Bugzilla Bug #492735 - Configuration wizard stores certain incorrect port

values within TPS "CS.cfg" . . .


git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@434 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

12 files changed, 263 insertions, 19 deletions

diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg
index aac14e868..de8f911b4 100644
--- a/pki/base/ca/shared/conf/CS.cfg
+++ b/pki/base/ca/shared/conf/CS.cfg
@@ -13,6 +13,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.arg11.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 preop.wizard.name=CA Setup Wizard
 preop.product.name=CS
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index bb4dba978..0a493df51 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -96,12 +96,12 @@ public class SecurityDomainPanel extends WizardPanelBase {
         context.put("title", "Security Domain");
         IConfigStore config = CMS.getConfigStore();
         String errorString = "";
-        String admin_url = "";
+        String default_admin_url = "";
         String name = "";
         String cstype = "";
 
         try {
-            admin_url = config.getString("preop.securitydomain.admin_url", "");
+            default_admin_url = config.getString("preop.securitydomain.admin_url", "");
             name = config.getString("preop.securitydomain.name", "");
             cstype = config.getString("cs.type", "");
         } catch (Exception e) {
@@ -136,17 +136,17 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("https_agent_port", CMS.getAgentPort());
             context.put("https_ee_port", CMS.getEESSLPort());
             context.put("https_admin_port", CMS.getAdminPort());
-            context.put("sdomainAdminURL", admin_url);
+            context.put("sdomainAdminURL", default_admin_url);
         } catch (EBaseException e) {}
 
         context.put("panel", "admin/console/config/securitydomainpanel.vm");
         context.put("errorString", errorString);
 
-        // from admin_url, find hostname, if fully qualified, get network
-        // domain name and generate default security domain name
-        if (name.equals("") && (admin_url != null)) {
+        // from default_admin_url, find hostname, if fully qualified, get
+        // network domain name and generate default security domain name
+        if (name.equals("") && (default_admin_url != null)) {
             try {
-                URL u = new URL(admin_url);
+                URL u = new URL(default_admin_url);
 
                 String hostname = u.getHost();
                 StringTokenizer st = new StringTokenizer(hostname, ".");
@@ -177,6 +177,38 @@ public class SecurityDomainPanel extends WizardPanelBase {
         }
         context.put("sdomainName", name);
 
+        if( default_admin_url != null ) {
+            String r = null;
+
+            try {
+                // check to see if "default" security domain exists
+                // on local machine
+                URL u = new URL( default_admin_url );
+
+                String hostname = u.getHost();
+                int port = u.getPort();
+                ConfigCertApprovalCallback
+                certApprovalCallback = new ConfigCertApprovalCallback();
+                r = pingCS( hostname, port, true, certApprovalCallback );
+            } catch (Exception e) {
+                CMS.debug( "SecurityDomainPanel: exception caught: "
+                         + e.toString() );
+            }
+ 
+            if( r != null ) {
+                // "default" security domain exists on local machine;
+                // fill "sdomainURL" in with "default" security domain
+                // as an initial "guess"
+                CMS.debug( "SecurityDomainPanel: pingCS returns: "+r );
+                context.put( "sdomainURL", default_admin_url );
+            } else {
+                // "default" security domain does NOT exist on local machine;
+                // leave "sdomainURL" blank
+                CMS.debug( "SecurityDomainPanel: pingCS no successful response" );
+                context.put( "sdomainURL", "" );
+            }
+        }
+
         // Information for "existing" Security Domain CAs
         String instanceId = "<security_domain_instance_name>";
         String os = System.getProperty( "os.name" );
@@ -392,10 +424,43 @@ public class SecurityDomainPanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) {
         IConfigStore config = CMS.getConfigStore();
+        String default_admin_url = "";
         try {
             initParams(request, context);
         } catch (IOException e) {
         }
+
+        try {
+            default_admin_url = config.getString("preop.securitydomain.admin_url", "");
+        } catch (Exception e) {}
+
+        if( default_admin_url != null ) {
+            String r = null;
+
+            try {
+                // check to see if "default" security domain exists
+                // on local machine
+                URL u = new URL( default_admin_url );
+
+                String hostname = u.getHost();
+                int port = u.getPort();
+                ConfigCertApprovalCallback
+                certApprovalCallback = new ConfigCertApprovalCallback();
+                r = pingCS( hostname, port, true, certApprovalCallback );
+            } catch (Exception e) {}
+ 
+            if( r != null ) {
+                // "default" security domain exists on local machine;
+                // refill "sdomainURL" in with "default" security domain
+                // as an initial "guess"
+                context.put( "sdomainURL", default_admin_url );
+            } else {
+                // "default" security domain does NOT exist on local machine;
+                // leave "sdomainURL" blank
+                context.put( "sdomainURL", "" );
+            }
+        }
+
         try {
             context.put("machineName", config.getString("machineName"));
             context.put("http_ee_port", CMS.getEENonSSLPort());
diff --git a/pki/base/kra/shared/conf/CS.cfg b/pki/base/kra/shared/conf/CS.cfg
index 8d10595c4..a9743f807 100644
--- a/pki/base/kra/shared/conf/CS.cfg
+++ b/pki/base/kra/shared/conf/CS.cfg
@@ -9,6 +9,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.arg11.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 preop.wizard.name=DRM Setup Wizard
 preop.product.name=CS
diff --git a/pki/base/ocsp/shared/conf/CS.cfg b/pki/base/ocsp/shared/conf/CS.cfg
index 0544fc632..67967cd46 100644
--- a/pki/base/ocsp/shared/conf/CS.cfg
+++ b/pki/base/ocsp/shared/conf/CS.cfg
@@ -14,6 +14,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 cs.type=OCSP
 admin.interface.uri=ocsp/admin/console/config/wizard
diff --git a/pki/base/ra/doc/CS.cfg b/pki/base/ra/doc/CS.cfg
index c580d2741..5f51a89d2 100644
--- a/pki/base/ra/doc/CS.cfg
+++ b/pki/base/ra/doc/CS.cfg
@@ -24,6 +24,7 @@ pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
 pkicreate.unsecure_port=[PORT]
 pkicreate.user=[USERID]
 pkicreate.group=[GROUPID]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[INSTANCE_ID]
 request._000=#########################################
 request._001=# Request Queue Parameters
 request._002=#########################################
diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
index 54e9b85cf..06f8b992e 100755
--- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
@@ -274,6 +274,14 @@ sub get_domain_xml
             $::config->put( "config.sdomainHttpURL", $http_ee_port );
             $::config->put( "config.sdomainAgentURL", $https_agent_port );
             $::config->put( "config.sdomainEEURL", $https_ee_port );
+
+            # Store additional values necessary for 'pkiremove' . . .
+            $::config->put( "securitydomain.httpport", 
+                            $c->{'UnSecurePort'}[0] );
+            $::config->put( "securitydomain.httpsagentport",
+                            $c->{'SecureAgentPort'}[0] );
+            $::config->put( "securitydomain.httpseeport", 
+                            $c->{'SecurePort'}[0] );
         }
 
         $count++;
diff --git a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
index ce622f915..857f3a976 100755
--- a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
@@ -72,15 +72,77 @@ sub has_sub_panel
     return 0;
 }
 
+sub pingCS
+{
+    my( $instanceDir ) = $_[0];
+    my( $db_password ) = $_[1];
+    my( $nickname ) = $_[2];
+    my( $hostname ) = $_[3];
+    my( $port ) = $_[4];
+
+    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`;
+    if( "$content" eq "" ) {
+        return 0;
+    } else {
+        $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+        $content = $1;
+
+        my $parser = XML::Simple->new();
+        my $response = $parser->XMLin($content);
+        my $state = $response->{State};
+
+        if( "$state" eq "1" ) {
+            return 1;
+        } else {
+            return 0;
+        }
+    }
+}
+
 sub display
 {
     my ($q) = @_;
     &PKI::RA::Wizard::debug_log("SecurityPanel: display");
     $::symbol{panelname} = "Security Domain";
     $::symbol{sdomainName} = "Security Domain";
+
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
     my $hostname = $::config->get("service.machineName");
-    $::symbol{sdomainAdminURL} = "https://" . $hostname . ":9445";
+    my $default_https_admin_port = 9445;
+
+    # check to see if "default" security domain exists on local machine
+    my $status = pingCS( $instanceDir,
+                         $db_password,
+                         $nickname,
+                         $hostname,
+                         $default_https_admin_port );
+    if( "$status" eq "1" ) {
+        # "default" security domain exists on local machine;
+        # fill "sdomainURL" in with "default" security domain
+        # as an initial "guess"
+        $::symbol{sdomainURL} = "https://" . $hostname . ":"
+                              . $default_https_admin_port;
+    } else {
+        # "default" security domain does NOT exist on local machine;
+        # leave "sdomainURL" blank
+        $::symbol{sdomainURL} = "";
+    }
 
+    $::symbol{sdomainAdminURL} = "https://" . $hostname . ":"
+                               . $default_https_admin_port;
+
+    my $initCommand = "";
+    my $instanceID ="&lt;security_domain_instance_name&gt; ";
+    if( $^O eq "linux" ) {
+        $initCommand = "/sbin/service $instanceID";
+    } else {
+        ## default case:  e. g. - ( $^O eq "solaris" )
+        $initCommand  = "/etc/init.d/$instanceID";
+    }
+    $::symbol{initCommand} = $initCommand;
     return 1;
 }
 
@@ -91,9 +153,29 @@ sub update
     &PKI::RA::Wizard::debug_log("SecurityPanel: update");
     my $sdomainURL = $q->param("sdomainURL");
 
+    if ($sdomainURL eq "") {
+        &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!");
+        $::symbol{errorString} = "Security Domain HTTPS has not been specified!";
+        return 0;
+    }
+
     my $sdomainURL_info = new URI::URL($sdomainURL);
 
-    if ($sdomainURL eq "") {
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $hostname = $sdomainURL_info->host;
+    my $https_admin_port = $sdomainURL_info->port;
+
+    # check to see if "default" security domain exists on local machine
+    my $status = pingCS( $instanceDir,
+                         $db_password,
+                         $nickname,
+                         $hostname,
+                         $https_admin_port );
+    if( "$status" ne "1" ) {
+        # invalid security domain specified
         &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found");
         $::symbol{errorString} = "Security Domain HTTPS Admin URL not found";
         return 0;
diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove
index 707ba2217..e8bf71e5f 100755
--- a/pki/base/setup/pkiremove
+++ b/pki/base/setup/pkiremove
@@ -234,14 +234,7 @@ sub update_domain()
         if ($varname eq "securitydomain.httpsagentport") { $secagentport = $valname; }
         if ($varname eq "securitydomain.httpsadminport") { $secadminport = $valname; }
         if ($varname eq "securitydomain.select") { $secselect = $valname; }
-        # CA, KRA, OCSP, TKS
-        if ($varname =~ /[a-z]*.subsystem.nickname/) {
-            $subsystemnick = $valname;
-        }
-        # RA, TPS
-        if ($varname =~ /conn.[a-z]*.clientNickname/) {
-            $subsystemnick = $valname;
-        }
+        if ($varname eq "pkiremove.cert.subsystem.nickname") { $subsystemnick = $valname; }
     }
     close(DAT);
 
diff --git a/pki/base/tks/shared/conf/CS.cfg b/pki/base/tks/shared/conf/CS.cfg
index 7c1dcec58..5e10c8d89 100644
--- a/pki/base/tks/shared/conf/CS.cfg
+++ b/pki/base/tks/shared/conf/CS.cfg
@@ -17,6 +17,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
 pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
 pkicreate.user=[PKI_USER]
 pkicreate.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
 installDate=[INSTALL_TIME]
 cs.type=TKS
 admin.interface.uri=tks/admin/console/config/wizard
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
index 814913b5d..f42046c64 100644
--- a/pki/base/tps/doc/CS.cfg
+++ b/pki/base/tps/doc/CS.cfg
@@ -26,6 +26,7 @@ pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
 pkicreate.unsecure_port=[PORT]
 pkicreate.user=[USERID]
 pkicreate.group=[GROUPID]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[INSTANCE_ID]
 cs.type=TPS
 service.machineName=[SERVER_NAME]
 service.instanceDir=[SERVER_ROOT]
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
index 841d9dcc8..01f6e76d1 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
@@ -273,6 +273,14 @@ sub get_domain_xml
             $::config->put( "config.sdomainHttpURL", $http_ee_port );
             $::config->put( "config.sdomainAgentURL", $https_agent_port );
             $::config->put( "config.sdomainEEURL", $https_ee_port );
+
+            # Store additional values necessary for 'pkiremove' . . .
+            $::config->put( "securitydomain.httpport",
+                            $c->{'UnSecurePort'}[0] );
+            $::config->put( "securitydomain.httpsagentport",
+                            $c->{'SecureAgentPort'}[0] );
+            $::config->put( "securitydomain.httpseeport",
+                            $c->{'SecurePort'}[0] );
         }
 
         $count++;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
index 700fc487e..a7f46dbd9 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
@@ -71,15 +71,77 @@ sub has_sub_panel
     return 0;
 }
 
+sub pingCS
+{
+    my( $instanceDir ) = $_[0];
+    my( $db_password ) = $_[1];
+    my( $nickname ) = $_[2];
+    my( $hostname ) = $_[3];
+    my( $port ) = $_[4];
+
+    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`;
+    if( "$content" eq "" ) {
+        return 0;
+    } else {
+        $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+        $content = $1;
+
+        my $parser = XML::Simple->new();
+        my $response = $parser->XMLin($content);
+        my $state = $response->{State};
+
+        if( "$state" eq "1" ) {
+            return 1;
+        } else {
+            return 0;
+        }
+    }
+}
+
 sub display
 {
     my ($q) = @_;
     &PKI::TPS::Wizard::debug_log("SecurityPanel: display");
     $::symbol{panelname} = "Security Domain";
     $::symbol{sdomainName} = "Security Domain";
+
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
     my $hostname = $::config->get("service.machineName");
-    $::symbol{sdomainAdminURL} = "https://" . $hostname . ":9445";
+    my $default_https_admin_port = 9445;
+
+    # check to see if "default" security domain exists on local machine
+    my $status = pingCS( $instanceDir,
+                         $db_password,
+                         $nickname,
+                         $hostname,
+                         $default_https_admin_port );
+    if( "$status" eq "1" ) {
+        # "default" security domain exists on local machine;
+        # fill "sdomainURL" in with "default" security domain
+        # as an initial "guess"
+        $::symbol{sdomainURL} = "https://" . $hostname . ":"
+                              . $default_https_admin_port;
+    } else {
+        # "default" security domain does NOT exist on local machine;
+        # leave "sdomainURL" blank
+        $::symbol{sdomainURL} = "";
+    }
 
+    $::symbol{sdomainAdminURL} = "https://" . $hostname . ":"
+                               . $default_https_admin_port;
+
+    my $initCommand = "";
+    my $instanceID = "&lt;security_domain_instance_name&gt; ";
+    if( $^O eq "linux" ) {
+        $initCommand = "/sbin/service $instanceID";
+    } else {
+        ## default case:  e. g. - ( $^O eq "solaris" )
+        $initCommand  = "/etc/init.d/$instanceID";
+    }
+    $::symbol{initCommand} = $initCommand;
     return 1;
 }
 
@@ -90,9 +152,29 @@ sub update
     &PKI::TPS::Wizard::debug_log("SecurityPanel: update");
     my $sdomainURL = $q->param("sdomainURL");
 
+    if ($sdomainURL eq "") {
+        &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!");
+        $::symbol{errorString} = "Security Domain HTTPS has not been specified!";
+        return 0;
+    }
+
     my $sdomainURL_info = new URI::URL($sdomainURL);
 
-    if ($sdomainURL eq "") {
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $hostname = $sdomainURL_info->host;
+    my $https_admin_port = $sdomainURL_info->port;
+
+    # check to see if "default" security domain exists on local machine
+    my $status = pingCS( $instanceDir,
+                         $db_password,
+                         $nickname,
+                         $hostname,
+                         $https_admin_port );
+    if( "$status" ne "1" ) {
+        # invalid security domain specified
         &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL not found");
         $::symbol{errorString} = "Security Domain HTTPS Admin URL not found";
         return 0;