summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
Diffstat (limited to 'base')
-rw-r--r--base/tps/shared/conf/CS.cfg12
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java37
-rw-r--r--base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java22
3 files changed, 62 insertions, 9 deletions
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index 638787d22..90d1747dd 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -428,6 +428,7 @@ op.format.delegateIEtoken.issuerinfo.enable=true
op.format.delegateIEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.delegateIEtoken.loginRequest.enable=true
op.format.delegateIEtoken.revokeCert=false
+op.format.delegateIEtoken.revokeCert.reason=0
op.format.delegateIEtoken.tks.conn=tks1
op.format.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.format.delegateIEtoken.update.applet.emptyToken.enable=true
@@ -686,6 +687,7 @@ op.format.delegateISEtoken.issuerinfo.enable=true
op.format.delegateISEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.delegateISEtoken.loginRequest.enable=true
op.format.delegateISEtoken.revokeCert=false
+op.format.delegateISEtoken.revokeCert.reason=0
op.format.delegateISEtoken.tks.conn=tks1
op.format.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.format.delegateISEtoken.update.applet.emptyToken.enable=true
@@ -770,6 +772,7 @@ op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
op.format.externalRegAddToToken.update.symmetricKeys.enable=false
op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
op.enroll.allowUnknownToken=true
op.enroll.mappingResolver=enrollProfileMappingResolver
op.enroll.soKey.cuidMustMatchKDD=false
@@ -1392,6 +1395,7 @@ op.format.cleanToken.issuerinfo.enable=true
op.format.cleanToken.issuerinfo.value=
op.format.cleanToken.loginRequest.enable=true
op.format.cleanToken.revokeCert=true
+op.format.cleanToken.revokeCert.reason=0
op.format.cleanToken.tks.conn=tks1
op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
op.format.cleanToken.update.applet.emptyToken.enable=true
@@ -1413,6 +1417,7 @@ op.format.soCleanSOToken.issuerinfo.enable=true
op.format.soCleanSOToken.issuerinfo.value=
op.format.soCleanSOToken.loginRequest.enable=false
op.format.soCleanSOToken.revokeCert=true
+op.format.soCleanSOToken.revokeCert.reason=0
op.format.soCleanSOToken.tks.conn=tks1
op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
op.format.soCleanSOToken.update.applet.emptyToken.enable=true
@@ -1434,6 +1439,7 @@ op.format.soCleanUserToken.issuerinfo.enable=true
op.format.soCleanUserToken.issuerinfo.value=
op.format.soCleanUserToken.loginRequest.enable=false
op.format.soCleanUserToken.revokeCert=true
+op.format.soCleanUserToken.revokeCert.reason=0
op.format.soCleanUserToken.tks.conn=tks1
op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
op.format.soCleanUserToken.update.applet.emptyToken.enable=true
@@ -1455,6 +1461,7 @@ op.format.soKey.issuerinfo.enable=true
op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.soKey.loginRequest.enable=true
op.format.soKey.revokeCert=true
+op.format.soKey.revokeCert.reason=0
op.format.soKey.tks.conn=tks1
op.format.soKey.update.applet.directory=[TPS_DIR]/applets
op.format.soKey.update.applet.emptyToken.enable=true
@@ -1476,6 +1483,7 @@ op.format.soUserKey.issuerinfo.enable=true
op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.soUserKey.loginRequest.enable=false
op.format.soUserKey.revokeCert=true
+op.format.soUserKey.revokeCert.reason=0
op.format.soUserKey.tks.conn=tks1
op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
op.format.soUserKey.update.applet.emptyToken.enable=true
@@ -1497,6 +1505,7 @@ op.format.tokenKey.issuerinfo.enable=true
op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.tokenKey.loginRequest.enable=true
op.format.tokenKey.revokeCert=true
+op.format.tokenKey.revokeCert.reason=0
op.format.tokenKey.tks.conn=tks1
op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
op.format.tokenKey.update.applet.emptyToken.enable=true
@@ -1518,6 +1527,7 @@ op.format.userKey.issuerinfo.enable=true
op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.userKey.loginRequest.enable=true
op.format.userKey.revokeCert=true
+op.format.userKey.revokeCert.reason=0
op.format.userKey.tks.conn=tks1
op.format.userKey.update.applet.directory=[TPS_DIR]/applets
op.format.userKey.update.applet.emptyToken.enable=true
@@ -1768,7 +1778,7 @@ mappingResolver.formatProfileMappingResolver.mapping.6.filter.appletMinorVersion
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.start=
-mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=tokenKey
+mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=userKey
mappingResolver.formatProfileMappingResolver.mapping.order=0,1,2,3,4,5,6
mappingResolver.pinResetProfileMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.appletMajorVersion=
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java
index 0a68e6583..ace5f389f 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/CARemoteRequestHandler.java
@@ -108,6 +108,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
(TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID);
HttpConnector conn =
(HttpConnector) subsystem.getConnectionManager().getConnector(connid);
+ if (conn == null) {
+ throw new EBaseException("CARemoteRequestHandler: enrollCertificate() to connid: " + connid + ": HttpConnector conn null.");
+ }
CMS.debug("CARemoteRequestHandler: enrollCertificate(): sending request to CA");
String encodedPubKey = null;
try {
@@ -192,12 +195,14 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
CMS.debug("CARemoteRequestHandler: enrollCertificate(): sendMsg =" + sendMsg);
HttpResponse resp =
conn.send("enrollment", sendMsg);
+ if (resp == null) {
+ throw new EBaseException("CARemoteRequestHandler: enrollCertificate() to connid: " + connid + ": response null.");
+ }
String content = resp.getContent();
- CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content);
-
if (content != null && !content.equals("")) {
+ CMS.debug("CARemoteRequestHandler: enrollCertificate(): got content = " + content);
XMLObject xmlResponse =
getXMLparser(content);
@@ -298,12 +303,18 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
(TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID);
HttpConnector conn =
(HttpConnector) subsystem.getConnectionManager().getConnector(connid);
+ if (conn == null) {
+ throw new EBaseException("CARemoteRequestHandler: retrieveCertificate() to connid: " + connid + ": HttpConnector conn null.");
+ }
CMS.debug("CARemoteRequestHandler: retrieveCertificate(): sending request to CA");
HttpResponse resp =
conn.send("getcert",
IRemoteRequest.GET_XML + "=" + true +
"&" + IRemoteRequest.CA_GET_CERT_B64CertOnly + "=" + true +
"&" + IRemoteRequest.CA_GET_CERT_SERIAL + "=" + serialno.toString());
+ if (resp == null) {
+ throw new EBaseException("CARemoteRequestHandler: retrieveCertificate() to connid: " + connid + ": response null.");
+ }
String content = resp.getContent();
if (content != null && !content.equals("")) {
@@ -395,6 +406,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
(TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID);
HttpConnector conn =
(HttpConnector) subsystem.getConnectionManager().getConnector(connid);
+ if (conn == null) {
+ throw new EBaseException("CARemoteRequestHandler: renewCertificate() to connid: " + connid + ": HttpConnector conn null.");
+ }
CMS.debug("CARemoteRequestHandler: renewCertificate(): sending request to CA");
HttpResponse resp =
conn.send("renewal",
@@ -403,6 +417,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.CA_RENEWAL_SerialNum + "=" + serialno.toString() +
"&" + IRemoteRequest.CA_ProfileId + "=" + profileId);
+ if (resp == null) {
+ throw new EBaseException("CARemoteRequestHandler: renewCertificate() to connid: " + connid + ": response null.");
+ }
String content = resp.getContent();
if (content != null && !content.equals("")) {
@@ -503,6 +520,9 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
(TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID);
HttpConnector conn =
(HttpConnector) subsystem.getConnectionManager().getConnector(connid);
+ if (conn == null) {
+ throw new EBaseException("CARemoteRequestHandler: revokeCertificate() to connid: " + connid + ": HttpConnector conn null.");
+ }
CMS.debug("CARemoteRequestHandler: revokeCertificate(): sending request to CA");
HttpResponse resp =
conn.send("revoke",
@@ -511,10 +531,13 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
"&" + IRemoteRequest.CA_REVOKE_ALL + "=(" +
IRemoteRequest.CA_REVOKE_SERIAL + "=" + serialno + ")&" +
IRemoteRequest.CA_REVOKE_COUNT + "=1");
+ if (resp == null) {
+ throw new EBaseException("CARemoteRequestHandler: revokeCertificate() to connid: " + connid + ": response null.");
+ }
String content = resp.getContent();
- CMS.debug("CARemoteRequestHandler: revokeCertificate(): got content = " + content);
if (content != null && !content.equals("")) {
+ CMS.debug("CARemoteRequestHandler: revokeCertificate(): got content = " + content);
Hashtable<String, Object> response =
parseResponse(content);
@@ -570,14 +593,20 @@ public class CARemoteRequestHandler extends RemoteRequestHandler
(TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID);
HttpConnector conn =
(HttpConnector) subsystem.getConnectionManager().getConnector(connid);
+ if (conn == null) {
+ throw new EBaseException("CARemoteRequestHandler: unrevokeCertificate() to connid: " + connid + ": HttpConnector conn null.");
+ }
CMS.debug("CARemoteRequestHandler: unrevokeCertificate(): sending request to CA");
HttpResponse resp =
conn.send("unrevoke",
IRemoteRequest.CA_UNREVOKE_SERIAL + "=" + serialno);
+ if (resp == null) {
+ throw new EBaseException("CARemoteRequestHandler: unrevokeCertificate() to connid: " + connid + ": response null.");
+ }
String content = resp.getContent();
- CMS.debug("CARemoteRequestHandler: unrevokeCertificate(): got content = " + content);
if (content != null && !content.equals("")) {
+ CMS.debug("CARemoteRequestHandler: unrevokeCertificate(): got content = " + content);
Hashtable<String, Object> response =
parseResponse(content);
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index bbc9fcb5e..5b471ca24 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -1376,7 +1376,7 @@ public class TPSProcessor {
".ca.conn";
CMS.debug(method + " finding config: " + config);
} else {
- config = "op." + currentTokenOperation + "." +
+ config = TPSEngine.OP_FORMAT_PREFIX + "." +
selectedTokenType +
".ca.conn";
CMS.debug(method + " finding config: " + config);
@@ -1424,7 +1424,9 @@ public class TPSProcessor {
String logMsg;
IConfigStore configStore = CMS.getConfigStore();
- String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert.revokeReason";
+ String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert.reason";
+ CMS.debug(method + " finding config: " + configName);
+
RevocationReason revokeReason = RevocationReason.UNSPECIFIED;
try {
int revokeReasonInt = configStore.getInteger(configName);
@@ -2137,7 +2139,19 @@ public class TPSProcessor {
revokeCertificates(tokenRecord.getId(), reason, caConnId);
} catch (TPSException te) {
// failed revocation; capture message and continue
- logMsg = te.getMessage();
+ String failMsg = "revoke certificates failure";
+ logMsg = failMsg + ":" + te.toString();
+ CMS.debug("TPSProcessor.format: " + logMsg);
+ tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg,
+ "failure");
+ throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN);
+ } catch (Exception ee) {
+ String failMsg = "revoke certificates failure";
+ logMsg = failMsg + ":" + ee.toString();
+ CMS.debug("TPSProcessor.format: " + logMsg);
+ tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg,
+ "failure");
+ throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN);
}
}
@@ -2160,7 +2174,7 @@ public class TPSProcessor {
tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), failMsg,
"failure");
- throw new TPSException(logMsg);
+ throw new TPSException(logMsg, TPSStatus.STATUS_ERROR_CONTACT_ADMIN);
}
logMsg = "format operation succeeded";
generated by cgit (git 2.34.1) at 2026-03-06 17:45:55 +0000