summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--base/common/python/pki/__init__.py68
-rw-r--r--base/common/python/pki/upgrade.py160
-rw-r--r--base/common/src/com/netscape/cms/servlet/base/RESTServlet.java47
-rwxr-xr-xbase/server/src/pki-upgrade28
-rwxr-xr-xbase/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator81
-rwxr-xr-xbase/server/upgrade/10.0.1/02-CloningInterfaceChanges24
-rwxr-xr-xbase/server/upgrade/10.0.1/03-AddRestServlet84
7 files changed, 370 insertions, 122 deletions
diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py
index 0bba7139d..4d29d0fe1 100644
--- a/base/common/python/pki/__init__.py
+++ b/base/common/python/pki/__init__.py
@@ -20,11 +20,15 @@
#
import re
+import os
CONF_DIR = '/etc/pki'
SHARE_DIR = '/usr/share/pki'
+BASE_DIR = '/var/lib'
INSTANCE_BASE_DIR = '/var/lib/pki'
+REGISTRY_DIR = '/etc/sysconfig/pki'
+SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks']
PACKAGE_VERSION = SHARE_DIR + '/VERSION'
@@ -87,3 +91,67 @@ def implementation_version():
return value
raise Exception('Missing implementation version.')
+
+class PKISubsystem(object):
+
+ def __init__(self, instance, subsystemName):
+ self.instance = instance
+ self.name = subsystemName
+ self.type = instance.type
+ if self.type >= 10:
+ self.conf_dir = os.path.join(INSTANCE_BASE_DIR, \
+ instance.name, 'conf', subsystemName)
+ self.base_dir = os.path.join(INSTANCE_BASE_DIR, \
+ instance.name, subsystemName)
+ else:
+ self.conf_dir = os.path.join(BASE_DIR, instance.name, 'conf')
+ self.base_dir = os.path.join(BASE_DIR, instance.name)
+
+ self.validate()
+
+ def validate(self):
+ if not os.path.exists(self.conf_dir):
+ raise PKIException(
+ 'Invalid subsystem: ' + self.__repr__(),
+ None, self.instance)
+
+
+ def __repr__(self):
+ return str(self.instance) + '/' + self.name
+
+
+class PKIInstance(object):
+
+ def __init__(self, name, type=10):
+ self.name = name
+ self.type = type
+ if self.type >= 10:
+ self.conf_dir = os.path.join(INSTANCE_BASE_DIR, name, 'conf')
+ self.base_dir = os.path.join(INSTANCE_BASE_DIR, name)
+ else:
+ self.conf_dir = os.path.join(BASE_DIR, name, 'conf')
+ self.base_dir = os.path.join(BASE_DIR, name)
+
+ self.validate()
+
+ def validate(self):
+ if not os.path.exists(self.conf_dir):
+ raise PKIException(
+ 'Invalid instance: ' + self.__repr__(), None)
+
+
+ def __repr__(self):
+ if self.type == 9:
+ return "Dogtag 9 " + self.name
+ return self.name
+
+class PKIException(Exception):
+
+ def __init__(self, message, exception=None,\
+ instance=None, subsystem=None):
+
+ Exception.__init__(self, message)
+
+ self.exception = exception
+ self.instance = instance
+ self.subsystem = subsystem
diff --git a/base/common/python/pki/upgrade.py b/base/common/python/pki/upgrade.py
index fda1f829c..d87a7ef29 100644
--- a/base/common/python/pki/upgrade.py
+++ b/base/common/python/pki/upgrade.py
@@ -37,12 +37,8 @@ VERSION_DIR = UPGRADE_DIR + '/%s'
SCRIPTLET_FILE = VERSION_DIR + '/%s'
SYSTEM_TRACKER = pki.CONF_DIR + '/pki.conf'
-
-INSTANCE_CONF = pki.CONF_DIR + '/%s'
-INSTANCE_TRACKER = INSTANCE_CONF + '/tomcat.conf'
-
-SUBSYSTEM_CONF = INSTANCE_CONF + '/%s'
-SUBSYSTEM_TRACKER = SUBSYSTEM_CONF + '/CS.cfg'
+INSTANCE_TRACKER = '%s/tomcat.conf'
+SUBSYSTEM_TRACKER = '%s/CS.cfg'
verbose = False
@@ -111,18 +107,6 @@ class Version(object):
def __repr__(self):
return self.version
-
-class PKIUpgradeException(Exception):
-
- def __init__(self, message, exception=None, instance=None, subsystem=None):
-
- Exception.__init__(self, message)
-
- self.exception = exception
- self.instance = instance
- self.subsystem = subsystem
-
-
class PKIUpgradeTracker(object):
def __init__(self, name, filename,
@@ -357,11 +341,11 @@ class PKIUpgradeScriptlet(object):
for subsystem in self.upgrader.subsystems(instance):
if not self.can_upgrade(instance, subsystem):
- if verbose: print 'Skipping ' + instance + '/' + subsystem + ' subsystem.'
+ if verbose: print 'Skipping ' + str(subsystem) + ' subsystem.'
continue
try:
- if verbose: print 'Upgrading ' + instance + '/' + subsystem + ' subsystem.'
+ if verbose: print 'Upgrading ' + str(subsystem) + ' subsystem.'
self.upgrade_subsystem(instance, subsystem)
self.update_tracker(instance, subsystem)
@@ -370,7 +354,7 @@ class PKIUpgradeScriptlet(object):
if verbose: traceback.print_exc()
else: print 'ERROR: ' + e.message
- message = 'Failed upgrading ' + instance + '/' + subsystem + ' subsystem.'
+ message = 'Failed upgrading ' + str(subsystem) + ' subsystem.'
if self.upgrader.silent:
print message
else:
@@ -378,8 +362,8 @@ class PKIUpgradeScriptlet(object):
options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower()
if result == 'y': continue
- raise PKIUpgradeException(
- 'Upgrade failed in ' + instance + '/' + subsystem + ': ' + e.message,
+ raise pki.PKIException(
+ 'Upgrade failed in ' + str(subsystem) + ': ' + e.message,
e, instance, subsystem)
@@ -390,15 +374,15 @@ class PKIUpgradeScriptlet(object):
self.upgrade_subsystems(instance)
# If upgrading a specific subsystem don't upgrade the instance.
- if self.upgrader.subsystem:
+ if self.upgrader.subsystemName:
continue
if not self.can_upgrade(instance):
- if verbose: print 'Skipping ' + instance + ' instance.'
+ if verbose: print 'Skipping ' + str(instance) + ' instance.'
continue
try:
- if verbose: print 'Upgrading ' + instance + ' instance.'
+ if verbose: print 'Upgrading ' + str(instance) + ' instance.'
self.upgrade_instance(instance)
self.update_tracker(instance)
@@ -407,7 +391,7 @@ class PKIUpgradeScriptlet(object):
if verbose: traceback.print_exc()
else: print 'ERROR: ' + e.message
- message = 'Failed upgrading ' + instance + ' instance.'
+ message = 'Failed upgrading ' + str(instance) + ' instance.'
if self.upgrader.silent:
print message
else:
@@ -415,8 +399,8 @@ class PKIUpgradeScriptlet(object):
options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower()
if result == 'y': continue
- raise PKIUpgradeException(
- 'Upgrade failed in ' + instance + ': ' + e.message,
+ raise pki.PKIException(
+ 'Upgrade failed in ' + str(instance) + ': ' + e.message,
e, instance)
@@ -425,7 +409,7 @@ class PKIUpgradeScriptlet(object):
self.upgrade_instances()
# If upgrading a specific instance don't upgrade the system.
- if self.upgrader.instance:
+ if self.upgrader.instanceName:
return
try:
@@ -450,7 +434,7 @@ class PKIUpgradeScriptlet(object):
options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower()
if result == 'y': return
- raise PKIUpgradeException('Upgrade failed: ' + e.message, e)
+ raise pki.PKIException('Upgrade failed: ' + e.message, e)
def __eq__(self, other):
@@ -466,29 +450,26 @@ class PKIUpgradeScriptlet(object):
class PKIUpgrader():
- def __init__(self, instance=None, subsystem=None, \
- version=None, index=None, silent=False):
+ def __init__(self, instanceName=None, instanceType=None, \
+ subsystemName=None, version=None, index=None, silent=False):
- self.instance = instance
- self.subsystem = subsystem
+ self.instanceName = instanceName
+ self.subsystemName = subsystemName
self.version = version
self.index = index
self.silent = silent
+ self.instanceType = instanceType
if version and not os.path.exists(VERSION_DIR % str(version)):
- raise PKIUpgradeException(
+ raise pki.PKIException(
'Invalid version: ' + str(version),
None)
- if instance and not os.path.exists(INSTANCE_CONF % instance):
- raise PKIUpgradeException(
- 'Invalid instance: ' + instance,
- None, instance)
-
- if subsystem and not os.path.exists(SUBSYSTEM_CONF % (instance, subsystem)):
- raise PKIUpgradeException(
- 'Invalid subsystem: ' + instance + '/' + subsystem,
- None, instance, subsystem)
+ if subsystemName and not instanceName:
+ raise pki.PKIException(
+ 'Invalid subsystem: ' + subsystemName +\
+ ', Instance not defined',
+ None)
self.system_tracker = None
self.instance_trackers = {}
@@ -541,7 +522,7 @@ class PKIUpgrader():
try:
i = filename.index('-')
except ValueError as e:
- raise PKIUpgradeException('Invalid scriptlet name: ' + filename, e)
+ raise pki.PKIException('Invalid scriptlet name: ' + filename, e)
index = int(filename[0:i])
classname = filename[i+1:]
@@ -571,36 +552,51 @@ class PKIUpgrader():
def instances(self):
- if self.instance:
- return [self.instance]
+ if self.instanceName and self.instanceType:
+ return [pki.PKIInstance(self.instanceName, self.instanceType)]
- if not os.path.exists(pki.INSTANCE_BASE_DIR):
- return []
+ list = []
+ if not self.instanceType or self.instanceType >=10:
+ if os.path.exists(os.path.join(pki.REGISTRY_DIR,'tomcat')):
+ for instanceName in os.listdir(pki.INSTANCE_BASE_DIR):
+ if not self.instanceName or \
+ self.instanceName == instanceName:
+ list.append(pki.PKIInstance(instanceName))
+
+ if not self.instanceType or self.instanceType == 9:
+ for s in pki.SUBSYSTEM_TYPES:
+ if os.path.exists(os.path.join(pki.REGISTRY_DIR, s)):
+ for instanceName in \
+ os.listdir(os.path.join(pki.REGISTRY_DIR, s)):
+ if not self.instanceName or \
+ self.instanceName == instanceName:
+ list.append(pki.PKIInstance(instanceName, 9))
- list = os.listdir(pki.INSTANCE_BASE_DIR)
list.sort()
-
return list
def subsystems(self, instance):
- if self.subsystem:
- return [self.subsystem]
+ if self.subsystemName:
+ return [pki.PKISubsystem(instance, self.subsystemName)]
list = []
- instance_dir = os.path.join(pki.INSTANCE_BASE_DIR, instance)
- for folder in os.listdir(instance_dir):
-
- # check whether it is a subsystem folder
- subsystem_conf = os.path.join(
- instance_dir, folder, 'conf', 'CS.cfg')
-
- if not os.path.exists(subsystem_conf):
- continue
-
- list.append(folder)
+ if instance.type >= 10:
+ registry_dir = os.path.join(pki.REGISTRY_DIR, 'tomcat',
+ instance.name)
+ for subsystemName in os.listdir(registry_dir):
+ if subsystemName in pki.SUBSYSTEM_TYPES:
+ list.append(pki.PKISubsystem(instance, subsystemName))
+ else:
+ for subsystemName in pki.SUBSYSTEM_TYPES:
+ registry_dir = os.path.join(
+ pki.REGISTRY_DIR,
+ subsystemName,
+ instance.name)
+ if os.path.exists(registry_dir):
+ list.append(pki.PKISubsystem(instance, subsystemName))
list.sort()
@@ -610,25 +606,25 @@ class PKIUpgrader():
def get_tracker(self, instance=None, subsystem=None):
if subsystem:
- name = instance + '/' + subsystem
+ name = str(subsystem)
try:
tracker = self.subsystem_trackers[instance]
except KeyError:
tracker = PKIUpgradeTracker(name + ' subsystem',
- SUBSYSTEM_TRACKER % (instance, subsystem),
+ SUBSYSTEM_TRACKER % subsystem.conf_dir,
version_key='cms.product.version',
index_key='cms.upgrade.index')
self.subsystem_trackers[name] = tracker
elif instance:
try:
- tracker = self.instance_trackers[instance]
+ tracker = self.instance_trackers[str(instance)]
except KeyError:
- tracker = PKIUpgradeTracker(instance + ' instance',
- INSTANCE_TRACKER % instance,
+ tracker = PKIUpgradeTracker(str(instance) + ' instance',
+ INSTANCE_TRACKER % instance.conf_dir,
version_key='PKI_VERSION',
index_key='PKI_UPGRADE_INDEX')
- self.instance_trackers[instance] = tracker
+ self.instance_trackers[str(instance)] = tracker
else:
if self.system_tracker:
@@ -647,14 +643,14 @@ class PKIUpgrader():
current_version = None
# if upgrading the entire system, get the system version
- if not self.instance:
+ if not self.instanceName:
tracker = self.get_tracker()
current_version = tracker.get_version()
for instance in self.instances():
# if upgrading the entire instance, check the instance version
- if not self.subsystem:
+ if not self.subsystemName:
tracker = self.get_tracker(instance)
version = tracker.get_version()
@@ -734,12 +730,12 @@ class PKIUpgrader():
options=['Y', 'N'], default='Y', caseSensitive=False).lower()
if result == 'n':
- raise PKIUpgradeException('Upgrade canceled.')
+ raise pki.PKIException('Upgrade canceled.')
try:
scriptlet.upgrade()
- except PKIUpgradeException as e:
+ except pki.PKIException as e:
raise
except Exception as e:
@@ -759,7 +755,7 @@ class PKIUpgrader():
options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower()
if result == 'n':
- raise PKIUpgradeException(message, e)
+ raise pki.PKIException(message, e)
def upgrade(self):
@@ -781,13 +777,13 @@ class PKIUpgrader():
def show_tracker(self):
- if not self.instance:
+ if not self.instanceName:
tracker = self.get_tracker()
tracker.show()
for instance in self.instances():
- if not self.subsystem:
+ if not self.subsystemName:
tracker = self.get_tracker(instance)
tracker.show()
@@ -809,13 +805,13 @@ class PKIUpgrader():
def set_tracker(self, version):
- if not self.instance:
+ if not self.instanceName:
tracker = self.get_tracker()
tracker.reset(version)
for instance in self.instances():
- if not self.subsystem:
+ if not self.subsystemName:
tracker = self.get_tracker(instance)
tracker.reset(version)
@@ -833,13 +829,13 @@ class PKIUpgrader():
def remove_tracker(self):
- if not self.instance:
+ if not self.instanceName:
tracker = self.get_tracker()
tracker.remove()
for instance in self.instances():
- if not self.subsystem:
+ if not self.subsystemName:
tracker = self.get_tracker(instance)
tracker.remove()
diff --git a/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java b/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java
new file mode 100644
index 000000000..050c0920a
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/base/RESTServlet.java
@@ -0,0 +1,47 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.base;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.netscape.certsrv.apps.CMS;
+
+public class RESTServlet extends HttpServlet {
+
+ private static final long serialVersionUID = -466592331169846158L;
+
+ public void service(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ CMS.debug("RESTServlet: Attempt to access REST services using " + request.getRequestURI());
+ CMS.debug("RESTServlet: sending 501 (not implemented)");
+
+ String error =
+ "The REST services are not available because this server is a legacy \n" +
+ "Dogtag 9 server. To access the REST services this server must be \n" +
+ "migrated into a new Dogtag 10 server.";
+
+ response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, error);
+ }
+
+}
diff --git a/base/server/src/pki-upgrade b/base/server/src/pki-upgrade
index 5103e7f39..b6f4acb12 100755
--- a/base/server/src/pki-upgrade
+++ b/base/server/src/pki-upgrade
@@ -28,6 +28,7 @@ import sys
import traceback
import pki.upgrade
+import pki
def interrupt_handler(signal, frame):
@@ -41,6 +42,8 @@ def usage():
print 'Usage: pki-upgrade [OPTIONS]'
print ' -i, --instance <instance> Upgrade a specific instance only.'
print ' -s, --subsystem <subsystem> Upgrade a specific subsystem in an instance only.'
+ print ' -t, --instance-type <type> Specify 9 for upgraded Dogtag 9 instances only,'
+ print ' 10 for Dogtag 10 instances only.'
print ' --scriptlet-version <version> Run scriptlets for a specific version only.'
print ' --scriptlet-index <index> Run a specific scriptlet only.'
print ' --silent Upgrade in silent mode. Ignore any failures.'
@@ -62,8 +65,8 @@ def main(argv):
signal.signal(signal.SIGINT, interrupt_handler)
try:
- opts, args = getopt.getopt(argv[1:], 'hi:s:vX', [
- 'instance=', 'subsystem=',
+ opts, args = getopt.getopt(argv[1:], 'hi:s:t:vX', [
+ 'instance=', 'subsystem=', 'instance-type=',
'scriptlet-version=', 'scriptlet-index=',
'silent', 'status',
'remove-tracker', 'reset-tracker',
@@ -74,8 +77,9 @@ def main(argv):
usage()
sys.exit(1)
- instance = None
- subsystem = None
+ instanceName = None
+ subsystemName = None
+ instanceType = None
version = None
index = None
silent = False
@@ -85,10 +89,13 @@ def main(argv):
for o, a in opts:
if o in ('-i', '--instance'):
- instance = a
+ instanceName = a
elif o in ('-s', '--subsystem'):
- subsystem = a
+ subsystemName = a
+
+ elif o in ('-t', '--instance-type'):
+ instanceType = int(a)
elif o == '--scriptlet-version':
version = a
@@ -124,7 +131,7 @@ def main(argv):
usage()
sys.exit(1)
- if subsystem and not instance:
+ if subsystemName and not instanceName:
print 'ERROR: --subsystem requires --instance'
usage()
sys.exit(1)
@@ -136,8 +143,9 @@ def main(argv):
try:
upgrader = pki.upgrade.PKIUpgrader(
- instance = instance,
- subsystem = subsystem,
+ instanceName = instanceName,
+ subsystemName = subsystemName,
+ instanceType = instanceType,
version = version,
index = index,
silent = silent)
@@ -154,7 +162,7 @@ def main(argv):
else:
upgrader.upgrade()
- except pki.upgrade.PKIUpgradeException as e:
+ except pki.PKIException as e:
print e.message
diff --git a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator
index 6d3931e85..1731edfb5 100755
--- a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator
+++ b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator
@@ -42,14 +42,24 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet):
def upgrade_subsystem(self, instance, subsystem):
context_xml = os.path.join(
- pki.INSTANCE_BASE_DIR,
- instance, 'webapps', subsystem,
+ instance.base_dir,
+ 'webapps', subsystem.name,
'META-INF', 'context.xml')
+ if not os.path.exists(context_xml):
+ self.create_context_xml(
+ instance,
+ subsystem.name,
+ subsystem.name)
+
document = etree.parse(context_xml, self.parser)
self.add_manager(document)
- self.update_authenticator(document)
+ if subsystem.type >=10:
+ self.update_authenticator(document)
+ else:
+ self.remove_authenticator(document)
+ self.remove_realm(document)
with open(context_xml, 'w') as f:
f.write(etree.tostring(document, pretty_print=True))
@@ -58,16 +68,36 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet):
def upgrade_instance(self, instance):
self.update_root_context_xml(instance)
- self.create_pki_context_xml(instance)
+ self.update_pki_context_xml(instance)
def update_root_context_xml(self, instance):
context_xml = os.path.join(
- pki.INSTANCE_BASE_DIR,
- instance, 'webapps', 'ROOT',
+ instance.base_dir,
+ 'webapps', 'ROOT',
+ 'META-INF', 'context.xml')
+
+ if not os.path.exists(context_xml):
+ self.create_context_xml(instance, 'server', 'ROOT')
+
+ document = etree.parse(context_xml, self.parser)
+
+ self.add_manager(document)
+
+ with open(context_xml, 'w') as f:
+ f.write(etree.tostring(document, pretty_print=True))
+
+ def update_pki_context_xml(self, instance):
+
+ context_xml = os.path.join(
+ instance.base_dir,
+ 'webapps', 'pki',
'META-INF', 'context.xml')
+ if not os.path.exists(context_xml):
+ self.create_context_xml(instance, 'server', 'pki')
+
document = etree.parse(context_xml, self.parser)
self.add_manager(document)
@@ -76,16 +106,17 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet):
f.write(etree.tostring(document, pretty_print=True))
- def create_pki_context_xml(self, instance):
+ def create_context_xml(self, instance, pkg, context):
uid = pwd.getpwnam('pkiuser').pw_uid
gid = grp.getgrnam('pkiuser').gr_gid
- source = '/usr/share/pki/server/webapps/pki/META-INF/context.xml'
+ source = '/usr/share/pki/%s/webapps/%s/META-INF/context.xml' %\
+ (pkg, context)
meta_inf_dir = os.path.join(
- pki.INSTANCE_BASE_DIR,
- instance, 'webapps', 'pki',
+ instance.base_dir,
+ 'webapps', context,
'META-INF')
context_xml = os.path.join(meta_inf_dir, 'context.xml')
@@ -101,14 +132,6 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet):
os.chown(context_xml, uid, gid)
os.chmod(context_xml, 0660)
- document = etree.parse(context_xml, self.parser)
-
- self.add_manager(document)
-
- with open(context_xml, 'w') as f:
- f.write(etree.tostring(document, pretty_print=True))
-
-
def add_manager(self, document):
# Find existing manager
@@ -151,3 +174,25 @@ class ReplaceRandomNumberGenerator(pki.upgrade.PKIUpgradeScriptlet):
# Update authenticator's attributes
authenticator.set('secureRandomProvider', 'Mozilla-JSS')
authenticator.set('secureRandomAlgorithm', 'pkcs11prng')
+
+ def remove_authenticator(self, document):
+
+ context = document.getroot()
+ valves = context.findall('Valve')
+
+ for valve in valves:
+ className = valve.get('className')
+ if className != 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback':
+ continue
+ context.remove(valve)
+
+ def remove_realm(self, document):
+
+ context = document.getroot()
+ realms = context.findall('Realm')
+
+ for realm in realms:
+ className = realm.get('className')
+ if className != 'com.netscape.cms.tomcat.ProxyRealm':
+ continue
+ context.remove(realm)
diff --git a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges
index 60bbae605..2ecc1f8ce 100755
--- a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges
+++ b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges
@@ -102,19 +102,19 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet):
def upgrade_subsystem(self, instance, subsystem):
web_xml = os.path.join(
- pki.INSTANCE_BASE_DIR,
- instance, 'webapps', subsystem,
+ instance.base_dir,
+ 'webapps', subsystem.name,
'WEB-INF', 'web.xml')
self.doc = ET.parse(web_xml)
- self.root = self.doc.find('.')
- self.remove_get_token_info(subsystem)
- if subsystem == "ca":
- self.modify_update_number_range(subsystem)
+ self.root = self.doc.getroot()
+ self.remove_get_token_info(subsystem.name)
+ if subsystem.name == "ca":
+ self.modify_update_number_range(subsystem.name)
self.modify_update_domain_xml()
self.modify_token_authenticate()
- if subsystem == "kra":
- self.modify_update_number_range(subsystem)
+ if subsystem.name == "kra":
+ self.modify_update_number_range(subsystem.name)
self.doc.write(web_xml)
@@ -155,7 +155,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet):
if name == 'caUpdateDomainXML-admin':
found = True
if name == 'caUpdateDomainXML':
- index = list(self.root).index(servlet) + 1
+ index = self.root.index(servlet) + 1
if not found:
servlet = ET.fromstring(self.updateDomainServletData)
self.root.insert(index, servlet)
@@ -166,7 +166,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet):
if name == 'caUpdateDomainXML-admin':
found = True
if name == 'caUpdateDomainXML':
- index = list(self.root).index(mapping) + 1
+ index = self.root.index(mapping) + 1
if not found:
mapping = ET.fromstring(self.updateDomainMappingData)
self.root.insert(index, mapping)
@@ -180,7 +180,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet):
if name == 'caTokenAuthenticate-admin':
found = True
if name == 'caTokenAuthenticate':
- index = list(self.root).index(servlet) + 1
+ index = self.root.index(servlet) + 1
if not found:
servlet = ET.fromstring(self.tokenAuthenticateServletData)
self.root.insert(index, servlet)
@@ -191,7 +191,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet):
if name == 'caTokenAuthenticate-admin':
found = True
if name == 'caTokenAuthenticate':
- index = list(self.root).index(mapping) + 1
+ index = self.root.index(mapping) + 1
if not found:
mapping = ET.fromstring(self.tokenAuthenticateMappingData)
self.root.insert(index, mapping)
diff --git a/base/server/upgrade/10.0.1/03-AddRestServlet b/base/server/upgrade/10.0.1/03-AddRestServlet
new file mode 100755
index 000000000..36af3eebc
--- /dev/null
+++ b/base/server/upgrade/10.0.1/03-AddRestServlet
@@ -0,0 +1,84 @@
+#!/usr/bin/python
+# Authors:
+# Ade Lee <alee@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+#
+
+import os
+import sys
+from lxml import etree as ET
+
+import pki
+import pki.upgrade
+
+class AddRestServlet(pki.upgrade.PKIUpgradeScriptlet):
+
+ restServicesServletData = """
+ <servlet>
+ <servlet-name> rest-services </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.base.RESTServlet </servlet-class>
+ </servlet>"""
+
+ restServicesMappingData = """
+ <servlet-mapping>
+ <servlet-name> rest-services </servlet-name>
+ <url-pattern> /rest/* </url-pattern>
+ </servlet-mapping> """
+
+ def __init__(self):
+
+ self.message = 'Add dummy REST servlet to upgraded Dogtag 9 instances'
+
+ def upgrade_subsystem(self, instance, subsystem):
+ if subsystem.type >= 10:
+ return
+
+ web_xml = os.path.join(
+ instance.base_dir,
+ 'webapps', subsystem.name,
+ 'WEB-INF', 'web.xml')
+
+ self.doc = ET.parse(web_xml)
+ self.root = self.doc.getroot()
+ self.add_rest_services_servlet()
+
+ self.doc.write(web_xml)
+
+ def add_rest_services_servlet(self):
+ #add rest-services servlet and mapping
+ found = False
+ for servlet in self.doc.findall('.//servlet'):
+ name = servlet.find('servlet-name').text.strip()
+ if name == 'rest-services':
+ found = True
+ if name == 'services':
+ index = self.root.index(servlet) + 1
+ if not found:
+ servlet = ET.fromstring(self.restServicesServletData)
+ self.root.insert(index, servlet)
+
+ found = False
+ for mapping in self.doc.findall('.//servlet-mapping'):
+ name = mapping.find('servlet-name').text.strip()
+ if name == 'rest-services':
+ found = True
+ if name == 'services':
+ index = self.root.index(mapping) + 1
+ if not found:
+ mapping = ET.fromstring(self.restServicesMappingData)
+ self.root.insert(index, mapping)
generated by cgit (git 2.34.1) at 2024-11-09 19:38:58 +0000