summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2014-04-22 14:22:51 -0400
committerEndi S. Dewata <edewata@redhat.com>2014-04-25 19:03:35 -0400
commit8a6935ba8587ece5e5fcf8b65448c1b57d5ac463 (patch)
tree76df51348828d3f8c2f33a70a4eec2fd498ac44d
parent5baa286e2104dee77bdc54ac1ad0bb73dfa1b769 (diff)
downloadpki-8a6935ba8587ece5e5fcf8b65448c1b57d5ac463.tar.gz
pki-8a6935ba8587ece5e5fcf8b65448c1b57d5ac463.tar.xz
pki-8a6935ba8587ece5e5fcf8b65448c1b57d5ac463.zip
Refactored SystemConfigService (part 12).
Subsystem-specific configuration codes have been moved from the SystemConfigService into the subsystem-specific installer. Ticket #890
Diffstat
-rw-r--r--base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java36
-rw-r--r--base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java34
-rw-r--r--base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java31
-rw-r--r--base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java130
-rw-r--r--base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java42
5 files changed, 146 insertions, 127 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
index 7a1aa5a12..cc3c46585 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
@@ -19,7 +19,11 @@ package org.dogtagpki.server.ca.rest;
import org.dogtagpki.server.rest.SystemConfigService;
+import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.system.ConfigurationRequest;
+import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
/**
* @author alee
@@ -29,4 +33,36 @@ public class CAInstallerService extends SystemConfigService {
public CAInstallerService() throws EBaseException {
}
+
+ @Override
+ public void finalizeConfiguration(ConfigurationRequest request) {
+
+ super.finalizeConfiguration(request);
+
+ try {
+ if (!request.getIsClone().equals("true")) {
+ ConfigurationUtils.updateNextRanges();
+ }
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException("Errors in updating next serial number ranges in DB: " + e);
+ }
+
+ try {
+ if (request.getIsClone().equals("true") && ConfigurationUtils.isSDHostDomainMaster(cs)) {
+ // cloning a domain master CA, the clone is also master of its domain
+ cs.putString("securitydomain.host", CMS.getEEHost());
+ cs.putString("securitydomain.httpport", CMS.getEENonSSLPort());
+ cs.putString("securitydomain.httpsadminport", CMS.getAdminPort());
+ cs.putString("securitydomain.httpsagentport", CMS.getAgentPort());
+ cs.putString("securitydomain.httpseeport", CMS.getEESSLPort());
+ cs.putString("securitydomain.select", "new");
+ }
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException("Errors in determining if security domain host is a master CA");
+ }
+ }
}
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java
index 755a61e35..e2587237a 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java
@@ -19,7 +19,11 @@ package org.dogtagpki.server.kra.rest;
import org.dogtagpki.server.rest.SystemConfigService;
+import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.system.ConfigurationRequest;
+import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
/**
* @author alee
@@ -29,4 +33,34 @@ public class KRAInstallerService extends SystemConfigService {
public KRAInstallerService() throws EBaseException {
}
+
+ @Override
+ public void finalizeConfiguration(ConfigurationRequest request) {
+
+ super.finalizeConfiguration(request);
+
+ try {
+ String ca_host = cs.getString("preop.ca.hostname", "");
+
+ // need to push connector information to the CA
+ if (!request.getStandAlone() && !ca_host.equals("")) {
+ ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort());
+ ConfigurationUtils.setupClientAuthUser();
+ }
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException("Errors in pushing KRA connector information to the CA: " + e);
+ }
+
+ try {
+ if (!request.getIsClone().equals("true")) {
+ ConfigurationUtils.updateNextRanges();
+ }
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException("Errors in updating next serial number ranges in DB: " + e);
+ }
+ }
}
diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java
index 0ee5eb430..aaeeb346b 100644
--- a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java
+++ b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java
@@ -19,7 +19,12 @@ package org.dogtagpki.server.ocsp.rest;
import org.dogtagpki.server.rest.SystemConfigService;
+import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.ocsp.IOCSPAuthority;
+import com.netscape.certsrv.system.ConfigurationRequest;
+import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
/**
* @author alee
@@ -29,4 +34,30 @@ public class OCSPInstallerService extends SystemConfigService {
public OCSPInstallerService() throws EBaseException {
}
+
+ @Override
+ public void finalizeConfiguration(ConfigurationRequest request) {
+
+ super.finalizeConfiguration(request);
+
+ try {
+ String ca_host = cs.getString("preop.ca.hostname", "");
+
+ // import the CA certificate into the OCSP
+ // configure the CRL Publishing to OCSP in CA
+ if (!ca_host.equals("")) {
+ CMS.reinit(IOCSPAuthority.ID);
+ ConfigurationUtils.importCACertToOCSP();
+
+ if (!request.getStandAlone()) {
+ ConfigurationUtils.updateOCSPConfig();
+ ConfigurationUtils.setupClientAuthUser();
+ }
+ }
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException("Errors in configuring CA publishing to OCSP: " + e);
+ }
+ }
}
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index ffa18412e..902dc88f0 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -57,7 +57,6 @@ import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
-import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.system.ConfigurationRequest;
import com.netscape.certsrv.system.ConfigurationResponse;
import com.netscape.certsrv.system.SystemCertData;
@@ -239,28 +238,14 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
throw new PKIException("Error while updating security domain: " + e);
}
- if (csType.equals("KRA")) {
- finalizeKRAConfiguration(data);
- }
-
- if (csType.equals("OCSP")) {
- finalizeOCSPConfiguration(data);
- }
-
- if (csType.equals("CA")) {
- finalizeCAConfiguration(data);
- }
-
try {
if (!data.getSharedDB()) ConfigurationUtils.setupDBUser();
} catch (Exception e) {
- e.printStackTrace();
+ CMS.debug(e);
throw new PKIException("Errors in creating or updating dbuser: " + e);
}
- if (csType.equals("TPS")) {
- finalizeTPSConfiguration(data);
- }
+ finalizeConfiguration(data);
cs.putInteger("cs.state", 1);
@@ -550,116 +535,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
}
- public void finalizeCAConfiguration(ConfigurationRequest request) {
- try {
- if (!request.getIsClone().equals("true")) {
- ConfigurationUtils.updateNextRanges();
- }
-
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Errors in updating next serial number ranges in DB: " + e);
- }
-
- try {
- if (request.getIsClone().equals("true") && ConfigurationUtils.isSDHostDomainMaster(cs)) {
- // cloning a domain master CA, the clone is also master of its domain
- cs.putString("securitydomain.host", CMS.getEEHost());
- cs.putString("securitydomain.httpport", CMS.getEENonSSLPort());
- cs.putString("securitydomain.httpsadminport", CMS.getAdminPort());
- cs.putString("securitydomain.httpsagentport", CMS.getAgentPort());
- cs.putString("securitydomain.httpseeport", CMS.getEESSLPort());
- cs.putString("securitydomain.select", "new");
- }
-
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Errors in determining if security domain host is a master CA");
- }
- }
-
- public void finalizeKRAConfiguration(ConfigurationRequest request) {
- try {
- String ca_host = cs.getString("preop.ca.hostname", "");
-
- // need to push connector information to the CA
- if (!request.getStandAlone() && !ca_host.equals("")) {
- ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort());
- ConfigurationUtils.setupClientAuthUser();
- }
-
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Errors in pushing KRA connector information to the CA: " + e);
- }
-
- try {
- if (!request.getIsClone().equals("true")) {
- ConfigurationUtils.updateNextRanges();
- }
-
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Errors in updating next serial number ranges in DB: " + e);
- }
- }
-
- public void finalizeOCSPConfiguration(ConfigurationRequest request) {
- try {
- String ca_host = cs.getString("preop.ca.hostname", "");
-
- // import the CA certificate into the OCSP
- // configure the CRL Publishing to OCSP in CA
- if (!ca_host.equals("")) {
- CMS.reinit(IOCSPAuthority.ID);
- ConfigurationUtils.importCACertToOCSP();
-
- if (!request.getStandAlone()) {
- ConfigurationUtils.updateOCSPConfig();
- ConfigurationUtils.setupClientAuthUser();
- }
- }
-
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Errors in configuring CA publishing to OCSP: " + e);
- }
- }
-
- public void finalizeTPSConfiguration(ConfigurationRequest request) {
- try {
- ConfigurationUtils.addProfilesToTPSUser(request.getAdminUID());
-
- URI secdomainURI = new URI(request.getSecurityDomainUri());
-
- // register TPS with CA
- URI caURI = new URI(request.getCaUri());
- ConfigurationUtils.registerUser(secdomainURI, caURI, "ca");
-
- // register TPS with TKS
- URI tksURI = new URI(request.getTksUri());
- ConfigurationUtils.registerUser(secdomainURI, tksURI, "tks");
-
- if (request.getEnableServerSideKeyGen().equalsIgnoreCase("true")) {
- URI kraURI = new URI(request.getKraUri());
- ConfigurationUtils.registerUser(secdomainURI, kraURI, "kra");
- String transportCert = ConfigurationUtils.getTransportCert(secdomainURI, kraURI);
- ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert);
- }
-
- // generate shared secret from the tks
- ConfigurationUtils.getSharedSecret(
- tksURI.getHost(),
- tksURI.getPort(),
- Boolean.getBoolean(request.getImportSharedSecret()));
-
- } catch (URISyntaxException e) {
- throw new BadRequestException("Invalid URI for CA, TKS or KRA");
-
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Errors in registering TPS to CA, TKS or KRA: " + e);
- }
+ public void finalizeConfiguration(ConfigurationRequest request) {
}
public void configureAdministrator(ConfigurationRequest data, ConfigurationResponse response) {
diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
index dea8e1ef8..b4dca6c7c 100644
--- a/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
+++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
@@ -23,8 +23,10 @@ import java.util.Collection;
import org.dogtagpki.server.rest.SystemConfigService;
+import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.system.ConfigurationRequest;
import com.netscape.certsrv.system.SystemCertData;
import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
@@ -115,4 +117,44 @@ public class TPSInstallerService extends SystemConfigService {
cs.putString("tokendb.userBaseDN", request.getBaseDN());
cs.putString("tokendb.hostport", request.getDsHost() + ":" + request.getDsPort());
}
+
+ @Override
+ public void finalizeConfiguration(ConfigurationRequest request) {
+
+ super.finalizeConfiguration(request);
+
+ try {
+ ConfigurationUtils.addProfilesToTPSUser(request.getAdminUID());
+
+ URI secdomainURI = new URI(request.getSecurityDomainUri());
+
+ // register TPS with CA
+ URI caURI = new URI(request.getCaUri());
+ ConfigurationUtils.registerUser(secdomainURI, caURI, "ca");
+
+ // register TPS with TKS
+ URI tksURI = new URI(request.getTksUri());
+ ConfigurationUtils.registerUser(secdomainURI, tksURI, "tks");
+
+ if (request.getEnableServerSideKeyGen().equalsIgnoreCase("true")) {
+ URI kraURI = new URI(request.getKraUri());
+ ConfigurationUtils.registerUser(secdomainURI, kraURI, "kra");
+ String transportCert = ConfigurationUtils.getTransportCert(secdomainURI, kraURI);
+ ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert);
+ }
+
+ // generate shared secret from the tks
+ ConfigurationUtils.getSharedSecret(
+ tksURI.getHost(),
+ tksURI.getPort(),
+ Boolean.getBoolean(request.getImportSharedSecret()));
+
+ } catch (URISyntaxException e) {
+ throw new BadRequestException("Invalid URI for CA, TKS or KRA");
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException("Errors in registering TPS to CA, TKS or KRA: " + e);
+ }
+ }
}
generated by cgit (git 2.34.1) at 2024-06-24 17:08:03 +0000