From 1e15712d2a6c45d2dd2ac64b3b76a757ca9de2e8 Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Tue, 6 Nov 2012 18:59:47 -0800 Subject: Enable Subordinate CA * TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA --- base/deploy/src/scriptlets/configuration.jy | 11 ++--------- base/deploy/src/scriptlets/pkiconfig.py | 5 +++++ base/deploy/src/scriptlets/pkimessages.py | 3 --- base/deploy/src/scriptlets/pkiparser.py | 27 +++++++++++++++++++++++---- 4 files changed, 30 insertions(+), 16 deletions(-) (limited to 'base') diff --git a/base/deploy/src/scriptlets/configuration.jy b/base/deploy/src/scriptlets/configuration.jy index 0f5968bce..7180c4546 100644 --- a/base/deploy/src/scriptlets/configuration.jy +++ b/base/deploy/src/scriptlets/configuration.jy @@ -109,19 +109,12 @@ def main(argv): if config.str2bool(master['pki_external']): print "%s '%s %s' %s" %\ (log.PKI_JYTHON_INDENTATION_2, - log.PKI_JYTHON_EXTERNAL_CA, - master['pki_subsystem'], - log.PKI_JYTHON_NOT_YET_IMPLEMENTED) - return rv - elif config.str2bool(master['pki_subordinate']): - print "%s '%s %s' %s" %\ - (log.PKI_JYTHON_INDENTATION_2, - log.PKI_JYTHON_SUBORDINATE_CA, + config.PKI_DEPLOYMENT_EXTERNAL_CA, master['pki_subsystem'], log.PKI_JYTHON_NOT_YET_IMPLEMENTED) return rv else: - # PKI or Cloned CA + # PKI, Subordinate, or Cloned CA data = jyutil.rest_client.construct_pki_configuration_data( token) else: diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index bfc5b3249..ba411933d 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -88,6 +88,11 @@ PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = "pkideployment.cfg" PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ "/usr/share/pki/deployment/config/pkislots.cfg" +# subtypes of PKI subsystems +PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM = "Cloned" +PKI_DEPLOYMENT_EXTERNAL_CA = "External" +PKI_DEPLOYMENT_SUBORDINATE_CA = "Subordinate" + # default ports (for defined selinux policy) PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT = 8080 PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT = 8443 diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index becbea63e..435f7d10e 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -287,14 +287,12 @@ PKI_JYTHON_CDATA_TAG = "tag:" PKI_JYTHON_CDATA_CERT = "cert:" PKI_JYTHON_CDATA_REQUEST = "request:" PKI_JYTHON_CHMOD = "performing chmod:" -PKI_JYTHON_CLONED_PKI_SUBSYSTEM = "Cloned" PKI_JYTHON_CONFIGURING_PKI_DATA = "configuring PKI configuration data for" PKI_JYTHON_CONSTRUCTING_PKI_DATA = "constructing PKI configuration data for" PKI_JYTHON_CRMF_SUPPORT_ONLY = "only the 'crmf' certificate request type "\ "is currently supported" PKI_JYTHON_IS_DUALKEY = "dualkey = true" PKI_JYTHON_EXCEPTION_PARSER = "Problem parsing" -PKI_JYTHON_EXTERNAL_CA = "External" PKI_JYTHON_INDENTATION_0 = "pkispawn : JYTHON " PKI_JYTHON_INDENTATION_1 = "pkispawn : JYTHON ..." PKI_JYTHON_INDENTATION_2 = "pkispawn : JYTHON ......." @@ -311,7 +309,6 @@ PKI_JYTHON_RESPONSE_ADMIN_CERT = "adminCert:" PKI_JYTHON_RESPONSE_STATUS = "status:" PKI_JYTHON_TOKEN_LOGIN_EXCEPTION = "Exception in logging into token:" PKI_JYTHON_NOT_YET_IMPLEMENTED = "NOT YET IMPLEMENTED" -PKI_JYTHON_SUBORDINATE_CA = "Subordinate" # PKI Deployment "Scriptlet" Messages diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index ac77c9f87..cdc3b5f79 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -1455,10 +1455,29 @@ def compose_pki_master_dictionary(): if not len(config.pki_master_dict['pki_security_domain_user']): config.pki_master_dict['pki_security_domain_user'] = "caadmin" if not len(config.pki_master_dict['pki_subsystem_name']): - config.pki_master_dict['pki_subsystem_name'] =\ - config.pki_subsystem + " " +\ - config.pki_master_dict['pki_hostname'] + " " +\ - config.pki_master_dict['pki_https_port'] + if config.str2bool(config.pki_master_dict['pki_clone']): + config.pki_master_dict['pki_subsystem_name'] =\ + config.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\ + config.pki_subsystem + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + elif config.str2bool(config.pki_master_dict['pki_external']): + config.pki_master_dict['pki_subsystem_name'] =\ + config.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\ + config.pki_subsystem + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + elif config.str2bool(config.pki_master_dict['pki_subordinate']): + config.pki_master_dict['pki_subsystem_name'] =\ + config.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\ + config.pki_subsystem + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] + else: + config.pki_master_dict['pki_subsystem_name'] =\ + config.pki_subsystem + " " +\ + config.pki_master_dict['pki_hostname'] + " " +\ + config.pki_master_dict['pki_https_port'] if config.pki_subsystem != "CA" or\ config.str2bool(config.pki_master_dict['pki_clone']) or\ config.str2bool(config.pki_master_dict['pki_subordinate']): -- cgit