From 7f5e5076d6e88d096b69b8269f638e8dd7e3ee63 Mon Sep 17 00:00:00 2001
From: Matthew Harmsen <mharmsen@redhat.com>
Date: Wed, 13 May 2015 21:33:02 -0600
Subject: modify contents of serverCertNick.conf

- PKI TRAC Ticket #1370 - pkispawn: installation with HSM from external CA
  should hold off prepending token name in serverCertNick.conf till phase 2
---
 .../python/pki/server/deployment/pkihelper.py      | 44 ++++++++++++++++++++++
 .../python/pki/server/deployment/pkimessages.py    |  1 +
 .../server/deployment/scriptlets/finalization.py   |  3 ++
 3 files changed, 48 insertions(+)

(limited to 'base/server/python/pki/server')

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 5527d7f94..0c7a19fc2 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -2696,6 +2696,49 @@ class PK12util:
         return
 
 
+class ServerCertNickConf:
+    """PKI Deployment serverCertNick.conf Class"""
+
+    # In the future, this class will be used exclusively to manage the
+    # creation and modification of the 'serverCertNick.conf' file
+    # replacing the current 'pkispawn' method of copying a template and
+    # using slot-substitution to establish its contents.
+    def __init__(self, deployer):
+        self.mdict = deployer.mdict
+        self.hsm_enable = config.str2bool(self.mdict['pki_hsm_enable'])
+        self.external = config.str2bool(self.mdict['pki_external'])
+        self.nickname = self.mdict['pki_self_signed_nickname']
+        self.servercertnick_conf = self.mdict['pki_target_servercertnick_conf']
+        self.standalone = config.str2bool(self.mdict['pki_standalone'])
+        self.step_two = config.str2bool(self.mdict['pki_external_step_two'])
+        self.token_name = self.mdict['pki_token_name']
+
+    def modify(self):
+        # Modify contents of 'serverCertNick.conf'
+        if self.hsm_enable and (self.external or self.standalone):
+            try:
+                # overwrite value inside 'serverCertNick.conf'
+                with open(self.servercertnick_conf, "w") as fd:
+                    ssl_server_nickname = None
+                    if self.step_two:
+                        # use final HSM name
+                        ssl_server_nickname = (self.token_name + ":" +
+                                               self.nickname)
+                    else:
+                        # use softokn name
+                        ssl_server_nickname = self.nickname
+                    fd.write(ssl_server_nickname);
+                    config.pki_log.info(
+                        log.PKIHELPER_SERVERCERTNICK_CONF_2,
+                        self.servercertnick_conf,
+                        ssl_server_nickname,
+                        extra=config.PKI_INDENTATION_LEVEL_2)
+            except OSError as exc:
+                config.pki_log.error(log.PKI_OSERROR_1, exc,
+                                     extra=config.PKI_INDENTATION_LEVEL_2)
+                raise
+
+
 class KRAConnector:
     """PKI Deployment KRA Connector Class"""
 
@@ -4345,6 +4388,7 @@ class PKIDeployer:
         self.pk12util = PK12util(self)
         self.kra_connector = KRAConnector(self)
         self.security_domain = SecurityDomain(self)
+        self.servercertnick_conf = ServerCertNickConf(self)
         self.systemd = Systemd(self)
         self.tps_connector = TPSConnector(self)
         self.config_client = ConfigClient(self)
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index 9129b844d..321ea7869 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -278,6 +278,7 @@ PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2 = \
     "updateDomainXML SUCCESSFULLY deleted this '%s' entry from "\
     "security domain '%s'"
 PKIHELPER_SELINUX_DISABLED = "Selinux is disabled.  Not checking port contexts"
+PKIHELPER_SERVERCERTNICK_CONF_2 = "Overwriting contents of '%s' with '%s'"
 PKIHELPER_SET_MODE_1 = "setting ownerships, permissions, and acls on '%s'"
 PKIHELPER_SLOT_SUBSTITUTION_2 = "slot substitution: '%s' ==> '%s'"
 PKIHELPER_SSLGET_OUTPUT_1 = '''
diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py
index f41f1d55a..b92965929 100644
--- a/base/server/python/pki/server/deployment/scriptlets/finalization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py
@@ -62,6 +62,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             deployer.systemd.disable()
         else:
             deployer.systemd.enable()
+        if len(deployer.instance.tomcat_instance_subsystems()) == 1:
+            # Modify contents of 'serverCertNick.conf' (if necessary)
+            deployer.servercertnick_conf.modify()
         # Optionally, programmatically 'restart' the configured PKI instance
         if config.str2bool(deployer.mdict['pki_restart_configured_instance']):
             deployer.systemd.restart()
-- 
cgit