summaryrefslogtreecommitdiffstats
path: root/pki/base/ra
diff options
context:
space:
mode:
authormharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-07 22:37:08 +0000
committermharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-07 22:37:08 +0000
commit466202e75665108f5c51c5d602d2afaabed4a027 (patch)
tree9e953e972da8074d7fc4dfcc02f0d1a96f57db34 /pki/base/ra
parent2963ca4c6381e7a43fff0457fb0135476874830f (diff)
downloadpki-466202e75665108f5c51c5d602d2afaabed4a027.tar.gz
pki-466202e75665108f5c51c5d602d2afaabed4a027.tar.xz
pki-466202e75665108f5c51c5d602d2afaabed4a027.zip
Bugzilla Bug #492735 - Configuration wizard stores certain incorrect port
values within TPS "CS.cfg" . . . Bugzilla Bug #495597 - Unable to access Agent page using a configured CA/KRA containing an HSM git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@431 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra')
-rw-r--r--pki/base/ra/doc/CS.cfg18
-rwxr-xr-xpki/base/ra/forms/ee/user/renewal.cgi2
-rwxr-xr-xpki/base/ra/forms/index.cgi1
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/AdminPanel.pm20
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm22
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm16
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm91
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/DonePanel.pm18
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm14
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/NamePanel.pm26
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm16
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/SizePanel.pm6
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm11
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm18
14 files changed, 181 insertions, 98 deletions
diff --git a/pki/base/ra/doc/CS.cfg b/pki/base/ra/doc/CS.cfg
index 697853bd1..c580d2741 100644
--- a/pki/base/ra/doc/CS.cfg
+++ b/pki/base/ra/doc/CS.cfg
@@ -16,14 +16,14 @@
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
-pkicreate.arg01.pki_instance_root=[INSTANCE_ROOT]
-pkicreate.arg02.pki_instance_name=[INSTANCE_ID]
-pkicreate.arg03.subsystem_type=[SUBSYSTEM_TYPE]
-pkicreate.arg04.secure_port=[SECURE_PORT]
-pkicreate.arg05.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
-pkicreate.arg06.unsecure_port=[PORT]
-pkicreate.arg07.user=[USERID]
-pkicreate.arg08.group=[GROUPID]
+pkicreate.pki_instance_root=[INSTANCE_ROOT]
+pkicreate.pki_instance_name=[INSTANCE_ID]
+pkicreate.subsystem_type=[SUBSYSTEM_TYPE]
+pkicreate.secure_port=[SECURE_PORT]
+pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
+pkicreate.unsecure_port=[PORT]
+pkicreate.user=[USERID]
+pkicreate.group=[GROUPID]
request._000=#########################################
request._001=# Request Queue Parameters
request._002=#########################################
@@ -250,6 +250,6 @@ preop.keysize._000=#########################################
preop.keysize._001=# Installation configuration "preop" keysize parameters
preop.keysize._002=#########################################
preop.keysize.customsize=2048
-preop.keysize.select=custom
+preop.keysize.select=default
preop.keysize.size=2048
preop.keysize.ecc.size=256
diff --git a/pki/base/ra/forms/ee/user/renewal.cgi b/pki/base/ra/forms/ee/user/renewal.cgi
index 63a211eff..a4bbc458c 100755
--- a/pki/base/ra/forms/ee/user/renewal.cgi
+++ b/pki/base/ra/forms/ee/user/renewal.cgi
@@ -53,7 +53,7 @@ sub process()
$self->debug_params($cfg, $q);
my $host = $cfg->get("service.machineName");
- my $port = $cfg->get("service.securePort");
+ my $port = $cfg->get("service.non_clientauth_securePort");
my %context;
$context{url} = "https://$host:$port/ee/user/renew.cgi";
diff --git a/pki/base/ra/forms/index.cgi b/pki/base/ra/forms/index.cgi
index e71e1ec67..0e643166b 100755
--- a/pki/base/ra/forms/index.cgi
+++ b/pki/base/ra/forms/index.cgi
@@ -55,6 +55,7 @@ sub process()
$self->debug_params($cfg, $q);
$::symbol{machineName} = $cfg->get("service.machineName");
+ $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort");
$::symbol{securePort} = $cfg->get("service.securePort");
$::symbol{unsecurePort} = $cfg->get("service.unsecurePort");
diff --git a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm
index d67a9b2e3..e08032913 100755
--- a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm
@@ -99,12 +99,12 @@ sub update
my $cainfo = $::config->get("preop.ca.url");
&PKI::RA::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo");
if ($cainfo eq "" || $cainfo =~ /:$/) {
- $cainfo = $::config->get("config.sdomainURL");
- &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainURL=$cainfo");
+ $cainfo = $::config->get("config.sdomainEEURL");
+ &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo");
}
&PKI::RA::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo");
my $cainfo_url = new URI::URL($cainfo);
- my $sdom = $::config->get("config.sdomainURL");
+ my $sdom = $::config->get("config.sdomainEEURL");
my $sdom_url = new URI::URL($sdom);
my $machineName = $::config->get("service.machineName");
@@ -132,15 +132,15 @@ sub update
"auth_hostname=" . $sdom_url->host . "&" .
"auth_port=" . $sdom_url->port;
- my $host = $cainfo_url->host;
- my $port = $cainfo_url->port;
+ my $ca_host = $cainfo_url->host;
+ my $https_ee_port = $cainfo_url->port;
my $content = "";
my $tmpfile = "/tmp/admin-$$";
if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
- system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile");
+ system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile");
$content = `cat $tmpfile`;
} else {
- system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile");
+ system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile");
$content = `cat $tmpfile`;
}
system("rm $tmpfile");
@@ -158,8 +158,8 @@ sub update
my $admincert = $response->{Requests}->{Request}->{b64};
&PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert);
- $host = $::config->get("preop.database.host");
- $port = $::config->get("preop.database.port");
+ my $ldap_host = $::config->get("preop.database.host");
+ my $ldap_port = $::config->get("preop.database.port");
my $basedn = $::config->get("preop.database.basedn");
my $binddn = $::config->get("preop.database.binddn");
# my $bindpwd = $::config->get("tokendb.bindPass");
@@ -221,7 +221,7 @@ sub update
# system("sed -e 's/\$TOKENDB_ROOT/$basedn/' " .
# "-e 's/\$TOKENDB_AGENT_CERT/$admincert/' " .
# "/usr/share/$flavor/ra/scripts/addAgents.ldif > $tmp");
-# system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " .
+# system("$mozldap_path/ldapmodify -h '$ldap_host' -p '$ldap_port' -D '$binddn' " .
# "-w '$bindpwd' -a " .
# "-f '$tmp'");
system("rm $tmp");
diff --git a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
index dbfc42eec..901be9a34 100755
--- a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
@@ -84,29 +84,29 @@ sub update
my $instanceID = $::config->get("service.instanceID");
my $host = "";
- my $port = "";
+ my $https_ee_port = "";
if ($count =~ /http/) {
my $info = new URI::URL($count);
$host = $info->host;
- $port = $info->port;
+ $https_ee_port = $info->port;
} else {
$host = $::config->get("preop.securitydomain.ca$count.host");
- $port = $::config->get("preop.securitydomain.ca$count.secureport");
+ $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
}
- if (($host eq "") || ($port eq "")) {
+ if (($host eq "") || ($https_ee_port eq "")) {
$::symbol{errorString} = "no CA found. CA, TKS and optionally DRM must be installed prior to RA installation";
return 0;
}
- &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, port= $port");
+ &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port");
- $::config->put("preop.cainfo.select", "https://$host:$port");
+ $::config->put("preop.cainfo.select", "https://$host:$https_ee_port");
my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname");
my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
$::config->put("conn.ca1.clientNickname", $subsystemCertNickName);
- $::config->put("conn.ca1.hostport", $host . ":" . $port);
+ $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port);
$::config->commit();
@@ -116,7 +116,7 @@ sub update
my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
$db_password =~ s/\n$//g;
my $tmpfile = "/tmp/ca-$$";
- system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$port > $tmpfile");
+ system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile");
my $cmd = `cat $tmpfile`;
system("rm $tmpfile");
my $caCert;
@@ -165,10 +165,10 @@ sub display
if ($host eq "") {
goto DONE;
}
- my $port = $::config->get("preop.securitydomain.ca$count.secureport");
+ my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
- my $item = $name . " - https://" . $host . ":" . $port;
-# my $item = "https://" . $host . ":" . $port;
+ my $item = $name . " - https://" . $host . ":" . $https_ee_port;
+# my $item = "https://" . $host . ":" . $https_ee_port;
# unshift(@{$::symbol{urls}}, $item);
$::symbol{urls}[$count++] = $item;
if ($first eq 1) {
diff --git a/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm
index 707a45dc1..924fe0cb9 100755
--- a/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm
@@ -81,24 +81,24 @@ sub update
my $count = $q->param('urls');
my $instanceID = $::config->get("service.instanceID");
my $host = "";
- my $port = "";
+ my $https_agent_port = "";
if ($count =~ /http/) {
my $info = new URI::URL($count);
$host = $info->host;
- $port = $info->port;
+ $https_agent_port = $info->port;
} else {
$host = $::config->get("preop.securitydomain.kra$count.host");
- $port = $::config->get("preop.securitydomain.kra$count.secureport");
+ $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport");
}
- if (($host eq "") || ($port eq "")) {
+ if (($host eq "") || ($https_agent_port eq "")) {
$::symbol{errorString} = "no DRM found. CA, TKS and DRM must be installed prior to RA installation";
return 0;
}
- $::config->put("preop.krainfo.select", "https://$host:$port");
+ $::config->put("preop.krainfo.select", "https://$host:$https_agent_port");
my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
$::config->put("conn.drm1.clientNickname", $subsystemCertNickName);
- $::config->put("conn.drm1.hostport", $host . ":" . $port);
+ $::config->put("conn.drm1.hostport", $host . ":" . $https_agent_port);
$::config->put("conn.tks1.serverKeygen", "true");
$::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true");
$::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true");
@@ -127,9 +127,9 @@ sub display
if ($host eq "") {
goto DONE;
}
- my $port = $::config->get("preop.securitydomain.kra$count.secureport");
+ my $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport");
my $name = $::config->get("preop.securitydomain.kra$count.subsystemname");
- $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $port;
+ $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port;
}
DONE:
$::symbol{urls_size} = $count;
diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
index c0c897139..54e9b85cf 100755
--- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
@@ -102,25 +102,25 @@ sub update
$tmp = `rm $instanceDir/conf/caCert.der`;
$tmp = `rm $instanceDir/conf/caCert_pp.txt`;
- # complete the SeucrityDomain task
- my $sdomainURL = $::config->get("config.sdomainURL");
- if ($sdomainURL eq "") {
+ # complete the SecurityDomain task
+ my $sdomainAdminURL = $::config->get("config.sdomainAdminURL");
+ if ($sdomainAdminURL eq "") {
return 2;
}
my $machineName = $::config->get("service.machineName");
- my $securePort = $::config->get("service.securePort");
+ my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
my $unsecurePort = $::config->get("service.unsecurePort");
# check if url is accessible
# redirect to the security domain authentication
if ($ENV{'SERVER_PORT'} eq $unsecurePort) {
- $::symbol{redirect} = $sdomainURL . "/ca/ee/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA";
+ $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA";
} else {
- $::symbol{redirect} = $sdomainURL . "/ca/ee/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA";
+ $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $non_clientauth_securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA";
}
- get_domain_xml($sdomainURL);
+ get_domain_xml($sdomainAdminURL);
return 3;
@@ -135,27 +135,27 @@ sub display
&PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain");
my $instanceID = $::config->get("service.instanceID");
my $instanceDir = $::config->get("service.instanceDir");
- my $sdomainURL = $::config->get("config.sdomainURL");
- if ($sdomainURL eq "") {
+ my $sdomainAdminURL = $::config->get("config.sdomainAdminURL");
+ if ($sdomainAdminURL eq "") {
return 2;
}
my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
$db_password =~ s/\n$//g;
- my $url_info = new URI::URL($sdomainURL);
- my $host = $url_info->host;
- my $port = $url_info->port;
+ my $url_info = new URI::URL($sdomainAdminURL);
+ my $sd_host = $url_info->host;
+ my $sd_admin_port = $url_info->port;
my $nickname = $::config->get("preop.cert.sslserver.nickname");
- my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/getCertChain\" $host:$port`;
+ my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`;
- my $caCert;
+ my $caCert = "";
if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
$caCert = $1;
&PKI::RA::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert");
}
- my $certpp;
+ my $certpp = "";
if ($caCert ne "") {
open(F, ">$instanceDir/conf/caCert.txt");
print F $caCert;
@@ -199,13 +199,14 @@ sub display
return 1;
}
+
sub get_domain_xml
{
- my ($sdomainURL) = @_;
+ my ($sdomainAdminURL) = @_;
- my $sdom_info = new URI::URL($sdomainURL);
+ my $sdom_info = new URI::URL($sdomainAdminURL);
# get the domain xml
- # e. g. - https://water.sfbay.redhat.com:9444/ca/ee/ca/getDomainXML
+ # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML
my $nickname = $::config->get("preop.cert.sslserver.nickname");
my $instanceID = $::config->get("service.instanceID");
@@ -213,9 +214,9 @@ sub get_domain_xml
my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
$db_password =~ s/\n$//g;
- my $host = $sdom_info->host;
- my $port = $sdom_info->port;
- my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/getDomainXML\" $host:$port`;
+ my $sd_host = $sdom_info->host;
+ my $sd_admin_port = $sdom_info->port;
+ my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
$content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
$content = $1;
@@ -241,8 +242,40 @@ sub get_domain_xml
$c->{'SubsystemName'}[0]);
$::config->put("preop.securitydomain.ca" . $count . ".secureport",
$c->{'SecurePort'}[0]);
+ $::config->put("preop.securitydomain.ca" . $count . ".secureagentport",
+ $c->{'SecureAgentPort'}[0]);
+ $::config->put("preop.securitydomain.ca" . $count . ".secureadminport",
+ $c->{'SecureAdminPort'}[0]);
+ $::config->put("preop.securitydomain.ca" . $count . ".unsecureport",
+ $c->{'UnSecurePort'}[0]);
$::config->put("preop.securitydomain.ca" . $count . ".host",
$c->{'Host'}[0]);
+
+ # The user previously specified the CA Security Domain's
+ # SSL Admin URL in the "Security Domain Panel";
+ # now retrieve this specified CA Security Domain's
+ # non-SSL EE, SSL Agent, and SSL EE URLs:
+ if( $sd_admin_port eq $c->{'SecureAdminPort'}[0] ) {
+ # Build the URLs
+ my $http_ee_port = "https://"
+ . $c->{'Host'}[0]
+ . ":"
+ . $c->{'UnSecurePort'}[0];
+ my $https_agent_port = "https://"
+ . $c->{'Host'}[0]
+ . ":"
+ . $c->{'SecureAgentPort'}[0];
+ my $https_ee_port = "https://"
+ . $c->{'Host'}[0]
+ . ":"
+ . $c->{'SecurePort'}[0];
+
+ # Store the URLs
+ $::config->put( "config.sdomainHttpURL", $http_ee_port );
+ $::config->put( "config.sdomainAgentURL", $https_agent_port );
+ $::config->put( "config.sdomainEEURL", $https_ee_port );
+ }
+
$count++;
}
@@ -254,6 +287,12 @@ sub get_domain_xml
$c->{'SubsystemName'}[0]);
$::config->put("preop.securitydomain.tks" . $count . ".secureport",
$c->{'SecurePort'}[0]);
+ $::config->put("preop.securitydomain.tks" . $count . ".secureagentport",
+ $c->{'SecureAgentPort'}[0]);
+ $::config->put("preop.securitydomain.tks" . $count . ".secureadminport",
+ $c->{'SecureAdminPort'}[0]);
+ $::config->put("preop.securitydomain.tks" . $count . ".unsecureport",
+ $c->{'UnSecurePort'}[0]);
$::config->put("preop.securitydomain.tks" . $count . ".host",
$c->{'Host'}[0]);
$count++;
@@ -267,6 +306,12 @@ sub get_domain_xml
$c->{'SubsystemName'}[0]);
$::config->put("preop.securitydomain.kra" . $count . ".secureport",
$c->{'SecurePort'}[0]);
+ $::config->put("preop.securitydomain.kra" . $count . ".secureagentport",
+ $c->{'SecureAgentPort'}[0]);
+ $::config->put("preop.securitydomain.kra" . $count . ".secureadminport",
+ $c->{'SecureAdminPort'}[0]);
+ $::config->put("preop.securitydomain.kra" . $count . ".unsecureport",
+ $c->{'UnSecurePort'}[0]);
$::config->put("preop.securitydomain.kra" . $count . ".host",
$c->{'Host'}[0]);
$count++;
@@ -279,7 +324,11 @@ sub get_domain_xml
$::config->put("preop.securitydomain.ra" . $count . ".subsystemname",
$c->{'SubsystemName'}[0]);
$::config->put("preop.securitydomain.ra" . $count . ".secureport",
+ $c->{'SecureAgentPort'}[0]);
+ $::config->put("preop.securitydomain.ra" . $count . ".non_clientauth_secure_port",
$c->{'SecurePort'}[0]);
+ $::config->put("preop.securitydomain.ra" . $count . ".unsecureport",
+ $c->{'UnSecurePort'}[0]);
$::config->put("preop.securitydomain.ra" . $count . ".host",
$c->{'Host'}[0]);
$count++;
diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm
index 086d51e4a..87d8bd8c4 100755
--- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm
@@ -91,13 +91,15 @@ sub register_ra
&PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain");
my $machineName = $::config->get("service.machineName");
+ my $unsecurePort = $::config->get("service.unsecurePort");
my $securePort = $::config->get("service.securePort");
+ my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
my $session_id = $::config->get("preop.sessionID");
&PKI::RA::Wizard::debug_log("DonePanel: Security Domain Info " . $url);
- # add service.securityDomainPort to the config file in case pkiremove needs to
- # remove system reference from the security domain
+ # add service.securityDomainPort to the config file in case pkiremove
+ # needs to remove system reference from the security domain
$::config->put("service.securityDomainPort", $securePort);
$::config->commit();
@@ -183,7 +185,9 @@ sub get_kra_transport_cert
my $krainfo_url = new URI::URL($krainfo);
my $machineName = $::config->get("service.machineName");
+ my $unsecurePort = $::config->get("service.unsecurePort");
my $securePort = $::config->get("service.securePort");
+ my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
my $session_id = $::config->get("preop.sessionID");
my $nickname = $::config->get("preop.cert.sslserver.nickname");
@@ -234,7 +238,9 @@ sub send_kra_transport_cert
my $tksinfo_url = new URI::URL($tksinfo);
my $machineName = $::config->get("service.machineName");
+ my $unsecurePort = $::config->get("service.unsecurePort");
my $securePort = $::config->get("service.securePort");
+ my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
my $session_id = $::config->get("preop.sessionID");
my $nickname = $::config->get("preop.cert.sslserver.nickname");
@@ -296,7 +302,7 @@ sub display
}
# Add this RA's server certificate to the subsystems
- my $sdom = $::config->get("config.sdomainURL");
+ my $sdom = $::config->get("config.sdomainEEURL");
my $cainfo = $::config->get("preop.cainfo.select");
$cainfo =~ s/.* - //g;
&register_ra($sdom, $cainfo, $::config->get("conn.ca1.servlet.addagent"), "CA");
@@ -368,8 +374,9 @@ sub display
&PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain");
my $machineName = $::config->get("service.machineName");
- my $securePort = $::config->get("service.securePort");
my $unsecurePort = $::config->get("service.unsecurePort");
+ my $securePort = $::config->get("service.securePort");
+ my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
my $instanceID = $::config->get("service.instanceID");
my $initCommand = "";
@@ -381,8 +388,9 @@ sub display
}
$::symbol{host} = $machineName;
- $::symbol{port} = $securePort;
$::symbol{unsecurePort} = $unsecurePort;
+ $::symbol{port} = $securePort;
+ $::symbol{non_clientauth_port} = $non_clientauth_securePort;
$::symbol{initCommand} = $initCommand;
$::config->deleteSubstore("preop.");
diff --git a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
index 7ee15e596..54159a336 100755
--- a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
@@ -75,7 +75,7 @@ sub update
&PKI::RA::Wizard::debug_log("ImportAdminCertPanel: update");
# register to Security Domain
- my $sdom = $::config->get("config.sdomainURL");
+ my $sdom = $::config->get("config.sdomainAgentURL");
my $sdom_url = new URI::URL($sdom);
#
@@ -102,6 +102,18 @@ sub update
my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML?$params\" $sdom_url->host:$sdom_url->port`;
+ # Fetch the "updated" security domain and display it
+ &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: Dump contents of updated Security Domain . . .");
+ my $sdomainAdminURL = $::config->get("config.sdomainAdminURL");
+ my $sdom_info = new URI::URL($sdomainAdminURL);
+ my $nickname = $::config->get("preop.cert.sslserver.nickname");
+ my $sd_host = $sdom_info->host;
+ my $sd_admin_port = $sdom_info->port;
+ my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+ $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+ $content = $1;
+ &PKI::RA::Wizard::debug_log($content);
+
return 1;
}
diff --git a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm
index 383654184..221f93263 100755
--- a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm
@@ -87,25 +87,25 @@ sub update
&PKI::RA::Wizard::debug_log("NamePanel: update - selected ca= $count");
my $host = "";
- my $port = "";
+ my $https_ee_port = "";
my $useExternalCA = "off";
if ($count =~ /http/) {
my $info = new URI::URL($count);
$host = $info->host;
- $port = $info->port;
+ $https_ee_port = $info->port;
} else {
$host = $::config->get("preop.securitydomain.ca$count.host");
if ($host eq "") {
$useExternalCA = "on";
} else {
- $port = $::config->get("preop.securitydomain.ca$count.secureport");
- &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, port= $port");
+ $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+ &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, https_ee_port= $https_ee_port");
}
}
$::config->put("preop.certenroll.useExternalCA", $useExternalCA);
- $::config->put("preop.ca.url", "https://" . $host . ":" . $port);
+ $::config->put("preop.ca.url", "https://" . $host . ":" . $https_ee_port);
my $tokenname = $::config->get("preop.module.token");
&PKI::RA::Wizard::debug_log("NamePanel: update got token name = $tokenname");
@@ -242,7 +242,7 @@ GEN_CERT:
# see if there is an existing cert
my $cert = $::config->get("preop.cert.$certtag.cert");
- my $sdom = $::config->get("config.sdomainURL");
+ my $sdom = $::config->get("config.sdomainEEURL");
my $sdom_url = new URI::URL($sdom);
if (($useExternalCA eq "on") && ($certtag ne "subsystem")) {
@@ -293,14 +293,14 @@ GEN_CERT:
if ($certtag eq "subsystem") {
$host = $sdom_url->host;
- $port = $sdom_url->port;
+ $https_ee_port = $sdom_url->port;
}
if ($changed eq "true") {
-$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port";
-$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port";
+$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
+$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
} else {
-$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port";
-$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port";
+$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
+$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
}
&PKI::RA::Wizard::debug_log("debug_req = " . $debug_req);
@@ -480,9 +480,9 @@ sub display
if ($host eq "") {
goto DONE;
}
- my $port = $::config->get("preop.securitydomain.ca$count.secureport");
+ my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
- my $item = $name . " - https://" . $host . ":" . $port;
+ my $item = $name . " - https://" . $host . ":" . $https_ee_port;
$::symbol{urls}[$count++] = $item;
}
diff --git a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
index 468a5b1c3..ce622f915 100755
--- a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
@@ -26,6 +26,7 @@ use strict;
use warnings;
use PKI::RA::GlobalVar;
use PKI::RA::Common;
+use URI::URL;
use XML::Simple;
use Data::Dumper;
@@ -78,7 +79,7 @@ sub display
$::symbol{panelname} = "Security Domain";
$::symbol{sdomainName} = "Security Domain";
my $hostname = $::config->get("service.machineName");
- $::symbol{sdomainURL} = "https://" . $hostname . ":9444";
+ $::symbol{sdomainAdminURL} = "https://" . $hostname . ":9445";
return 1;
}
@@ -90,15 +91,22 @@ sub update
&PKI::RA::Wizard::debug_log("SecurityPanel: update");
my $sdomainURL = $q->param("sdomainURL");
+ my $sdomainURL_info = new URI::URL($sdomainURL);
+
if ($sdomainURL eq "") {
&PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found");
- $::symbol{errorString} = "Security Domain URL not found";
+ $::symbol{errorString} = "Security Domain HTTPS Admin URL not found";
return 0;
}
- # save url in CS.cfg
+ # save urls in CS.cfg
&PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL);
- $::config->put("config.sdomainURL", $sdomainURL);
+ $::config->put("config.sdomainAdminURL", $sdomainURL);
+
+ # Add values necessary for 'pkiremove' . . .
+ $::config->put("securitydomain.select", "existing");
+ $::config->put("securitydomain.host", $sdomainURL_info->host);
+ $::config->put("securitydomain.httpsadminport", $sdomainURL_info->port);
$::config->commit();
return 1;
diff --git a/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm b/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm
index 763b184be..3a1ba77d6 100755
--- a/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm
@@ -211,11 +211,11 @@ sub display
#for "common key settings"
my $select = $::config->get("preop.keysize.select");
- if ($select ne "") {
+ if (($select eq "") || ($select eq "default")) {
+ $::symbol{select} = "default";
+ } else {
&PKI::RA::Wizard::debug_log("SizePanel: display keysize select= $select");
$::symbol{select} = $select;
- } else {
- $::symbol{select} = "default";
}
my $default_size = $::config->get("preop.keysize.size");
if ($default_size eq "") {
diff --git a/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm b/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
index 4f98bee61..4a0869420 100755
--- a/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm
@@ -76,7 +76,9 @@ sub update
$::symbol{subsystemName} = "Registration Authority";
$::symbol{fullsystemname} = "Registration Authority";
$::symbol{machineName} = "localhost";
- $::symbol{https_port} = "7889";
+ $::symbol{http_port} = "12888";
+ $::symbol{https_port} = "12889";
+ $::symbol{non_clientauth_https_port} = "12890";
$::symbol{check_clonesubsystem} = " ";
$::symbol{check_newsubsystem} = " ";
$::symbol{disableClone} = 1;
@@ -97,12 +99,15 @@ sub display
$::symbol{fullsystemname} = "Registration Authority ";
my $machineName = $::config->get("service.machineName");
- my $securePort = $::config->get("service.securePort");
my $unsecurePort = $::config->get("service.unsecurePort");
+ my $securePort = $::config->get("service.securePort");
+ my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
$::symbol{machineName} = $machineName;
+ $::symbol{http_port} = $unsecurePort;
$::symbol{https_port} = $securePort;
+ $::symbol{non_clientauth_https_port} = $non_clientauth_securePort;
$::symbol{check_clonesubsystem} = "";
$::symbol{check_newsubsystem} = "checked ";
@@ -117,7 +122,7 @@ sub display
if ($host eq "") {
goto DONE;
}
- my $port = $::config->get("preop.securitydomain.ra$count.secureport");
+ my $port = $::config->get("preop.securitydomain.ra$count.non_clientauth_secure_port");
my $name = $::config->get("preop.securitydomain.ra$count.subsystemname");
unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port);
$count++;
diff --git a/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm
index a219e74c3..6a4f6b16e 100755
--- a/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm
@@ -79,28 +79,28 @@ sub update
my $instanceID = $::config->get("service.instanceID");
my $host = "";
- my $port = "";
+ my $https_agent_port = "";
if ($count =~ /http/) {
my $info = new URI::URL($count);
$host = $info->host;
- $port = $info->port;
- if (($host eq "") || ($port eq "")) {
+ $https_agent_port = $info->port;
+ if (($host eq "") || ($https_agent_port eq "")) {
$::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation";
return 0;
}
$::config->put("preop.tksinfo.select", $count);
} else {
$host = $::config->get("preop.securitydomain.tks$count.host");
- $port = $::config->get("preop.securitydomain.tks$count.secureport");
- if (($host eq "") || ($port eq "")) {
+ $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport");
+ if (($host eq "") || ($https_agent_port eq "")) {
$::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation";
return 0;
}
- $::config->put("preop.tksinfo.select", "https://$host:$port");
+ $::config->put("preop.tksinfo.select", "https://$host:$https_agent_port");
}
my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
$::config->put("conn.tks1.clientNickname", $subsystemCertNickName);
- $::config->put("conn.tks1.hostport", $host . ":" . $port);
+ $::config->put("conn.tks1.hostport", $host . ":" . $https_agent_port);
$::config->commit();
return 1;
@@ -117,9 +117,9 @@ sub display
if ($host eq "") {
goto DONE;
}
- my $port = $::config->get("preop.securitydomain.tks$count.secureport");
+ my $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport");
my $name = $::config->get("preop.securitydomain.tks$count.subsystemname");
- $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $port;
+ $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port;
}
DONE:
$::symbol{urls_size} = $count;
generated by cgit (git 2.34.1) at 2024-07-07 21:31:36 +0000