diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-08 17:55:18 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-08 17:55:18 +0000 |
commit | 516d4fdf7da46625f64118b88e3248da7c8da5aa (patch) | |
tree | 653e5fb0ce7f6cf01deadc523a2d904d221832d5 /pki | |
parent | dcb4f06af4ea608dbe0ac1ceeb1dff1930eac6d5 (diff) | |
download | pki-516d4fdf7da46625f64118b88e3248da7c8da5aa.tar.gz pki-516d4fdf7da46625f64118b88e3248da7c8da5aa.tar.xz pki-516d4fdf7da46625f64118b88e3248da7c8da5aa.zip |
Bugzilla Bug #492735 - Configuration wizard stores certain incorrect port
values within TPS "CS.cfg" . . .
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@434 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rw-r--r-- | pki/base/ca/shared/conf/CS.cfg | 1 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java | 79 | ||||
-rw-r--r-- | pki/base/kra/shared/conf/CS.cfg | 1 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/CS.cfg | 1 | ||||
-rw-r--r-- | pki/base/ra/doc/CS.cfg | 1 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm | 8 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm | 86 | ||||
-rwxr-xr-x | pki/base/setup/pkiremove | 9 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/CS.cfg | 1 | ||||
-rw-r--r-- | pki/base/tps/doc/CS.cfg | 1 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm | 8 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm | 86 |
12 files changed, 263 insertions, 19 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg index aac14e868..de8f911b4 100644 --- a/pki/base/ca/shared/conf/CS.cfg +++ b/pki/base/ca/shared/conf/CS.cfg @@ -13,6 +13,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.arg11.group=[PKI_GROUP] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] preop.wizard.name=CA Setup Wizard preop.product.name=CS diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index bb4dba978..0a493df51 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -96,12 +96,12 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("title", "Security Domain"); IConfigStore config = CMS.getConfigStore(); String errorString = ""; - String admin_url = ""; + String default_admin_url = ""; String name = ""; String cstype = ""; try { - admin_url = config.getString("preop.securitydomain.admin_url", ""); + default_admin_url = config.getString("preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); cstype = config.getString("cs.type", ""); } catch (Exception e) { @@ -136,17 +136,17 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_agent_port", CMS.getAgentPort()); context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); - context.put("sdomainAdminURL", admin_url); + context.put("sdomainAdminURL", default_admin_url); } catch (EBaseException e) {} context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); - // from admin_url, find hostname, if fully qualified, get network - // domain name and generate default security domain name - if (name.equals("") && (admin_url != null)) { + // from default_admin_url, find hostname, if fully qualified, get + // network domain name and generate default security domain name + if (name.equals("") && (default_admin_url != null)) { try { - URL u = new URL(admin_url); + URL u = new URL(default_admin_url); String hostname = u.getHost(); StringTokenizer st = new StringTokenizer(hostname, "."); @@ -177,6 +177,38 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); + if( default_admin_url != null ) { + String r = null; + + try { + // check to see if "default" security domain exists + // on local machine + URL u = new URL( default_admin_url ); + + String hostname = u.getHost(); + int port = u.getPort(); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, port, true, certApprovalCallback ); + } catch (Exception e) { + CMS.debug( "SecurityDomainPanel: exception caught: " + + e.toString() ); + } + + if( r != null ) { + // "default" security domain exists on local machine; + // fill "sdomainURL" in with "default" security domain + // as an initial "guess" + CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); + context.put( "sdomainURL", default_admin_url ); + } else { + // "default" security domain does NOT exist on local machine; + // leave "sdomainURL" blank + CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); + context.put( "sdomainURL", "" ); + } + } + // Information for "existing" Security Domain CAs String instanceId = "<security_domain_instance_name>"; String os = System.getProperty( "os.name" ); @@ -392,10 +424,43 @@ public class SecurityDomainPanel extends WizardPanelBase { HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); + String default_admin_url = ""; try { initParams(request, context); } catch (IOException e) { } + + try { + default_admin_url = config.getString("preop.securitydomain.admin_url", ""); + } catch (Exception e) {} + + if( default_admin_url != null ) { + String r = null; + + try { + // check to see if "default" security domain exists + // on local machine + URL u = new URL( default_admin_url ); + + String hostname = u.getHost(); + int port = u.getPort(); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, port, true, certApprovalCallback ); + } catch (Exception e) {} + + if( r != null ) { + // "default" security domain exists on local machine; + // refill "sdomainURL" in with "default" security domain + // as an initial "guess" + context.put( "sdomainURL", default_admin_url ); + } else { + // "default" security domain does NOT exist on local machine; + // leave "sdomainURL" blank + context.put( "sdomainURL", "" ); + } + } + try { context.put("machineName", config.getString("machineName")); context.put("http_ee_port", CMS.getEENonSSLPort()); diff --git a/pki/base/kra/shared/conf/CS.cfg b/pki/base/kra/shared/conf/CS.cfg index 8d10595c4..a9743f807 100644 --- a/pki/base/kra/shared/conf/CS.cfg +++ b/pki/base/kra/shared/conf/CS.cfg @@ -9,6 +9,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.arg11.group=[PKI_GROUP] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] preop.wizard.name=DRM Setup Wizard preop.product.name=CS diff --git a/pki/base/ocsp/shared/conf/CS.cfg b/pki/base/ocsp/shared/conf/CS.cfg index 0544fc632..67967cd46 100644 --- a/pki/base/ocsp/shared/conf/CS.cfg +++ b/pki/base/ocsp/shared/conf/CS.cfg @@ -14,6 +14,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] cs.type=OCSP admin.interface.uri=ocsp/admin/console/config/wizard diff --git a/pki/base/ra/doc/CS.cfg b/pki/base/ra/doc/CS.cfg index c580d2741..5f51a89d2 100644 --- a/pki/base/ra/doc/CS.cfg +++ b/pki/base/ra/doc/CS.cfg @@ -24,6 +24,7 @@ pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] pkicreate.unsecure_port=[PORT] pkicreate.user=[USERID] pkicreate.group=[GROUPID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[INSTANCE_ID] request._000=######################################### request._001=# Request Queue Parameters request._002=######################################### diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm index 54e9b85cf..06f8b992e 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm @@ -274,6 +274,14 @@ sub get_domain_xml $::config->put( "config.sdomainHttpURL", $http_ee_port ); $::config->put( "config.sdomainAgentURL", $https_agent_port ); $::config->put( "config.sdomainEEURL", $https_ee_port ); + + # Store additional values necessary for 'pkiremove' . . . + $::config->put( "securitydomain.httpport", + $c->{'UnSecurePort'}[0] ); + $::config->put( "securitydomain.httpsagentport", + $c->{'SecureAgentPort'}[0] ); + $::config->put( "securitydomain.httpseeport", + $c->{'SecurePort'}[0] ); } $count++; diff --git a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm index ce622f915..857f3a976 100755 --- a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm @@ -72,15 +72,77 @@ sub has_sub_panel return 0; } +sub pingCS +{ + my( $instanceDir ) = $_[0]; + my( $db_password ) = $_[1]; + my( $nickname ) = $_[2]; + my( $hostname ) = $_[3]; + my( $port ) = $_[4]; + + my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`; + if( "$content" eq "" ) { + return 0; + } else { + $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; + $content = $1; + + my $parser = XML::Simple->new(); + my $response = $parser->XMLin($content); + my $state = $response->{State}; + + if( "$state" eq "1" ) { + return 1; + } else { + return 0; + } + } +} + sub display { my ($q) = @_; &PKI::RA::Wizard::debug_log("SecurityPanel: display"); $::symbol{panelname} = "Security Domain"; $::symbol{sdomainName} = "Security Domain"; + + my $instanceDir = $::config->get("service.instanceDir"); + my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; + $db_password =~ s/\n$//g; + my $nickname = $::config->get("preop.cert.sslserver.nickname"); my $hostname = $::config->get("service.machineName"); - $::symbol{sdomainAdminURL} = "https://" . $hostname . ":9445"; + my $default_https_admin_port = 9445; + + # check to see if "default" security domain exists on local machine + my $status = pingCS( $instanceDir, + $db_password, + $nickname, + $hostname, + $default_https_admin_port ); + if( "$status" eq "1" ) { + # "default" security domain exists on local machine; + # fill "sdomainURL" in with "default" security domain + # as an initial "guess" + $::symbol{sdomainURL} = "https://" . $hostname . ":" + . $default_https_admin_port; + } else { + # "default" security domain does NOT exist on local machine; + # leave "sdomainURL" blank + $::symbol{sdomainURL} = ""; + } + $::symbol{sdomainAdminURL} = "https://" . $hostname . ":" + . $default_https_admin_port; + + my $initCommand = ""; + my $instanceID ="<security_domain_instance_name> "; + if( $^O eq "linux" ) { + $initCommand = "/sbin/service $instanceID"; + } else { + ## default case: e. g. - ( $^O eq "solaris" ) + $initCommand = "/etc/init.d/$instanceID"; + } + $::symbol{initCommand} = $initCommand; return 1; } @@ -91,9 +153,29 @@ sub update &PKI::RA::Wizard::debug_log("SecurityPanel: update"); my $sdomainURL = $q->param("sdomainURL"); + if ($sdomainURL eq "") { + &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!"); + $::symbol{errorString} = "Security Domain HTTPS has not been specified!"; + return 0; + } + my $sdomainURL_info = new URI::URL($sdomainURL); - if ($sdomainURL eq "") { + my $instanceDir = $::config->get("service.instanceDir"); + my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; + $db_password =~ s/\n$//g; + my $nickname = $::config->get("preop.cert.sslserver.nickname"); + my $hostname = $sdomainURL_info->host; + my $https_admin_port = $sdomainURL_info->port; + + # check to see if "default" security domain exists on local machine + my $status = pingCS( $instanceDir, + $db_password, + $nickname, + $hostname, + $https_admin_port ); + if( "$status" ne "1" ) { + # invalid security domain specified &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found"); $::symbol{errorString} = "Security Domain HTTPS Admin URL not found"; return 0; diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove index 707ba2217..e8bf71e5f 100755 --- a/pki/base/setup/pkiremove +++ b/pki/base/setup/pkiremove @@ -234,14 +234,7 @@ sub update_domain() if ($varname eq "securitydomain.httpsagentport") { $secagentport = $valname; } if ($varname eq "securitydomain.httpsadminport") { $secadminport = $valname; } if ($varname eq "securitydomain.select") { $secselect = $valname; } - # CA, KRA, OCSP, TKS - if ($varname =~ /[a-z]*.subsystem.nickname/) { - $subsystemnick = $valname; - } - # RA, TPS - if ($varname =~ /conn.[a-z]*.clientNickname/) { - $subsystemnick = $valname; - } + if ($varname eq "pkiremove.cert.subsystem.nickname") { $subsystemnick = $valname; } } close(DAT); diff --git a/pki/base/tks/shared/conf/CS.cfg b/pki/base/tks/shared/conf/CS.cfg index 7c1dcec58..5e10c8d89 100644 --- a/pki/base/tks/shared/conf/CS.cfg +++ b/pki/base/tks/shared/conf/CS.cfg @@ -17,6 +17,7 @@ pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] cs.type=TKS admin.interface.uri=tks/admin/console/config/wizard diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg index 814913b5d..f42046c64 100644 --- a/pki/base/tps/doc/CS.cfg +++ b/pki/base/tps/doc/CS.cfg @@ -26,6 +26,7 @@ pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] pkicreate.unsecure_port=[PORT] pkicreate.user=[USERID] pkicreate.group=[GROUPID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[INSTANCE_ID] cs.type=TPS service.machineName=[SERVER_NAME] service.instanceDir=[SERVER_ROOT] diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm index 841d9dcc8..01f6e76d1 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm @@ -273,6 +273,14 @@ sub get_domain_xml $::config->put( "config.sdomainHttpURL", $http_ee_port ); $::config->put( "config.sdomainAgentURL", $https_agent_port ); $::config->put( "config.sdomainEEURL", $https_ee_port ); + + # Store additional values necessary for 'pkiremove' . . . + $::config->put( "securitydomain.httpport", + $c->{'UnSecurePort'}[0] ); + $::config->put( "securitydomain.httpsagentport", + $c->{'SecureAgentPort'}[0] ); + $::config->put( "securitydomain.httpseeport", + $c->{'SecurePort'}[0] ); } $count++; diff --git a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm index 700fc487e..a7f46dbd9 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm @@ -71,15 +71,77 @@ sub has_sub_panel return 0; } +sub pingCS +{ + my( $instanceDir ) = $_[0]; + my( $db_password ) = $_[1]; + my( $nickname ) = $_[2]; + my( $hostname ) = $_[3]; + my( $port ) = $_[4]; + + my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`; + if( "$content" eq "" ) { + return 0; + } else { + $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; + $content = $1; + + my $parser = XML::Simple->new(); + my $response = $parser->XMLin($content); + my $state = $response->{State}; + + if( "$state" eq "1" ) { + return 1; + } else { + return 0; + } + } +} + sub display { my ($q) = @_; &PKI::TPS::Wizard::debug_log("SecurityPanel: display"); $::symbol{panelname} = "Security Domain"; $::symbol{sdomainName} = "Security Domain"; + + my $instanceDir = $::config->get("service.instanceDir"); + my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; + $db_password =~ s/\n$//g; + my $nickname = $::config->get("preop.cert.sslserver.nickname"); my $hostname = $::config->get("service.machineName"); - $::symbol{sdomainAdminURL} = "https://" . $hostname . ":9445"; + my $default_https_admin_port = 9445; + + # check to see if "default" security domain exists on local machine + my $status = pingCS( $instanceDir, + $db_password, + $nickname, + $hostname, + $default_https_admin_port ); + if( "$status" eq "1" ) { + # "default" security domain exists on local machine; + # fill "sdomainURL" in with "default" security domain + # as an initial "guess" + $::symbol{sdomainURL} = "https://" . $hostname . ":" + . $default_https_admin_port; + } else { + # "default" security domain does NOT exist on local machine; + # leave "sdomainURL" blank + $::symbol{sdomainURL} = ""; + } + $::symbol{sdomainAdminURL} = "https://" . $hostname . ":" + . $default_https_admin_port; + + my $initCommand = ""; + my $instanceID = "<security_domain_instance_name> "; + if( $^O eq "linux" ) { + $initCommand = "/sbin/service $instanceID"; + } else { + ## default case: e. g. - ( $^O eq "solaris" ) + $initCommand = "/etc/init.d/$instanceID"; + } + $::symbol{initCommand} = $initCommand; return 1; } @@ -90,9 +152,29 @@ sub update &PKI::TPS::Wizard::debug_log("SecurityPanel: update"); my $sdomainURL = $q->param("sdomainURL"); + if ($sdomainURL eq "") { + &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!"); + $::symbol{errorString} = "Security Domain HTTPS has not been specified!"; + return 0; + } + my $sdomainURL_info = new URI::URL($sdomainURL); - if ($sdomainURL eq "") { + my $instanceDir = $::config->get("service.instanceDir"); + my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; + $db_password =~ s/\n$//g; + my $nickname = $::config->get("preop.cert.sslserver.nickname"); + my $hostname = $sdomainURL_info->host; + my $https_admin_port = $sdomainURL_info->port; + + # check to see if "default" security domain exists on local machine + my $status = pingCS( $instanceDir, + $db_password, + $nickname, + $hostname, + $https_admin_port ); + if( "$status" ne "1" ) { + # invalid security domain specified &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL not found"); $::symbol{errorString} = "Security Domain HTTPS Admin URL not found"; return 0; |