dsinstance, httpinstance: Don't hardcode 'Server-Cert'

2 files changed, 22 insertions, 12 deletions

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 84c1da0c8..5f3041c22 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -154,14 +154,15 @@ info: IPA V2.0
 """
 
 class DsInstance(service.Service):
-    def __init__(self, realm_name=None, domain_name=None, dm_password=None, fstore=None):
+    def __init__(self, realm_name=None, domain_name=None, dm_password=None,
+                 fstore=None, cert_nickname='Server-Cert'):
         service.Service.__init__(self, "dirsrv",
             service_desc="directory server",
             dm_password=dm_password,
             ldapi=False,
             autobind=service.DISABLED
             )
-        self.nickname = 'Server-Cert'
+        self.nickname = cert_nickname
         self.dm_password = dm_password
         self.realm_name = realm_name
         self.sub_dict = None
@@ -542,19 +543,24 @@ class DsInstance(service.Service):
             self.dercert = dsdb.get_cert_from_db(nickname, pem=False)
             dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid )
         else:
-            nickname = "Server-Cert"
+            nickname = self.nickname
             cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base)
             if self.self_signed_ca:
                 dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
-                self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb)
-                dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid)
+                self.dercert = dsdb.create_server_cert(nickname, self.fqdn, cadb)
+                dsdb.track_server_cert(
+                    nickname, self.principal, dsdb.passwd_fname,
+                    'restart_dirsrv %s' % self.serverid)
                 dsdb.create_pin_file()
             else:
                 # FIXME, need to set this nickname in the RA plugin
                 cadb.export_ca_cert('ipaCert', False)
                 dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
-                self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb)
-                dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid)
+                self.dercert = dsdb.create_server_cert(
+                    nickname, self.fqdn, cadb)
+                dsdb.track_server_cert(
+                    nickname, self.principal, dsdb.passwd_fname,
+                    'restart_dirsrv %s' % self.serverid)
                 dsdb.create_pin_file()
 
         conn = ipaldap.IPAdmin(self.fqdn)
@@ -685,7 +691,7 @@ class DsInstance(service.Service):
             # will match what is in certmonger
             dirname = config_dirname(serverid)[:-1]
             dsdb = certs.CertDB(self.realm_name, nssdir=dirname)
-            dsdb.untrack_server_cert("Server-Cert")
+            dsdb.untrack_server_cert(self.nickname)
             erase_ds_instance_data(serverid)
 
         # At one time we removed this user on uninstall. That can potentially
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 62ef41e7a..59782cb6f 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -50,13 +50,15 @@ class WebGuiInstance(service.SimpleServiceInstance):
         service.SimpleServiceInstance.__init__(self, "ipa_webgui")
 
 class HTTPInstance(service.Service):
-    def __init__(self, fstore = None):
+    def __init__(self, fstore=None, cert_nickname='Server-Cert'):
         service.Service.__init__(self, "httpd", service_desc="the web interface")
         if fstore:
             self.fstore = fstore
         else:
             self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
+        self.cert_nickname = cert_nickname
+
     subject_base = ipautil.dn_attribute_property('_subject_base')
 
     def create_instance(self, realm, fqdn, domain_name, dm_password=None, autoconfig=True, pkcs12_info=None, self_signed_ca=False, subject_base=None, auto_redirect=True):
@@ -256,8 +258,10 @@ class HTTPInstance(service.Service):
                 db.create_from_cacert(ca_db.cacert_fname)
 
             db.create_password_conf()
-            self.dercert = db.create_server_cert("Server-Cert", self.fqdn, ca_db)
-            db.track_server_cert("Server-Cert", self.principal, db.passwd_fname, 'restart_httpd')
+            self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn,
+                                                 ca_db)
+            db.track_server_cert(self.cert_nickname, self.principal,
+                                 db.passwd_fname, 'restart_httpd')
             db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)
 
         # Fix the database permissions
@@ -365,7 +369,7 @@ class HTTPInstance(service.Service):
             self.stop()
 
         db = certs.CertDB(api.env.realm)
-        db.untrack_server_cert("Server-Cert")
+        db.untrack_server_cert(self.cert_nickname)
         if not enabled is None and not enabled:
             self.disable()