diff options
| author | Ade Lee <alee@redhat.com> | 2013-04-19 11:27:28 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2013-04-22 12:50:54 -0400 |
| commit | 7513de3348363df72e4be1305215fb181b78a8d5 (patch) | |
| tree | 4f37b42734b8dcbdbd2593e440c0d8ddc7da7b22 | |
| parent | 3f2611881453a5ec995560cad4a073d8f073ea97 (diff) | |
| download | pki-7513de3348363df72e4be1305215fb181b78a8d5.tar.gz pki-7513de3348363df72e4be1305215fb181b78a8d5.tar.xz pki-7513de3348363df72e4be1305215fb181b78a8d5.zip | |
Added servlet to return 501 for rest operations for d9 instances
D9 instances run on tomcat6, which does not have support for the
autheticator and realm. We are not supporting the REST operations
on D9 style instances. They will need to be migrated.
The migration framework has been modified to process d9 or d10
style instances, and a migration script has been added to add the new
servlet to existing d9 instances.
| -rw-r--r-- | base/common/python/pki/__init__.py | 68 | ||||
| -rw-r--r-- | base/common/python/pki/upgrade.py | 160 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/base/RESTServlet.java | 47 | ||||
| -rwxr-xr-x | base/server/src/pki-upgrade | 28 | ||||
| -rwxr-xr-x | base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator | 81 | ||||
| -rwxr-xr-x | base/server/upgrade/10.0.1/02-CloningInterfaceChanges | 24 | ||||
| -rwxr-xr-x | base/server/upgrade/10.0.1/03-AddRestServlet | 84 |
7 files changed, 370 insertions, 122 deletions
diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py index 0bba7139d..4d29d0fe1 100644 --- a/base/common/python/pki/__init__.py +++ b/base/common/python/pki/__init__.py @@ -20,11 +20,15 @@ # import re +import os CONF_DIR = '/etc/pki' SHARE_DIR = '/usr/share/pki' +BASE_DIR = '/var/lib' INSTANCE_BASE_DIR = '/var/lib/pki' +REGISTRY_DIR = '/etc/sysconfig/pki' +SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks'] PACKAGE_VERSION = SHARE_DIR + '/VERSION' @@ -87,3 +91,67 @@ def implementation_version(): return value raise Exception('Missing implementation version.') + +class PKISubsystem(object): + + def __init__(self, instance, subsystemName): + self.instance = instance + self.name = subsystemName + self.type = instance.type + if self.type >= 10: + self.conf_dir = os.path.join(INSTANCE_BASE_DIR, \ + instance.name, 'conf', subsystemName) + self.base_dir = os.path.join(INSTANCE_BASE_DIR, \ + instance.name, subsystemName) + else: + self.conf_dir = os.path.join(BASE_DIR, instance.name, 'conf') + self.base_dir = os.path.join(BASE_DIR, instance.name) + + self.validate() + + def validate(self): + if not os.path.exists(self.conf_dir): + raise PKIException( + 'Invalid subsystem: ' + self.__repr__(), + None, self.instance) + + + def __repr__(self): + return str(self.instance) + '/' + self.name + + +class PKIInstance(object): + + def __init__(self, name, type=10): + self.name = name + self.type = type + if self.type >= 10: + self.conf_dir = os.path.join(INSTANCE_BASE_DIR, name, 'conf') + self.base_dir = os.path.join(INSTANCE_BASE_DIR, name) + else: + self.conf_dir = os.path.join(BASE_DIR, name, 'conf') + self.base_dir = os.path.join(BASE_DIR, name) + + self.validate() + + def validate(self): + if not os.path.exists(self.conf_dir): + raise PKIException( + 'Invalid instance: ' + self.__repr__(), None) + + + def __repr__(self): + if self.type == 9: + return "Dogtag 9 " + self.name + return self.name + +class PKIException(Exception): + + def __init__(self, message, exception=None,\ + instance=None, subsystem=None): + + Exception.__init__(self, message) + + self.exception = exception + self.instance = instance + self.subsystem = subsystem diff --git a/base/common/python/pki/upgrade.py b/base/common/python/pki/upgrade.py index fda1f829c..d87a7ef29 100644 --- a/base/common/python/pki/upgrade.py +++ b/base/common/python/pki/upgrade.py @@ -37,12 +37,8 @@ VERSION_DIR = UPGRADE_DIR + '/%s' SCRIPTLET_FILE = VERSION_DIR + '/%s' SYSTEM_TRACKER = pki.CONF_DIR + '/pki.conf' - -INSTANCE_CONF = pki.CONF_DIR + '/%s' -INSTANCE_TRACKER = INSTANCE_CONF + '/tomcat.conf' - -SUBSYSTEM_CONF = INSTANCE_CONF + '/%s' -SUBSYSTEM_TRACKER = SUBSYSTEM_CONF + '/CS.cfg' +INSTANCE_TRACKER = '%s/tomcat.conf' +SUBSYSTEM_TRACKER = '%s/CS.cfg' verbose = False @@ -111,18 +107,6 @@ class Version(object): def __repr__(self): return self.version - -class PKIUpgradeException(Exception): - - def __init__(self, message, exception=None, instance=None, subsystem=None): - - Exception.__init__(self, message) - - self.exception = exception - self.instance = instance - self.subsystem = subsystem - - class PKIUpgradeTracker(object): def __init__(self, name, filename, @@ -357,11 +341,11 @@ class PKIUpgradeScriptlet(object): for subsystem in self.upgrader.subsystems(instance): if not self.can_upgrade(instance, subsystem): - if verbose: print 'Skipping ' + instance + '/' + subsystem + ' subsystem.' + if verbose: print 'Skipping ' + str(subsystem) + ' subsystem.' continue try: - if verbose: print 'Upgrading ' + instance + '/' + subsystem + ' subsystem.' + if verbose: print 'Upgrading ' + str(subsystem) + ' subsystem.' self.upgrade_subsystem(instance, subsystem) self.update_tracker(instance, subsystem) @@ -370,7 +354,7 @@ class PKIUpgradeScriptlet(object): if verbose: traceback.print_exc() else: print 'ERROR: ' + e.message - message = 'Failed upgrading ' + instance + '/' + subsystem + ' subsystem.' + message = 'Failed upgrading ' + str(subsystem) + ' subsystem.' if self.upgrader.silent: print message else: @@ -378,8 +362,8 @@ class PKIUpgradeScriptlet(object): options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() if result == 'y': continue - raise PKIUpgradeException( - 'Upgrade failed in ' + instance + '/' + subsystem + ': ' + e.message, + raise pki.PKIException( + 'Upgrade failed in ' + str(subsystem) + ': ' + e.message, e, instance, subsystem) @@ -390,15 +374,15 @@ class PKIUpgradeScriptlet(object): self.upgrade_subsystems(instance) # If upgrading a specific subsystem don't upgrade the instance. - if self.upgrader.subsystem: + if self.upgrader.subsystemName: continue if not self.can_upgrade(instance): - if verbose: print 'Skipping ' + instance + ' instance.' + if verbose: print 'Skipping ' + str(instance) + ' instance.' continue try: - if verbose: print 'Upgrading ' + instance + ' instance.' + if verbose: print 'Upgrading ' + str(instance) + ' instance.' self.upgrade_instance(instance) self.update_tracker(instance) @@ -407,7 +391,7 @@ class PKIUpgradeScriptlet(object): if verbose: traceback.print_exc() else: print 'ERROR: ' + e.message - message = 'Failed upgrading ' + instance + ' instance.' + message = 'Failed upgrading ' + str(instance) + ' instance.' if self.upgrader.silent: print message else: @@ -415,8 +399,8 @@ class PKIUpgradeScriptlet(object): options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() if result == 'y': continue - raise PKIUpgradeException( - 'Upgrade failed in ' + instance + ': ' + e.message, + raise pki.PKIException( + 'Upgrade failed in ' + str(instance) + ': ' + e.message, e, instance) @@ -425,7 +409,7 @@ class PKIUpgradeScriptlet(object): self.upgrade_instances() # If upgrading a specific instance don't upgrade the system. - if self.upgrader.instance: + if self.upgrader.instanceName: return try: @@ -450,7 +434,7 @@ class PKIUpgradeScriptlet(object): options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() if result == 'y': return - raise PKIUpgradeException('Upgrade failed: ' + e.message, e) + raise pki.PKIException('Upgrade failed: ' + e.message, e) def __eq__(self, other): @@ -466,29 +450,26 @@ class PKIUpgradeScriptlet(object): class PKIUpgrader(): - def __init__(self, instance=None, subsystem=None, \ - version=None, index=None, silent=False): + def __init__(self, instanceName=None, instanceType=None, \ + subsystemName=None, version=None, index=None, silent=False): - self.instance = instance - self.subsystem = subsystem + self.instanceName = instanceName + self.subsystemName = subsystemName self.version = version self.index = index self.silent = silent + self.instanceType = instanceType if version and not os.path.exists(VERSION_DIR % str(version)): - raise PKIUpgradeException( + raise pki.PKIException( 'Invalid version: ' + str(version), None) - if instance and not os.path.exists(INSTANCE_CONF % instance): - raise PKIUpgradeException( - 'Invalid instance: ' + instance, - None, instance) - - if subsystem and not os.path.exists(SUBSYSTEM_CONF % (instance, subsystem)): - raise PKIUpgradeException( - 'Invalid subsystem: ' + instance + '/' + subsystem, - None, instance, subsystem) + if subsystemName and not instanceName: + raise pki.PKIException( + 'Invalid subsystem: ' + subsystemName +\ + ', Instance not defined', + None) self.system_tracker = None self.instance_trackers = {} @@ -541,7 +522,7 @@ class PKIUpgrader(): try: i = filename.index('-') except ValueError as e: - raise PKIUpgradeException('Invalid scriptlet name: ' + filename, e) + raise pki.PKIException('Invalid scriptlet name: ' + filename, e) index = int(filename[0:i]) classname = filename[i+1:] @@ -571,36 +552,51 @@ class PKIUpgrader(): def instances(self): - if self.instance: - return [self.instance] + if self.instanceName and self.instanceType: + return [pki.PKIInstance(self.instanceName, self.instanceType)] - if not os.path.exists(pki.INSTANCE_BASE_DIR): - return [] + list = [] + if not self.instanceType or self.instanceType >=10: + if os.path.exists(os.path.join(pki.REGISTRY_DIR,'tomcat')): + for instanceName in os.listdir(pki.INSTANCE_BASE_DIR): + if not self.instanceName or \ + self.instanceName == instanceName: + list.append(pki.PKIInstance(instanceName)) + + if not self.instanceType or self.instanceType == 9: + for s in pki.SUBSYSTEM_TYPES: + if os.path.exists(os.path.join(pki.REGISTRY_DIR, s)): + for instanceName in \ + os.listdir(os.path.join(pki.REGISTRY_DIR, s)): + if not self.instanceName or \ + self.instanceName == instanceName: + list.append(pki.PKIInstance(instanceName, 9)) - list = os.listdir(pki.INSTANCE_BASE_DIR) list.sort() - return list def subsystems(self, instance): - if self.subsystem: - return [self.subsystem] + if self.subsystemName: + return [pki.PKISubsystem(instance, self.subsystemName)] list = [] - instance_dir = os.path.join(pki.INSTANCE_BASE_DIR, instance) - for folder in os.listdir(instance_dir): - - # check whether it is a subsystem folder - subsystem_conf = os.path.join( - instance_dir, folder, 'conf', 'CS.cfg') - - if not os.path.exists(subsystem_conf): - continue - - list.append(folder) + if instance.type >= 10: + registry_dir = os.path.join(pki.REGISTRY_DIR, 'tomcat', + instance.name) + for subsystemName in os.listdir(registry_dir): + if subsystemName in pki.SUBSYSTEM_TYPES: + list.append(pki.PKISubsystem(instance, subsystemName)) + else: + for subsystemName in pki.SUBSYSTEM_TYPES: + registry_dir = os.path.join( + pki.REGISTRY_DIR, + subsystemName, + instance.name) + if os.path.exists(registry_dir): + list.append(pki.PKISubsystem(instance, subsystemName)) list.sort() @@ -610,25 +606,25 @@ class PKIUpgrader(): def get_tracker(self, instance=None, subsystem=None): if subsystem: - name = instance + '/' + subsystem + name = str(subsystem) try: tracker = self.subsystem_trackers[instance] except KeyError: tracker = PKIUpgradeTracker(name + ' subsystem', - SUBSYSTEM_TRACKER % (instance, subsystem), + SUBSYSTEM_TRACKER % subsystem.conf_dir, version_key='cms.product.version', index_key='cms.upgrade.index') self.subsystem_trackers[name] = tracker elif instance: try: - tracker = self.instance_trackers[instance] + tracker = self.instance_trackers[str(instance)] except KeyError: - tracker = PKIUpgradeTracker(instance + ' instance', - INSTANCE_TRACKER % instance, + tracker = PKIUpgradeTracker(str(instance) + ' instance', + INSTANCE_TRACKER % instance.conf_dir, version_key='PKI_VERSION', index_key='PKI_UPGRADE_INDEX') - self.instance_trackers[instance] = tracker + self.instance_trackers[str(instance)] = tracker else: if self.system_tracker: @@ -647,14 +643,14 @@ class PKIUpgrader(): current_version = None # if upgrading the entire system, get the system version - if not self.instance: + if not self.instanceName: tracker = self.get_tracker() current_version = tracker.get_version() for instance in self.instances(): # if upgrading the entire instance, check the instance version - if not self.subsystem: + if not self.subsystemName: tracker = self.get_tracker(instance) version = tracker.get_version() @@ -734,12 +730,12 @@ class PKIUpgrader(): options=['Y', 'N'], default='Y', caseSensitive=False).lower() if result == 'n': - raise PKIUpgradeException('Upgrade canceled.') + raise pki.PKIException('Upgrade canceled.') try: scriptlet.upgrade() - except PKIUpgradeException as e: + except pki.PKIException as e: raise except Exception as e: @@ -759,7 +755,7 @@ class PKIUpgrader(): options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() if result == 'n': - raise PKIUpgradeException(message, e) + raise pki.PKIException(message, e) def upgrade(self): @@ -781,13 +777,13 @@ class PKIUpgrader(): def show_tracker(self): - if not self.instance: + if not self.instanceName: tracker = self.get_tracker() tracker.show() for instance in self.instances(): - if not self.subsystem: + if not self.subsystemName: tracker = self.get_tracker(instance) tracker.show() @@ -809,13 +805,13 @@ class PKIUpgrader(): def set_tracker(self, version): - if not self.instance: + if not self.instanceName: tracker = self.get_tracker() tracker.reset(version) for instance in self.instances(): - if not self.subsystem: + if not self.subsystemName: tracker = self.get_tracker(instance) tracker.reset(version) @@ -833,13 +829,13 @@ class PKIUpgrader(): def remove_tracker(self): - if not self.instance: + if not self.instanceName: tracker = self.get_tracker() tracker.remove() for instance in self.instances(): - if not self.subsystem: + if not self.subsystemName: tracker = self.get_tracker(instance) tracker.remove() diff --git a/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java b/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java new file mode 100644 index 000000000..050c0920a --- /dev/null +++ b/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java @@ -0,0 +1,47 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2013 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.servlet.base; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.netscape.certsrv.apps.CMS; + +public class RESTServlet extends HttpServlet { + + private static final long serialVersionUID = -466592331169846158L; + + public void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + CMS.debug("RESTServlet: Attempt to access REST services using " + request.getRequestURI()); + CMS.debug("RESTServlet: sending 501 (not implemented)"); + + String error = + "The REST services are not available because this server is a legacy \n" + + "Dogtag 9 server. To access the REST services this server must be \n" + + "migrated into a new Dogtag 10 server."; + + response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, error); + } + +} diff --git a/base/server/src/pki-upgrade b/base/server/src/pki-upgrade index 5103e7f39..b6f4acb12 100755 --- a/base/server/src/pki-upgrade +++ b/base/server/src/pki-upgrade @@ -28,6 +28,7 @@ import sys import traceback import pki.upgrade +import pki def interrupt_handler(signal, frame): @@ -41,6 +42,8 @@ def usage(): print 'Usage: pki-upgrade [OPTIONS]' print ' -i, --instance <instance> Upgrade a specific instance only.' print ' -s, --subsystem <subsystem> Upgrade a specific subsystem in an instance only.' + print ' -t, --instance-type <type> Specify 9 for upgraded Dogtag 9 instances only,' + print ' 10 for Dogtag 10 instances only.' print ' --scriptlet-version <version> Run scriptlets for a specific version only.' print ' --scriptlet-index <index> Run a specific scriptlet only.' print ' --silent Upgrade in silent mode. Ignore any failures.' @@ -62,8 +65,8 @@ def main(argv): signal.signal(signal.SIGINT, interrupt_handler) try: - opts, args = getopt.getopt(argv[1:], 'hi:s:vX', [ - 'instance=', 'subsystem=', + opts, args = getopt.getopt(argv[1:], 'hi:s:t:vX', [ + 'instance=', 'subsystem=', 'instance-type=', 'scriptlet-version=', 'scriptlet-index=', 'silent', 'status', 'remove-tracker', 'reset-tracker', @@ -74,8 +77,9 @@ def main(argv): usage() sys.exit(1) - instance = None - subsystem = None + instanceName = None + subsystemName = None + instanceType = None version = None index = None silent = False @@ -85,10 +89,13 @@ def main(argv): for o, a in opts: if o in ('-i', '--instance'): - instance = a + instanceName = a elif o in ('-s', '--subsystem'): - subsystem = a + subsystemName = a + + elif o in ('-t', '--instance-type'): + instanceType = int(a) elif o == '--scriptlet-version': version = a @@ -124,7 +131,7 @@ def main(argv): usage() sys.exit(1) - if subsystem and not instance: + if subsystemName and not instanceName: print 'ERROR: --subsystem requires --instance' usage() sys.exit(1) @@ -136,8 +143,9 @@ def main(argv): try: upgrader = pki.upgrade.PKIUpgrader( - instance = instance, - subsystem = subsystem, + instanceName = instanceName, + subsystemName = subsystemName, + instanceType = instanceType, version = version, index = index, silent = silent) @@ -154,7 +162,7 @@ def main(argv): else: upgrader.upgrade() - except pki.upgrade.PKIUpgradeException as e: + except pki.PKIException as e: print e.message diff --git a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator index 6d3931e85..1731edfb5 100755 --- a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator +++ b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator @@ -42,14 +42,24 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet): def upgrade_subsystem(self, instance, subsystem): context_xml = os.path.join( - pki.INSTANCE_BASE_DIR, - instance, 'webapps', subsystem, + instance.base_dir, + 'webapps', subsystem.name, 'META-INF', 'context.xml') + if not os.path.exists(context_xml): + self.create_context_xml( + instance, + subsystem.name, + subsystem.name) + document = etree.parse(context_xml, self.parser) self.add_manager(document) - self.update_authenticator(document) + if subsystem.type >=10: + self.update_authenticator(document) + else: + self.remove_authenticator(document) + self.remove_realm(document) with open(context_xml, 'w') as f: f.write(etree.tostring(document, pretty_print=True)) @@ -58,16 +68,36 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet): def upgrade_instance(self, instance): self.update_root_context_xml(instance) - self.create_pki_context_xml(instance) + self.update_pki_context_xml(instance) def update_root_context_xml(self, instance): context_xml = os.path.join( - pki.INSTANCE_BASE_DIR, - instance, 'webapps', 'ROOT', + instance.base_dir, + 'webapps', 'ROOT', + 'META-INF', 'context.xml') + + if not os.path.exists(context_xml): + self.create_context_xml(instance, 'server', 'ROOT') + + document = etree.parse(context_xml, self.parser) + + self.add_manager(document) + + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + def update_pki_context_xml(self, instance): + + context_xml = os.path.join( + instance.base_dir, + 'webapps', 'pki', 'META-INF', 'context.xml') + if not os.path.exists(context_xml): + self.create_context_xml(instance, 'server', 'pki') + document = etree.parse(context_xml, self.parser) self.add_manager(document) @@ -76,16 +106,17 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet): f.write(etree.tostring(document, pretty_print=True)) - def create_pki_context_xml(self, instance): + def create_context_xml(self, instance, pkg, context): uid = pwd.getpwnam('pkiuser').pw_uid gid = grp.getgrnam('pkiuser').gr_gid - source = '/usr/share/pki/server/webapps/pki/META-INF/context.xml' + source = '/usr/share/pki/%s/webapps/%s/META-INF/context.xml' %\ + (pkg, context) meta_inf_dir = os.path.join( - pki.INSTANCE_BASE_DIR, - instance, 'webapps', 'pki', + instance.base_dir, + 'webapps', context, 'META-INF') context_xml = os.path.join(meta_inf_dir, 'context.xml') @@ -101,14 +132,6 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet): os.chown(context_xml, uid, gid) os.chmod(context_xml, 0660) - document = etree.parse(context_xml, self.parser) - - self.add_manager(document) - - with open(context_xml, 'w') as f: - f.write(etree.tostring(document, pretty_print=True)) - - def add_manager(self, document): # Find existing manager @@ -151,3 +174,25 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet): # Update authenticator's attributes authenticator.set('secureRandomProvider', 'Mozilla-JSS') authenticator.set('secureRandomAlgorithm', 'pkcs11prng') + + def remove_authenticator(self, document): + + context = document.getroot() + valves = context.findall('Valve') + + for valve in valves: + className = valve.get('className') + if className != 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback': + continue + context.remove(valve) + + def remove_realm(self, document): + + context = document.getroot() + realms = context.findall('Realm') + + for realm in realms: + className = realm.get('className') + if className != 'com.netscape.cms.tomcat.ProxyRealm': + continue + context.remove(realm) diff --git a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges index 60bbae605..2ecc1f8ce 100755 --- a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges +++ b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges @@ -102,19 +102,19 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): def upgrade_subsystem(self, instance, subsystem): web_xml = os.path.join( - pki.INSTANCE_BASE_DIR, - instance, 'webapps', subsystem, + instance.base_dir, + 'webapps', subsystem.name, 'WEB-INF', 'web.xml') self.doc = ET.parse(web_xml) - self.root = self.doc.find('.') - self.remove_get_token_info(subsystem) - if subsystem == "ca": - self.modify_update_number_range(subsystem) + self.root = self.doc.getroot() + self.remove_get_token_info(subsystem.name) + if subsystem.name == "ca": + self.modify_update_number_range(subsystem.name) self.modify_update_domain_xml() self.modify_token_authenticate() - if subsystem == "kra": - self.modify_update_number_range(subsystem) + if subsystem.name == "kra": + self.modify_update_number_range(subsystem.name) self.doc.write(web_xml) @@ -155,7 +155,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): if name == 'caUpdateDomainXML-admin': found = True if name == 'caUpdateDomainXML': - index = list(self.root).index(servlet) + 1 + index = self.root.index(servlet) + 1 if not found: servlet = ET.fromstring(self.updateDomainServletData) self.root.insert(index, servlet) @@ -166,7 +166,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): if name == 'caUpdateDomainXML-admin': found = True if name == 'caUpdateDomainXML': - index = list(self.root).index(mapping) + 1 + index = self.root.index(mapping) + 1 if not found: mapping = ET.fromstring(self.updateDomainMappingData) self.root.insert(index, mapping) @@ -180,7 +180,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): if name == 'caTokenAuthenticate-admin': found = True if name == 'caTokenAuthenticate': - index = list(self.root).index(servlet) + 1 + index = self.root.index(servlet) + 1 if not found: servlet = ET.fromstring(self.tokenAuthenticateServletData) self.root.insert(index, servlet) @@ -191,7 +191,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): if name == 'caTokenAuthenticate-admin': found = True if name == 'caTokenAuthenticate': - index = list(self.root).index(mapping) + 1 + index = self.root.index(mapping) + 1 if not found: mapping = ET.fromstring(self.tokenAuthenticateMappingData) self.root.insert(index, mapping) diff --git a/base/server/upgrade/10.0.1/03-AddRestServlet b/base/server/upgrade/10.0.1/03-AddRestServlet new file mode 100755 index 000000000..36af3eebc --- /dev/null +++ b/base/server/upgrade/10.0.1/03-AddRestServlet @@ -0,0 +1,84 @@ +#!/usr/bin/python +# Authors: +# Ade Lee <alee@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2013 Red Hat, Inc. +# All rights reserved. +# + +import os +import sys +from lxml import etree as ET + +import pki +import pki.upgrade + +class AddRestServlet(pki.upgrade.PKIUpgradeScriptlet): + + restServicesServletData = """ + <servlet> + <servlet-name> rest-services </servlet-name> + <servlet-class> com.netscape.cms.servlet.base.RESTServlet </servlet-class> + </servlet>""" + + restServicesMappingData = """ + <servlet-mapping> + <servlet-name> rest-services </servlet-name> + <url-pattern> /rest/* </url-pattern> + </servlet-mapping> """ + + def __init__(self): + + self.message = 'Add dummy REST servlet to upgraded Dogtag 9 instances' + + def upgrade_subsystem(self, instance, subsystem): + if subsystem.type >= 10: + return + + web_xml = os.path.join( + instance.base_dir, + 'webapps', subsystem.name, + 'WEB-INF', 'web.xml') + + self.doc = ET.parse(web_xml) + self.root = self.doc.getroot() + self.add_rest_services_servlet() + + self.doc.write(web_xml) + + def add_rest_services_servlet(self): + #add rest-services servlet and mapping + found = False + for servlet in self.doc.findall('.//servlet'): + name = servlet.find('servlet-name').text.strip() + if name == 'rest-services': + found = True + if name == 'services': + index = self.root.index(servlet) + 1 + if not found: + servlet = ET.fromstring(self.restServicesServletData) + self.root.insert(index, servlet) + + found = False + for mapping in self.doc.findall('.//servlet-mapping'): + name = mapping.find('servlet-name').text.strip() + if name == 'rest-services': + found = True + if name == 'services': + index = self.root.index(mapping) + 1 + if not found: + mapping = ET.fromstring(self.restServicesMappingData) + self.root.insert(index, mapping) |