1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
#!/usr/bin/jython
# System Python Imports
import os
import pickle
import sys
# PKI Python Imports
import pkijython as jyutil
import pkiconfig as config
import pkimessages as log
# System Java Imports
from java.lang import System as javasystem
# PKI Java Imports
from com.netscape.certsrv.client import ClientConfig
def main(argv):
rv = 0
# Import the master dictionary from 'pkispawn'
master = pickle.loads(argv[1])
sensitive_parameters = master['sensitive_parameters'].split()
# Optionally enable a java debugger (e. g. - 'eclipse'):
if config.str2bool(master['pki_enable_java_debugger']):
config.wait_to_attach_an_external_java_debugger()
# IMPORTANT: Unfortunately, 'jython 2.2' does NOT support logging!
#
# Until, and unless, 'jython 2.5' or later is used,
# debugging will basically be limited to using 'print'
# since creating a logging mechanism for 'jython 2.2'
# would not make sense at this point in time, although
# a 'customized' manual log process could be created.
#
# Regardless of 'jython' version, the log file generated
# by this standalone 'jython' process would be unique and
# separate to the log file generated for the PKI
# deployment scriptlets 'python' process, as they exist
# as two separate processes (until and unless 'jython 2.7'
# could be used to completely replace 'python 2.7',
# in which case a single process could be executed
# end-to-end from installation through configuration).
#
if master['pki_jython_log_level'] >= config.PKI_JYTHON_DEBUG_LOG_LEVEL:
# javasystem.out.println("Hello")
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2, sys.path)
print "%s %s" %\
(log.PKI_JYTHON_INDENTATION_2,
javasystem.getProperties()['java.class.path'])
for key in master:
if key in sensitive_parameters:
value = 'XXXXXXXX'
else:
value = master[key]
print "%s '%s' = '%s'" %\
(log.PKI_JYTHON_INDENTATION_2, key, value)
# Initialize token
jyutil.security_databases.initialize_token(
master['pki_client_database_dir'],
master['pki_jython_log_level'])
# Log into token
token = jyutil.security_databases.log_into_token(
master['pki_client_database_dir'],
master['pki_client_password_conf'],
master['pki_jython_log_level'])
# Setup connection parameters
client_config = ClientConfig()
client_config.setServerURI(master['pki_jython_base_uri'])
# Establish REST Client
client = jyutil.rest_client.initialize(
client_config,
master)
# Construct PKI Subsystem Configuration Data
data = None
if master['pki_instance_type'] == "Apache":
if master['pki_subsystem'] == "RA":
print "%s '%s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif master['pki_subsystem'] == "TPS":
print "%s '%s' %s" %\
(log.PKI_JYTHON_INDENTATION_2,
master['pki_subsystem'],
log.PKI_JYTHON_NOT_YET_IMPLEMENTED)
return rv
elif master['pki_instance_type'] == "Tomcat":
# PKI or Cloned CA, KRA, OCSP, or TKS, Subordinate CA, or External CA
data = jyutil.rest_client.construct_pki_configuration_data(token)
# Formulate PKI Subsystem Configuration Data Response
jyutil.rest_client.configure_pki_data(data)
if __name__ == "__main__":
main(sys.argv)
|