diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-06-05 02:57:48 -0400 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2015-06-05 19:12:46 +0200 |
commit | 8b3bc99a737edb9178e115c188d60d963f73e50c (patch) | |
tree | 22a9afe1ed2a78685bbd3c231b73e1c2c1f2e3fd /ipaserver/plugins | |
parent | ce33f82cfe528c17d3a1367172bb1475fe169b25 (diff) | |
download | freeipa-8b3bc99a737edb9178e115c188d60d963f73e50c.tar.gz freeipa-8b3bc99a737edb9178e115c188d60d963f73e50c.tar.xz freeipa-8b3bc99a737edb9178e115c188d60d963f73e50c.zip |
Import profiles earlier during install
Currently, IPA certificate profile import happens at end of install.
Certificates issuance during the install process does work but uses
an un-customised caIPAserviceCert profile, resulting in incorrect
subject DNs and missing extensions. Furthermore, the
caIPAserviceCert profile shipped with Dogtag will eventually be
removed.
Move the import of included certificate profiles to the end of the
cainstance deployment phase, prior to the issuance of DS and HTTP
certificates.
Part of: https://fedorahosted.org/freeipa/ticket/4002
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/dogtag.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index e6668bb43..e60cced1a 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1973,6 +1973,7 @@ class RestClient(Backend): super(RestClient, self).__init__() # session cookie + self.override_port = None self.cookie = None def _read_password(self): @@ -2007,7 +2008,8 @@ class RestClient(Backend): if self.cookie is not None: return status, status_text, resp_headers, resp_body = dogtag.https_request( - self.ca_host, self.env.ca_agent_port, '/ca/rest/account/login', + self.ca_host, self.override_port or self.env.ca_agent_port, + '/ca/rest/account/login', self.sec_dir, self.password, self.ipa_certificate_nickname, method='GET' ) @@ -2020,7 +2022,8 @@ class RestClient(Backend): def __exit__(self, exc_type, exc_value, traceback): """Log out of the REST API""" dogtag.https_request( - self.ca_host, self.env.ca_agent_port, '/ca/rest/account/logout', + self.ca_host, self.override_port or self.env.ca_agent_port, + '/ca/rest/account/logout', self.sec_dir, self.password, self.ipa_certificate_nickname, method='GET' ) @@ -2046,7 +2049,8 @@ class RestClient(Backend): # perform main request status, status_text, resp_headers, resp_body = dogtag.https_request( - self.ca_host, self.env.ca_agent_port, resource, + self.ca_host, self.override_port or self.env.ca_agent_port, + resource, self.sec_dir, self.password, self.ipa_certificate_nickname, method=method, headers=headers, body=body ) |