diff options
author | Andrew Wnuk <awnuk@redhat.com> | 2012-08-17 17:49:21 -0700 |
---|---|---|
committer | Andrew Wnuk <awnuk@redhat.com> | 2012-08-17 17:49:21 -0700 |
commit | c987bc0c31da927b2f764a4ae42bd8fb4a245fee (patch) | |
tree | 8f645d82f88563c2d4e93ed4c23abc06855f4eea /base | |
parent | 477fd0b29e53b9706f5f458eae342bc35ea82adf (diff) | |
download | pki-c987bc0c31da927b2f764a4ae42bd8fb4a245fee.tar.gz pki-c987bc0c31da927b2f764a4ae42bd8fb4a245fee.tar.xz pki-c987bc0c31da927b2f764a4ae42bd8fb4a245fee.zip |
DRM connector protection
This patch prevents DRM connector to be overwritten by subsequent DRM installations.
Bug 804179.
Diffstat (limited to 'base')
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java | 9 | ||||
-rw-r--r-- | base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java | 78 |
2 files changed, 51 insertions, 36 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 9b8d62537..895bf48dd 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -438,13 +438,18 @@ public class DonePanel extends WizardPanelBase { // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { + boolean connectorUpdated = true; try { updateConnectorInfo(ownagenthost, ownagentsport); + CMS.debug("DonePanel: connector information updated."); } catch (IOException e) { context.put("errorString", "Failed to update connector information."); - return; + context.put("info", "Failed to update connector information. "+e.getMessage()); + connectorUpdated = false; + CMS.debug("DonePanel: exception in updating connector information. "+e.getMessage()); + //return; } - setupClientAuthUser(); + if (connectorUpdated) setupClientAuthUser(); } // if KRA // import the CA certificate into the OCSP diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index d5c4f017d..f7a49dd5a 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -122,41 +122,46 @@ public class UpdateConnector extends CMSServlet { return; } - IConfigStore cs = CMS.getConfigStore(); - - Enumeration list = httpReq.getParameterNames(); - while (list.hasMoreElements()) { - String name = (String)list.nextElement(); - String val = httpReq.getParameter(name); - if (name != null && name.startsWith("ca.connector")) { - CMS.debug("Adding connector update name=" + name + " val=" + val); - cs.putString(name, val); - } else { - CMS.debug("Skipping connector update name=" + name + " val=" + val); + // check if connector exists + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICAService caService = (ICAService)ca.getCAService(); + boolean connectorExists = (caService.getKRAConnector() != null)? true:false; + if (connectorExists) { + CMS.debug("UpdateConnector: KRA connector already exists"); + } else { + IConfigStore cs = CMS.getConfigStore(); + + Enumeration list = httpReq.getParameterNames(); + while (list.hasMoreElements()) { + String name = (String)list.nextElement(); + String val = httpReq.getParameter(name); + if (name != null && name.startsWith("ca.connector")) { + CMS.debug("Adding connector update name=" + name + " val=" + val); + cs.putString(name, val); + } else { + CMS.debug("Skipping connector update name=" + name + " val=" + val); + } + } + + try { + String nickname = cs.getString("ca.subsystem.nickname", ""); + String tokenname = cs.getString("ca.subsystem.tokenname", ""); + if (!tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; + cs.putString("ca.connector.KRA.nickName", nickname); + cs.commit(false); + } catch (Exception e) { } - } - - try { - String nickname = cs.getString("ca.subsystem.nickname", ""); - String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; - cs.putString("ca.connector.KRA.nickName", nickname); - cs.commit(false); - } catch (Exception e) { - } - // start the connector - try { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService)ca.getCAService(); - IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); - caService.setKRAConnector(kraConnector); - kraConnector.start(); - } catch (Exception e) { - CMS.debug("Failed to start connector " + e); + // start the connector + try { + IConnector kraConnector = caService.getConnector( + cs.getSubStore("ca.connector.KRA")); + caService.setKRAConnector(kraConnector); + kraConnector.start(); + } catch (Exception e) { + CMS.debug("Failed to start connector " + e); + } } // send success status back to the requestor @@ -165,7 +170,12 @@ public class UpdateConnector extends CMSServlet { XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); - xmlObj.addItemToContainer(root, "Status", SUCCESS); + if (connectorExists) { + xmlObj.addItemToContainer(root, "Status", FAILED); + xmlObj.addItemToContainer(root, "Error", "DRM connector already exists."); + } else { + xmlObj.addItemToContainer(root, "Status", SUCCESS); + } byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); |