diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-02-19 08:42:30 +0100 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2016-02-26 13:12:01 -0500 |
| commit | 1d58b883ff9d0056d89d74d30f1375ab12d01f03 (patch) | |
| tree | a91fabd83ddfb0e3424badb49a883acab5c71f72 /base/common/src | |
| parent | 1f2d7dbab0e6a7b26f7aa12b8a58fb4c3a6da825 (diff) | |
| download | pki-1d58b883ff9d0056d89d74d30f1375ab12d01f03.tar.gz pki-1d58b883ff9d0056d89d74d30f1375ab12d01f03.tar.xz pki-1d58b883ff9d0056d89d74d30f1375ab12d01f03.zip | |
Added mechanism to import system certs via PKCS #12 file.
The installation tool has been modified to provide an optional
pki_server_pkcs12_path property to specify a PKCS #12 file
containing certificate chain, system certificates, and third-party
certificates needed by the subsystem being installed.
If the pki_server_pkcs12_path is specified the installation tool
will no longer download the certificate chain from the security
domain directly, and it will no longer import the PKCS #12
containing the entire master NSS database specified in
pki_clone_pkcs12_path.
For backward compatibility, if the pki_server_pkcs12_path is not
specified the installation tool will use the old mechanism to
import the system certificates.
The ConfigurationUtils.verifySystemCertificates() has been modified
not to catch the exception to help troubleshooting.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/common/src')
| -rw-r--r-- | base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java index 8c9da6f37..890f7d01f 100644 --- a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java +++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java @@ -133,6 +133,9 @@ public class ConfigurationRequest { protected String reindexData; @XmlElement + protected Boolean systemCertsImported; + + @XmlElement protected List<SystemCertData> systemCerts; @XmlElement @@ -559,21 +562,37 @@ public class ConfigurationRequest { /** * - * @return systemCerts + * @return systemCertsImported */ - public List<SystemCertData> getSystemCerts() { - return systemCerts; + public Boolean getSystemCertsImported() { + return systemCertsImported; } /** * - * @param systemCerts + * @param systemCertsImported */ - public void setSystemCerts(List<SystemCertData> systemCerts) { - this.systemCerts = systemCerts; + public void setSystemCertsImported(Boolean systemCertsImported) { + this.systemCertsImported = systemCertsImported; } /** + * + * @return systemCerts + */ + public List<SystemCertData> getSystemCerts() { + return systemCerts; + } + + /** + * + * @param systemCerts + */ + public void setSystemCerts(List<SystemCertData> systemCerts) { + this.systemCerts = systemCerts; + } + + /** * @return the issuingCA */ public String getIssuingCA() { @@ -940,6 +959,7 @@ public class ConfigurationRequest { ", masterReplicationPort=" + masterReplicationPort + ", cloneReplicationPort=" + cloneReplicationPort + ", replicationSecurity=" + replicationSecurity + + ", systemCertsImported=" + systemCertsImported + ", systemCerts=" + systemCerts + ", issuingCA=" + issuingCA + ", backupKeys=" + backupKeys + |