1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
#!/usr/bin/jython
# System Python Imports
import os
import pickle
import sys
# PKI Python Imports
import pkijython as jyutil
import pkiconfig as config
import pkimessages as log
# System Java Imports
from java.lang import System as javasystem
# PKI Java Imports
from com.netscape.certsrv.client import ClientConfig
def main(argv):
rv = 0
# Establish 'master' and 'sensitive' as two separate PKI jython dictionaries
master = dict()
sensitive = dict()
# Import the master dictionary from 'pkispawn'
master = pickle.loads(argv[1])
# Import the sensitive data dictionary from 'pkispawn'
sensitive = pickle.loads(argv[2])
# Optionally enable a java debugger (e. g. - 'eclipse'):
if config.str2bool(master['pki_enable_java_debugger']):
config.wait_to_attach_an_external_java_debugger()
# IMPORTANT: Unfortunately, 'jython 2.2' does NOT support logging!
#
# Until, and unless, 'jython 2.5' or later is used,
# debugging will basically be limited to using 'print'
# since creating a logging mechanism for 'jython 2.2'
# would not make sense at this point in time, although
# a 'customized' manual log process could be created.
#
# Regardless of 'jython' version, the log file generated
# by this standalone 'jython' process would be unique and
# separate to the log file generated for the PKI
# deployment scriptlets 'python' process, as they exist
# as two separate processes (until and unless 'jython 2.7'
# could be used to completely replace 'python 2.7',
# in which case a single process could be executed
# end-to-end from installation through configuration).
#
if master['pki_jython_log_level'] >= config.PKI_JYTHON_DEBUG_LOG_LEVEL:
# javasystem.out.println("Hello")
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2, sys.path)
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2,
javasystem.getProperties()['java.class.path'])
for key in master:
print "%s '%s' = '%s'" %\
(log.PKI_JYTHON_INDENTATION_2, key, master[key])
# Initialize token
jyutil.security_databases.initialize_token(
master['pki_client_database_dir'],
master['pki_dry_run_flag'],
master['pki_jython_log_level'])
# Log into token
token = jyutil.security_databases.log_into_token(
master['pki_client_database_dir'],
master['pki_client_password_conf'],
master['pki_dry_run_flag'],
master['pki_jython_log_level'])
# Setup connection parameters
client_config = ClientConfig()
client_config.setServerURI(master['pki_jython_base_uri'])
# Establish REST Client
client = jyutil.rest_client.initialize(
client_config,
master,
sensitive)
# Construct PKI Subsystem Configuration Data
data = None
if master['pki_instance_type'] == "Apache":
if master['pki_subsystem'] == "RA":
print "%s '%s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif master['pki_subsystem'] == "TPS":
print "%s '%s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif master['pki_instance_type'] == "Tomcat":
if master['pki_subsystem'] == "CA":
if config.str2bool(master['pki_external']):
print "%s '%s %s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_EXTERNAL_CA,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif config.str2bool(master['pki_subordinate']):
print "%s '%s %s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
log.PKI_JYTHON_SUBORDINATE_CA,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
else:
# PKI or Cloned CA
data = jyutil.rest_client.construct_pki_configuration_data(
token)
else:
# PKI or Cloned KRA, OCSP, or TKS
data = jyutil.rest_client.construct_pki_configuration_data(token)
# Formulate PKI Subsystem Configuration Data Response
jyutil.rest_client.configure_pki_data(data)
if __name__ == "__main__":
main(sys.argv)
|