1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#!/usr/bin/jython
# System Python Imports
import os
import pickle
import sys
# PKI Python Imports
import pkijython as jyutil
import pkiconfig as config
import pkimessages as log
# System Java Imports
from java.lang import System as javasystem
# PKI Java Imports
from com.netscape.certsrv.client import ClientConfig
def main(argv):
rv = 0
# Establish 'master' and 'sensitive' as two separate PKI jython dictionaries
master = dict()
sensitive = dict()
# Import the master dictionary from 'pkispawn'
master = pickle.loads(argv[1])
# Import the sensitive data dictionary from 'pkispawn'
sensitive = pickle.loads(argv[2])
# Optionally enable a java debugger (e. g. - 'eclipse'):
if config.str2bool(master['pki_enable_java_debugger']):
config.wait_to_attach_an_external_java_debugger()
# IMPORTANT: Unfortunately, 'jython 2.2' does NOT support logging!
#
# Until, and unless, 'jython 2.5' or later is used,
# debugging will basically be limited to using 'print'
# since creating a logging mechanism for 'jython 2.2'
# would not make sense at this point in time, although
# a 'customized' manual log process could be created.
#
# Regardless of 'jython' version, the log file generated
# by this standalone 'jython' process would be unique and
# separate to the log file generated for the PKI
# deployment scriptlets 'python' process, as they exist
# as two separate processes (until and unless 'jython 2.7'
# could be used to completely replace 'python 2.7',
# in which case a single process could be executed
# end-to-end from installation through configuration).
#
if master['pki_jython_log_level'] >= config.PKI_JYTHON_DEBUG_LOG_LEVEL:
# javasystem.out.println("Hello")
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2, sys.path)
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2,
javasystem.getProperties()['java.class.path'])
for key in master:
print "%s '%s' = '%s'" %\
(log.PKI_JYTHON_INDENTATION_2, key, master[key])
# Initialize token
jyutil.security_databases.initialize_token(
master['pki_client_database_dir'],
master['pki_jython_log_level'])
# Log into token
token = jyutil.security_databases.log_into_token(
master['pki_client_database_dir'],
master['pki_client_password_conf'],
master['pki_jython_log_level'])
# Setup connection parameters
client_config = ClientConfig()
client_config.setServerURI(master['pki_jython_base_uri'])
# Establish REST Client
client = jyutil.rest_client.initialize(
client_config,
master,
sensitive)
# Construct PKI Subsystem Configuration Data
data = None
if master['pki_instance_type'] == "Apache":
if master['pki_subsystem'] == "RA":
print "%s '%s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif master['pki_subsystem'] == "TPS":
print "%s '%s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif master['pki_instance_type'] == "Tomcat":
if master['pki_subsystem'] == "CA":
if config.str2bool(master['pki_external']):
print "%s '%s %s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
config.PKI_DEPLOYMENT_EXTERNAL_CA,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
else:
# PKI, Subordinate, or Cloned CA
data = jyutil.rest_client.construct_pki_configuration_data(
token)
else:
# PKI or Cloned KRA, OCSP, or TKS
data = jyutil.rest_client.construct_pki_configuration_data(token)
# Formulate PKI Subsystem Configuration Data Response
jyutil.rest_client.configure_pki_data(data)
if __name__ == "__main__":
main(sys.argv)
|