Import profiles when spawning CA instance

author: Fraser Tweedale <ftweedal@redhat.com> 2014-07-18 02:01:58 -0400
committer: Fraser Tweedale <frase@frase.id.au> 2015-04-07 22:38:11 -0400
commit: e4869e62f432b510dc99eb7e00d16a23caa6ea64 (patch)
tree: d802a32ee9847bf4b1216e7cc059328d97ab4906 /base/ca
parent: 2af78cedd82a08046324ea13eb4973d65c80010f (diff)
download: pki-e4869e62f432b510dc99eb7e00d16a23caa6ea64.tar.gz
pki-e4869e62f432b510dc99eb7e00d16a23caa6ea64.tar.xz
pki-e4869e62f432b510dc99eb7e00d16a23caa6ea64.zip
2 files changed, 117 insertions, 0 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 1831f3c8c..5b9f66680 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -1139,6 +1139,7 @@ subsystem.0.class=com.netscape.ca.CertificateAuthority
 subsystem.0.id=ca
 subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem
 subsystem.1.id=profile
+subsystem.1.enabled=false
 subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
 subsystem.2.id=selftests
 subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
index bb823eece..883ab3779 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
@@ -17,13 +17,28 @@
 // --- END COPYRIGHT BLOCK ---
 package org.dogtagpki.server.ca.rest;
 
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.StringTokenizer;
+
+import netscape.ldap.LDAPAttribute;
+
 import org.dogtagpki.server.rest.SystemConfigService;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.ldap.ILdapConnFactory;
+import com.netscape.certsrv.registry.IPluginInfo;
+import com.netscape.certsrv.registry.IPluginRegistry;
 import com.netscape.certsrv.system.ConfigurationRequest;
 import com.netscape.cms.servlet.csadmin.ConfigurationUtils;
+import com.netscape.cmscore.base.LDAPConfigStore;
+import com.netscape.cmscore.profile.LDAPProfileSubsystem;
+
 
 /**
  * @author alee
@@ -64,5 +79,106 @@ public class CAInstallerService extends SystemConfigService {
             CMS.debug(e);
             throw new PKIException("Errors in determining if security domain host is a master CA");
         }
+
+        try {
+            CMS.enableSubsystem("profile");
+        } catch (Exception e) {
+            CMS.debug(e);
+            throw new PKIException("Error enabling profile subsystem");
+        }
+    }
+
+    @Override
+    public void initializeDatabase(ConfigurationRequest data) {
+        super.initializeDatabase(data);
+
+        if (!data.isClone()
+                && CMS.getSubsystem("profile") instanceof LDAPProfileSubsystem) {
+            try {
+                importProfiles("/usr/share/pki");
+            } catch (Exception e) {
+                throw new PKIException("Error importing profiles.");
+            }
+        }
+    }
+
+    /**
+     * Import profiles from the filesystem into the database.
+     *
+     * @param configRoot Where to look for the profile files.  For a
+     *                   fresh installation this should be
+     *                   "/usr/share/pki".  For existing installations it
+     *                   should be CMS.getConfigStore().getString("instanceRoot").
+     *
+     */
+    public void importProfiles(String configRoot)
+            throws EBaseException, ELdapException {
+        IPluginRegistry registry = (IPluginRegistry)
+            CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
+        IConfigStore profileCfg = cs.getSubStore("profile");
+        String profileIds = profileCfg.getString("list", "");
+        StringTokenizer st = new StringTokenizer(profileIds, ",");
+
+        IConfigStore dbCfg = cs.getSubStore("internaldb");
+        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory();
+        dbFactory.init(dbCfg);
+
+        while (st.hasMoreTokens()) {
+            String profileId = st.nextToken();
+            IConfigStore profileSubCfg = profileCfg.getSubStore(profileId);
+            String classId = profileSubCfg.getString("class_id", "");
+            try {
+                IPluginInfo info = registry.getPluginInfo("profile", classId);
+                if (info == null) {
+                    throw new EBaseException("No plugins for type : profile, with id " + classId);
+                }
+
+                String profilePath = configRoot + "/ca/profiles/ca/" + profileId + ".cfg";
+                CMS.debug("Importing profile '" + profileId + "' from " + profilePath);
+                importProfile(dbFactory, classId, profileId, profilePath);
+            } catch (EBaseException e) {
+                CMS.debug("Error importing profile '" + profileId + "': " + e.toString());
+                CMS.debug("  Continuing with profile import procedure...");
+            }
+        }
+    }
+
+    /**
+     * Import one profile from the filesystem into the database.
+     *
+     * @param dbFactory     LDAP connection factory.
+     * @param classId       The profile class of the profile to import.
+     * @param profileId     The ID of the profile to import.
+     * @param profilePath   Path to the on-disk profile configuration.
+     */
+    public void importProfile(
+            ILdapConnFactory dbFactory, String classId,
+            String profileId, String profilePath)
+            throws EBaseException {
+
+        String basedn = cs.getString("internaldb.basedn", "");
+
+        String dn = "cn=" + profileId + ",ou=certificateProfiles,ou=ca," + basedn;
+
+        String[] objectClasses = {"top", "certProfile"};
+        LDAPAttribute[] createAttrs = {
+            new LDAPAttribute("objectclass", objectClasses),
+            new LDAPAttribute("cn", profileId),
+            new LDAPAttribute("classId", classId)
+        };
+
+        IConfigStore configStore = new LDAPConfigStore(
+            dbFactory, dn, createAttrs, "certProfileConfig");
+
+        try {
+            FileInputStream input = new FileInputStream(profilePath);
+            configStore.load(input);
+        } catch (FileNotFoundException e) {
+            throw new EBaseException("Could not find file for profile: " + profileId);
+        } catch (IOException e) {
+            throw new EBaseException("Error loading data for profile: " + profileId);
+        }
+
+        configStore.commit(false /* no backup */);
     }
 }
author	Fraser Tweedale <ftweedal@redhat.com>	2014-07-18 02:01:58 -0400
committer	Fraser Tweedale <frase@frase.id.au>	2015-04-07 22:38:11 -0400
commit	e4869e62f432b510dc99eb7e00d16a23caa6ea64 (patch)
tree	d802a32ee9847bf4b1216e7cc059328d97ab4906 /base/ca
parent	2af78cedd82a08046324ea13eb4973d65c80010f (diff)
download	pki-e4869e62f432b510dc99eb7e00d16a23caa6ea64.tar.gz pki-e4869e62f432b510dc99eb7e00d16a23caa6ea64.tar.xz pki-e4869e62f432b510dc99eb7e00d16a23caa6ea64.zip