Add script to enable USN plugin

New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.

In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.

The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured through pkispawn.

5 files changed, 32 insertions, 4 deletions

diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index d10d9bcd0..3f25d0ec3 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -833,6 +833,7 @@ preop.internaldb.post_ldif=/usr/share/pki/ca/conf/vlv.ldif,/usr/share/pki/ca/con
 preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config
 preop.internaldb.index_task_ldif=/usr/share/pki/ca/conf/indextasks.ldif
 preop.internaldb.index_wait_dn=cn=index1160589770,cn=index,cn=tasks,cn=config
+preop.internaldb.usn.ldif=/usr/share/pki/server/conf/usn.ldif
 internaldb.multipleSuffix.enable=false
 jobsScheduler._000=##
 jobsScheduler._001=## jobScheduler
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index d96b88414..37f1e95fc 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -163,7 +163,6 @@ import netscape.ldap.LDAPSearchResults;
 import netscape.ldap.controls.LDAPEntryChangeControl;
 import netscape.ldap.controls.LDAPPersistSearchControl;
 import netscape.ldap.util.DN;
-
 import netscape.security.pkcs.PKCS10;
 import netscape.security.util.DerOutputStream;
 import netscape.security.util.DerValue;
@@ -3003,8 +3002,14 @@ public class CertificateAuthority
         AuthorityID aid = new AuthorityID((String)
             aidAttr.getStringValues().nextElement());
 
-        Integer newEntryUSN = new Integer(
-            entry.getAttribute("entryUSN").getStringValueArray()[0]);
+        LDAPAttribute entryUSN = entry.getAttribute("entryUSN");
+        if (entryUSN == null) {
+            log(ILogger.LL_FAILURE, "Authority entry has no entryUSN.  " +
+                "This is likely because the USN plugin is not enabled in the database");
+            return;
+        }
+
+        Integer newEntryUSN = new Integer(entryUSN.getStringValueArray()[0]);
         CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
         Integer knownEntryUSN = entryUSNs.get(aid);
         if (knownEntryUSN != null) {
@@ -3085,7 +3090,7 @@ public class CertificateAuthority
         AuthorityID aid = null;
         attr = entry.getAttribute("authorityID");
         if (attr != null) {
-            aid = new AuthorityID((String) attr.getStringValueArray()[0]);
+            aid = new AuthorityID(attr.getStringValueArray()[0]);
             forgetAuthority(aid);
         }
     }
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index e2b014f35..8c353f0c7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -1283,6 +1283,23 @@ public class ConfigurationUtils {
         }
     }
 
+    public static void enableUSNPlugin() throws IOException, EBaseException {
+        IConfigStore cs = CMS.getConfigStore();
+
+        IConfigStore dbCfg = cs.getSubStore("internaldb");
+        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("ConfigurationUtils");
+        dbFactory.init(dbCfg);
+        LDAPConnection conn = dbFactory.getConn();
+        try {
+            importLDIFS("preop.internaldb.usn.ldif", conn);
+        } catch (Exception e) {
+            CMS.debug("Failed to enable USNPlugin: " + e);
+            throw new EBaseException("Failed to enable USN plugin: " + e, e);
+        } finally {
+            releaseConnection(conn);
+        }
+    }
+
     public static void populateDB() throws IOException, EBaseException {
 
         IConfigStore cs = CMS.getConfigStore();
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index d3410bcb4..a96575d06 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -753,6 +753,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             psStore.commit(false);
 
             if (!data.getStepTwo()) {
+                ConfigurationUtils.enableUSNPlugin();
                 ConfigurationUtils.populateDB();
 
                 cs.putString("preop.internaldb.replicationpwd", replicationPassword);
diff --git a/base/server/share/conf/usn.ldif b/base/server/share/conf/usn.ldif
new file mode 100644
index 000000000..b5a45e6bc
--- /dev/null
+++ b/base/server/share/conf/usn.ldif
@@ -0,0 +1,4 @@
+dn: cn=USN,cn=plugins,cn=config
+changetype: modify
+replace: nsslapd-pluginEnabled
+nsslapd-pluginEnabled: on