From 6de5432d25723b5ae4af88bf126fb48862abc8ce Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Oct 05 2017 10:57:10 +0000 Subject: Remove duplicate references to external CA type Part of: https://pagure.io/freeipa/issue/6858 Reviewed-By: Florence Blanc-Renaud --- diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index fc485c5..4579492 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -64,7 +64,7 @@ def parse_options(): default=False, help="unattended installation never prompts the user") parser.add_option("--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR to be signed by an external CA") - ext_cas = ("generic", "ms-cs") + ext_cas = tuple(x.value for x in cainstance.ExternalCAType) parser.add_option("--external-ca-type", dest="external_ca_type", type="choice", choices=ext_cas, metavar="{{{0}}}".format(",".join(ext_cas)), diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 1f295f7..17b6bef 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -363,11 +363,6 @@ def uninstall(): ca_instance.uninstall() -class ExternalCAType(enum.Enum): - GENERIC = 'generic' - MS_CS = 'ms-cs' - - class CASigningAlgorithm(enum.Enum): SHA1_WITH_RSA = 'SHA1withRSA' SHA_256_WITH_RSA = 'SHA256withRSA' @@ -413,7 +408,7 @@ class CAInstallInterface(dogtag.DogtagInstallInterface, external_ca = master_install_only(external_ca) external_ca_type = knob( - ExternalCAType, None, + cainstance.ExternalCAType, None, description="Type of the external CA", ) external_ca_type = master_install_only(external_ca_type) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 6b3ad3f..b6fbd08 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -25,6 +25,7 @@ import base64 import logging import dbus +import enum import ldap import os import pwd @@ -95,6 +96,11 @@ ADMIN_GROUPS = [ ] +class ExternalCAType(enum.Enum): + GENERIC = 'generic' + MS_CS = 'ms-cs' + + def check_port(): """ Check that dogtag port (8443) is available. @@ -353,7 +359,7 @@ class CAInstance(DogtagInstance): if ca_type is not None: self.ca_type = ca_type else: - self.ca_type = 'generic' + self.ca_type = ExternalCAType.GENERIC.value self.no_db_setup = promote self.use_ldaps = use_ldaps @@ -565,7 +571,7 @@ class CAInstance(DogtagInstance): config.set("CA", "pki_external", "True") config.set("CA", "pki_external_csr_path", self.csr_file) - if self.ca_type == 'ms-cs': + if self.ca_type == ExternalCAType.MS_CS.value: # Include MS template name extension in the CSR config.set("CA", "pki_req_ext_add", "True") config.set("CA", "pki_req_ext_oid", "1.3.6.1.4.1.311.20.2") diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index 2d499c1..b227d31 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -60,7 +60,7 @@ class CACertManage(admintool.AdminTool): "--self-signed", dest='self_signed', action='store_true', help="Sign the renewed certificate by itself") - ext_cas = ("generic", "ms-cs") + ext_cas = tuple(x.value for x in cainstance.ExternalCAType) renew_group.add_option( "--external-ca-type", dest="external_ca_type", type="choice", choices=ext_cas, @@ -191,7 +191,8 @@ class CACertManage(admintool.AdminTool): def renew_external_step_1(self, ca): print("Exporting CA certificate signing request, please wait") - if self.options.external_ca_type == 'ms-cs': + if self.options.external_ca_type \ + == cainstance.ExternalCAType.MS_CS.value: profile = 'SubCA' else: profile = ''