Extract function for computing default subject base

Part of: https://fedorahosted.org/freeipa/ticket/2614

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ipaserver/install/cainstance.py

@@ -352,10 +352,10 @@ class CAInstance(DogtagInstance):
             self.clone = True
         self.master_host = master_host
         self.master_replication_port = master_replication_port
-        if subject_base is None:
-            self.subject_base = DN(('O', self.realm))
-        else:
-            self.subject_base = subject_base
+
+        self.subject_base = \
+            subject_base or installutils.default_subject_base(self.realm)
+
         if ca_signing_algorithm is None:
             self.ca_signing_algorithm = 'SHA256withRSA'
         else:

ipaserver/install/dsinstance.py

@@ -1251,7 +1251,8 @@ class DsInstance(service.Service):
                                          replacevars=vardict)
 
     def __get_ds_cert(self):
-        subject = self.subject_base or DN(('O', self.realm))
+        subject = self.subject_base \
+                or installutils.default_subject_base(self.realm)
         nssdb_dir = config_dirname(self.serverid)
         db = certs.CertDB(self.realm, nssdir=nssdb_dir, subject_base=subject)
         db.create_from_cacert(paths.IPA_CA_CRT)

ipaserver/install/installutils.py

@@ -1476,3 +1476,7 @@ def restart_dirsrv(instance_name="", capture_output=True):
                                           capture_output=capture_output,
                                           wait=True, ldapi=True)
     api.Backend.ldap2.connect()
+
+
+def default_subject_base(realm_name):
+    return DN(('O', realm_name))

ipaserver/install/krainstance.py

@@ -90,10 +90,10 @@ class KRAInstance(DogtagInstance):
         if self.pkcs12_info is not None or promote:
             self.clone = True
         self.master_host = master_host
-        if subject_base is None:
-            self.subject_base = DN(('O', self.realm))
-        else:
-            self.subject_base = subject_base
+
+        self.subject_base = \
+            subject_base or installutils.default_subject_base(realm_name)
+
         self.realm = realm_name
         self.suffix = ipautil.realm_to_suffix(realm_name)
 

ipaserver/install/server/install.py

@@ -465,7 +465,7 @@ def install_check(installer):
         realm_name = options.realm_name.upper()
 
     if not options.subject_base:
-        options.subject_base = DN(('O', realm_name))
+        options.subject_base = installutils.default_subject_base(realm_name)
 
     if options.http_cert_files:
         if options.http_pin is None:

ipaserver/install/server/replicainstall.py

@@ -78,7 +78,7 @@ def install_http_certs(host_name, realm_name, subject_base):
     principal = 'HTTP/%s@%s' % (host_name, realm_name)
     # Obtain certificate for the HTTP service
     nssdir = certs.NSS_DIR
-    subject = subject_base or DN(('O', realm_name))
+    subject = subject_base or installutils.default_subject_base(realm_name)
     db = certs.CertDB(realm_name, nssdir=nssdir, subject_base=subject)
     db.request_service_cert('Server-Cert', principal, host_name, True)