Skip to content

Commit

Permalink
Clean up log messages in pki-server cert-fix
Browse files Browse the repository at this point in the history
  • Loading branch information
edewata committed Jan 24, 2025
1 parent 3770a7f commit 62a382e
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 30 deletions.
19 changes: 11 additions & 8 deletions base/server/python/pki/server/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -1773,6 +1773,8 @@ def renew_certificate(connection, output, serial):
:rtype: None
"""

logger.info('Renewing cert %s', hex(serial))

# Instantiate the CertClient
cert_client = pki.cert.CertClient(connection)

Expand All @@ -1786,10 +1788,10 @@ def renew_certificate(connection, output, serial):
request_data = ret[0].request
cert_data = ret[0].cert

logger.info('Request ID: %s', request_data.request_id)
logger.info('Request Status: %s', request_data.request_status)
logger.debug('request_data: %s', request_data)
logger.debug('cert_data: %s', cert_data)
logger.info('- request ID: %s', hex(int(request_data.request_id)))
logger.info('- request status: %s', request_data.request_status)
logger.debug('- request data: %s', request_data)
logger.debug('- cert data: %s', cert_data)

if not cert_data:
raise PKIServerException('Unable to renew system '
Expand All @@ -1801,13 +1803,14 @@ def renew_certificate(connection, output, serial):
raise PKIServerException('Unable to retrieve serial number of '
'renewed certificate.')

logger.info('Serial Number: %s', cert_serial_number)
logger.info('Issuer: %s', cert_data.issuer_dn)
logger.info('Subject: %s', cert_data.subject_dn)
logger.debug('Pretty Print:')
logger.info('- serial number: %s', cert_serial_number)
logger.info('- issuer: %s', cert_data.issuer_dn)
logger.info('- subject: %s', cert_data.subject_dn)
logger.debug(cert_data.pretty_repr)

new_cert_data = cert_client.get_cert(cert_serial_number=cert_serial_number)

logger.info('Storing cert into %s', output)
with open(output, 'w', encoding='utf-8') as f:
f.write(new_cert_data.encoded)

Expand Down
27 changes: 12 additions & 15 deletions base/server/python/pki/server/cli/cert.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
import sys
from tempfile import NamedTemporaryFile
import textwrap
import time

from six.moves.urllib.parse import quote # pylint: disable=F0401,E0611

Expand Down Expand Up @@ -1317,8 +1316,8 @@ def execute(self, argv, args=None):

fix_certs.append(cert['id'])

logger.info('Fixing the following system certs: %s', fix_certs)
logger.info('Renewing the following additional certs: %s', extra_certs)
logger.info('Fixing certs: %s', ', '.join(fix_certs))
logger.info('Additional certs: %s', ', '.join(extra_certs))

# Get the CA subsystem and find out Base DN.
ca_subsystem = instance.get_subsystem('ca')
Expand All @@ -1332,8 +1331,8 @@ def execute(self, argv, args=None):
dm_pass = getpass.getpass(prompt='Enter Directory Manager password: ')

# 2. Stop the server, if it's up
logger.info('Stopping the instance to proceed with system cert renewal')
instance.stop()
logger.info('Stopping PKI server')
instance.stop(wait=True)

# 3. Find the subsystem and disable Self-tests
try:
Expand Down Expand Up @@ -1428,11 +1427,11 @@ def execute(self, argv, args=None):
# 8. Delete existing certs and then import the renewed system cert(s)
for cert_id in fix_certs:
# Delete the existing cert from the instance
logger.debug('Removing old %s cert from instance %s', cert_id, instance_name)
logger.info('Removing old %s cert from NSS database', cert_id)
instance.cert_del(cert_id)

# Import this new cert into the instance
logger.debug('Importing new %s cert into instance %s', cert_id, instance_name)
logger.info('Importing new %s cert into NSS database', cert_id)
instance.cert_import(cert_id)

# If subsystem cert was renewed and server was using
Expand Down Expand Up @@ -1460,8 +1459,8 @@ def execute(self, argv, args=None):
subprocess.check_call(cmd)

# 10. Bring up the server
logger.info('Starting the instance with renewed certs')
instance.start()
logger.info('Starting PKI server with renewed certs')
instance.start(wait=True)

except pki.server.PKIServerException as e:
logger.error(str(e))
Expand Down Expand Up @@ -1498,15 +1497,13 @@ def suppress_selftest(subsystems):
@contextmanager
def start_stop(instance):
"""Start the server, run the block, and guarantee stop afterwards."""
logger.info('Starting the instance')
instance.start()
logger.info('Sleeping for 10 seconds to allow server time to start...')
time.sleep(10)
logger.info('Starting PKI server')
instance.start(wait=True)
try:
yield
finally:
logger.info('Stopping the instance')
instance.stop()
logger.info('Stopping PKI server')
instance.stop(wait=True)


@contextmanager
Expand Down
9 changes: 3 additions & 6 deletions base/server/python/pki/server/instance.py
Original file line number Diff line number Diff line change
Expand Up @@ -907,20 +907,20 @@ def cert_create(
if temp_cert:
assert subsystem is not None # temp_cert only supported with cert_id

logger.info('Trying to create a new temp cert for %s.', cert_id)
logger.info('Creating temp cert for %s', cert_id)

# Create Temp Cert and write it to new_cert_file
subsystem.temp_cert_create(nssdb, cert_tag, serial, new_cert_file)

logger.info('Temp cert for %s is available at %s.', cert_id, new_cert_file)
logger.info('Storing temp cert into %s', new_cert_file)

else:
# Create permanent certificate
if not renew:
# TODO: Support rekey
raise pki.server.PKIServerException('Rekey is not supported yet.')

logger.info('Trying to setup a secure connection to CA subsystem.')
logger.debug('Setting up secure connection to CA')
if username and password:
connection = pki.server.PKIServer.setup_password_authentication(
username, password, subsystem_name='ca', secure_port=secure_port,
Expand All @@ -938,11 +938,8 @@ def cert_create(
tmpdir=tmpdir,
secure_port=secure_port
)
logger.info('Secure connection with CA is established.')

logger.info('Placing cert creation request for serial: %s', serial)
pki.server.PKIServer.renew_certificate(connection, new_cert_file, serial)
logger.info('New cert is available at: %s', new_cert_file)

finally:
nssdb.close()
Expand Down
2 changes: 1 addition & 1 deletion base/server/python/pki/server/subsystem.py
Original file line number Diff line number Diff line change
Expand Up @@ -1070,7 +1070,7 @@ def temp_cert_create(self, nssdb, cert_tag, serial, new_cert_file):
:return: None
:rtype: None
"""
logger.info('Generate temp SSL certificate')
logger.debug('Generating temp SSL certificate')

if cert_tag != 'sslserver':
raise pki.server.PKIServerException(
Expand Down

0 comments on commit 62a382e

Please sign in to comment.