diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index d1d103a6d..dc4b47056 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -181,6 +181,18 @@ def hsm_version(): def hsm_validator(token_name, token_library, token_password): + """Do some basic validation of the HSM information provided. + + - The local PKI server supports IPA HSM + - The token library exists + - The token name doesn't have a colon or semi-colon in it + - The token name exists after loading the library + - The token password works + - Super-simple test to see if the SELinux module is loaded + """ + if not token_name: + logger.debug("No token name, assuming not an HSM install") + return val, pki_version = hsm_version() if val is False: raise ValueError(