From 449e4357e733a70e8f27f65f69ca8f0f7c8b5b21 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Sat, 12 Dec 2015 04:10:54 +0100
Subject: Fixed external CA case for IPA compatibility.

The installation code for external CA case has been fixed such
that IPA can detect step 1 completion properly.

The code that handles certificate data conversion has been fixed
to reformat base-64 data for PEM output properly.

The installation summary for step 1 has been updated to provide
more accurate information.

https://fedorahosted.org/pki/ticket/456
---
 base/server/python/pki/server/deployment/pkihelper.py          |  7 +++++--
 .../python/pki/server/deployment/scriptlets/configuration.py   | 10 +++++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

(limited to 'base/server/python')

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 9c9b40454..7a1a8c7d1 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -502,15 +502,18 @@ class ConfigurationFile:
         # generic extension support in CSR - for external CA
         self.add_req_ext = config.str2bool(
             self.mdict['pki_req_ext_add'])
+
         self.external = config.str2bool(self.mdict['pki_external'])
+        self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two'])
+        self.external_step_two = not self.external_step_one
+
         if self.external:
             # generic extension support in CSR - for external CA
             if self.add_req_ext:
                 self.req_ext_oid = self.mdict['pki_req_ext_oid']
                 self.req_ext_critical = self.mdict['pki_req_ext_critical']
                 self.req_ext_data = self.mdict['pki_req_ext_data']
-        self.external_step_two = config.str2bool(
-            self.mdict['pki_external_step_two'])
+
         self.skip_configuration = config.str2bool(
             self.mdict['pki_skip_configuration'])
         self.standalone = config.str2bool(self.mdict['pki_standalone'])
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index b8b8fc691..a80239374 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -94,9 +94,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         token = deployer.mdict['pki_token_name']
         nssdb = instance.open_nssdb(token)
 
-        external = config.str2bool(deployer.mdict['pki_external'])
-        step_one = not config.str2bool(deployer.mdict['pki_external_step_two'])
-        step_two = not step_one
+        external = deployer.configuration_file.external
+        step_one = deployer.configuration_file.external_step_one
+        step_two = deployer.configuration_file.external_step_two
 
         try:
             if external and step_one: # external/existing CA step 1
@@ -142,6 +142,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                     signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
                     subsystem.config['ca.signing.certreq'] = signing_csr
 
+                # This is needed by IPA to detect step 1 completion.
+                # See is_step_one_done() in ipaserver/install/cainstance.py.
+                subsystem.config['preop.ca.type'] = 'otherca'
+
                 subsystem.save()
 
             elif external and step_two: # external/existing CA step 2
-- 
cgit