diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-09-08 20:06:19 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-09-08 21:15:07 +0200 |
commit | b0a4981937abb1a3decad7decc0a788473464039 (patch) | |
tree | 1ca437a9d9a1f5717bc0a1976ab5bdc8faab9313 /base/server/cms | |
parent | 238d14bb8790037c8d1ca6d9123362ba3bb9fbf1 (diff) | |
download | pki-b0a4981937abb1a3decad7decc0a788473464039.tar.gz pki-b0a4981937abb1a3decad7decc0a788473464039.tar.xz pki-b0a4981937abb1a3decad7decc0a788473464039.zip |
Removed support for creating system certificates in different tokens.
The patch that added the support for creating system certificates
in different tokens causes issues in certain cases, so for now it
has been reverted.
https://fedorahosted.org/pki/ticket/2449
Diffstat (limited to 'base/server/cms')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 18 | ||||
-rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 9 |
2 files changed, 13 insertions, 14 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index f6e125c4f..cdb284495 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -2826,7 +2826,7 @@ public class ConfigurationUtils { } config.putString(subsystem + "." + certTag + ".nickname", nickname); - + config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", @@ -3325,15 +3325,14 @@ public class ConfigurationUtils { return 0; } - public static void setCertPermissions(Cert cert) throws EBaseException, NotInitializedException, + public static void setCertPermissions(String tag) throws EBaseException, NotInitializedException, ObjectNotFoundException, TokenException { - - String tag = cert.getCertTag(); if (tag.equals("signing") || tag.equals("external_signing")) return; - String nickname = cert.getNickname(); - String tokenname = cert.getTokenname(); + IConfigStore cs = CMS.getConfigStore(); + String nickname = cs.getString("preop.cert." + tag + ".nickname", ""); + String tokenname = cs.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) nickname = tokenname + ":" + nickname; @@ -4555,11 +4554,9 @@ public class ConfigurationUtils { public static String getSubsystemCert() throws EBaseException, NotInitializedException, ObjectNotFoundException, TokenException, CertificateEncodingException, IOException { - IConfigStore cs = CMS.getConfigStore(); - String subsystem = cs.getString("cs.type").toLowerCase(); - String nickname = cs.getString(subsystem + ".subsystem.nickname", ""); - String tokenname = cs.getString(subsystem + ".subsystem.tokenname", ""); + String nickname = cs.getString("preop.cert.subsystem.nickname", ""); + String tokenname = cs.getString("preop.module.token", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token") && !tokenname.equals("")) { @@ -4574,7 +4571,6 @@ public class ConfigurationUtils { CMS.debug("ConfigurationUtils: getSubsystemCert: subsystem cert is null"); return null; } - byte[] bytes = cert.getEncoded(); String s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); return s; diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 5cc6f63dc..9d7c176ec 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -199,7 +199,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { CMS.debug("Processing '" + cert.getCertTag() + "' certificate:"); ret = ConfigurationUtils.handleCerts(cert); - ConfigurationUtils.setCertPermissions(cert); + ConfigurationUtils.setCertPermissions(cert.getCertTag()); CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); } catch (Exception e) { CMS.debug(e); @@ -386,6 +386,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou processCert( request, + token, certList, certs, hasSigningCert, @@ -414,6 +415,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou public void processCert( ConfigurationRequest request, + String token, Collection<String> certList, Collection<Cert> certs, MutableBoolean hasSigningCert, @@ -458,13 +460,13 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String curvename = certData.getKeyCurveName() != null ? certData.getKeyCurveName() : cs.getString("keys.ecc.curve.default"); cs.putString("preop.cert." + tag + ".curvename.name", curvename); - ConfigurationUtils.createECCKeyPair(tokenName, curvename, cs, tag); + ConfigurationUtils.createECCKeyPair(token, curvename, cs, tag); } else { String keysize = certData.getKeySize() != null ? certData.getKeySize() : cs .getString("keys.rsa.keysize.default"); cs.putString("preop.cert." + tag + ".keysize.size", keysize); - ConfigurationUtils.createRSAKeyPair(tokenName, Integer.parseInt(keysize), cs, tag); + ConfigurationUtils.createRSAKeyPair(token, Integer.parseInt(keysize), cs, tag); } } else { @@ -598,6 +600,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } cs.putString(csSubsystem + "." + tag + ".nickname", cdata.getNickname()); + cs.putString(csSubsystem + "." + tag + ".tokenname", cdata.getToken()); cs.putString(csSubsystem + "." + tag + ".certreq", cdata.getRequest()); cs.putString(csSubsystem + "." + tag + ".cert", cdata.getCert()); cs.putString(csSubsystem + "." + tag + ".dn", cdata.getSubjectDN()); |