diff options
Diffstat (limited to 'pki/base/ra')
-rw-r--r-- | pki/base/ra/doc/CS.cfg | 18 | ||||
-rwxr-xr-x | pki/base/ra/forms/ee/user/renewal.cgi | 2 | ||||
-rwxr-xr-x | pki/base/ra/forms/index.cgi | 1 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm | 20 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm | 22 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm | 16 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm | 91 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DonePanel.pm | 18 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm | 14 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/NamePanel.pm | 26 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm | 16 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/SizePanel.pm | 6 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm | 11 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm | 18 |
14 files changed, 181 insertions, 98 deletions
diff --git a/pki/base/ra/doc/CS.cfg b/pki/base/ra/doc/CS.cfg index 697853bd1..c580d2741 100644 --- a/pki/base/ra/doc/CS.cfg +++ b/pki/base/ra/doc/CS.cfg @@ -16,14 +16,14 @@ # All rights reserved. # --- END COPYRIGHT BLOCK --- # -pkicreate.arg01.pki_instance_root=[INSTANCE_ROOT] -pkicreate.arg02.pki_instance_name=[INSTANCE_ID] -pkicreate.arg03.subsystem_type=[SUBSYSTEM_TYPE] -pkicreate.arg04.secure_port=[SECURE_PORT] -pkicreate.arg05.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.arg06.unsecure_port=[PORT] -pkicreate.arg07.user=[USERID] -pkicreate.arg08.group=[GROUPID] +pkicreate.pki_instance_root=[INSTANCE_ROOT] +pkicreate.pki_instance_name=[INSTANCE_ID] +pkicreate.subsystem_type=[SUBSYSTEM_TYPE] +pkicreate.secure_port=[SECURE_PORT] +pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] +pkicreate.unsecure_port=[PORT] +pkicreate.user=[USERID] +pkicreate.group=[GROUPID] request._000=######################################### request._001=# Request Queue Parameters request._002=######################################### @@ -250,6 +250,6 @@ preop.keysize._000=######################################### preop.keysize._001=# Installation configuration "preop" keysize parameters preop.keysize._002=######################################### preop.keysize.customsize=2048 -preop.keysize.select=custom +preop.keysize.select=default preop.keysize.size=2048 preop.keysize.ecc.size=256 diff --git a/pki/base/ra/forms/ee/user/renewal.cgi b/pki/base/ra/forms/ee/user/renewal.cgi index 63a211eff..a4bbc458c 100755 --- a/pki/base/ra/forms/ee/user/renewal.cgi +++ b/pki/base/ra/forms/ee/user/renewal.cgi @@ -53,7 +53,7 @@ sub process() $self->debug_params($cfg, $q); my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.securePort"); + my $port = $cfg->get("service.non_clientauth_securePort"); my %context; $context{url} = "https://$host:$port/ee/user/renew.cgi"; diff --git a/pki/base/ra/forms/index.cgi b/pki/base/ra/forms/index.cgi index e71e1ec67..0e643166b 100755 --- a/pki/base/ra/forms/index.cgi +++ b/pki/base/ra/forms/index.cgi @@ -55,6 +55,7 @@ sub process() $self->debug_params($cfg, $q); $::symbol{machineName} = $cfg->get("service.machineName"); + $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort"); $::symbol{securePort} = $cfg->get("service.securePort"); $::symbol{unsecurePort} = $cfg->get("service.unsecurePort"); diff --git a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm index d67a9b2e3..e08032913 100755 --- a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm @@ -99,12 +99,12 @@ sub update my $cainfo = $::config->get("preop.ca.url"); &PKI::RA::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo"); if ($cainfo eq "" || $cainfo =~ /:$/) { - $cainfo = $::config->get("config.sdomainURL"); - &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainURL=$cainfo"); + $cainfo = $::config->get("config.sdomainEEURL"); + &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo"); } &PKI::RA::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo"); my $cainfo_url = new URI::URL($cainfo); - my $sdom = $::config->get("config.sdomainURL"); + my $sdom = $::config->get("config.sdomainEEURL"); my $sdom_url = new URI::URL($sdom); my $machineName = $::config->get("service.machineName"); @@ -132,15 +132,15 @@ sub update "auth_hostname=" . $sdom_url->host . "&" . "auth_port=" . $sdom_url->port; - my $host = $cainfo_url->host; - my $port = $cainfo_url->port; + my $ca_host = $cainfo_url->host; + my $https_ee_port = $cainfo_url->port; my $content = ""; my $tmpfile = "/tmp/admin-$$"; if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile"); + system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); $content = `cat $tmpfile`; } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile"); + system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); $content = `cat $tmpfile`; } system("rm $tmpfile"); @@ -158,8 +158,8 @@ sub update my $admincert = $response->{Requests}->{Request}->{b64}; &PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert); - $host = $::config->get("preop.database.host"); - $port = $::config->get("preop.database.port"); + my $ldap_host = $::config->get("preop.database.host"); + my $ldap_port = $::config->get("preop.database.port"); my $basedn = $::config->get("preop.database.basedn"); my $binddn = $::config->get("preop.database.binddn"); # my $bindpwd = $::config->get("tokendb.bindPass"); @@ -221,7 +221,7 @@ sub update # system("sed -e 's/\$TOKENDB_ROOT/$basedn/' " . # "-e 's/\$TOKENDB_AGENT_CERT/$admincert/' " . # "/usr/share/$flavor/ra/scripts/addAgents.ldif > $tmp"); -# system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " . +# system("$mozldap_path/ldapmodify -h '$ldap_host' -p '$ldap_port' -D '$binddn' " . # "-w '$bindpwd' -a " . # "-f '$tmp'"); system("rm $tmp"); diff --git a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm index dbfc42eec..901be9a34 100755 --- a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm @@ -84,29 +84,29 @@ sub update my $instanceID = $::config->get("service.instanceID"); my $host = ""; - my $port = ""; + my $https_ee_port = ""; if ($count =~ /http/) { my $info = new URI::URL($count); $host = $info->host; - $port = $info->port; + $https_ee_port = $info->port; } else { $host = $::config->get("preop.securitydomain.ca$count.host"); - $port = $::config->get("preop.securitydomain.ca$count.secureport"); + $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); } - if (($host eq "") || ($port eq "")) { + if (($host eq "") || ($https_ee_port eq "")) { $::symbol{errorString} = "no CA found. CA, TKS and optionally DRM must be installed prior to RA installation"; return 0; } - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, port= $port"); + &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port"); - $::config->put("preop.cainfo.select", "https://$host:$port"); + $::config->put("preop.cainfo.select", "https://$host:$https_ee_port"); my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname"); my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); $::config->put("conn.ca1.clientNickname", $subsystemCertNickName); - $::config->put("conn.ca1.hostport", $host . ":" . $port); + $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port); $::config->commit(); @@ -116,7 +116,7 @@ sub update my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; $db_password =~ s/\n$//g; my $tmpfile = "/tmp/ca-$$"; - system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$port > $tmpfile"); + system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile"); my $cmd = `cat $tmpfile`; system("rm $tmpfile"); my $caCert; @@ -165,10 +165,10 @@ sub display if ($host eq "") { goto DONE; } - my $port = $::config->get("preop.securitydomain.ca$count.secureport"); + my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $port; -# my $item = "https://" . $host . ":" . $port; + my $item = $name . " - https://" . $host . ":" . $https_ee_port; +# my $item = "https://" . $host . ":" . $https_ee_port; # unshift(@{$::symbol{urls}}, $item); $::symbol{urls}[$count++] = $item; if ($first eq 1) { diff --git a/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm index 707a45dc1..924fe0cb9 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm @@ -81,24 +81,24 @@ sub update my $count = $q->param('urls'); my $instanceID = $::config->get("service.instanceID"); my $host = ""; - my $port = ""; + my $https_agent_port = ""; if ($count =~ /http/) { my $info = new URI::URL($count); $host = $info->host; - $port = $info->port; + $https_agent_port = $info->port; } else { $host = $::config->get("preop.securitydomain.kra$count.host"); - $port = $::config->get("preop.securitydomain.kra$count.secureport"); + $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); } - if (($host eq "") || ($port eq "")) { + if (($host eq "") || ($https_agent_port eq "")) { $::symbol{errorString} = "no DRM found. CA, TKS and DRM must be installed prior to RA installation"; return 0; } - $::config->put("preop.krainfo.select", "https://$host:$port"); + $::config->put("preop.krainfo.select", "https://$host:$https_agent_port"); my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); $::config->put("conn.drm1.clientNickname", $subsystemCertNickName); - $::config->put("conn.drm1.hostport", $host . ":" . $port); + $::config->put("conn.drm1.hostport", $host . ":" . $https_agent_port); $::config->put("conn.tks1.serverKeygen", "true"); $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true"); $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true"); @@ -127,9 +127,9 @@ sub display if ($host eq "") { goto DONE; } - my $port = $::config->get("preop.securitydomain.kra$count.secureport"); + my $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); my $name = $::config->get("preop.securitydomain.kra$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $port; + $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; } DONE: $::symbol{urls_size} = $count; diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm index c0c897139..54e9b85cf 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm @@ -102,25 +102,25 @@ sub update $tmp = `rm $instanceDir/conf/caCert.der`; $tmp = `rm $instanceDir/conf/caCert_pp.txt`; - # complete the SeucrityDomain task - my $sdomainURL = $::config->get("config.sdomainURL"); - if ($sdomainURL eq "") { + # complete the SecurityDomain task + my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); + if ($sdomainAdminURL eq "") { return 2; } my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); + my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); my $unsecurePort = $::config->get("service.unsecurePort"); # check if url is accessible # redirect to the security domain authentication if ($ENV{'SERVER_PORT'} eq $unsecurePort) { - $::symbol{redirect} = $sdomainURL . "/ca/ee/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; + $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; } else { - $::symbol{redirect} = $sdomainURL . "/ca/ee/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; + $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $non_clientauth_securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; } - get_domain_xml($sdomainURL); + get_domain_xml($sdomainAdminURL); return 3; @@ -135,27 +135,27 @@ sub display &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain"); my $instanceID = $::config->get("service.instanceID"); my $instanceDir = $::config->get("service.instanceDir"); - my $sdomainURL = $::config->get("config.sdomainURL"); - if ($sdomainURL eq "") { + my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); + if ($sdomainAdminURL eq "") { return 2; } my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; $db_password =~ s/\n$//g; - my $url_info = new URI::URL($sdomainURL); - my $host = $url_info->host; - my $port = $url_info->port; + my $url_info = new URI::URL($sdomainAdminURL); + my $sd_host = $url_info->host; + my $sd_admin_port = $url_info->port; my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/getCertChain\" $host:$port`; + my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`; - my $caCert; + my $caCert = ""; if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { $caCert = $1; &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert"); } - my $certpp; + my $certpp = ""; if ($caCert ne "") { open(F, ">$instanceDir/conf/caCert.txt"); print F $caCert; @@ -199,13 +199,14 @@ sub display return 1; } + sub get_domain_xml { - my ($sdomainURL) = @_; + my ($sdomainAdminURL) = @_; - my $sdom_info = new URI::URL($sdomainURL); + my $sdom_info = new URI::URL($sdomainAdminURL); # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9444/ca/ee/ca/getDomainXML + # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML my $nickname = $::config->get("preop.cert.sslserver.nickname"); my $instanceID = $::config->get("service.instanceID"); @@ -213,9 +214,9 @@ sub get_domain_xml my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; $db_password =~ s/\n$//g; - my $host = $sdom_info->host; - my $port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/getDomainXML\" $host:$port`; + my $sd_host = $sdom_info->host; + my $sd_admin_port = $sdom_info->port; + my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; $content = $1; @@ -241,8 +242,40 @@ sub get_domain_xml $c->{'SubsystemName'}[0]); $::config->put("preop.securitydomain.ca" . $count . ".secureport", $c->{'SecurePort'}[0]); + $::config->put("preop.securitydomain.ca" . $count . ".secureagentport", + $c->{'SecureAgentPort'}[0]); + $::config->put("preop.securitydomain.ca" . $count . ".secureadminport", + $c->{'SecureAdminPort'}[0]); + $::config->put("preop.securitydomain.ca" . $count . ".unsecureport", + $c->{'UnSecurePort'}[0]); $::config->put("preop.securitydomain.ca" . $count . ".host", $c->{'Host'}[0]); + + # The user previously specified the CA Security Domain's + # SSL Admin URL in the "Security Domain Panel"; + # now retrieve this specified CA Security Domain's + # non-SSL EE, SSL Agent, and SSL EE URLs: + if( $sd_admin_port eq $c->{'SecureAdminPort'}[0] ) { + # Build the URLs + my $http_ee_port = "https://" + . $c->{'Host'}[0] + . ":" + . $c->{'UnSecurePort'}[0]; + my $https_agent_port = "https://" + . $c->{'Host'}[0] + . ":" + . $c->{'SecureAgentPort'}[0]; + my $https_ee_port = "https://" + . $c->{'Host'}[0] + . ":" + . $c->{'SecurePort'}[0]; + + # Store the URLs + $::config->put( "config.sdomainHttpURL", $http_ee_port ); + $::config->put( "config.sdomainAgentURL", $https_agent_port ); + $::config->put( "config.sdomainEEURL", $https_ee_port ); + } + $count++; } @@ -254,6 +287,12 @@ sub get_domain_xml $c->{'SubsystemName'}[0]); $::config->put("preop.securitydomain.tks" . $count . ".secureport", $c->{'SecurePort'}[0]); + $::config->put("preop.securitydomain.tks" . $count . ".secureagentport", + $c->{'SecureAgentPort'}[0]); + $::config->put("preop.securitydomain.tks" . $count . ".secureadminport", + $c->{'SecureAdminPort'}[0]); + $::config->put("preop.securitydomain.tks" . $count . ".unsecureport", + $c->{'UnSecurePort'}[0]); $::config->put("preop.securitydomain.tks" . $count . ".host", $c->{'Host'}[0]); $count++; @@ -267,6 +306,12 @@ sub get_domain_xml $c->{'SubsystemName'}[0]); $::config->put("preop.securitydomain.kra" . $count . ".secureport", $c->{'SecurePort'}[0]); + $::config->put("preop.securitydomain.kra" . $count . ".secureagentport", + $c->{'SecureAgentPort'}[0]); + $::config->put("preop.securitydomain.kra" . $count . ".secureadminport", + $c->{'SecureAdminPort'}[0]); + $::config->put("preop.securitydomain.kra" . $count . ".unsecureport", + $c->{'UnSecurePort'}[0]); $::config->put("preop.securitydomain.kra" . $count . ".host", $c->{'Host'}[0]); $count++; @@ -279,7 +324,11 @@ sub get_domain_xml $::config->put("preop.securitydomain.ra" . $count . ".subsystemname", $c->{'SubsystemName'}[0]); $::config->put("preop.securitydomain.ra" . $count . ".secureport", + $c->{'SecureAgentPort'}[0]); + $::config->put("preop.securitydomain.ra" . $count . ".non_clientauth_secure_port", $c->{'SecurePort'}[0]); + $::config->put("preop.securitydomain.ra" . $count . ".unsecureport", + $c->{'UnSecurePort'}[0]); $::config->put("preop.securitydomain.ra" . $count . ".host", $c->{'Host'}[0]); $count++; diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index 086d51e4a..87d8bd8c4 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -91,13 +91,15 @@ sub register_ra &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); my $machineName = $::config->get("service.machineName"); + my $unsecurePort = $::config->get("service.unsecurePort"); my $securePort = $::config->get("service.securePort"); + my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); my $session_id = $::config->get("preop.sessionID"); &PKI::RA::Wizard::debug_log("DonePanel: Security Domain Info " . $url); - # add service.securityDomainPort to the config file in case pkiremove needs to - # remove system reference from the security domain + # add service.securityDomainPort to the config file in case pkiremove + # needs to remove system reference from the security domain $::config->put("service.securityDomainPort", $securePort); $::config->commit(); @@ -183,7 +185,9 @@ sub get_kra_transport_cert my $krainfo_url = new URI::URL($krainfo); my $machineName = $::config->get("service.machineName"); + my $unsecurePort = $::config->get("service.unsecurePort"); my $securePort = $::config->get("service.securePort"); + my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); my $session_id = $::config->get("preop.sessionID"); my $nickname = $::config->get("preop.cert.sslserver.nickname"); @@ -234,7 +238,9 @@ sub send_kra_transport_cert my $tksinfo_url = new URI::URL($tksinfo); my $machineName = $::config->get("service.machineName"); + my $unsecurePort = $::config->get("service.unsecurePort"); my $securePort = $::config->get("service.securePort"); + my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); my $session_id = $::config->get("preop.sessionID"); my $nickname = $::config->get("preop.cert.sslserver.nickname"); @@ -296,7 +302,7 @@ sub display } # Add this RA's server certificate to the subsystems - my $sdom = $::config->get("config.sdomainURL"); + my $sdom = $::config->get("config.sdomainEEURL"); my $cainfo = $::config->get("preop.cainfo.select"); $cainfo =~ s/.* - //g; ®ister_ra($sdom, $cainfo, $::config->get("conn.ca1.servlet.addagent"), "CA"); @@ -368,8 +374,9 @@ sub display &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); my $unsecurePort = $::config->get("service.unsecurePort"); + my $securePort = $::config->get("service.securePort"); + my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); my $instanceID = $::config->get("service.instanceID"); my $initCommand = ""; @@ -381,8 +388,9 @@ sub display } $::symbol{host} = $machineName; - $::symbol{port} = $securePort; $::symbol{unsecurePort} = $unsecurePort; + $::symbol{port} = $securePort; + $::symbol{non_clientauth_port} = $non_clientauth_securePort; $::symbol{initCommand} = $initCommand; $::config->deleteSubstore("preop."); diff --git a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm index 7ee15e596..54159a336 100755 --- a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm @@ -75,7 +75,7 @@ sub update &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: update"); # register to Security Domain - my $sdom = $::config->get("config.sdomainURL"); + my $sdom = $::config->get("config.sdomainAgentURL"); my $sdom_url = new URI::URL($sdom); # @@ -102,6 +102,18 @@ sub update my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML?$params\" $sdom_url->host:$sdom_url->port`; + # Fetch the "updated" security domain and display it + &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: Dump contents of updated Security Domain . . ."); + my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); + my $sdom_info = new URI::URL($sdomainAdminURL); + my $nickname = $::config->get("preop.cert.sslserver.nickname"); + my $sd_host = $sdom_info->host; + my $sd_admin_port = $sdom_info->port; + my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; + $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; + $content = $1; + &PKI::RA::Wizard::debug_log($content); + return 1; } diff --git a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm index 383654184..221f93263 100755 --- a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm @@ -87,25 +87,25 @@ sub update &PKI::RA::Wizard::debug_log("NamePanel: update - selected ca= $count"); my $host = ""; - my $port = ""; + my $https_ee_port = ""; my $useExternalCA = "off"; if ($count =~ /http/) { my $info = new URI::URL($count); $host = $info->host; - $port = $info->port; + $https_ee_port = $info->port; } else { $host = $::config->get("preop.securitydomain.ca$count.host"); if ($host eq "") { $useExternalCA = "on"; } else { - $port = $::config->get("preop.securitydomain.ca$count.secureport"); - &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, port= $port"); + $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); + &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, https_ee_port= $https_ee_port"); } } $::config->put("preop.certenroll.useExternalCA", $useExternalCA); - $::config->put("preop.ca.url", "https://" . $host . ":" . $port); + $::config->put("preop.ca.url", "https://" . $host . ":" . $https_ee_port); my $tokenname = $::config->get("preop.module.token"); &PKI::RA::Wizard::debug_log("NamePanel: update got token name = $tokenname"); @@ -242,7 +242,7 @@ GEN_CERT: # see if there is an existing cert my $cert = $::config->get("preop.cert.$certtag.cert"); - my $sdom = $::config->get("config.sdomainURL"); + my $sdom = $::config->get("config.sdomainEEURL"); my $sdom_url = new URI::URL($sdom); if (($useExternalCA eq "on") && ($certtag ne "subsystem")) { @@ -293,14 +293,14 @@ GEN_CERT: if ($certtag eq "subsystem") { $host = $sdom_url->host; - $port = $sdom_url->port; + $https_ee_port = $sdom_url->port; } if ($changed eq "true") { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; +$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; +$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; } else { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; +$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; +$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; } &PKI::RA::Wizard::debug_log("debug_req = " . $debug_req); @@ -480,9 +480,9 @@ sub display if ($host eq "") { goto DONE; } - my $port = $::config->get("preop.securitydomain.ca$count.secureport"); + my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $port; + my $item = $name . " - https://" . $host . ":" . $https_ee_port; $::symbol{urls}[$count++] = $item; } diff --git a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm index 468a5b1c3..ce622f915 100755 --- a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm @@ -26,6 +26,7 @@ use strict; use warnings; use PKI::RA::GlobalVar; use PKI::RA::Common; +use URI::URL; use XML::Simple; use Data::Dumper; @@ -78,7 +79,7 @@ sub display $::symbol{panelname} = "Security Domain"; $::symbol{sdomainName} = "Security Domain"; my $hostname = $::config->get("service.machineName"); - $::symbol{sdomainURL} = "https://" . $hostname . ":9444"; + $::symbol{sdomainAdminURL} = "https://" . $hostname . ":9445"; return 1; } @@ -90,15 +91,22 @@ sub update &PKI::RA::Wizard::debug_log("SecurityPanel: update"); my $sdomainURL = $q->param("sdomainURL"); + my $sdomainURL_info = new URI::URL($sdomainURL); + if ($sdomainURL eq "") { &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found"); - $::symbol{errorString} = "Security Domain URL not found"; + $::symbol{errorString} = "Security Domain HTTPS Admin URL not found"; return 0; } - # save url in CS.cfg + # save urls in CS.cfg &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL); - $::config->put("config.sdomainURL", $sdomainURL); + $::config->put("config.sdomainAdminURL", $sdomainURL); + + # Add values necessary for 'pkiremove' . . . + $::config->put("securitydomain.select", "existing"); + $::config->put("securitydomain.host", $sdomainURL_info->host); + $::config->put("securitydomain.httpsadminport", $sdomainURL_info->port); $::config->commit(); return 1; diff --git a/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm b/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm index 763b184be..3a1ba77d6 100755 --- a/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm @@ -211,11 +211,11 @@ sub display #for "common key settings" my $select = $::config->get("preop.keysize.select"); - if ($select ne "") { + if (($select eq "") || ($select eq "default")) { + $::symbol{select} = "default"; + } else { &PKI::RA::Wizard::debug_log("SizePanel: display keysize select= $select"); $::symbol{select} = $select; - } else { - $::symbol{select} = "default"; } my $default_size = $::config->get("preop.keysize.size"); if ($default_size eq "") { diff --git a/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm b/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm index 4f98bee61..4a0869420 100755 --- a/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm @@ -76,7 +76,9 @@ sub update $::symbol{subsystemName} = "Registration Authority"; $::symbol{fullsystemname} = "Registration Authority"; $::symbol{machineName} = "localhost"; - $::symbol{https_port} = "7889"; + $::symbol{http_port} = "12888"; + $::symbol{https_port} = "12889"; + $::symbol{non_clientauth_https_port} = "12890"; $::symbol{check_clonesubsystem} = " "; $::symbol{check_newsubsystem} = " "; $::symbol{disableClone} = 1; @@ -97,12 +99,15 @@ sub display $::symbol{fullsystemname} = "Registration Authority "; my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); my $unsecurePort = $::config->get("service.unsecurePort"); + my $securePort = $::config->get("service.securePort"); + my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); $::symbol{machineName} = $machineName; + $::symbol{http_port} = $unsecurePort; $::symbol{https_port} = $securePort; + $::symbol{non_clientauth_https_port} = $non_clientauth_securePort; $::symbol{check_clonesubsystem} = ""; $::symbol{check_newsubsystem} = "checked "; @@ -117,7 +122,7 @@ sub display if ($host eq "") { goto DONE; } - my $port = $::config->get("preop.securitydomain.ra$count.secureport"); + my $port = $::config->get("preop.securitydomain.ra$count.non_clientauth_secure_port"); my $name = $::config->get("preop.securitydomain.ra$count.subsystemname"); unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port); $count++; diff --git a/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm index a219e74c3..6a4f6b16e 100755 --- a/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm @@ -79,28 +79,28 @@ sub update my $instanceID = $::config->get("service.instanceID"); my $host = ""; - my $port = ""; + my $https_agent_port = ""; if ($count =~ /http/) { my $info = new URI::URL($count); $host = $info->host; - $port = $info->port; - if (($host eq "") || ($port eq "")) { + $https_agent_port = $info->port; + if (($host eq "") || ($https_agent_port eq "")) { $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; return 0; } $::config->put("preop.tksinfo.select", $count); } else { $host = $::config->get("preop.securitydomain.tks$count.host"); - $port = $::config->get("preop.securitydomain.tks$count.secureport"); - if (($host eq "") || ($port eq "")) { + $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); + if (($host eq "") || ($https_agent_port eq "")) { $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; return 0; } - $::config->put("preop.tksinfo.select", "https://$host:$port"); + $::config->put("preop.tksinfo.select", "https://$host:$https_agent_port"); } my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); $::config->put("conn.tks1.clientNickname", $subsystemCertNickName); - $::config->put("conn.tks1.hostport", $host . ":" . $port); + $::config->put("conn.tks1.hostport", $host . ":" . $https_agent_port); $::config->commit(); return 1; @@ -117,9 +117,9 @@ sub display if ($host eq "") { goto DONE; } - my $port = $::config->get("preop.securitydomain.tks$count.secureport"); + my $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); my $name = $::config->get("preop.securitydomain.tks$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $port; + $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; } DONE: $::symbol{urls_size} = $count; |