[Pki-devel] [PATCH - RHCS 8.1 ONLY] Bugzilla Bug #979559 - Parameter --ca_domain_url should be optional [REVISED]
Matthew Harmsen
mharmsen at redhat.com
Fri Aug 2 17:10:56 UTC 2013
On 08/02/13 08:06, Ade Lee wrote:
> The patch appears to do pretty much what we discussed., so with the
> comments below, ACK.
>
> Couple of comments:
> 1. default_tks_admin_hostname etc. appear to be defined as global
> variables, when they are in fact only used in main. Lets define them
> there where they are used. I know we have a huge list of globals in
> pkisilent, but thats just bad practice.
Done.
> 2. I'm a little confused as to why the "empty" value is being used. It
> seems to the equivalent state as "". I'm assuming its because you added
> this value to the templates, and that this is more intuitive than
> setting a parameter value to "" or not setting it at all?
Yes, these were added to the templates. The reason for the
invention of "empty" was because the parsing mechanism of
pkisilent threw the "" value away, thus I passed in the string
"empty" so that it could be processed. The parser already
utilizes other "magic" values such as "(optional" to distinguish
between required and optional parameters, and I felt that
it was prudent not to attempt to alter the overall pkisilent
parsing mechanism in order to address the bug in question.
>
> Ade
>
> On Thu, 2013-08-01 at 20:41 -0700, Matthew Harmsen wrote:
>> Please review the attached patch for the following RHCS 8.1 bug:
>> * Bugzilla Bug #979559 - Parameter --ca_domain_url should be
>> optional
>> This bug addresses the problem of attempting to configure an instance
>> using a version of pki-silent which contains the new code with
>> expanded parameters while using an old template from a previous
>> version of pki-silent which did not contain these parameters.
>>
>> Tested by installing and successfully configuring a CA, KRA, TKS, and
>> TPS using legacy templates as well as successfully configuring a CA,
>> KRA, TKS, and TPS using the new templates.
>>
>> The attached code was revised to exclude the DRM/TKS agent
>> hostname:port and provide more verbose help messages regarding the
>> optional new URL parameters.
>>
>> For readability sake, the new URL help messages follow:
>> # pkisilent ConfigureCA -help | grep _url
>> -ca_domain_url <string> CA Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this CA Instance (optional
>> but recommended for IP Port Separation)
>>
>> # pkisilent ConfigureDRM -help | grep _url
>> -ca_domain_url <string> DRM Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this DRM Instance (optional
>> but recommended for IP Port Separation)
>>
>> # pkisilent ConfigureOCSP -help | grep _url
>> -ca_domain_url <string> OCSP Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this OCSP Instance
>> (optional but recommended for IP Port Separation)
>>
>> # pkisilent ConfigureTKS -help | grep _url
>> -ca_domain_url <string> TKS Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this TKS Instance (optional
>> but recommended for IP Port Separation)
>>
>> # pkisilent ConfigureRA -help | grep _url
>> -ca_issuance_url <string> CA Choice Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates (optional but recommended if used with IP
>> Port Separated CA)
>> -ca_domain_url <string> RA Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this RA Instance (optional
>> but recommended if used with IP Port Separated CA)
>>
>> # pkisilent ConfigureTPS -help | grep _url
>> -ca_issuance_url <string> CA Choice Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA
>> registered in this security domain used to Issue Certificates
>> for use by an ESC (optional but recommended if used with IP
>> Port Separated CA)
>> -tks_key_management_url <string> TKS Choice Panel -
>> 'https://<tks_agent_hostname>:<tks_agent_port>' URL to Agent
>> TKS used for Key Management (optional but recommended if used
>> with IP Port Separated TKS)
>> -drm_server_side_keygen_url <string> DRM Choice Panel -
>> 'https://<drm_agent_hostname>:<drm_agent_port>' URL to Agent
>> DRM used for Server-Side Keygen (optional but recommended if
>> used with IP Port Separated DRM)
>> -ca_domain_url <string> TPS Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this TPS Instance (optional
>> but recommended if used with IP Port Separated CA)
>>
>> # pkisilent ConfigureSubCA -help | grep _url
>> -ca_domain_url <string> SubCA Subject Names Panel -
>> 'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to
>> Issue Certificates for Creation of this SubCA Instance
>> (optional but recommended for IP Port Separation)
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
More information about the Pki-devel
mailing list