Added createCertificates().

5 files changed, 103 insertions, 52 deletions

diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py
index 1151c78fa..7607578df 100644
--- a/base/common/python/pki/system.py
+++ b/base/common/python/pki/system.py
@@ -271,9 +271,28 @@ class SystemConfigClient(object):
         """
         headers = {'Content-type': 'application/json',
                    'Accept': 'application/json'}
-        response = self.connection.post('/rest/installer/configure', data,
-                                        headers)
-        return response.json()
+        self.connection.post('/rest/installer/configure', data,
+                             headers)
+
+    def createCertificates(self):
+        """
+        Contacts the server and invokes the Java configuration REST API to
+        create certificates.
+        """
+        headers = {'Content-type': 'application/json',
+                   'Accept': 'application/json'}
+        self.connection.post('/rest/installer/createCertificates', None,
+                             headers)
+
+    def backupKeys(self):
+        """
+        Contacts the server and invokes the Java configuration REST API to
+        backup keys.
+        """
+        headers = {'Content-type': 'application/json',
+                   'Accept': 'application/json'}
+        self.connection.post('/rest/installer/backupKeys', None,
+                             headers)
 
     def createUsers(self):
         """
@@ -282,7 +301,7 @@ class SystemConfigClient(object):
         """
         headers = {'Content-type': 'application/json',
                    'Accept': 'application/json'}
-        self.connection.post('/rest/installer/finalize', None,
+        self.connection.post('/rest/installer/createUsers', None,
                              headers)
 
     def configureSecurityDomain(self):
@@ -292,10 +311,10 @@ class SystemConfigClient(object):
         """
         headers = {'Content-type': 'application/json',
                    'Accept': 'application/json'}
-        self.connection.post('/rest/installer/finalize', None,
+        self.connection.post('/rest/installer/configureSecurityDomain', None,
                              headers)
 
-    def finalize(self):
+    def finalizeConfiguration(self):
         """
         Contacts the server and invokes the Java configuration REST API to
         finalize subsystem configuration.
@@ -304,7 +323,19 @@ class SystemConfigClient(object):
         """
         headers = {'Content-type': 'application/json',
                    'Accept': 'application/json'}
-        response = self.connection.post('/rest/installer/finalize', None,
+        self.connection.post('/rest/installer/finalizeConfiguration', None,
+                             headers)
+
+    def getConfigurationResult(self):
+        """
+        Contacts the server and invokes the Java configuration REST API to
+        get configuration result.
+
+        :return: ConfigurationResponse -- response from configuration servlet.
+        """
+        headers = {'Content-type': 'application/json',
+                   'Accept': 'application/json'}
+        response = self.connection.post('/rest/installer/result', None,
                                         headers)
         return response.json()
 
diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java b/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java
index e967914ce..6fa82dd3b 100644
--- a/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java
+++ b/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java
@@ -26,10 +26,10 @@ import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
-import netscape.security.x509.X509CertImpl;
-
 import com.netscape.certsrv.apps.CMS;
 
+import netscape.security.x509.X509CertImpl;
+
 /**
  * @author alee
  *
@@ -44,9 +44,6 @@ public class ConfigurationResponse {
     @XmlElement
     protected SystemCertData adminCert;
 
-    @XmlElement
-    protected String status;
-
     public ConfigurationResponse() {
         systemCerts = new ArrayList<SystemCertData>();
         adminCert = new SystemCertData();
@@ -80,22 +77,6 @@ public class ConfigurationResponse {
         this.adminCert = adminCert;
     }
 
-    /**
-     * @return the status
-     */
-    public String getStatus() {
-        return status;
-    }
-
-    /**
-     * @param status the status to set
-     */
-    public void setStatus(String status) {
-        this.status = status;
-    }
-
-
-
     public void setAdminCert(X509CertImpl x509CertImpl) throws CertificateEncodingException {
         adminCert.setCert(CMS.BtoA(x509CertImpl.getEncoded()));
     }
diff --git a/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
index 3ad8abf96..4835843c5 100644
--- a/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java
@@ -32,6 +32,14 @@ public interface SystemConfigResource {
     public ConfigurationResponse configure(ConfigurationRequest data) throws Exception;
 
     @POST
+    @Path("createCertificates")
+    public void createCertificates() throws Exception;
+
+    @POST
+    @Path("backupKeys")
+    public void backupKeys() throws Exception;
+
+    @POST
     @Path("createUsers")
     public void createUsers() throws Exception;
 
@@ -40,6 +48,10 @@ public interface SystemConfigResource {
     public void configureSecurityDomain() throws Exception;
 
     @POST
-    @Path("finalize")
-    public ConfigurationResponse finalizeConfiguration() throws Exception;
+    @Path("finalizeConfiguration")
+    public void finalizeConfiguration() throws Exception;
+
+    @POST
+    @Path("result")
+    public ConfigurationResponse getConfigurationResponse() throws Exception;
 }
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index bd7e93caf..e4f5aec3f 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -187,38 +187,52 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
         configureCACertChain(data, domainXML);
 
         Collection<Cert> certs = new ArrayList<Cert>();
-        MutableBoolean hasSigningCert = new MutableBoolean();
-        processCerts(data, token, certList, certs, hasSigningCert);
-
-        // non-Stand-alone PKI submitting CSRs to external ca
-        if (data.getIssuingCA() != null && data.getIssuingCA().equals("External CA") && !hasSigningCert.booleanValue()) {
-            CMS.debug("Submit CSRs to external ca . . .");
-            response.setSystemCerts(SystemCertDataFactory.create(certs));
-            response.setStatus(SUCCESS);
-            return;
+        HttpSession session = servletRequest.getSession();
+        session.setAttribute("system_certificates", certs);
+
+        if (!data.getExistingDatabase()) {
+            MutableBoolean hasSigningCert = new MutableBoolean();
+            processCerts(data, token, certList, certs, hasSigningCert);
         }
+    }
+
+    @Override
+    public void createCertificates() {
+
+        HttpSession session = servletRequest.getSession();
+        ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request");
+        ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response");
+        Collection<Cert> certs = (Collection<Cert>)session.getAttribute("system_certificates");
 
         for (Cert cert : certs) {
             int ret;
+
             try {
                 CMS.debug("Processing '" + cert.getCertTag() + "' certificate:");
                 ret = ConfigurationUtils.handleCerts(cert);
                 ConfigurationUtils.setCertPermissions(cert.getCertTag());
                 CMS.debug("Processed '" + cert.getCertTag() + "' certificate.");
+
             } catch (Exception e) {
                 CMS.debug(e);
-                throw new PKIException("Error in configuring system certificates" + e, e);
+                throw new PKIException("Error in configuring system certificates: " + e, e);
             }
+
             if (ret != 0) {
                 throw new PKIException("Error in configuring system certificates");
             }
         }
-        response.setSystemCerts(SystemCertDataFactory.create(certs));
+    }
 
-        // backup keys
-        CMS.debug("=== Backup Keys ===");
-        if (data.getBackupKeys().equals("true")) {
-            backupKeys(data);
+    @Override
+    public void backupKeys() {
+
+        HttpSession session = servletRequest.getSession();
+        ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request");
+        ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response");
+
+        if (request.getBackupKeys().equals("true")) {
+            backupKeys(request);
         }
     }
 
@@ -243,13 +257,22 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
     }
 
     @Override
-    public ConfigurationResponse finalizeConfiguration() {
+    public void finalizeConfiguration() {
 
         HttpSession session = servletRequest.getSession();
         ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request");
         ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response");
 
         finalizeConfiguration(request, response);
+    }
+
+    @Override
+    public ConfigurationResponse getConfigurationResponse() {
+
+        HttpSession session = servletRequest.getSession();
+        ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response");
+        Collection<Cert> certs = (Collection<Cert>)session.getAttribute("system_certificates");
+        response.setSystemCerts(SystemCertDataFactory.create(certs));
 
         return response;
     }
@@ -632,8 +655,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
         String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION;
         Utils.exec("touch " + restart_server);
         Utils.exec("chmod 00660 " + restart_server);
-
-        response.setStatus(SUCCESS);
     }
 
     public void configureAdministrator(ConfigurationRequest data, ConfigurationResponse response) {
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index 1b2324f6d..24e6ee0c2 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -3818,12 +3818,18 @@ class ConfigClient:
         try:
             client = pki.system.SystemConfigClient(connection)
             client.configure(data)
-            client.createUsers()
-            client.configureSecurityDomain()
-            response = client.finalize()
+
+            if not (self.external or self.standalone) or self.external_step_two:
+                client.createCertificates()
+                client.backupKeys()
+                client.createUsers()
+                client.configureSecurityDomain()
+                client.finalizeConfiguration()
+
+            response = client.getConfigurationResult()
 
             config.pki_log.debug(
-                log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']),
+                'Configuration complete',
                 extra=config.PKI_INDENTATION_LEVEL_2)
             try:
                 certs = response['systemCerts']