From db9537d210a20b90115374e5b406db6c9658bc3a Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Fri, 26 Oct 2012 12:36:14 -0400
Subject: Set paths for default instance

With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg.  This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.

The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem.  An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.

Ticket 379, 385
---
 .../cms/servlet/csadmin/SystemConfigService.java      | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java')

diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 6f126f8ce..31fcaac9d 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -437,6 +437,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             throw new PKIException("Error in obtaining certificate chain from issuing CA: " + e);
         }
 
+        boolean generateServerCert = data.getGenerateServerCert().equalsIgnoreCase("false")? false : true;
         boolean hasSigningCert = false;
         Vector<Cert> certs = new Vector<Cert>();
         try {
@@ -454,6 +455,21 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
                     if (cdata.getTag().equals(ct)) break;
                 }
 
+                if (!generateServerCert && ct.equals("sslserver")) {
+                    if (!cdata.getToken().equals("internal")) {
+                        cs.putString(csType.toLowerCase() + ".cert.sslserver.nickname", cdata.getNickname());
+                    } else {
+                        cs.putString(csType.toLowerCase() + ".cert.sslserver.nickname", data.getToken() +
+                                ":" + cdata.getNickname());
+                    }
+                    cs.putString(csType.toLowerCase() + ".sslserver.nickname", cdata.getNickname());
+                    cs.putString(csType.toLowerCase() + ".sslserver.cert", cdata.getCert());
+                    cs.putString(csType.toLowerCase() + ".sslserver.certreq", cdata.getRequest());
+                    cs.putString(csType.toLowerCase() + ".sslserver.tokenname", cdata.getToken());
+                    cs.putString(csType.toLowerCase() + ".sslserver.cert", cdata.getCert());
+                    continue;
+                }
+
                 String keytype = (cdata.getKeyType() != null) ? cdata.getKeyType() : "rsa";
 
                 String keyalgorithm = cdata.getKeyAlgorithm();
@@ -909,5 +925,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             }
         }
 
+        if (data.getGenerateServerCert() == null) {
+            data.setGenerateServerCert("true");
+        }
     }
 }
-- 
cgit