From 8a6935ba8587ece5e5fcf8b65448c1b57d5ac463 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 22 Apr 2014 14:22:51 -0400 Subject: Refactored SystemConfigService (part 12). Subsystem-specific configuration codes have been moved from the SystemConfigService into the subsystem-specific installer. Ticket #890 --- .../server/ca/rest/CAInstallerService.java | 36 ++++++ .../server/kra/rest/KRAInstallerService.java | 34 ++++++ .../server/ocsp/rest/OCSPInstallerService.java | 31 +++++ .../dogtagpki/server/rest/SystemConfigService.java | 130 +-------------------- .../server/tps/rest/TPSInstallerService.java | 42 +++++++ 5 files changed, 146 insertions(+), 127 deletions(-) (limited to 'base') diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java index 7a1aa5a12..cc3c46585 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java @@ -19,7 +19,11 @@ package org.dogtagpki.server.ca.rest; import org.dogtagpki.server.rest.SystemConfigService; +import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.system.ConfigurationRequest; +import com.netscape.cms.servlet.csadmin.ConfigurationUtils; /** * @author alee @@ -29,4 +33,36 @@ public class CAInstallerService extends SystemConfigService { public CAInstallerService() throws EBaseException { } + + @Override + public void finalizeConfiguration(ConfigurationRequest request) { + + super.finalizeConfiguration(request); + + try { + if (!request.getIsClone().equals("true")) { + ConfigurationUtils.updateNextRanges(); + } + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Errors in updating next serial number ranges in DB: " + e); + } + + try { + if (request.getIsClone().equals("true") && ConfigurationUtils.isSDHostDomainMaster(cs)) { + // cloning a domain master CA, the clone is also master of its domain + cs.putString("securitydomain.host", CMS.getEEHost()); + cs.putString("securitydomain.httpport", CMS.getEENonSSLPort()); + cs.putString("securitydomain.httpsadminport", CMS.getAdminPort()); + cs.putString("securitydomain.httpsagentport", CMS.getAgentPort()); + cs.putString("securitydomain.httpseeport", CMS.getEESSLPort()); + cs.putString("securitydomain.select", "new"); + } + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Errors in determining if security domain host is a master CA"); + } + } } diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java index 755a61e35..e2587237a 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KRAInstallerService.java @@ -19,7 +19,11 @@ package org.dogtagpki.server.kra.rest; import org.dogtagpki.server.rest.SystemConfigService; +import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.system.ConfigurationRequest; +import com.netscape.cms.servlet.csadmin.ConfigurationUtils; /** * @author alee @@ -29,4 +33,34 @@ public class KRAInstallerService extends SystemConfigService { public KRAInstallerService() throws EBaseException { } + + @Override + public void finalizeConfiguration(ConfigurationRequest request) { + + super.finalizeConfiguration(request); + + try { + String ca_host = cs.getString("preop.ca.hostname", ""); + + // need to push connector information to the CA + if (!request.getStandAlone() && !ca_host.equals("")) { + ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort()); + ConfigurationUtils.setupClientAuthUser(); + } + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Errors in pushing KRA connector information to the CA: " + e); + } + + try { + if (!request.getIsClone().equals("true")) { + ConfigurationUtils.updateNextRanges(); + } + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Errors in updating next serial number ranges in DB: " + e); + } + } } diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java index 0ee5eb430..aaeeb346b 100644 --- a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java +++ b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPInstallerService.java @@ -19,7 +19,12 @@ package org.dogtagpki.server.ocsp.rest; import org.dogtagpki.server.rest.SystemConfigService; +import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.ocsp.IOCSPAuthority; +import com.netscape.certsrv.system.ConfigurationRequest; +import com.netscape.cms.servlet.csadmin.ConfigurationUtils; /** * @author alee @@ -29,4 +34,30 @@ public class OCSPInstallerService extends SystemConfigService { public OCSPInstallerService() throws EBaseException { } + + @Override + public void finalizeConfiguration(ConfigurationRequest request) { + + super.finalizeConfiguration(request); + + try { + String ca_host = cs.getString("preop.ca.hostname", ""); + + // import the CA certificate into the OCSP + // configure the CRL Publishing to OCSP in CA + if (!ca_host.equals("")) { + CMS.reinit(IOCSPAuthority.ID); + ConfigurationUtils.importCACertToOCSP(); + + if (!request.getStandAlone()) { + ConfigurationUtils.updateOCSPConfig(); + ConfigurationUtils.setupClientAuthUser(); + } + } + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Errors in configuring CA publishing to OCSP: " + e); + } + } } diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index ffa18412e..902dc88f0 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -57,7 +57,6 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; -import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.system.ConfigurationRequest; import com.netscape.certsrv.system.ConfigurationResponse; import com.netscape.certsrv.system.SystemCertData; @@ -239,28 +238,14 @@ public class SystemConfigService extends PKIService implements SystemConfigResou throw new PKIException("Error while updating security domain: " + e); } - if (csType.equals("KRA")) { - finalizeKRAConfiguration(data); - } - - if (csType.equals("OCSP")) { - finalizeOCSPConfiguration(data); - } - - if (csType.equals("CA")) { - finalizeCAConfiguration(data); - } - try { if (!data.getSharedDB()) ConfigurationUtils.setupDBUser(); } catch (Exception e) { - e.printStackTrace(); + CMS.debug(e); throw new PKIException("Errors in creating or updating dbuser: " + e); } - if (csType.equals("TPS")) { - finalizeTPSConfiguration(data); - } + finalizeConfiguration(data); cs.putInteger("cs.state", 1); @@ -550,116 +535,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } } - public void finalizeCAConfiguration(ConfigurationRequest request) { - try { - if (!request.getIsClone().equals("true")) { - ConfigurationUtils.updateNextRanges(); - } - - } catch (Exception e) { - CMS.debug(e); - throw new PKIException("Errors in updating next serial number ranges in DB: " + e); - } - - try { - if (request.getIsClone().equals("true") && ConfigurationUtils.isSDHostDomainMaster(cs)) { - // cloning a domain master CA, the clone is also master of its domain - cs.putString("securitydomain.host", CMS.getEEHost()); - cs.putString("securitydomain.httpport", CMS.getEENonSSLPort()); - cs.putString("securitydomain.httpsadminport", CMS.getAdminPort()); - cs.putString("securitydomain.httpsagentport", CMS.getAgentPort()); - cs.putString("securitydomain.httpseeport", CMS.getEESSLPort()); - cs.putString("securitydomain.select", "new"); - } - - } catch (Exception e) { - CMS.debug(e); - throw new PKIException("Errors in determining if security domain host is a master CA"); - } - } - - public void finalizeKRAConfiguration(ConfigurationRequest request) { - try { - String ca_host = cs.getString("preop.ca.hostname", ""); - - // need to push connector information to the CA - if (!request.getStandAlone() && !ca_host.equals("")) { - ConfigurationUtils.updateConnectorInfo(CMS.getAgentHost(), CMS.getAgentPort()); - ConfigurationUtils.setupClientAuthUser(); - } - - } catch (Exception e) { - CMS.debug(e); - throw new PKIException("Errors in pushing KRA connector information to the CA: " + e); - } - - try { - if (!request.getIsClone().equals("true")) { - ConfigurationUtils.updateNextRanges(); - } - - } catch (Exception e) { - CMS.debug(e); - throw new PKIException("Errors in updating next serial number ranges in DB: " + e); - } - } - - public void finalizeOCSPConfiguration(ConfigurationRequest request) { - try { - String ca_host = cs.getString("preop.ca.hostname", ""); - - // import the CA certificate into the OCSP - // configure the CRL Publishing to OCSP in CA - if (!ca_host.equals("")) { - CMS.reinit(IOCSPAuthority.ID); - ConfigurationUtils.importCACertToOCSP(); - - if (!request.getStandAlone()) { - ConfigurationUtils.updateOCSPConfig(); - ConfigurationUtils.setupClientAuthUser(); - } - } - - } catch (Exception e) { - CMS.debug(e); - throw new PKIException("Errors in configuring CA publishing to OCSP: " + e); - } - } - - public void finalizeTPSConfiguration(ConfigurationRequest request) { - try { - ConfigurationUtils.addProfilesToTPSUser(request.getAdminUID()); - - URI secdomainURI = new URI(request.getSecurityDomainUri()); - - // register TPS with CA - URI caURI = new URI(request.getCaUri()); - ConfigurationUtils.registerUser(secdomainURI, caURI, "ca"); - - // register TPS with TKS - URI tksURI = new URI(request.getTksUri()); - ConfigurationUtils.registerUser(secdomainURI, tksURI, "tks"); - - if (request.getEnableServerSideKeyGen().equalsIgnoreCase("true")) { - URI kraURI = new URI(request.getKraUri()); - ConfigurationUtils.registerUser(secdomainURI, kraURI, "kra"); - String transportCert = ConfigurationUtils.getTransportCert(secdomainURI, kraURI); - ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert); - } - - // generate shared secret from the tks - ConfigurationUtils.getSharedSecret( - tksURI.getHost(), - tksURI.getPort(), - Boolean.getBoolean(request.getImportSharedSecret())); - - } catch (URISyntaxException e) { - throw new BadRequestException("Invalid URI for CA, TKS or KRA"); - - } catch (Exception e) { - CMS.debug(e); - throw new PKIException("Errors in registering TPS to CA, TKS or KRA: " + e); - } + public void finalizeConfiguration(ConfigurationRequest request) { } public void configureAdministrator(ConfigurationRequest data, ConfigurationResponse response) { diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java index dea8e1ef8..b4dca6c7c 100644 --- a/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java +++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java @@ -23,8 +23,10 @@ import java.util.Collection; import org.dogtagpki.server.rest.SystemConfigService; +import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.system.ConfigurationRequest; import com.netscape.certsrv.system.SystemCertData; import com.netscape.cms.servlet.csadmin.ConfigurationUtils; @@ -115,4 +117,44 @@ public class TPSInstallerService extends SystemConfigService { cs.putString("tokendb.userBaseDN", request.getBaseDN()); cs.putString("tokendb.hostport", request.getDsHost() + ":" + request.getDsPort()); } + + @Override + public void finalizeConfiguration(ConfigurationRequest request) { + + super.finalizeConfiguration(request); + + try { + ConfigurationUtils.addProfilesToTPSUser(request.getAdminUID()); + + URI secdomainURI = new URI(request.getSecurityDomainUri()); + + // register TPS with CA + URI caURI = new URI(request.getCaUri()); + ConfigurationUtils.registerUser(secdomainURI, caURI, "ca"); + + // register TPS with TKS + URI tksURI = new URI(request.getTksUri()); + ConfigurationUtils.registerUser(secdomainURI, tksURI, "tks"); + + if (request.getEnableServerSideKeyGen().equalsIgnoreCase("true")) { + URI kraURI = new URI(request.getKraUri()); + ConfigurationUtils.registerUser(secdomainURI, kraURI, "kra"); + String transportCert = ConfigurationUtils.getTransportCert(secdomainURI, kraURI); + ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert); + } + + // generate shared secret from the tks + ConfigurationUtils.getSharedSecret( + tksURI.getHost(), + tksURI.getPort(), + Boolean.getBoolean(request.getImportSharedSecret())); + + } catch (URISyntaxException e) { + throw new BadRequestException("Invalid URI for CA, TKS or KRA"); + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Errors in registering TPS to CA, TKS or KRA: " + e); + } + } } -- cgit