dict['pki_client_database_dir']):
-                config.pki_master_dict['pki_client_database_dir'] =\
-                    os.path.join(
-                        config.pki_master_dict['pki_client_subsystem_dir'],
-                        "alias")
-            config.pki_master_dict['pki_client_password_conf'] =\
-                os.path.join(
-                    config.pki_master_dict['pki_client_subsystem_dir'],
-                    "password.conf")
-            config.pki_master_dict['pki_client_pkcs12_password_conf'] =\
-                os.path.join(
-                    config.pki_master_dict['pki_client_subsystem_dir'],
-                    "pkcs12_password.conf")
-            config.pki_master_dict['pki_client_cert_database'] =\
-                os.path.join(config.pki_master_dict['pki_client_database_dir'],
-                             "cert8.db")
-            config.pki_master_dict['pki_client_key_database'] =\
-                os.path.join(config.pki_master_dict['pki_client_database_dir'],
-                             "key3.db")
-            config.pki_master_dict['pki_client_secmod_database'] =\
-                os.path.join(config.pki_master_dict['pki_client_database_dir'],
-                             "secmod.db")
-            config.pki_master_dict['pki_client_admin_cert'] =\
-                config.pki_master_dict['pki_subsystem'].lower() + "_" +\
-                "admin" + "." + "cert"
-
-            config.pki_master_dict['pki_client_admin_cert_p12'] =\
-                config.pki_master_dict['pki_client_dir'] + "/" +\
-                config.pki_master_dict['pki_subsystem'].lower() + "_" +\
-                "admin" + "_" + "cert" + "." + "p12"
-
-            if not 'pki_admin_cert_file' in config.pki_master_dict or\
-               not len(config.pki_master_dict['pki_admin_cert_file']):
-                config.pki_master_dict['pki_admin_cert_file'] =\
-                    config.pki_master_dict['pki_client_dir'] +\
-                    "/ca_admin.cert"
 
             # Jython scriptlet name/value pairs
             config.pki_master_dict['pki_jython_configuration_scriptlet'] =\
-- 
cgit