Add option to remove signing cert entry

In the migration case, it is useful to delete the initially
created signing certificate database record and have that be
imported through the ldif data import instead.

Therefore, we add an option to remove this entry.  The user
also needs to provide the serial number for the entry.

This resolves the following tickets/BZs:
BZ# 1409949/Trac 2573 - CA Certificate Issuance Date displayed
   on CA website incorrect
BZ# 1409946/Trac 2571 -  Request ID undefined for CA signing
   certificate

1 files changed, 47 insertions, 3 deletions

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
index 3c7e48319..309f68d2d 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
@@ -24,8 +24,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.StringTokenizer;
 
-import netscape.ldap.LDAPAttribute;
-
+import org.apache.commons.lang.StringUtils;
 import org.dogtagpki.server.rest.SystemConfigService;
 
 import com.netscape.certsrv.apps.CMS;
@@ -41,6 +40,10 @@ import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
 import com.netscape.cmscore.base.LDAPConfigStore;
 import com.netscape.cmscore.profile.LDAPProfileSubsystem;
 
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+
 /**
  * @author alee
  *
@@ -93,6 +96,19 @@ public class CAInstallerService extends SystemConfigService {
             CMS.debug(e);
             throw new PKIException("Error enabling profile subsystem");
         }
+
+        if (! request.createSigningCertRecord()) {
+            // This is the migration case.  In this case, we will delete the
+            // record that was created during the install process.
+
+            try {
+                String serialNumber = request.getSigningCertSerialNumber();
+                deleteSigningRecord(serialNumber);
+            } catch (Exception e) {
+                CMS.debug(e);
+                throw new PKIException("Error deleting signing cert record:" + e, e);
+            }
+        }
     }
 
     @Override
@@ -189,9 +205,37 @@ public class CAInstallerService extends SystemConfigService {
         configStore.commit(false /* no backup */);
     }
 
+    private void deleteSigningRecord(String serialNumber) throws EBaseException, LDAPException {
+
+        if (StringUtils.isEmpty(serialNumber)) {
+            throw new PKIException("signing certificate serial number not specified in configuration request");
+        }
+
+        LDAPConnection conn = null;
+        try {
+            IConfigStore dbCfg = cs.getSubStore("internaldb");
+            ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("CAInstallerService");
+            dbFactory.init(dbCfg);
+            conn = dbFactory.getConn();
+
+            String basedn = dbCfg.getString("basedn", "");
+            String dn = "cn=" + serialNumber + ",ou=certificateRepository,ou=ca," + basedn;
+
+            conn.delete(dn);
+        } finally {
+            try {
+                if (conn != null)
+                    conn.disconnect();
+            } catch (LDAPException e) {
+                CMS.debug(e);
+                CMS.debug("releaseConnection: " + e);
+            }
+        }
+    }
+
     private void configureStartingCRLNumber(ConfigurationRequest data) {
         CMS.debug("CAInstallerService:configureStartingCRLNumber entering.");
-        cs.putString("ca.crl.MasterCRL.startingCrlNumber",data.getStartingCRLNumber() );
+        cs.putString("ca.crl.MasterCRL.startingCrlNumber",data.getStartingCRLNumber());
 
     }
     private void disableCRLCachingAndGenerationForClone(ConfigurationRequest data) throws MalformedURLException {