1 files changed, 106 insertions, 4 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 8298ecfe..22a5a6d1 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -17,17 +17,118 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+import os
 import httplib
 import xml.dom.minidom
+import ConfigParser
+from urllib import urlencode
+
 import nss.nss as nss
 from nss.error import NSPRError
-from urllib import urlencode
 
 from ipalib import api, errors
-from ipapython import nsslib, ipautil
 from ipalib.errors import NetworkError, CertificateOperationError
-from ipapython.ipa_log_manager import *
 from ipalib.text import _
+from ipapython import nsslib, ipautil
+from ipapython.ipa_log_manager import *
+
+# IPA can use either Dogtag version 9 or 10.
+#
+# Install tools should use the constants from install_constants, so that they
+# install with version 10 if it is available, and with 9 if not.
+# After IPA installation, the Dogtag version used is stored in the
+# "dogtag_version" config option. (If that is missing, version 9 is assumed.)
+# The configured_constants() function below provides constants relevant to
+# the configured version.
+
+class Dogtag10Constants(object):
+    DOGTAG_VERSION = 10
+    UNSECURE_PORT = 8080
+    AGENT_SECURE_PORT = 8443
+    EE_SECURE_PORT = 8443
+    AJP_PORT = 8009
+
+    SPAWN_BINARY = '/usr/sbin/pkispawn'
+    DESTROY_BINARY = '/usr/sbin/pkidestroy'
+
+    SERVER_ROOT = '/var/lib/pki'
+    PKI_INSTANCE_NAME = 'pki-tomcat'
+    PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
+    CRL_PUBLISH_PATH = '%s/ca/publish' % PKI_ROOT
+    CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
+    PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
+    SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT
+    ALIAS_DIR = '/etc/pki/pki-tomcat/alias'
+
+    RACERT_LINE_SEP = '\n'
+
+    IPA_SERVICE_PROFILE = '%s/caIPAserviceCert.cfg' % SERVICE_PROFILE_DIR
+    SIGN_PROFILE = '%s/caJarSigningCert.cfg' % SERVICE_PROFILE_DIR
+
+class Dogtag9Constants(object):
+    DOGTAG_VERSION = 9
+    UNSECURE_PORT = 9180
+    AGENT_SECURE_PORT = 9443
+    EE_SECURE_PORT = 9444
+    AJP_PORT = 9447
+
+    SPAWN_BINARY = '/bin/pkicreate'
+    DESTROY_BINARY = '/bin/pkisilent'
+
+    SERVER_ROOT = '/var/lib'
+    PKI_INSTANCE_NAME = 'pki-ca'
+    PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
+    CRL_PUBLISH_PATH = '%s/publish' % PKI_ROOT
+    CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
+    PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
+    SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT
+    ALIAS_DIR = '%s/alias' % PKI_ROOT
+
+    RACERT_LINE_SEP = '\r\n'
+
+    ADMIN_SECURE_PORT = 9445
+    EE_CLIENT_AUTH_PORT = 9446
+    TOMCAT_SERVER_PORT = 9701
+
+    IPA_SERVICE_PROFILE = '%s/caIPAserviceCert.cfg' % SERVICE_PROFILE_DIR
+    SIGN_PROFILE = '%s/caJarSigningCert.cfg' % SERVICE_PROFILE_DIR
+
+
+if os.path.exists('/usr/sbin/pkispawn'):
+    install_constants = Dogtag10Constants
+else:
+    install_constants = Dogtag9Constants
+
+
+def _get_configured_version(api):
+    """Get the version of Dogtag IPA is configured to use
+
+    If an API is given, use information in its environment.
+    Otherwise, use information from the global config file.
+    """
+    if api:
+        return int(api.env.dogtag_version)
+    else:
+        p = ConfigParser.SafeConfigParser()
+        p.read("/etc/ipa/default.conf")
+        try:
+            version = p.get('global', 'dogtag_version')
+        except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
+            return 9
+        else:
+            return int(version)
+
+
+def configured_constants(api=None):
+    """Get the name of the Dogtag CA instance
+
+    See get_configured_version
+    """
+    if _get_configured_version(api) >= 10:
+        return Dogtag10Constants
+    else:
+        return Dogtag9Constants
+
 
 def get_ca_certchain(ca_host=None):
     """
@@ -36,7 +137,8 @@ def get_ca_certchain(ca_host=None):
     if ca_host is None:
         ca_host = api.env.ca_host
     chain = None
-    conn = httplib.HTTPConnection(ca_host, api.env.ca_install_port)
+    conn = httplib.HTTPConnection(ca_host,
+        api.env.ca_install_port or configured_constants().UNSECURE_PORT)
     conn.request("GET", "/ca/ee/ca/getCertChain")
     res = conn.getresponse()
     doc = None