[Pki-devel] adding subsequent OCSPs
Andrew Wnuk
awnuk at redhat.com
Wed Aug 8 23:04:33 UTC 2012
This patch corrects process of attaching OCSP subsystem to CA.
It improves handling of adding subsequent OCSP subsystems to CA.
Bugs: 804179 and 804176.
-------------- next part --------------
Index: pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
===================================================================
--- pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java (working copy)
@@ -33,6 +33,8 @@
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.*;
import com.netscape.certsrv.authorization.*;
+import com.netscape.certsrv.publish.*;
+import com.netscape.certsrv.ca.*;
import com.netscape.cms.servlet.*;
import com.netscape.cmsutil.xml.*;
import org.w3c.dom.*;
@@ -115,24 +117,22 @@
String ocsphost = httpReq.getParameter("ocsp_host");
String ocspport = httpReq.getParameter("ocsp_port");
+ String ocspname = ocsphost.replace('.', '-')+"-"+ocspport;
+ String publisherPrefix = "ca.publish.publisher.instance.OCSPPublisher-"+ocspname;
+ String rulePrefix = "ca.publish.rule.instance.ocsprule-"+ocspname;
try {
cs.putString("ca.publish.enable", "true");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
- ocsphost);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
- ocspport);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
- nickname);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.path",
- "/ocsp/agent/ocsp/addCRL");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true");
- cs.putString("ca.publish.rule.instance.ocsprule.enable", "true");
- cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap");
- cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule");
- cs.putString("ca.publish.rule.instance.ocsprule.publisher",
- "OCSPPublisher");
- cs.putString("ca.publish.rule.instance.ocsprule.type", "crl");
+ cs.putString(publisherPrefix+".host", ocsphost);
+ cs.putString(publisherPrefix+".port", ocspport);
+ cs.putString(publisherPrefix+".nickName", nickname);
+ cs.putString(publisherPrefix+".path", "/ocsp/agent/ocsp/addCRL");
+ cs.putString(publisherPrefix+".pluginName", "OCSPPublisher");
+ cs.putString(publisherPrefix+".enableClientAuth", "true");
+ cs.putString(rulePrefix+".enable", "true");
+ cs.putString(rulePrefix+".mapper", "NoMap");
+ cs.putString(rulePrefix+".pluginName", "Rule");
+ cs.putString(rulePrefix+".publisher", "OCSPPublisher-"+ocspname);
+ cs.putString(rulePrefix+".type", "crl");
cs.commit(false);
// insert info
CMS.debug("UpdateOCSPConfig: Sending response");
@@ -145,6 +145,16 @@
byte[] cb = xmlObj.toByteArray();
outputResult(httpResp, "application/xml", cb);
+
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
+ IPublisherProcessor pp = ca.getPublisherProcessor();
+ IConfigStore c = cs.getSubStore("ca.publish.publisher.instance");
+ CMS.debug("UpdateOCSPConfig process: adding publisher instance: OCSPPublisher-"+ocspname);
+ pp.addPublisherInstance("OCSPPublisher-"+ocspname, c);
+ c = cs.getSubStore("ca.publish.rule.instance");
+ CMS.debug("UpdateOCSPConfig process: adding rule instance: ocsprule-"+ocspname);
+ pp.addRuleInstance("ocsprule-"+ocspname, c);
+ CMS.debug("UpdateOCSPConfig process: publishing processor updated");
} catch (Exception e) {
CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString());
outputError(httpResp, "Error: Failed to update OCSP configuration.");
Index: pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
===================================================================
--- pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java (revision 2439)
+++ pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java (working copy)
@@ -83,6 +83,14 @@
public Hashtable getRuleInsts();
/**
+ * Adds rule instance to the instance list.
+ * @param insName rule instance name
+ * @param c config store
+ */
+ public void addRuleInstance(String insName, IConfigStore c) throws
+ EBaseException;
+
+ /**
*
* Returns Hashtable of mapper plugins.
*/
@@ -108,6 +116,14 @@
public Hashtable getPublisherInsts();
/**
+ * Adds publisher instance to the instance list.
+ * @param insName publisher instance name
+ * @param c config store
+ */
+ public void addPublisherInstance(String insName, IConfigStore c) throws
+ EBaseException;
+
+ /**
*
* Returns list of rules based on publishing type.
* @param publishingType Type for which to retrieve rule list.
Index: pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java (revision 2439)
+++ pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java (working copy)
@@ -91,6 +91,143 @@
return mConfig;
}
+ public void addPublisherInstance(String insName, IConfigStore c)
+ throws EBaseException {
+
+ String implName = c.getString(insName + "." +
+ PROP_PLUGIN);
+ PublisherPlugin plugin =
+ (PublisherPlugin) mPublisherPlugins.get(implName);
+
+ if (plugin == null) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
+ throw new ELdapException(implName);
+ }
+ String className = plugin.getClassPath();
+
+ // Instantiate and init the publisher.
+ boolean isEnable = false;
+ ILdapPublisher publisherInst = null;
+
+ try {
+ publisherInst = (ILdapPublisher)
+ Class.forName(className).newInstance();
+ IConfigStore pConfig =
+ c.getSubStore(insName);
+
+ publisherInst.init(pConfig);
+ isEnable = true;
+
+ } catch (ClassNotFoundException e) {
+ String errMsg = "PublisherProcessor:: init()-" + e.toString();
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ } catch (IllegalAccessException e) {
+ String errMsg = "PublisherProcessor:: init()-" + e.toString();
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ } catch (InstantiationException e) {
+ String errMsg = "PublisherProcessor: init()-" + e.toString();
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ } catch (Throwable e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_PUBLISHER", insName, e.toString()));
+ // Let the server continue if it is a
+ // mis-configuration. But the instance
+ // will be skipped. This give another
+ // chance to the user to re-configure
+ // the server via console.
+ }
+
+ if (publisherInst == null) {
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ }
+
+ if (insName == null) {
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", insName));
+ }
+
+ // add publisher instance to list.
+ mPublisherInsts.put(insName, new
+ PublisherProxy(isEnable, publisherInst));
+ log(ILogger.LL_INFO, "publisher instance " + insName + " added");
+ if (Debug.ON)
+ Debug.trace("loaded publisher instance " + insName + " impl " + implName);
+
+ }
+
+ public void addRuleInstance(String insName, IConfigStore c)
+ throws EBaseException {
+
+ String implName = c.getString(insName + "." +
+ PROP_PLUGIN);
+ RulePlugin plugin =
+ (RulePlugin) mRulePlugins.get(implName);
+
+ if (plugin == null) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+ throw new ELdapException(implName);
+ }
+ String className = plugin.getClassPath();
+
+ if (Debug.ON)
+ Debug.trace("loaded rule className=" + className);
+
+ // Instantiate and init the rule
+ IConfigStore mConfig = null;
+
+ try {
+ ILdapRule ruleInst = null;
+
+ ruleInst = (ILdapRule)
+ Class.forName(className).newInstance();
+ mConfig = c.getSubStore(insName);
+ ruleInst.init(this, mConfig);
+ ruleInst.setInstanceName(insName);
+
+ // add manager instance to list.
+ if (Debug.ON)
+ Debug.trace("ADDING RULE " + insName + " " + ruleInst);
+ mRuleInsts.put(insName, ruleInst);
+ log(ILogger.LL_INFO, "rule instance " +
+ insName + " added");
+ } catch (ClassNotFoundException e) {
+ String errMsg = "PublisherProcessor:: init()-" + e.toString();
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ } catch (IllegalAccessException e) {
+ String errMsg = "PublisherProcessor:: init()-" + e.toString();
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ } catch (InstantiationException e) {
+ String errMsg = "PublisherProcessor: init()-" + e.toString();
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ } catch (Throwable e) {
+ if (mConfig == null) {
+ throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
+ }
+ mConfig.putString(ILdapRule.PROP_ENABLE,
+ "false");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_RULE", insName, e.toString()));
+ // Let the server continue if it is a
+ // mis-configuration. But the instance
+ // will be skipped. This give another
+ // chance to the user to re-configure
+ // the server via console.
+ }
+ if (Debug.ON)
+ Debug.trace("loaded rule instance " + insName + " impl " + implName);
+ }
+
public void init(ISubsystem authority, IConfigStore config)
throws EBaseException {
mConfig = config;
@@ -118,69 +255,7 @@
while (instances.hasMoreElements()) {
String insName = (String) instances.nextElement();
- String implName = c.getString(insName + "." +
- PROP_PLUGIN);
- PublisherPlugin plugin =
- (PublisherPlugin) mPublisherPlugins.get(implName);
-
- if (plugin == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
- throw new ELdapException(implName);
- }
- String className = plugin.getClassPath();
-
- // Instantiate and init the publisher.
- boolean isEnable = false;
- ILdapPublisher publisherInst = null;
-
- try {
- publisherInst = (ILdapPublisher)
- Class.forName(className).newInstance();
- IConfigStore pConfig =
- c.getSubStore(insName);
-
- publisherInst.init(pConfig);
- isEnable = true;
-
- } catch (ClassNotFoundException e) {
- String errMsg = "PublisherProcessor:: init()-" + e.toString();
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- } catch (IllegalAccessException e) {
- String errMsg = "PublisherProcessor:: init()-" + e.toString();
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- } catch (InstantiationException e) {
- String errMsg = "PublisherProcessor: init()-" + e.toString();
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- } catch (Throwable e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_PUBLISHER", insName, e.toString()));
- // Let the server continue if it is a
- // mis-configuration. But the instance
- // will be skipped. This give another
- // chance to the user to re-configure
- // the server via console.
- }
-
- if (publisherInst == null) {
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- }
-
- if (insName == null) {
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", insName));
- }
-
- // add publisher instance to list.
- mPublisherInsts.put(insName, new
- PublisherProxy(isEnable, publisherInst));
- log(ILogger.LL_INFO, "publisher instance " + insName + " added");
- if (Debug.ON)
- Debug.trace("loaded publisher instance " + insName + " impl " + implName);
+ addPublisherInstance(insName, c);
}
// load mapper implementation
@@ -287,69 +362,7 @@
instances = c.getSubStoreNames();
while (instances.hasMoreElements()) {
String insName = (String) instances.nextElement();
- String implName = c.getString(insName + "." +
- PROP_PLUGIN);
- RulePlugin plugin =
- (RulePlugin) mRulePlugins.get(implName);
-
- if (plugin == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
- throw new ELdapException(implName);
- }
- String className = plugin.getClassPath();
-
- if (Debug.ON)
- Debug.trace("loaded rule className=" + className);
-
- // Instantiate and init the rule
- IConfigStore mConfig = null;
-
- try {
- ILdapRule ruleInst = null;
-
- ruleInst = (ILdapRule)
- Class.forName(className).newInstance();
- mConfig = c.getSubStore(insName);
- ruleInst.init(this, mConfig);
- ruleInst.setInstanceName(insName);
-
- // add manager instance to list.
- if (Debug.ON)
- Debug.trace("ADDING RULE " + insName + " " + ruleInst);
- mRuleInsts.put(insName, ruleInst);
- log(ILogger.LL_INFO, "rule instance " +
- insName + " added");
- } catch (ClassNotFoundException e) {
- String errMsg = "PublisherProcessor:: init()-" + e.toString();
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- } catch (IllegalAccessException e) {
- String errMsg = "PublisherProcessor:: init()-" + e.toString();
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- } catch (InstantiationException e) {
- String errMsg = "PublisherProcessor: init()-" + e.toString();
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_PUBLISHER_INIT_FAILED", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- } catch (Throwable e) {
- if (mConfig == null) {
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
- }
- mConfig.putString(ILdapRule.PROP_ENABLE,
- "false");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_RULE", insName, e.toString()));
- // Let the server continue if it is a
- // mis-configuration. But the instance
- // will be skipped. This give another
- // chance to the user to re-configure
- // the server via console.
- }
- if (Debug.ON)
- Debug.trace("loaded rule instance " + insName + " impl " + implName);
+ addRuleInstance(insName, c);
}
startup();
More information about the Pki-devel
mailing list