From d0ec0c056f132e13bf606f595d1d26ab6486bc5a Mon Sep 17 00:00:00 2001
From: Andrew Wnuk <awnuk@redhat.com>
Date: Mon, 20 Aug 2012 15:38:31 -0700
Subject: subsequent OCSPs and DRM connector protection

This patch corrects process of attaching OCSP subsystem to CA.
It improves handling of adding subsequent OCSP subsystems to CA.
This patch also prevents DRM connector to be overwritten
by subsequent DRM installations.

Bug 804179.
---
 .../cms/servlet/csadmin/UpdateOCSPConfig.java      | 30 ++++++++++------------
 1 file changed, 14 insertions(+), 16 deletions(-)

(limited to 'base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java')

diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
index 3d564e955..c34df8b9c 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
@@ -116,24 +116,22 @@ public class UpdateOCSPConfig extends CMSServlet {
 
         String ocsphost = httpReq.getParameter("ocsp_host");
         String ocspport = httpReq.getParameter("ocsp_port");
+        String ocspname = ocsphost.replace('.', '-')+"-"+ocspport;
+        String publisherPrefix = "ca.publish.publisher.instance.OCSPPublisher-"+ocspname;
+        String rulePrefix = "ca.publish.rule.instance.ocsprule-"+ocspname;
         try {
             cs.putString("ca.publish.enable", "true");
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
-                    ocsphost);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
-                    ocspport);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
-                    nickname);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.path",
-                    "/ocsp/agent/ocsp/addCRL");
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher");
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true");
-            cs.putString("ca.publish.rule.instance.ocsprule.enable", "true");
-            cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap");
-            cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule");
-            cs.putString("ca.publish.rule.instance.ocsprule.publisher",
-                    "OCSPPublisher");
-            cs.putString("ca.publish.rule.instance.ocsprule.type", "crl");
+            cs.putString(publisherPrefix+".host", ocsphost);
+            cs.putString(publisherPrefix+".port", ocspport);
+            cs.putString(publisherPrefix+".nickName", nickname);
+            cs.putString(publisherPrefix+".path", "/ocsp/agent/ocsp/addCRL");
+            cs.putString(publisherPrefix+".pluginName", "OCSPPublisher");
+            cs.putString(publisherPrefix+".enableClientAuth", "true");
+            cs.putString(rulePrefix+".enable", "true");
+            cs.putString(rulePrefix+".mapper", "NoMap");
+            cs.putString(rulePrefix+".pluginName", "Rule");
+            cs.putString(rulePrefix+".publisher", "OCSPPublisher-"+ocspname);
+            cs.putString(rulePrefix+".type", "crl");
             cs.commit(false);
             // insert info
             CMS.debug("UpdateOCSPConfig: Sending response");
-- 
cgit