Extract function for computing default subject base

Part of: https://fedorahosted.org/freeipa/ticket/2614 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-11-16 20:39:23 +1000
committer: Jan Cholasta <jcholast@redhat.com> 2017-01-11 15:26:20 +0100
commit: 6f3eb85c302f54bec561337e6627c89144b589ff (patch)
tree: cc9efe3c35ab805bb6b6ad1555ad538e1132e2bb /ipaserver/install
parent: c6db493b06320455a2366945911939a605df2a73 (diff)
download: freeipa-6f3eb85c302f54bec561337e6627c89144b589ff.tar.gz
freeipa-6f3eb85c302f54bec561337e6627c89144b589ff.tar.xz
freeipa-6f3eb85c302f54bec561337e6627c89144b589ff.zip
6 files changed, 16 insertions, 11 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index c7e81f085..4f01f83e4 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -352,10 +352,10 @@ class CAInstance(DogtagInstance):
             self.clone = True
         self.master_host = master_host
         self.master_replication_port = master_replication_port
-        if subject_base is None:
-            self.subject_base = DN(('O', self.realm))
-        else:
-            self.subject_base = subject_base
+
+        self.subject_base = \
+            subject_base or installutils.default_subject_base(self.realm)
+
         if ca_signing_algorithm is None:
             self.ca_signing_algorithm = 'SHA256withRSA'
         else:
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 89315b6e8..27444a2f5 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -1251,7 +1251,8 @@ class DsInstance(service.Service):
                                          replacevars=vardict)
 
     def __get_ds_cert(self):
-        subject = self.subject_base or DN(('O', self.realm))
+        subject = self.subject_base \
+                or installutils.default_subject_base(self.realm)
         nssdb_dir = config_dirname(self.serverid)
         db = certs.CertDB(self.realm, nssdir=nssdb_dir, subject_base=subject)
         db.create_from_cacert(paths.IPA_CA_CRT)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 21cf4c107..ca7a5d6ac 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -1476,3 +1476,7 @@ def restart_dirsrv(instance_name="", capture_output=True):
                                           capture_output=capture_output,
                                           wait=True, ldapi=True)
     api.Backend.ldap2.connect()
+
+
+def default_subject_base(realm_name):
+    return DN(('O', realm_name))
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 554811c6c..1d9c2b773 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -90,10 +90,10 @@ class KRAInstance(DogtagInstance):
         if self.pkcs12_info is not None or promote:
             self.clone = True
         self.master_host = master_host
-        if subject_base is None:
-            self.subject_base = DN(('O', self.realm))
-        else:
-            self.subject_base = subject_base
+
+        self.subject_base = \
+            subject_base or installutils.default_subject_base(realm_name)
+
         self.realm = realm_name
         self.suffix = ipautil.realm_to_suffix(realm_name)
 
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 6b13bec6c..aae8d367a 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -465,7 +465,7 @@ def install_check(installer):
         realm_name = options.realm_name.upper()
 
     if not options.subject_base:
-        options.subject_base = DN(('O', realm_name))
+        options.subject_base = installutils.default_subject_base(realm_name)
 
     if options.http_cert_files:
         if options.http_pin is None:
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 915281d78..16352a5c8 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -78,7 +78,7 @@ def install_http_certs(host_name, realm_name, subject_base):
     principal = 'HTTP/%s@%s' % (host_name, realm_name)
     # Obtain certificate for the HTTP service
     nssdir = certs.NSS_DIR
-    subject = subject_base or DN(('O', realm_name))
+    subject = subject_base or installutils.default_subject_base(realm_name)
     db = certs.CertDB(realm_name, nssdir=nssdir, subject_base=subject)
     db.request_service_cert('Server-Cert', principal, host_name, True)
author	Fraser Tweedale <ftweedal@redhat.com>	2016-11-16 20:39:23 +1000
committer	Jan Cholasta <jcholast@redhat.com>	2017-01-11 15:26:20 +0100
commit	6f3eb85c302f54bec561337e6627c89144b589ff (patch)
tree	cc9efe3c35ab805bb6b6ad1555ad538e1132e2bb /ipaserver/install
parent	c6db493b06320455a2366945911939a605df2a73 (diff)
download	freeipa-6f3eb85c302f54bec561337e6627c89144b589ff.tar.gz freeipa-6f3eb85c302f54bec561337e6627c89144b589ff.tar.xz freeipa-6f3eb85c302f54bec561337e6627c89144b589ff.zip