From 2be9c6eaeb178325e9564d6a47e8078b4d2f0e1f Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Thu, 5 May 2016 08:01:52 +0200 Subject: Added createCertificates(). --- base/common/python/pki/system.py | 45 ++++++++++++++--- .../certsrv/system/ConfigurationResponse.java | 23 +-------- .../certsrv/system/SystemConfigResource.java | 16 +++++- .../dogtagpki/server/rest/SystemConfigService.java | 57 +++++++++++++++------- .../python/pki/server/deployment/pkihelper.py | 14 ++++-- 5 files changed, 103 insertions(+), 52 deletions(-) diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py index 1151c78fa..7607578df 100644 --- a/base/common/python/pki/system.py +++ b/base/common/python/pki/system.py @@ -271,9 +271,28 @@ class SystemConfigClient(object): """ headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - response = self.connection.post('/rest/installer/configure', data, - headers) - return response.json() + self.connection.post('/rest/installer/configure', data, + headers) + + def createCertificates(self): + """ + Contacts the server and invokes the Java configuration REST API to + create certificates. + """ + headers = {'Content-type': 'application/json', + 'Accept': 'application/json'} + self.connection.post('/rest/installer/createCertificates', None, + headers) + + def backupKeys(self): + """ + Contacts the server and invokes the Java configuration REST API to + backup keys. + """ + headers = {'Content-type': 'application/json', + 'Accept': 'application/json'} + self.connection.post('/rest/installer/backupKeys', None, + headers) def createUsers(self): """ @@ -282,7 +301,7 @@ class SystemConfigClient(object): """ headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - self.connection.post('/rest/installer/finalize', None, + self.connection.post('/rest/installer/createUsers', None, headers) def configureSecurityDomain(self): @@ -292,10 +311,10 @@ class SystemConfigClient(object): """ headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - self.connection.post('/rest/installer/finalize', None, + self.connection.post('/rest/installer/configureSecurityDomain', None, headers) - def finalize(self): + def finalizeConfiguration(self): """ Contacts the server and invokes the Java configuration REST API to finalize subsystem configuration. @@ -304,7 +323,19 @@ class SystemConfigClient(object): """ headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - response = self.connection.post('/rest/installer/finalize', None, + self.connection.post('/rest/installer/finalizeConfiguration', None, + headers) + + def getConfigurationResult(self): + """ + Contacts the server and invokes the Java configuration REST API to + get configuration result. + + :return: ConfigurationResponse -- response from configuration servlet. + """ + headers = {'Content-type': 'application/json', + 'Accept': 'application/json'} + response = self.connection.post('/rest/installer/result', None, headers) return response.json() diff --git a/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java b/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java index e967914ce..6fa82dd3b 100644 --- a/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java +++ b/base/common/src/com/netscape/certsrv/system/ConfigurationResponse.java @@ -26,10 +26,10 @@ import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; -import netscape.security.x509.X509CertImpl; - import com.netscape.certsrv.apps.CMS; +import netscape.security.x509.X509CertImpl; + /** * @author alee * @@ -44,9 +44,6 @@ public class ConfigurationResponse { @XmlElement protected SystemCertData adminCert; - @XmlElement - protected String status; - public ConfigurationResponse() { systemCerts = new ArrayList(); adminCert = new SystemCertData(); @@ -80,22 +77,6 @@ public class ConfigurationResponse { this.adminCert = adminCert; } - /** - * @return the status - */ - public String getStatus() { - return status; - } - - /** - * @param status the status to set - */ - public void setStatus(String status) { - this.status = status; - } - - - public void setAdminCert(X509CertImpl x509CertImpl) throws CertificateEncodingException { adminCert.setCert(CMS.BtoA(x509CertImpl.getEncoded())); } diff --git a/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java index 3ad8abf96..4835843c5 100644 --- a/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java +++ b/base/common/src/com/netscape/certsrv/system/SystemConfigResource.java @@ -31,6 +31,14 @@ public interface SystemConfigResource { @Path("configure") public ConfigurationResponse configure(ConfigurationRequest data) throws Exception; + @POST + @Path("createCertificates") + public void createCertificates() throws Exception; + + @POST + @Path("backupKeys") + public void backupKeys() throws Exception; + @POST @Path("createUsers") public void createUsers() throws Exception; @@ -40,6 +48,10 @@ public interface SystemConfigResource { public void configureSecurityDomain() throws Exception; @POST - @Path("finalize") - public ConfigurationResponse finalizeConfiguration() throws Exception; + @Path("finalizeConfiguration") + public void finalizeConfiguration() throws Exception; + + @POST + @Path("result") + public ConfigurationResponse getConfigurationResponse() throws Exception; } diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index bd7e93caf..e4f5aec3f 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -187,38 +187,52 @@ public class SystemConfigService extends PKIService implements SystemConfigResou configureCACertChain(data, domainXML); Collection certs = new ArrayList(); - MutableBoolean hasSigningCert = new MutableBoolean(); - processCerts(data, token, certList, certs, hasSigningCert); - - // non-Stand-alone PKI submitting CSRs to external ca - if (data.getIssuingCA() != null && data.getIssuingCA().equals("External CA") && !hasSigningCert.booleanValue()) { - CMS.debug("Submit CSRs to external ca . . ."); - response.setSystemCerts(SystemCertDataFactory.create(certs)); - response.setStatus(SUCCESS); - return; + HttpSession session = servletRequest.getSession(); + session.setAttribute("system_certificates", certs); + + if (!data.getExistingDatabase()) { + MutableBoolean hasSigningCert = new MutableBoolean(); + processCerts(data, token, certList, certs, hasSigningCert); } + } + + @Override + public void createCertificates() { + + HttpSession session = servletRequest.getSession(); + ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request"); + ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); + Collection certs = (Collection)session.getAttribute("system_certificates"); for (Cert cert : certs) { int ret; + try { CMS.debug("Processing '" + cert.getCertTag() + "' certificate:"); ret = ConfigurationUtils.handleCerts(cert); ConfigurationUtils.setCertPermissions(cert.getCertTag()); CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); + } catch (Exception e) { CMS.debug(e); - throw new PKIException("Error in configuring system certificates" + e, e); + throw new PKIException("Error in configuring system certificates: " + e, e); } + if (ret != 0) { throw new PKIException("Error in configuring system certificates"); } } - response.setSystemCerts(SystemCertDataFactory.create(certs)); + } - // backup keys - CMS.debug("=== Backup Keys ==="); - if (data.getBackupKeys().equals("true")) { - backupKeys(data); + @Override + public void backupKeys() { + + HttpSession session = servletRequest.getSession(); + ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request"); + ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); + + if (request.getBackupKeys().equals("true")) { + backupKeys(request); } } @@ -243,13 +257,22 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } @Override - public ConfigurationResponse finalizeConfiguration() { + public void finalizeConfiguration() { HttpSession session = servletRequest.getSession(); ConfigurationRequest request = (ConfigurationRequest)session.getAttribute("configuration_request"); ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); finalizeConfiguration(request, response); + } + + @Override + public ConfigurationResponse getConfigurationResponse() { + + HttpSession session = servletRequest.getSession(); + ConfigurationResponse response = (ConfigurationResponse)session.getAttribute("configuration_response"); + Collection certs = (Collection)session.getAttribute("system_certificates"); + response.setSystemCerts(SystemCertDataFactory.create(certs)); return response; } @@ -632,8 +655,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION; Utils.exec("touch " + restart_server); Utils.exec("chmod 00660 " + restart_server); - - response.setStatus(SUCCESS); } public void configureAdministrator(ConfigurationRequest data, ConfigurationResponse response) { diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 1b2324f6d..24e6ee0c2 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -3818,12 +3818,18 @@ class ConfigClient: try: client = pki.system.SystemConfigClient(connection) client.configure(data) - client.createUsers() - client.configureSecurityDomain() - response = client.finalize() + + if not (self.external or self.standalone) or self.external_step_two: + client.createCertificates() + client.backupKeys() + client.createUsers() + client.configureSecurityDomain() + client.finalizeConfiguration() + + response = client.getConfigurationResult() config.pki_log.debug( - log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']), + 'Configuration complete', extra=config.PKI_INDENTATION_LEVEL_2) try: certs = response['systemCerts'] -- cgit