summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2016-04-15 14:36:00 -0400
committerAde Lee <alee@redhat.com>2016-04-15 15:06:13 -0400
commit0c5fb1e398510391187054a465c6460042bfc0b2 (patch)
tree4bd9e90039b0732d3f25f2760b59a7047a89baf9
parent88e963d55bdf4cb9799ef665a72f8855fc00c4da (diff)
downloadpki-0c5fb1e398510391187054a465c6460042bfc0b2.zip
pki-0c5fb1e398510391187054a465c6460042bfc0b2.tar.gz
pki-0c5fb1e398510391187054a465c6460042bfc0b2.tar.xz
Add script to enable USN plugin
New authority monitor code requires the USN plugin to be enabled in the database to ensure that the entryUSN attribute is added to authority entries. In the case where this plugin was disabled, accessing this attribute resulted in a null pointer exception whch prevented server startup. The code has been changed so as not to throw a null pointer exception on startup if the entryusn is not present, and also to call an LDIF to enable the plugin when a subsystem is configured through pkispawn.
-rw-r--r--base/ca/shared/conf/CS.cfg.in1
-rw-r--r--base/ca/src/com/netscape/ca/CertificateAuthority.java13
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java17
-rw-r--r--base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java1
-rw-r--r--base/server/share/conf/usn.ldif4
5 files changed, 32 insertions, 4 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index d10d9bc..3f25d0e 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -833,6 +833,7 @@ preop.internaldb.post_ldif=/usr/share/pki/ca/conf/vlv.ldif,/usr/share/pki/ca/con
preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config
preop.internaldb.index_task_ldif=/usr/share/pki/ca/conf/indextasks.ldif
preop.internaldb.index_wait_dn=cn=index1160589770,cn=index,cn=tasks,cn=config
+preop.internaldb.usn.ldif=/usr/share/pki/server/conf/usn.ldif
internaldb.multipleSuffix.enable=false
jobsScheduler._000=##
jobsScheduler._001=## jobScheduler
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index d96b884..37f1e95 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -163,7 +163,6 @@ import netscape.ldap.LDAPSearchResults;
import netscape.ldap.controls.LDAPEntryChangeControl;
import netscape.ldap.controls.LDAPPersistSearchControl;
import netscape.ldap.util.DN;
-
import netscape.security.pkcs.PKCS10;
import netscape.security.util.DerOutputStream;
import netscape.security.util.DerValue;
@@ -3003,8 +3002,14 @@ public class CertificateAuthority
AuthorityID aid = new AuthorityID((String)
aidAttr.getStringValues().nextElement());
- Integer newEntryUSN = new Integer(
- entry.getAttribute("entryUSN").getStringValueArray()[0]);
+ LDAPAttribute entryUSN = entry.getAttribute("entryUSN");
+ if (entryUSN == null) {
+ log(ILogger.LL_FAILURE, "Authority entry has no entryUSN. " +
+ "This is likely because the USN plugin is not enabled in the database");
+ return;
+ }
+
+ Integer newEntryUSN = new Integer(entryUSN.getStringValueArray()[0]);
CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
Integer knownEntryUSN = entryUSNs.get(aid);
if (knownEntryUSN != null) {
@@ -3085,7 +3090,7 @@ public class CertificateAuthority
AuthorityID aid = null;
attr = entry.getAttribute("authorityID");
if (attr != null) {
- aid = new AuthorityID((String) attr.getStringValueArray()[0]);
+ aid = new AuthorityID(attr.getStringValueArray()[0]);
forgetAuthority(aid);
}
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index e2b014f..8c353f0 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -1283,6 +1283,23 @@ public class ConfigurationUtils {
}
}
+ public static void enableUSNPlugin() throws IOException, EBaseException {
+ IConfigStore cs = CMS.getConfigStore();
+
+ IConfigStore dbCfg = cs.getSubStore("internaldb");
+ ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("ConfigurationUtils");
+ dbFactory.init(dbCfg);
+ LDAPConnection conn = dbFactory.getConn();
+ try {
+ importLDIFS("preop.internaldb.usn.ldif", conn);
+ } catch (Exception e) {
+ CMS.debug("Failed to enable USNPlugin: " + e);
+ throw new EBaseException("Failed to enable USN plugin: " + e, e);
+ } finally {
+ releaseConnection(conn);
+ }
+ }
+
public static void populateDB() throws IOException, EBaseException {
IConfigStore cs = CMS.getConfigStore();
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index d3410bc..a96575d 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -753,6 +753,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
psStore.commit(false);
if (!data.getStepTwo()) {
+ ConfigurationUtils.enableUSNPlugin();
ConfigurationUtils.populateDB();
cs.putString("preop.internaldb.replicationpwd", replicationPassword);
diff --git a/base/server/share/conf/usn.ldif b/base/server/share/conf/usn.ldif
new file mode 100644
index 0000000..b5a45e6
--- /dev/null
+++ b/base/server/share/conf/usn.ldif
@@ -0,0 +1,4 @@
+dn: cn=USN,cn=plugins,cn=config
+changetype: modify
+replace: nsslapd-pluginEnabled
+nsslapd-pluginEnabled: on