diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-08-29 08:33:05 +0200 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2016-09-02 11:16:47 -0400 |
| commit | bc65e12500cbc3381b4e755a4a50214f43049ad3 (patch) | |
| tree | 17e1307b8eab94dddd9a9f4775e642d4d8a3def5 /base/server/cms/src/org | |
| parent | 1195ee9d6e45783d238edc1799363c21590febce (diff) | |
| download | pki-bc65e12500cbc3381b4e755a4a50214f43049ad3.tar.gz pki-bc65e12500cbc3381b4e755a4a50214f43049ad3.tar.xz pki-bc65e12500cbc3381b4e755a4a50214f43049ad3.zip | |
Added support to create system certificates in different tokens.
Previously all system certificates were always created in the same
token specified in the pki_token_name parameter.
To allow creating system certificates in different tokens, the
configuration.py has been modified to store the system certificate
token names specified in pki_<cert>_token parameters into the
CS.cfg before the server is started.
After the server is started, the configuration servlet will read
the token names from the CS.cfg and create the certificates in the
appropriate token.
https://fedorahosted.org/pki/ticket/2449
Diffstat (limited to 'base/server/cms/src/org')
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 9d7c176ec..5cc6f63dc 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -199,7 +199,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { CMS.debug("Processing '" + cert.getCertTag() + "' certificate:"); ret = ConfigurationUtils.handleCerts(cert); - ConfigurationUtils.setCertPermissions(cert.getCertTag()); + ConfigurationUtils.setCertPermissions(cert); CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); } catch (Exception e) { CMS.debug(e); @@ -386,7 +386,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou processCert( request, - token, certList, certs, hasSigningCert, @@ -415,7 +414,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou public void processCert( ConfigurationRequest request, - String token, Collection<String> certList, Collection<Cert> certs, MutableBoolean hasSigningCert, @@ -460,13 +458,13 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String curvename = certData.getKeyCurveName() != null ? certData.getKeyCurveName() : cs.getString("keys.ecc.curve.default"); cs.putString("preop.cert." + tag + ".curvename.name", curvename); - ConfigurationUtils.createECCKeyPair(token, curvename, cs, tag); + ConfigurationUtils.createECCKeyPair(tokenName, curvename, cs, tag); } else { String keysize = certData.getKeySize() != null ? certData.getKeySize() : cs .getString("keys.rsa.keysize.default"); cs.putString("preop.cert." + tag + ".keysize.size", keysize); - ConfigurationUtils.createRSAKeyPair(token, Integer.parseInt(keysize), cs, tag); + ConfigurationUtils.createRSAKeyPair(tokenName, Integer.parseInt(keysize), cs, tag); } } else { @@ -600,7 +598,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } cs.putString(csSubsystem + "." + tag + ".nickname", cdata.getNickname()); - cs.putString(csSubsystem + "." + tag + ".tokenname", cdata.getToken()); cs.putString(csSubsystem + "." + tag + ".certreq", cdata.getRequest()); cs.putString(csSubsystem + "." + tag + ".cert", cdata.getCert()); cs.putString(csSubsystem + "." + tag + ".dn", cdata.getSubjectDN()); |