diff options
author | Christina Fu <cfu@redhat.com> | 2015-05-04 15:51:48 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2015-05-05 18:02:07 -0700 |
commit | 2aa7ed131f4d229269088775513f23ec8b3793ec (patch) | |
tree | 5d594bb21efe3ff1497383e517ff3134aefaa849 /base/server/upgrade | |
parent | cb32779617947a16a0bfdc519a5ecbd0ae7019aa (diff) | |
download | pki-2aa7ed131f4d229269088775513f23ec8b3793ec.tar.gz pki-2aa7ed131f4d229269088775513f23ec8b3793ec.tar.xz pki-2aa7ed131f4d229269088775513f23ec8b3793ec.zip |
Ticket 1295 Upgrade script for - CA: OCSP via GET does not work
Diffstat (limited to 'base/server/upgrade')
-rwxr-xr-x | base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML b/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML new file mode 100755 index 000000000..9988e0eba --- /dev/null +++ b/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML @@ -0,0 +1,79 @@ +#!/usr/bin/python +# Authors: +# Christina Fu <cfu@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import os +import sys +from lxml import etree as ET + +import pki +import pki.server.upgrade + +class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgradeScriptlet): + + OCSPGETServletMappingData = """ + <servlet-mapping> +<servlet-name> caOCSP </servlet-name> +<url-pattern> /ocsp/* </url-pattern> + </servlet-mapping> + + """ + + def __init__(self): + + self.message = 'Add missing OCSP Get Servlet Mapping to upgraded Dogtag 9 instances' + + def upgrade_subsystem(self, instance, subsystem): + # only affects CA + if subsystem.name != "ca": + return + + web_xml = os.path.join( + instance.base_dir, + 'ca', 'webapps', subsystem.name, + 'WEB-INF', 'web.xml') + + if not os.path.exists(web_xml): + return + + self.backup(web_xml) + + self.doc = ET.parse(web_xml) + self.root = self.doc.getroot() + self.add_ocsp_get_servlet_mapping() + + self.doc.write(web_xml) + + def add_ocsp_get_servlet_mapping(self): + #add missing OCSP Get servlet mapping + mappingFound = False + urlPattern = "" + index = 0 + for mapping in self.doc.findall('.//servlet-mapping'): + name = mapping.find('servlet-name').text.strip() + if name == 'caOCSP': + urlPattern = mapping.find('url-pattern').text.strip() + index = self.root.index(mapping) + 1 + if urlPattern == '/ocsp/*': + mappingFound = True + if not mappingFound: + mapping = ET.fromstring(self.OCSPGETServletMappingData) + mapping.tail = '\n\n ' + self.root.insert(index, mapping) |