From 898f5330dd38266ca378e16e5fd44f8ddc87d507 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Fri, 12 Apr 2013 12:25:01 -0400 Subject: Added tokenAuthenticate to admin interface Modified code to use this interface by default. Added required migration script code. Ticket 546 --- .../upgrade/10.0.1/02-CloningInterfaceChanges | 69 ++++++++++++++++++++-- 1 file changed, 63 insertions(+), 6 deletions(-) (limited to 'base/server/upgrade') diff --git a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges index 524978d4d..6b3f6b6f5 100755 --- a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges +++ b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges @@ -21,7 +21,7 @@ import os import sys -import xml.etree.ElementTree as ET +from lxml import etree as ET import pki.upgrade class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): @@ -32,7 +32,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): com.netscape.cms.servlet.csadmin.UpdateDomainXML GetClientCert - true + false authority @@ -44,11 +44,11 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): interface - agent + admin AuthMgr - certUserDBAuthMgr + TokenAuth AuthzMgr @@ -66,6 +66,33 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): /admin/ca/updateDomainXML """ + tokenAuthenticateServletData = """ + + caTokenAuthenticate-admin + com.netscape.cms.servlet.csadmin.TokenAuthenticate + + GetClientCert + false + + + authority + ca + + + ID + caTokenAuthenticate + + + interface + admin + + """ + + tokenAuthenticateMappingData = """ + + caTokenAuthenticate-admin + /admin/ca/tokenAuthenticate + """ def __init__(self): @@ -83,6 +110,7 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): if subsystem == "ca": self.modify_update_number_range(subsystem) self.modify_update_domain_xml() + self.modify_token_authenticate() if subsystem == "kra": self.modify_update_number_range(subsystem) @@ -124,15 +152,44 @@ class CloningInterfaceChanges(pki.upgrade.PKIUpgradeScriptlet): name = servlet.find('servlet-name').text.strip() if name == 'caUpdateDomainXML-admin': found = True + if name == 'caUpdateDomainXML': + index = list(self.root).index(servlet) + 1 if not found: servlet = ET.fromstring(self.updateDomainServletData) - self.root.append(servlet) + self.root.insert(index, servlet) found = False for mapping in self.doc.findall('.//servlet-mapping'): name = mapping.find('servlet-name').text.strip() if name == 'caUpdateDomainXML-admin': found = True + if name == 'caUpdateDomainXML': + index = list(self.root).index(mapping) + 1 if not found: mapping = ET.fromstring(self.updateDomainMappingData) - self.root.append(mapping) + self.root.insert(index, mapping) + + + def modify_token_authenticate(self): + #add caTokenAuthenticate-admin servlet and mapping + found = False + for servlet in self.doc.findall('.//servlet'): + name = servlet.find('servlet-name').text.strip() + if name == 'caTokenAuthenticate-admin': + found = True + if name == 'caTokenAuthenticate': + index = list(self.root).index(servlet) + 1 + if not found: + servlet = ET.fromstring(self.tokenAuthenticateServletData) + self.root.insert(index, servlet) + + found = False + for mapping in self.doc.findall('.//servlet-mapping'): + name = mapping.find('servlet-name').text.strip() + if name == 'caTokenAuthenticate-admin': + found = True + if name == 'caTokenAuthenticate': + index = list(self.root).index(mapping) + 1 + if not found: + mapping = ET.fromstring(self.tokenAuthenticateMappingData) + self.root.insert(index, mapping) -- cgit