diff options
author | Simo Sorce <simo@redhat.com> | 2015-08-25 15:42:25 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-10-01 16:20:49 -0400 |
commit | 78c59858cddec7f5fec176eacaf318e2d77d2045 (patch) | |
tree | b9c4a4738aba35a3014584d3f6ea694639c0f5fa /ipaserver/install/custodiainstance.py | |
parent | 7af795f3a2b314475ca24aae344544be91738607 (diff) | |
download | freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.gz freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.xz freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.zip |
Allow to install the KRA on a promoted servercustodia-review
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipaserver/install/custodiainstance.py')
-rw-r--r-- | ipaserver/install/custodiainstance.py | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 6f4afb3a9..eb9512bf1 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -78,13 +78,12 @@ class CustodiaInstance(SimpleServiceInstance): cli = CustodiaClient(self.fqdn, master_host_name, self.realm) cli.fetch_key('dm/DMHash') - def get_ca_keys(self, ca_host, cacerts_file, cacerts_pwd): + def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): # Fecth all needed certs one by one, then combine them in a single # p12 file - certlist = ['caSigningCert cert-pki-ca', - 'ocspSigningCert cert-pki-ca', - 'auditSigningCert cert-pki-ca', - 'subsystemCert cert-pki-ca'] + + prefix = data['prefix'] + certlist = data['list'] cli = CustodiaClient(self.fqdn, ca_host, self.realm) @@ -104,7 +103,7 @@ class CustodiaInstance(SimpleServiceInstance): f.flush() for nickname in certlist: - value = cli.fetch_key(os.path.join('ca', nickname), False) + value = cli.fetch_key(os.path.join(prefix, nickname), False) v = json_decode(value) pk12pwfile = os.path.join(tmpnssdir, 'pk12pwfile') with open(pk12pwfile, 'w+') as f: @@ -129,6 +128,24 @@ class CustodiaInstance(SimpleServiceInstance): finally: shutil.rmtree(tmpnssdir) + def get_ca_keys(self, ca_host, cacerts_file, cacerts_pwd): + certlist = ['caSigningCert cert-pki-ca', + 'ocspSigningCert cert-pki-ca', + 'auditSigningCert cert-pki-ca', + 'subsystemCert cert-pki-ca'] + data = {'prefix': 'ca', + 'list': certlist} + self.__get_keys(ca_host, cacerts_file, cacerts_pwd, data) + + def get_kra_keys(self, ca_host, cacerts_file, cacerts_pwd): + certlist = ['auditSigningCert cert-pki-kra', + 'storageCert cert-pki-kra', + 'subsystemCert cert-pki-ca', + 'transportCert cert-pki-kra'] + data = {'prefix': 'ca', + 'list': certlist} + self.__get_keys(ca_host, cacerts_file, cacerts_pwd, data) + def __start(self): super(CustodiaInstance, self).__start() |