Set paths for default instance

With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385
author: Ade Lee <alee@redhat.com> 2012-10-26 12:36:14 -0400
committer: Ade Lee <alee@redhat.com> 2012-11-04 22:12:57 -0500
commit: db9537d210a20b90115374e5b406db6c9658bc3a (patch)
tree: 0adfb22bd00842c2e3cae2b46ddbf7caa313b19d /base/common/src
parent: d9a9e23aae83f1d3d6c0e5968097fde12cfff3d2 (diff)
download: pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.gz
pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.xz
pki-db9537d210a20b90115374e5b406db6c9658bc3a.zip
2 files changed, 33 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
index 6d71b5de1..444aa9a4c 100644
--- a/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
+++ b/base/common/src/com/netscape/certsrv/system/ConfigurationRequest.java
@@ -71,6 +71,7 @@ public class ConfigurationRequest {
     private static final String ADMIN_NAME = "adminName";
     private static final String ADMIN_PROFILE_ID = "adminProfileID";
     private static final String STEP_TWO = "stepTwo";
+    private static final String GENERATE_SERVER_CERT = "generateServerCert";
 
     //defaults
     public static final String TOKEN_DEFAULT = "Internal Key Storage Token";
@@ -197,6 +198,9 @@ public class ConfigurationRequest {
     @XmlElement
     protected String stepTwo;
 
+    @XmlElement(defaultValue = "true")
+    protected String generateServerCert;
+
     public ConfigurationRequest() {
         // required for JAXB
     }
@@ -241,6 +245,7 @@ public class ConfigurationRequest {
         adminName = form.getFirst(ADMIN_NAME);
         adminProfileID = form.getFirst(ADMIN_PROFILE_ID);
         stepTwo = form.getFirst(STEP_TWO);
+        generateServerCert = form.getFirst(GENERATE_SERVER_CERT);
     }
 
 
@@ -734,6 +739,14 @@ public class ConfigurationRequest {
         this.replicateSchema = replicateSchema;
     }
 
+    public String getGenerateServerCert() {
+        return generateServerCert;
+    }
+
+    public void setGenerateServerCert(String generateServerCert) {
+        this.generateServerCert = generateServerCert;
+    }
+
     @Override
     public String toString() {
         return "ConfigurationRequest [pin=XXXX" +
@@ -774,7 +787,7 @@ public class ConfigurationRequest {
                ", adminSubjectDN=" + adminSubjectDN +
                ", adminName=" + adminName +
                ", adminProfileID=" + adminProfileID +
+               ", generateServerCert=" + generateServerCert +
                ", stepTwo=" + stepTwo + "]";
     }
-
 }
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 6f126f8ce..31fcaac9d 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -437,6 +437,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             throw new PKIException("Error in obtaining certificate chain from issuing CA: " + e);
         }
 
+        boolean generateServerCert = data.getGenerateServerCert().equalsIgnoreCase("false")? false : true;
         boolean hasSigningCert = false;
         Vector<Cert> certs = new Vector<Cert>();
         try {
@@ -454,6 +455,21 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
                     if (cdata.getTag().equals(ct)) break;
                 }
 
+                if (!generateServerCert && ct.equals("sslserver")) {
+                    if (!cdata.getToken().equals("internal")) {
+                        cs.putString(csType.toLowerCase() + ".cert.sslserver.nickname", cdata.getNickname());
+                    } else {
+                        cs.putString(csType.toLowerCase() + ".cert.sslserver.nickname", data.getToken() +
+                                ":" + cdata.getNickname());
+                    }
+                    cs.putString(csType.toLowerCase() + ".sslserver.nickname", cdata.getNickname());
+                    cs.putString(csType.toLowerCase() + ".sslserver.cert", cdata.getCert());
+                    cs.putString(csType.toLowerCase() + ".sslserver.certreq", cdata.getRequest());
+                    cs.putString(csType.toLowerCase() + ".sslserver.tokenname", cdata.getToken());
+                    cs.putString(csType.toLowerCase() + ".sslserver.cert", cdata.getCert());
+                    continue;
+                }
+
                 String keytype = (cdata.getKeyType() != null) ? cdata.getKeyType() : "rsa";
 
                 String keyalgorithm = cdata.getKeyAlgorithm();
@@ -909,5 +925,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             }
         }
 
+        if (data.getGenerateServerCert() == null) {
+            data.setGenerateServerCert("true");
+        }
     }
 }
author	Ade Lee <alee@redhat.com>	2012-10-26 12:36:14 -0400
committer	Ade Lee <alee@redhat.com>	2012-11-04 22:12:57 -0500
commit	db9537d210a20b90115374e5b406db6c9658bc3a (patch)
tree	0adfb22bd00842c2e3cae2b46ddbf7caa313b19d /base/common/src
parent	d9a9e23aae83f1d3d6c0e5968097fde12cfff3d2 (diff)
download	pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.gz pki-db9537d210a20b90115374e5b406db6c9658bc3a.tar.xz pki-db9537d210a20b90115374e5b406db6c9658bc3a.zip