diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-05-05 08:01:52 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-05-05 08:01:52 +0200 |
commit | 2be9c6eaeb178325e9564d6a47e8078b4d2f0e1f (patch) | |
tree | 93cb3b1a13953449e339efd279c796a0ad827eb4 /base/server | |
parent | 61ec70e0896360d80a85f7864c16edbf44787fb9 (diff) | |
download | pki-2be9c6eaeb178325e9564d6a47e8078b4d2f0e1f.tar.gz pki-2be9c6eaeb178325e9564d6a47e8078b4d2f0e1f.tar.xz pki-2be9c6eaeb178325e9564d6a47e8078b4d2f0e1f.zip |
Added createCertificates().
Diffstat (limited to 'base/server')
-rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 57 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 14 |
2 files changed, 49 insertions, 22 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index bd7e93caf..e4f5aec3f 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -187,38 +187,52 @@ public class SystemConfigService extends PKIService implements SystemConfigResou configureCACertChain(data, domainXML); Collection<Cert> certs = new ArrayList<Cert>(); - MutableBoolean hasSigningCert = new MutableBoolean(); - processCerts(data, token, certList, certs, hasSigningCert); - - // non-Stand-alone PKI submitting CSRs to external ca - if (data.getIssuingCA() != null && data.getIssuingCA().equals("External CA") && !hasSigningCert.booleanValue()) { - CMS.debug("Submit CSRs to external ca . . ."); - response.setSystemCerts(SystemCertDataFactory.create(certs)); - response.setStatus(SUCCESS); - return; + HttpSession session = servletRequest.getSession(); + session.setAttribute("system_certificates", certs); + + if (!data.getExistingDatabase()) { + MutableBoolean hasSigningCert = new MutableBoolean(); + processCerts(data, token, certList, certs, hasSigningCert); } + } + + @Override + public void createCertificates() { + + HttpSession session = servletRequest.getSession(); + ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request"); + ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); + Collection<Cert> certs = (Collection<Cert>)session.getAttribute("system_certificates"); for (Cert cert : certs) { int ret; + try { CMS.debug("Processing '" + cert.getCertTag() + "' certificate:"); ret = ConfigurationUtils.handleCerts(cert); ConfigurationUtils.setCertPermissions(cert.getCertTag()); CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); + } catch (Exception e) { CMS.debug(e); - throw new PKIException("Error in configuring system certificates" + e, e); + throw new PKIException("Error in configuring system certificates: " + e, e); } + if (ret != 0) { throw new PKIException("Error in configuring system certificates"); } } - response.setSystemCerts(SystemCertDataFactory.create(certs)); + } - // backup keys - CMS.debug("=== Backup Keys ==="); - if (data.getBackupKeys().equals("true")) { - backupKeys(data); + @Override + public void backupKeys() { + + HttpSession session = servletRequest.getSession(); + ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request"); + ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); + + if (request.getBackupKeys().equals("true")) { + backupKeys(request); } } @@ -243,13 +257,22 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } @Override - public ConfigurationResponse finalizeConfiguration() { + public void finalizeConfiguration() { HttpSession session = servletRequest.getSession(); ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request"); ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); finalizeConfiguration(request, response); + } + + @Override + public ConfigurationResponse getConfigurationResponse() { + + HttpSession session = servletRequest.getSession(); + ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); + Collection<Cert> certs = (Collection<Cert>)session.getAttribute("system_certificates"); + response.setSystemCerts(SystemCertDataFactory.create(certs)); return response; } @@ -632,8 +655,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION; Utils.exec("touch " + restart_server); Utils.exec("chmod 00660 " + restart_server); - - response.setStatus(SUCCESS); } public void configureAdministrator(ConfigurationRequest data, ConfigurationResponse response) { diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 1b2324f6d..24e6ee0c2 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3818,12 +3818,18 @@ class ConfigClient: try: client = pki.system.SystemConfigClient(connection) client.configure(data) - client.createUsers() - client.configureSecurityDomain() - response = client.finalize() + + if not (self.external or self.standalone) or self.external_step_two: + client.createCertificates() + client.backupKeys() + client.createUsers() + client.configureSecurityDomain() + client.finalizeConfiguration() + + response = client.getConfigurationResult() config.pki_log.debug( - log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']), + 'Configuration complete', extra=config.PKI_INDENTATION_LEVEL_2) try: certs = response['systemCerts'] |