[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] establish contents of serverCertNick.conf



Please review the attached patch which addresses the following ticket:

The code was successfully tested on a machine with an attached HSM.


From 56464d0341a2531389518d486b2082103998fd82 Mon Sep 17 00:00:00 2001
From: Matthew Harmsen <mharmsen redhat com>
Date: Tue, 12 May 2015 18:29:31 -0600
Subject: [PATCH] establish contents of serverCertNick.conf

- PKI TRAC Ticket #1370 - pkispawn: installation with HSM from external CA
  should hold off prepending token name in serverCertNick.conf till phase 2
---
 .../python/pki/server/deployment/pkihelper.py      | 39 ++++++++++++++++++++++
 .../python/pki/server/deployment/pkimessages.py    |  1 +
 .../server/deployment/scriptlets/finalization.py   |  2 ++
 3 files changed, 42 insertions(+)

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 5527d7f..17f806c 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -2696,6 +2696,44 @@ class PK12util:
         return
 
 
+class ServerCertNickConf:
+    """PKI Deployment serverCertNick.conf Class"""
+
+    def __init__(self, deployer):
+        self.mdict = deployer.mdict
+        self.hsm_enable = config.str2bool(self.mdict['pki_hsm_enable'])
+        self.external = config.str2bool(self.mdict['pki_external'])
+        self.nickname = self.mdict['pki_self_signed_nickname']
+        self.servercertnick_conf = self.mdict['pki_target_servercertnick_conf']
+        self.standalone = config.str2bool(self.mdict['pki_standalone'])
+        self.step_two = config.str2bool(self.mdict['pki_external_step_two'])
+        self.token_name = self.mdict['pki_token_name']
+
+    def establish_contents(self):
+        if self.hsm_enable and (self.external or self.standalone):
+            try:
+                # overwrite value inside 'serverCertNick.conf'
+                with open(self.servercertnick_conf, "w") as fd:
+                    ssl_server_nickname = None
+                    if self.step_two:
+                        # use final HSM name
+                        ssl_server_nickname = self.token_name + ":" +\
+                                              self.nickname
+                    else:
+                        # use softokn name
+                        ssl_server_nickname = self.nickname
+                    fd.write(ssl_server_nickname);
+                    config.pki_log.info(
+                        log.PKIHELPER_SERVERCERTNICK_CONF_2,
+                        self.servercertnick_conf,
+                        ssl_server_nickname,
+                        extra=config.PKI_INDENTATION_LEVEL_2)
+            except OSError as exc:
+                config.pki_log.error(log.PKI_OSERROR_1, exc,
+                                     extra=config.PKI_INDENTATION_LEVEL_2)
+                raise
+
+
 class KRAConnector:
     """PKI Deployment KRA Connector Class"""
 
@@ -4345,6 +4383,7 @@ class PKIDeployer:
         self.pk12util = PK12util(self)
         self.kra_connector = KRAConnector(self)
         self.security_domain = SecurityDomain(self)
+        self.servercertnick_conf = ServerCertNickConf(self)
         self.systemd = Systemd(self)
         self.tps_connector = TPSConnector(self)
         self.config_client = ConfigClient(self)
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index 9129b84..321ea78 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -278,6 +278,7 @@ PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2 = \
     "updateDomainXML SUCCESSFULLY deleted this '%s' entry from "\
     "security domain '%s'"
 PKIHELPER_SELINUX_DISABLED = "Selinux is disabled.  Not checking port contexts"
+PKIHELPER_SERVERCERTNICK_CONF_2 = "Overwriting contents of '%s' with '%s'"
 PKIHELPER_SET_MODE_1 = "setting ownerships, permissions, and acls on '%s'"
 PKIHELPER_SLOT_SUBSTITUTION_2 = "slot substitution: '%s' ==> '%s'"
 PKIHELPER_SSLGET_OUTPUT_1 = '''
diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py
index f41f1d5..bd38071 100644
--- a/base/server/python/pki/server/deployment/scriptlets/finalization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py
@@ -62,6 +62,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             deployer.systemd.disable()
         else:
             deployer.systemd.enable()
+        # Establish correct information in 'serverCertNick.conf'
+        deployer.servercertnick_conf.establish_contents()
         # Optionally, programmatically 'restart' the configured PKI instance
         if config.str2bool(deployer.mdict['pki_restart_configured_instance']):
             deployer.systemd.restart()
-- 
1.8.3.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]