Allow to install the KRA on a promoted servercustodia

Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-08-25 15:42:25 -0400
committer: Simo Sorce <simo@redhat.com> 2015-10-20 13:22:58 -0400
commit: 885fa8b2181cab9d6c7351dea9e32430e368eeed (patch)
tree: 431a62a26b3a47a0544593c8569229a1aa9df51a /ipaserver/install/custodiainstance.py
parent: 5d5de8c3e1c6d5ce24dd9860e112547bb8705612 (diff)
download: freeipa-custodia.tar.gz
freeipa-custodia.tar.xz
freeipa-custodia.zip
1 files changed, 23 insertions, 6 deletions
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 6f4afb3a9..eb9512bf1 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -78,13 +78,12 @@ class CustodiaInstance(SimpleServiceInstance):
         cli = CustodiaClient(self.fqdn, master_host_name, self.realm)
         cli.fetch_key('dm/DMHash')
 
-    def get_ca_keys(self, ca_host, cacerts_file, cacerts_pwd):
+    def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
         # Fecth all needed certs one by one, then combine them in a single
         # p12 file
-        certlist = ['caSigningCert cert-pki-ca',
-                    'ocspSigningCert cert-pki-ca',
-                    'auditSigningCert cert-pki-ca',
-                    'subsystemCert cert-pki-ca']
+
+        prefix = data['prefix']
+        certlist = data['list']
 
         cli = CustodiaClient(self.fqdn, ca_host, self.realm)
 
@@ -104,7 +103,7 @@ class CustodiaInstance(SimpleServiceInstance):
                 f.flush()
 
             for nickname in certlist:
-                value = cli.fetch_key(os.path.join('ca', nickname), False)
+                value = cli.fetch_key(os.path.join(prefix, nickname), False)
                 v = json_decode(value)
                 pk12pwfile = os.path.join(tmpnssdir, 'pk12pwfile')
                 with open(pk12pwfile, 'w+') as f:
@@ -129,6 +128,24 @@ class CustodiaInstance(SimpleServiceInstance):
         finally:
             shutil.rmtree(tmpnssdir)
 
+    def get_ca_keys(self, ca_host, cacerts_file, cacerts_pwd):
+        certlist = ['caSigningCert cert-pki-ca',
+                    'ocspSigningCert cert-pki-ca',
+                    'auditSigningCert cert-pki-ca',
+                    'subsystemCert cert-pki-ca']
+        data = {'prefix': 'ca',
+                'list': certlist}
+        self.__get_keys(ca_host, cacerts_file, cacerts_pwd, data)
+
+    def get_kra_keys(self, ca_host, cacerts_file, cacerts_pwd):
+        certlist = ['auditSigningCert cert-pki-kra',
+                    'storageCert cert-pki-kra',
+                    'subsystemCert cert-pki-ca',
+                    'transportCert cert-pki-kra']
+        data = {'prefix': 'ca',
+                'list': certlist}
+        self.__get_keys(ca_host, cacerts_file, cacerts_pwd, data)
+
     def __start(self):
         super(CustodiaInstance, self).__start()
author	Simo Sorce <simo@redhat.com>	2015-08-25 15:42:25 -0400
committer	Simo Sorce <simo@redhat.com>	2015-10-20 13:22:58 -0400
commit	885fa8b2181cab9d6c7351dea9e32430e368eeed (patch)
tree	431a62a26b3a47a0544593c8569229a1aa9df51a /ipaserver/install/custodiainstance.py
parent	5d5de8c3e1c6d5ce24dd9860e112547bb8705612 (diff)
download	freeipa-custodia.tar.gz freeipa-custodia.tar.xz freeipa-custodia.zip