install: drop support for Dogtag 9

Dogtag 9 CA and CA DS install and uninstall code was removed. Existing
Dogtag 9 CA and CA DS instances are disabled on upgrade.

Creating a replica of a Dogtag 9 IPA master is still supported.

https://fedorahosted.org/freeipa/ticket/5197

Reviewed-By: David Kupka <dkupka@redhat.com>

2 files changed, 4 insertions, 129 deletions

diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index 6ebec205a..2a4e43d3c 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -32,7 +32,6 @@ import shlex
 import subprocess
 import tempfile
 from ipapython import ipautil
-from ipapython import dogtag
 from ipapython.ipa_log_manager import *
 from ipaplatform.paths import paths
 from ipaplatform import services
@@ -444,15 +443,13 @@ def remove_principal_from_cas():
             ca.prop_if.Set(DBUS_CM_CA_IF, 'external-helper', ext_helper)
 
 
-def get_pin(token, dogtag_constants=None):
+def get_pin(token):
     """
     Dogtag stores its NSS pin in a file formatted as token:PIN.
 
     The caller is expected to handle any exceptions raised.
     """
-    if dogtag_constants is None:
-        dogtag_constants = dogtag.configured_constants()
-    with open(dogtag_constants.PASSWORD_CONF_PATH, 'r') as f:
+    with open(paths.PKI_TOMCAT_PASSWORD_CONF, 'r') as f:
         for line in f:
             (tok, pin) = line.split('=', 1)
             if token == tok:
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 0436d5f46..9c8779ead 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -18,19 +18,16 @@
 #
 
 import collections
-import os
 import xml.dom.minidom
 
 import nss.nss as nss
 import six
-from six.moves import configparser
 from six.moves.urllib.parse import urlencode
 
 from ipalib import api, errors
 from ipalib.errors import NetworkError
 from ipalib.text import _
 from ipapython import nsslib, ipautil
-from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import *
 
 # Python 3 rename. The package is available in "six.moves.http_client", but
@@ -43,16 +40,6 @@ except ImportError:
 if six.PY3:
     unicode = str
 
-# IPA can use either Dogtag version 9 or 10.
-#
-# Install tools should use the constants from install_constants, so that they
-# install with version 10 if it is available, and with 9 if not.
-# After IPA installation, the Dogtag version used is stored in the
-# "dogtag_version" config option. (If that is missing, version 9 is assumed.)
-# The configured_constants() function below provides constants relevant to
-# the configured version.
-
-
 Profile = collections.namedtuple('Profile', ['profile_id', 'description', 'store_issued'])
 
 INCLUDED_PROFILES = {
@@ -62,113 +49,6 @@ INCLUDED_PROFILES = {
 
 DEFAULT_PROFILE = u'caIPAserviceCert'
 
-class Dogtag10Constants(object):
-    DOGTAG_VERSION = 10
-    UNSECURE_PORT = 8080
-    AGENT_SECURE_PORT = 8443
-    EE_SECURE_PORT = 8443
-    AJP_PORT = 8009
-    DS_PORT = 389
-    DS_SECURE_PORT = 636
-
-    SPAWN_BINARY = paths.PKISPAWN
-    DESTROY_BINARY = paths.PKIDESTROY
-
-    SERVER_ROOT = paths.VAR_LIB_PKI_DIR
-    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
-    PKI_INSTANCE_NAME = 'pki-tomcat'
-    PKI_LOG_TOP_LEVEL = os.path.join(paths.VAR_LOG_PKI_DIR, PKI_INSTANCE_NAME)
-    PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
-    CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
-    CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT
-    PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
-    SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT
-    ALIAS_DIR = paths.PKI_TOMCAT_ALIAS_DIR.rstrip('/')
-    SYSCONFIG_FILE_PATH = '%s/%s' % (paths.ETC_SYSCONFIG_DIR, PKI_INSTANCE_NAME)
-    KRA_CS_CFG_PATH = '%s/conf/kra/CS.cfg' % PKI_ROOT
-
-    SERVICE_NAME = 'pki_tomcatd'
-
-    RACERT_LINE_SEP = '\n'
-
-    SIGN_PROFILE = '%s/caJarSigningCert.cfg' % SERVICE_PROFILE_DIR
-    SHARED_DB = True
-    DS_USER = "dirsrv"
-    DS_NAME = "dirsrv"
-
-
-class Dogtag9Constants(object):
-    DOGTAG_VERSION = 9
-    UNSECURE_PORT = 9180
-    AGENT_SECURE_PORT = 9443
-    EE_SECURE_PORT = 9444
-    AJP_PORT = 9447
-    DS_PORT = 7389
-    DS_SECURE_PORT = 7636
-
-    SPAWN_BINARY = paths.PKICREATE
-    DESTROY_BINARY = paths.PKISILENT
-
-    SERVER_ROOT = paths.VAR_LIB
-    PKI_INSTALL_LOG = paths.PKI_CA_INSTALL_LOG
-    PKI_INSTANCE_NAME = 'pki-ca'
-    PKI_LOG_TOP_LEVEL = paths.PKI_CA_LOG_DIR
-    PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME)
-    CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR
-    CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT
-    PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT
-    SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT
-    ALIAS_DIR = '%s/alias' % PKI_ROOT
-    SYSCONFIG_FILE_PATH = '%s/%s' % (paths.ETC_SYSCONFIG_DIR, PKI_INSTANCE_NAME)
-
-    SERVICE_NAME = 'pki-cad'
-
-    RACERT_LINE_SEP = '\r\n'
-
-    ADMIN_SECURE_PORT = 9445
-    EE_CLIENT_AUTH_PORT = 9446
-    TOMCAT_SERVER_PORT = 9701
-
-    SIGN_PROFILE = '%s/caJarSigningCert.cfg' % SERVICE_PROFILE_DIR
-    SHARED_DB = False
-    DS_USER = "pkisrv"
-    DS_NAME = "PKI-IPA"
-
-if os.path.exists(paths.PKISPAWN):
-    install_constants = Dogtag10Constants
-else:
-    install_constants = Dogtag9Constants
-
-
-def _get_configured_version(api):
-    """Get the version of Dogtag IPA is configured to use
-
-    If an API is given, use information in its environment.
-    Otherwise, use information from the global config file.
-    """
-    if api:
-        return int(api.env.dogtag_version)
-    else:
-        p = configparser.SafeConfigParser()
-        p.read(paths.IPA_DEFAULT_CONF)
-        try:
-            version = p.get('global', 'dogtag_version')
-        except (configparser.NoOptionError, configparser.NoSectionError):
-            return 9
-        else:
-            return int(version)
-
-
-def configured_constants(api=None):
-    """Get the name of the Dogtag CA instance
-
-    See get_configured_version
-    """
-    if _get_configured_version(api) >= 10:
-        return Dogtag10Constants
-    else:
-        return Dogtag9Constants
-
 
 def error_from_xml(doc, message_template):
     try:
@@ -179,18 +59,16 @@ def error_from_xml(doc, message_template):
         return errors.RemoteRetrieveError(reason=message_template % e)
 
 
-def get_ca_certchain(ca_host=None, dogtag_constants=None):
+def get_ca_certchain(ca_host=None):
     """
     Retrieve the CA Certificate chain from the configured Dogtag server.
     """
     if ca_host is None:
         ca_host = api.env.ca_host
-    if dogtag_constants is None:
-        dogtag_constants = configured_constants()
     chain = None
     conn = httplib.HTTPConnection(
         ca_host,
-        api.env.ca_install_port or dogtag_constants.UNSECURE_PORT)
+        api.env.ca_install_port or 8080)
     conn.request("GET", "/ca/ee/ca/getCertChain")
     res = conn.getresponse()
     doc = None