Bugzilla Bug #500498 - CA installation wizard doesn't install administrator

cert into browser on Firefox 3. git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@451 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-05-14 23:01:21 +0000
committer: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-05-14 23:01:21 +0000
commit: 33469fbb4f27fb4081611e60d5ab78f50b1b9ea2 (patch)
tree: f94119a447288ca37084cb542e3f498dc7694299
parent: d2b3e114e81e7619ae4ee35479c823751ab94f28 (diff)
download: pki-33469fbb4f27fb4081611e60d5ab78f50b1b9ea2.tar.gz
pki-33469fbb4f27fb4081611e60d5ab78f50b1b9ea2.tar.xz
pki-33469fbb4f27fb4081611e60d5ab78f50b1b9ea2.zip
4 files changed, 107 insertions, 5 deletions
diff --git a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
index 901be9a34..b2d235eaa 100755
--- a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
@@ -85,17 +85,26 @@ sub update
     my $instanceID = $::config->get("service.instanceID");
     my $host = "";
     my $https_ee_port = "";
+    my $https_admin_port = "";
 
     if ($count =~ /http/) {
       my $info = new URI::URL($count);
       $host = $info->host;
       $https_ee_port = $info->port;
+      $https_admin_port = get_secure_admin_port_from_domain_xml($host,
+                                                                $https_ee_port);
+      if( $https_admin_port eq "" ) {
+          $::symbol{errorString} = "missing secure CA admin port.  CA must be installed prior to RA installation";
+          return 0;
+      }
     } else {
       $host = $::config->get("preop.securitydomain.ca$count.host");
       $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+      $https_admin_port = $::config->get("preop.securitydomain.ca$count.secureadminport");
     }
-    if (($host eq "") || ($https_ee_port eq "")) {
-      $::symbol{errorString} = "no CA found.  CA, TKS and optionally DRM must be installed prior to RA installation";
+
+    if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "")) {
+      $::symbol{errorString} = "no CA found.  CA must be installed prior to RA installation";
       return 0;
     }
 
@@ -107,6 +116,7 @@ sub update
     my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
     $::config->put("conn.ca1.clientNickname", $subsystemCertNickName);
     $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port);
+    $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port);
 
     $::config->commit();
 
@@ -190,4 +200,45 @@ DONE:
     return 1;
 }
 
+sub get_secure_admin_port_from_domain_xml
+{
+    my $host = $1;
+    my $https_ee_port = $2;
+
+    # get the domain xml
+    # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $sd_host = $::config->get("securitydomain.host");
+    my $sd_admin_port = $::config->get("securitydomain.httpsadminport");
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    # Retrieve the secure admin port corresponding
+    # to the selected host and secure ee port.
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin( $response->{'DomainInfo'},
+                              ForceArray => 1 );
+    my $https_admin_port = "";
+    my $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+      if( ( $host eq $c->{'Host'}[0] ) &&
+          ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) {
+          $https_admin_port = https_$c->{'SecureAdminPort'}[0];
+      }
+
+      $count++;
+    }
+
+    return $https_admin_port;
+}
+
 1;
diff --git a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
index 54159a336..80cbd523f 100755
--- a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
@@ -123,7 +123,7 @@ sub display
     &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: display");
 
 #    my $cainfo = $::config->get("preop.cainfo.select");
-    my $cainfo = "https://".$::config->get("conn.ca1.hostport");
+    my $cainfo = "https://".$::config->get("conn.ca1.hostadminport");
 
     my $cainfo_url = new URI::URL($cainfo);
     my $serialNumber = $::config->get("preop.admincert.serialno.0");
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
index eb789dc6b..a08f059b9 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
@@ -84,16 +84,25 @@ sub update
     my $instanceID = $::config->get("service.instanceID");
     my $host = "";
     my $https_ee_port = "";
+    my $https_admin_port = "";
 
     if ($count =~ /http/) {
       my $info = new URI::URL($count);
       $host = $info->host;
       $https_ee_port = $info->port;
+      $https_admin_port = get_secure_admin_port_from_domain_xml($host,
+                                                                $https_ee_port);
+      if( $https_admin_port eq "" ) {
+          $::symbol{errorString} = "missing secure CA admin port.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+          return 0;
+      }
     } else {
       $host = $::config->get("preop.securitydomain.ca$count.host");
       $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+      $https_admin_port = $::config->get("preop.securitydomain.ca$count.secureadminport");
     }
-    if (($host eq "") || ($https_ee_port eq "")) {
+
+    if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "")) {
       $::symbol{errorString} = "no CA found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
       return 0;
     }
@@ -106,6 +115,7 @@ sub update
     my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
     $::config->put("conn.ca1.clientNickname", $subsystemCertNickName);
     $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port);
+    $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port);
 
     $::config->commit();
 
@@ -189,4 +199,45 @@ DONE:
     return 1;
 }
 
+sub get_secure_admin_port_from_domain_xml
+{
+    my $host = $1;
+    my $https_ee_port = $2;
+
+    # get the domain xml
+    # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $sd_host = $::config->get("securitydomain.host");
+    my $sd_admin_port = $::config->get("securitydomain.httpsadminport");
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    # Retrieve the secure admin port corresponding
+    # to the selected host and secure ee port.
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin( $response->{'DomainInfo'},
+                              ForceArray => 1 );
+    my $https_admin_port = "";
+    my $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+      if( ( $host eq $c->{'Host'}[0] ) &&
+          ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) {
+          $https_admin_port = https_$c->{'SecureAdminPort'}[0];
+      }
+
+      $count++;
+    }
+
+    return $https_admin_port;
+}
+
 1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
index 1112319ca..343b8b95f 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
@@ -122,7 +122,7 @@ sub display
     &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: display");
 
 #    my $cainfo = $::config->get("preop.cainfo.select");
-    my $cainfo = "https://".$::config->get("conn.ca1.hostport");
+    my $cainfo = "https://".$::config->get("conn.ca1.hostadminport");
 
     my $cainfo_url = new URI::URL($cainfo);
     my $serialNumber = $::config->get("preop.admincert.serialno.0");
author	mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-05-14 23:01:21 +0000
committer	mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-05-14 23:01:21 +0000
commit	33469fbb4f27fb4081611e60d5ab78f50b1b9ea2 (patch)
tree	f94119a447288ca37084cb542e3f498dc7694299
parent	d2b3e114e81e7619ae4ee35479c823751ab94f28 (diff)
download	pki-33469fbb4f27fb4081611e60d5ab78f50b1b9ea2.tar.gz pki-33469fbb4f27fb4081611e60d5ab78f50b1b9ea2.tar.xz pki-33469fbb4f27fb4081611e60d5ab78f50b1b9ea2.zip