From 6ee510efe491b1e2afd7e9901eee690365fd8bbb Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 6 May 2015 16:19:19 -0400
Subject: Added options for internal token and replication passwords.

The installation code has been modified such that the admin can
optionally specify passwords for internal token and replication.
Otherwise the code will generate random passwords like before.

https://fedorahosted.org/pki/ticket/1354
---
 .../python/pki/server/deployment/pkihelper.py      |  2 ++
 .../python/pki/server/deployment/pkiparser.py      | 22 ++++++++++++++++------
 2 files changed, 18 insertions(+), 6 deletions(-)

(limited to 'base/server/python/pki/server/deployment')

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 1521ef339..5527d7f94 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -3821,6 +3821,8 @@ class ConfigClient:
         if not self.clone:
             self.set_admin_parameters(data)
 
+        data.replicationPassword = self.mdict['pki_replication_password']
+
         # Issuing CA Information
         self.set_issuing_ca_parameters(data)
 
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 39cef9413..fe1a54a3a 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -327,10 +327,14 @@ class PKIConfigParser:
                 # means that we need to deal with escaping '%' characters
                 # that might be present.
                 no_interpolation = (
-                    'pki_admin_password', 'pki_backup_password',
+                    'pki_admin_password',
+                    'pki_backup_password',
                     'pki_client_database_password',
                     'pki_client_pkcs12_password',
-                    'pki_ds_password', 'pki_security_domain_password')
+                    'pki_ds_password',
+                    'pki_pin',
+                    'pki_replicationdb_password',
+                    'pki_security_domain_password')
 
                 print 'Loading deployment configuration from ' + \
                       config.user_deployment_cfg + '.'
@@ -552,18 +556,24 @@ class PKIConfigParser:
             self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg
             self.mdict['pki_deployed_instance_name'] = \
                 config.pki_deployed_instance_name
+
+            self.flatten_master_dict()
+
             # Generate random 'pin's for use as security database passwords
             # and add these to the "sensitive" key value pairs read in from
             # the configuration file
             pin_low = 100000000000
             pin_high = 999999999999
-            self.mdict['pki_pin'] = \
-                random.randint(pin_low, pin_high)
+
+            # use user-provided PIN if specified
+            if not self.mdict['pki_pin']:
+                # otherwise generate a random password
+                self.mdict['pki_pin'] = \
+                    random.randint(pin_low, pin_high)
+
             self.mdict['pki_client_pin'] = \
                 random.randint(pin_low, pin_high)
 
-            self.flatten_master_dict()
-
             pkilogging.sensitive_parameters = \
                 self.mdict['sensitive_parameters'].split()
 
-- 
cgit