dsinstance, httpinstance: Don't hardcode 'Server-Cert'

2025-02-25 18:55:28 -06:00 · 2013-03-15 10:09:58 +01:00 · 2013-03-15 10:09:58 +01:00 · a03aba5704
commit a03aba5704
parent ac06a28cf9
2 changed files with 22 additions and 12 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -154,14 +154,15 @@ info: IPA V2.0
 """

 class DsInstance(service.Service):
-    def __init__(self, realm_name=None, domain_name=None, dm_password=None, fstore=None):
+    def __init__(self, realm_name=None, domain_name=None, dm_password=None,
+                 fstore=None, cert_nickname='Server-Cert'):
        service.Service.__init__(self, "dirsrv",
            service_desc="directory server",
            dm_password=dm_password,
            ldapi=False,
            autobind=service.DISABLED
            )
-        self.nickname = 'Server-Cert'
+        self.nickname = cert_nickname
        self.dm_password = dm_password
        self.realm_name = realm_name
        self.sub_dict = None
@ -542,19 +543,24 @@ class DsInstance(service.Service):
            self.dercert = dsdb.get_cert_from_db(nickname, pem=False)
            dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid )
        else:
-            nickname = "Server-Cert"
+            nickname = self.nickname
            cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base)
            if self.self_signed_ca:
                dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
-                self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb)
-                dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid)
+                self.dercert = dsdb.create_server_cert(nickname, self.fqdn, cadb)
+                dsdb.track_server_cert(
+                    nickname, self.principal, dsdb.passwd_fname,
+                    'restart_dirsrv %s' % self.serverid)
                dsdb.create_pin_file()
            else:
                # FIXME, need to set this nickname in the RA plugin
                cadb.export_ca_cert('ipaCert', False)
                dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
-                self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb)
-                dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid)
+                self.dercert = dsdb.create_server_cert(
+                    nickname, self.fqdn, cadb)
+                dsdb.track_server_cert(
+                    nickname, self.principal, dsdb.passwd_fname,
+                    'restart_dirsrv %s' % self.serverid)
                dsdb.create_pin_file()

        conn = ipaldap.IPAdmin(self.fqdn)
@ -685,7 +691,7 @@ class DsInstance(service.Service):
            # will match what is in certmonger
            dirname = config_dirname(serverid)[:-1]
            dsdb = certs.CertDB(self.realm_name, nssdir=dirname)
-            dsdb.untrack_server_cert("Server-Cert")
+            dsdb.untrack_server_cert(self.nickname)
            erase_ds_instance_data(serverid)

        # At one time we removed this user on uninstall. That can potentially
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -50,13 +50,15 @@ class WebGuiInstance(service.SimpleServiceInstance):
        service.SimpleServiceInstance.__init__(self, "ipa_webgui")

 class HTTPInstance(service.Service):
-    def __init__(self, fstore = None):
+    def __init__(self, fstore=None, cert_nickname='Server-Cert'):
        service.Service.__init__(self, "httpd", service_desc="the web interface")
        if fstore:
            self.fstore = fstore
        else:
            self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')

+        self.cert_nickname = cert_nickname
+
    subject_base = ipautil.dn_attribute_property('_subject_base')

    def create_instance(self, realm, fqdn, domain_name, dm_password=None, autoconfig=True, pkcs12_info=None, self_signed_ca=False, subject_base=None, auto_redirect=True):
@ -256,8 +258,10 @@ class HTTPInstance(service.Service):
                db.create_from_cacert(ca_db.cacert_fname)

            db.create_password_conf()
-            self.dercert = db.create_server_cert("Server-Cert", self.fqdn, ca_db)
-            db.track_server_cert("Server-Cert", self.principal, db.passwd_fname, 'restart_httpd')
+            self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn,
+                                                 ca_db)
+            db.track_server_cert(self.cert_nickname, self.principal,
+                                 db.passwd_fname, 'restart_httpd')
            db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)

        # Fix the database permissions
@ -365,7 +369,7 @@ class HTTPInstance(service.Service):
            self.stop()

        db = certs.CertDB(api.env.realm)
-        db.untrack_server_cert("Server-Cert")
+        db.untrack_server_cert(self.cert_nickname)
        if not enabled is None and not enabled:
            self.disable()