diff options
author | Ade Lee <alee@redhat.com> | 2016-04-15 14:36:00 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-04-15 15:06:13 -0400 |
commit | 0c5fb1e398510391187054a465c6460042bfc0b2 (patch) | |
tree | 4bd9e90039b0732d3f25f2760b59a7047a89baf9 | |
parent | 88e963d55bdf4cb9799ef665a72f8855fc00c4da (diff) | |
download | pki-0c5fb1e398510391187054a465c6460042bfc0b2.tar.gz pki-0c5fb1e398510391187054a465c6460042bfc0b2.tar.xz pki-0c5fb1e398510391187054a465c6460042bfc0b2.zip |
Add script to enable USN plugin
New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.
In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.
The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured through pkispawn.
5 files changed, 32 insertions, 4 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index d10d9bcd0..3f25d0ec3 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -833,6 +833,7 @@ preop.internaldb.post_ldif=/usr/share/pki/ca/conf/vlv.ldif,/usr/share/pki/ca/con preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config preop.internaldb.index_task_ldif=/usr/share/pki/ca/conf/indextasks.ldif preop.internaldb.index_wait_dn=cn=index1160589770,cn=index,cn=tasks,cn=config +preop.internaldb.usn.ldif=/usr/share/pki/server/conf/usn.ldif internaldb.multipleSuffix.enable=false jobsScheduler._000=## jobsScheduler._001=## jobScheduler diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index d96b88414..37f1e95fc 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -163,7 +163,6 @@ import netscape.ldap.LDAPSearchResults; import netscape.ldap.controls.LDAPEntryChangeControl; import netscape.ldap.controls.LDAPPersistSearchControl; import netscape.ldap.util.DN; - import netscape.security.pkcs.PKCS10; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; @@ -3003,8 +3002,14 @@ public class CertificateAuthority AuthorityID aid = new AuthorityID((String) aidAttr.getStringValues().nextElement()); - Integer newEntryUSN = new Integer( - entry.getAttribute("entryUSN").getStringValueArray()[0]); + LDAPAttribute entryUSN = entry.getAttribute("entryUSN"); + if (entryUSN == null) { + log(ILogger.LL_FAILURE, "Authority entry has no entryUSN. " + + "This is likely because the USN plugin is not enabled in the database"); + return; + } + + Integer newEntryUSN = new Integer(entryUSN.getStringValueArray()[0]); CMS.debug("readAuthority: new entryUSN = " + newEntryUSN); Integer knownEntryUSN = entryUSNs.get(aid); if (knownEntryUSN != null) { @@ -3085,7 +3090,7 @@ public class CertificateAuthority AuthorityID aid = null; attr = entry.getAttribute("authorityID"); if (attr != null) { - aid = new AuthorityID((String) attr.getStringValueArray()[0]); + aid = new AuthorityID(attr.getStringValueArray()[0]); forgetAuthority(aid); } } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index e2b014f35..8c353f0c7 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -1283,6 +1283,23 @@ public class ConfigurationUtils { } } + public static void enableUSNPlugin() throws IOException, EBaseException { + IConfigStore cs = CMS.getConfigStore(); + + IConfigStore dbCfg = cs.getSubStore("internaldb"); + ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("ConfigurationUtils"); + dbFactory.init(dbCfg); + LDAPConnection conn = dbFactory.getConn(); + try { + importLDIFS("preop.internaldb.usn.ldif", conn); + } catch (Exception e) { + CMS.debug("Failed to enable USNPlugin: " + e); + throw new EBaseException("Failed to enable USN plugin: " + e, e); + } finally { + releaseConnection(conn); + } + } + public static void populateDB() throws IOException, EBaseException { IConfigStore cs = CMS.getConfigStore(); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index d3410bcb4..a96575d06 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -753,6 +753,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou psStore.commit(false); if (!data.getStepTwo()) { + ConfigurationUtils.enableUSNPlugin(); ConfigurationUtils.populateDB(); cs.putString("preop.internaldb.replicationpwd", replicationPassword); diff --git a/base/server/share/conf/usn.ldif b/base/server/share/conf/usn.ldif new file mode 100644 index 000000000..b5a45e6bc --- /dev/null +++ b/base/server/share/conf/usn.ldif @@ -0,0 +1,4 @@ +dn: cn=USN,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginEnabled +nsslapd-pluginEnabled: on |