From 2dc3c84777dcd8fe20611511ed5fc422c8b05541 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 7 Jul 2017 19:36:56 +0200 Subject: Refactored ConfigurationUtils.updateCloneConfig(). The ConfigurationUtils.updateCloneConfig() invocation has been modified such that it will only be executed once. https://pagure.io/dogtagpki/issue/2280 Change-Id: I1d42acb8cf7c7ffedcd109fcd5252a03fb9622e7 --- .../cms/servlet/csadmin/ConfigurationUtils.java | 26 +++++++++++++--------- .../dogtagpki/server/rest/SystemConfigService.java | 8 +++---- 2 files changed, 20 insertions(+), 14 deletions(-) (limited to 'base/server/cms/src') diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index b8f771238..cca753404 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -2946,15 +2946,20 @@ public class ConfigurationUtils { return 0; } - public static void updateCloneConfig() - throws EBaseException, IOException { + public static void updateCloneConfig() throws EBaseException, IOException { + IConfigStore config = CMS.getConfigStore(); String cstype = config.getString("cs.type", null); cstype = cstype.toLowerCase(); + if (cstype.equals("kra")) { + String token = config.getString("preop.module.token"); + if (!CryptoUtil.isInternalToken(token)) { + CMS.debug("ConfigurationUtils: updating configuration for KRA clone with hardware token"); + String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); @@ -2962,22 +2967,23 @@ public class ConfigurationUtils { config.putString(subsystem + ".storageUnit.hardware", token); config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname); config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname); + config.commit(false); + } else { // software token // parameters already set } } // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!CryptoUtil.isInternalToken(audit_tk)) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + String nickname = config.getString(cstype + ".audit_signing.nickname", ""); + String token = config.getString(cstype + ".audit_signing.tokenname", ""); + + if (!CryptoUtil.isInternalToken(token)) { + nickname = token + ":" + nickname; } + + config.putString("log.instance.SignedAudit.signedAuditCertNickname", nickname); } public static void loadCertRequest(IConfigStore config, String tag, Cert cert) throws Exception { diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 87cf963d9..a92d04ae9 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -399,6 +399,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } ConfigurationUtils.updateServerCertNickConf(); + + if (request.isClone()) { + ConfigurationUtils.updateCloneConfig(); + } } public void processCert( @@ -524,10 +528,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ConfigurationUtils.generateCertRequest(cs, tag, cert); } - if (request.isClone()) { - ConfigurationUtils.updateCloneConfig(); - } - if (request.isExternal() && tag.equals("signing")) { // external/existing CA CMS.debug("SystemConfigService: External CA has signing cert"); hasSigningCert.setValue(true); -- cgit