diff options
Diffstat (limited to 'ipaserver/install/dogtaginstance.py')
-rw-r--r-- | ipaserver/install/dogtaginstance.py | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index 14b96ba36..66a76c75d 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -25,6 +25,7 @@ import traceback from ipapython import certmonger from ipapython import dogtag +from ipapython import ipaldap from ipapython import ipautil from ipapython import services as ipaservices from ipapython.dn import DN @@ -66,6 +67,9 @@ class DogtagInstance(service.Service): CA, KRA, and eventually TKS and TPS. """ + ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert' + AGENT_P12_PATH = '/root/ca-agent.p12' + def __init__(self, realm, subsystem, service_desc, dogtag_constants=None): if dogtag_constants is None: dogtag_constants = dogtag.configured_constants() @@ -84,6 +88,7 @@ class DogtagInstance(service.Service): self.clone = False self.basedn = DN(('o', 'ipa%s' % subsystem.lower())) + self.admin_user = DN(('uid', 'admin'), ('ou', 'people'), ('o', 'ipaca')) self.agent_db = tempfile.mkdtemp(prefix="tmp-") self.ds_port = DEFAULT_DSPORT self.server_root = dogtag_constants.SERVER_ROOT @@ -109,7 +114,7 @@ class DogtagInstance(service.Service): self.server_root, self.dogtag_constants.PKI_INSTANCE_NAME, self.subsystem.lower())) - def spawn_instance(self, cfg_file): + def spawn_instance(self, cfg_file, nolog_list=None): """ Create and configure a new Dogtag instance using pkispawn. Passes in a configuration file with IPA-specific @@ -118,7 +123,10 @@ class DogtagInstance(service.Service): subsystem = self.subsystem # Define the things we don't want logged - nolog = (self.admin_password, self.dm_password,) + if nolog_list is None: + nolog_list = [] + nolog_list.extend([self.admin_password, self.dm_password]) + nolog = tuple(nolog_list) args = ["/usr/sbin/pkispawn", "-s", subsystem, @@ -330,3 +338,23 @@ class DogtagInstance(service.Service): base64.b64encode(cert), quotes=False, separator='=') + + def get_admin_cert(self): + """ + Get the certificate for the admin user by checking the ldap entry + for the user + """ + root_logger.debug('Trying to find the certificate for the admin user') + conn = None + + try: + conn = ipaldap.IPAdmin(self.fqdn, self.ds_port) + conn.do_simple_bind(DN(('cn', 'Directory Manager')), self.dm_password) + + entry_attrs = conn.get_entry(self.admin_user, ['usercertificate']) + admin_cert = entry_attrs.get('usercertificate')[0] + finally: + if conn is not None: + conn.unbind() + + return base64.b64encode(admin_cert)
\ No newline at end of file |