summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java')
-rw-r--r--base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java55
1 files changed, 24 insertions, 31 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index 697196a6e..f7e5a6b05 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -662,7 +662,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
response.setAdminCert(admincerts[0]);
} catch (Exception e) {
- e.printStackTrace();
+ CMS.debug(e);
throw new PKIException("Error in creating admin user: " + e);
}
}
@@ -818,7 +818,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
cs.putInteger("preop.ca.httpsport", port);
cs.putInteger("preop.ca.httpsadminport", admin_port);
- if (!data.isClone()) {
+ if (!data.isClone() && !data.getSystemCertsImported()) {
ConfigurationUtils.importCertChain(host, admin_port, "/ca/admin/ca/getCertChain", "ca");
}
@@ -855,7 +855,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
"Clone URI does not match available subsystems: " + url);
}
- if (csType.equals("CA")) {
+ if (csType.equals("CA") && !data.getSystemCertsImported()) {
CMS.debug("SystemConfigService: import certificate chain from master");
int masterAdminPort = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
masterHost, masterPort, "CA", "SecurePort", "SecureAdminPort");
@@ -867,10 +867,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
ConfigurationUtils.getConfigEntriesFromMaster();
if (token.equals(ConfigurationRequest.TOKEN_DEFAULT)) {
- CMS.debug("SystemConfigService: restore certificates from P12 file");
- String p12File = data.getP12File();
- String p12Pass = data.getP12Password();
- ConfigurationUtils.restoreCertsFromP12(p12File, p12Pass);
+ if (!data.getSystemCertsImported()) {
+ CMS.debug("SystemConfigService: restore certificates from P12 file");
+ String p12File = data.getP12File();
+ String p12Pass = data.getP12Password();
+ ConfigurationUtils.restoreCertsFromP12(p12File, p12Pass);
+ }
} else {
CMS.debug("SystemConfigService: import certificates from HSM and set permission");
@@ -878,15 +880,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
CMS.debug("SystemConfigService: verify certificates");
- boolean cloneReady = ConfigurationUtils.isCertdbCloned();
-
- if (!cloneReady) {
- CMS.debug("SystemConfigService: clone does not have all the certificates.");
- throw new PKIException("Clone does not have all the required certificates");
- }
+ ConfigurationUtils.verifySystemCertificates();
}
- public String configureSecurityDomain(ConfigurationRequest data) {
+ public String configureSecurityDomain(ConfigurationRequest data) throws Exception {
String domainXML = null;
@@ -932,7 +929,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
cs.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
}
- private String logIntoSecurityDomain(ConfigurationRequest data, String securityDomainURL) {
+ private String logIntoSecurityDomain(ConfigurationRequest data, String securityDomainURL) throws Exception {
URL secdomainURL;
String host;
int port;
@@ -948,7 +945,11 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
throw new PKIException("Failed to resolve security domain URL", e);
}
- getCertChainFromSecurityDomain(host, port);
+ if (!data.getSystemCertsImported()) {
+ CMS.debug("Getting security domain cert chain");
+ ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "securitydomain");
+ }
+
getInstallToken(data, host, port);
return getDomainXML(host, port);
@@ -967,16 +968,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
return domainXML;
}
- private void getCertChainFromSecurityDomain(String host, int port) {
- CMS.debug("Getting security domain cert chain");
- try {
- ConfigurationUtils.importCertChain(host, port, "/ca/admin/ca/getCertChain", "securitydomain");
- } catch (Exception e) {
- CMS.debug(e);
- throw new PKIException("Failed to import certificate chain from security domain master: " + e, e);
- }
- }
-
private void getInstallToken(ConfigurationRequest data, String host, int port) {
CMS.debug("Getting install token");
// log onto security domain and get token
@@ -1129,12 +1120,14 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
}
if (data.getToken().equals(ConfigurationRequest.TOKEN_DEFAULT)) {
- if (data.getP12File() == null) {
- throw new BadRequestException("P12 filename not provided");
- }
+ if (!data.getSystemCertsImported()) {
+ if (data.getP12File() == null) {
+ throw new BadRequestException("P12 filename not provided");
+ }
- if (data.getP12Password() == null) {
- throw new BadRequestException("P12 password not provided");
+ if (data.getP12Password() == null) {
+ throw new BadRequestException("P12 password not provided");
+ }
}
} else {
if (data.getP12File() != null) {
generated by cgit (git 2.34.1) at 2024-06-16 13:14:02 +0000