diff options
4 files changed, 71 insertions, 51 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index f514a59f0..e81afdd2f 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -178,6 +178,7 @@ public class DonePanel extends WizardPanelBase { ConfigurationUtils.setupClientAuthUser(); } } catch (Exception e) { + context.put("info", "Failed to update connector information. "+e.getMessage()); CMS.debug("DonePanel - update(): Error while pushing KRA connectot information to the CA: " + e); e.printStackTrace(); } diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index b6f64767a..b62e184b7 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -51,6 +51,7 @@ public class UpdateConnector extends CMSServlet { */ private static final long serialVersionUID = 972871860008509849L; private final static String SUCCESS = "0"; + private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; public UpdateConnector() { @@ -121,42 +122,47 @@ public class UpdateConnector extends CMSServlet { return; } - IConfigStore cs = CMS.getConfigStore(); - - @SuppressWarnings("unchecked") - Enumeration<String> list = httpReq.getParameterNames(); - while (list.hasMoreElements()) { - String name = list.nextElement(); - String val = httpReq.getParameter(name); - if (name != null && name.startsWith("ca.connector")) { - CMS.debug("Adding connector update name=" + name + " val=" + val); - cs.putString(name, val); - } else { - CMS.debug("Skipping connector update name=" + name + " val=" + val); + // check if connector exists + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICAService caService = (ICAService)ca.getCAService(); + boolean connectorExists = (caService.getKRAConnector() != null)? true:false; + if (connectorExists) { + CMS.debug("UpdateConnector: KRA connector already exists"); + } else { + IConfigStore cs = CMS.getConfigStore(); + + @SuppressWarnings("unchecked") + Enumeration<String> list = httpReq.getParameterNames(); + while (list.hasMoreElements()) { + String name = list.nextElement(); + String val = httpReq.getParameter(name); + if (name != null && name.startsWith("ca.connector")) { + CMS.debug("Adding connector update name=" + name + " val=" + val); + cs.putString(name, val); + } else { + CMS.debug("Skipping connector update name=" + name + " val=" + val); + } } - } - try { - String nickname = cs.getString("ca.subsystem.nickname", ""); - String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; - cs.putString("ca.connector.KRA.nickName", nickname); - cs.commit(false); - } catch (Exception e) { - } + try { + String nickname = cs.getString("ca.subsystem.nickname", ""); + String tokenname = cs.getString("ca.subsystem.tokenname", ""); + if (!tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; + cs.putString("ca.connector.KRA.nickName", nickname); + cs.commit(false); + } catch (Exception e) { + } - // start the connector - try { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService) ca.getCAService(); - IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); - caService.setKRAConnector(kraConnector); - kraConnector.start(); - } catch (Exception e) { - CMS.debug("Failed to start connector " + e); + // start the connector + try { + IConnector kraConnector = caService.getConnector( + cs.getSubStore("ca.connector.KRA")); + caService.setKRAConnector(kraConnector); + kraConnector.start(); + } catch (Exception e) { + CMS.debug("Failed to start connector " + e); + } } // send success status back to the requestor @@ -165,7 +171,12 @@ public class UpdateConnector extends CMSServlet { XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); - xmlObj.addItemToContainer(root, "Status", SUCCESS); + if (connectorExists) { + xmlObj.addItemToContainer(root, "Status", FAILED); + xmlObj.addItemToContainer(root, "Error", "DRM connector already exists."); + } else { + xmlObj.addItemToContainer(root, "Status", SUCCESS); + } byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 3d564e955..c34df8b9c 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -116,24 +116,22 @@ public class UpdateOCSPConfig extends CMSServlet { String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); + String ocspname = ocsphost.replace('.', '-')+"-"+ocspport; + String publisherPrefix = "ca.publish.publisher.instance.OCSPPublisher-"+ocspname; + String rulePrefix = "ca.publish.rule.instance.ocsprule-"+ocspname; try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); - cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); - cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); - cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); - cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); + cs.putString(publisherPrefix+".host", ocsphost); + cs.putString(publisherPrefix+".port", ocspport); + cs.putString(publisherPrefix+".nickName", nickname); + cs.putString(publisherPrefix+".path", "/ocsp/agent/ocsp/addCRL"); + cs.putString(publisherPrefix+".pluginName", "OCSPPublisher"); + cs.putString(publisherPrefix+".enableClientAuth", "true"); + cs.putString(rulePrefix+".enable", "true"); + cs.putString(rulePrefix+".mapper", "NoMap"); + cs.putString(rulePrefix+".pluginName", "Rule"); + cs.putString(rulePrefix+".publisher", "OCSPPublisher-"+ocspname); + cs.putString(rulePrefix+".type", "crl"); cs.commit(false); // insert info CMS.debug("UpdateOCSPConfig: Sending response"); diff --git a/dogtag/common-ui/shared/admin/console/config/donepanel.vm b/dogtag/common-ui/shared/admin/console/config/donepanel.vm index 062025825..59d22a977 100644 --- a/dogtag/common-ui/shared/admin/console/config/donepanel.vm +++ b/dogtag/common-ui/shared/admin/console/config/donepanel.vm @@ -58,7 +58,17 @@ Please go to the <A href="https://$host:$port/$systemType/services"><b>services #end <br/> To create additional instances, type "/usr/bin/pkicreate" on the command line. -<br> #if ($systemType != "tps") +<br> To start the administration console, type "/usr/bin/pkiconsole" on the command line. +<br/> +#end +#if (($systemType == "kra") && ($info != "")) +<hr> +<br> +<b>Important warning</b> reported by Certificate Authority:<br> <b>$info</b> +<br/> +<br> +This instance of Data Recovery Manager (DRM) is not connected to any Certificate Authority (CA). Please consult the product documentation for the manual procedure of connecting a DRM to a CA. +<br/> #end |