[Pki-devel] [PATCH] Bugzilla Bug #979559 - Parameter --ca_domain_url should be optional
Matthew Harmsen
mharmsen at redhat.com
Wed Jul 31 00:29:28 UTC 2013
Please review the attached patch for the following bug:
* *Bugzilla Bug #979559*
<https://bugzilla.redhat.com/show_bug.cgi?id=979559>-Parameter
--ca_domain_url should be optional
This bug addresses the problem of attempting to configure an instance
using a version of pki-silent which contains the new code with expanded
parameters while using an old template from a previous version of
pki-silent which did not contain these parameters.
Tested by installing and successfully configuring a CA using the newly
patched code with an old template which excluded the "-ca_domain_url"
parameter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130730/6c475ed3/attachment.htm>
-------------- next part --------------
Index: base/silent/src/tks/ConfigureTKS.java
===================================================================
--- base/silent/src/tks/ConfigureTKS.java (revision 2625)
+++ base/silent/src/tks/ConfigureTKS.java (working copy)
@@ -1121,7 +1121,7 @@
x_subsystem_name);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for TKS Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for TKS Instance Creation (optional but recommended for IP Port Separation)",
x_ca_domain_url);
parser.addOption(
@@ -1209,7 +1209,7 @@
subsystem_name = x_subsystem_name.value ;
tks_audit_signing_cert_subject_name = x_tks_audit_signing_cert_subject_name.value;
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
boolean st = ca.ConfigureTKSInstance();
Index: base/silent/src/drm/ConfigureDRM.java
===================================================================
--- base/silent/src/drm/ConfigureDRM.java (revision 2625)
+++ base/silent/src/drm/ConfigureDRM.java (working copy)
@@ -1298,7 +1298,7 @@
x_subsystem_name);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for DRM Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for DRM Instance Creation (optional but recommended for IP Port Separation)",
x_ca_domain_url);
parser.addOption(
@@ -1407,7 +1407,7 @@
subsystem_name = x_subsystem_name.value;
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) {
clone = true;
Index: base/silent/src/ra/ConfigureRA.java
===================================================================
--- base/silent/src/ra/ConfigureRA.java (revision 2625)
+++ base/silent/src/ra/ConfigureRA.java (working copy)
@@ -802,6 +802,14 @@
return true;
}
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
public static void main(String args[])
{
ConfigureRA ca = new ConfigureRA();
@@ -947,11 +955,11 @@
x_subsystem_name);
parser.addOption (
- "-ca_issuance_url %s #URL to CA used to Issue Certificates",
+ "-ca_issuance_url %s #URL to CA used to Issue Certificates (optional but recommended if used with IP Port Separated CA)",
x_ca_issuance_url);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for RA Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for RA Instance Creation (optional but recommended if used with IP Port Separated CA)",
x_ca_domain_url);
// and then match the arguments
@@ -1012,9 +1020,9 @@
subsystem_name = x_subsystem_name.value ;
- ca_issuance_url = x_ca_issuance_url.value;
+ ca_issuance_url = set_default(x_ca_issuance_url.value, "empty");
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
Index: base/silent/src/ca/ConfigureCA.java
===================================================================
--- base/silent/src/ca/ConfigureCA.java (revision 2625)
+++ base/silent/src/ca/ConfigureCA.java (working copy)
@@ -1652,7 +1652,7 @@
x_subsystem_name);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for CA Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for CA Instance Creation (optional but recommended for IP Port Separation)",
x_ca_domain_url);
parser.addOption("-external %s #Subordinate to external CA [true,false] (optional, default false)",
@@ -1763,7 +1763,7 @@
subsystem_name = x_subsystem_name.value;
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
external_ca = set_default(x_external_ca.value, "false");
ext_ca_cert_file = x_ext_ca_cert_file.value;
Index: base/silent/src/ocsp/ConfigureOCSP.java
===================================================================
--- base/silent/src/ocsp/ConfigureOCSP.java (revision 2625)
+++ base/silent/src/ocsp/ConfigureOCSP.java (working copy)
@@ -1170,7 +1170,7 @@
x_subsystem_name);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for OCSP Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for OCSP Instance Creation (optional but recommended for IP Port Separation)",
x_ca_domain_url);
parser.addOption(
@@ -1268,7 +1268,7 @@
subsystem_name = x_subsystem_name.value ;
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
boolean st = ca.ConfigureOCSPInstance();
Index: base/silent/src/tps/ConfigureTPS.java
===================================================================
--- base/silent/src/tps/ConfigureTPS.java (revision 2625)
+++ base/silent/src/tps/ConfigureTPS.java (working copy)
@@ -81,11 +81,15 @@
public static String drm_agent_hostname = null;
public static String drm_agent_port = null;
+ public static String drm_hostname = null;
+ public static String drm_ssl_port = null;
public static String drm_admin_hostname = null;
public static String drm_admin_port = null;
public static String tks_agent_hostname = null;
public static String tks_agent_port = null;
+ public static String tks_hostname = null;
+ public static String tks_ssl_port = null;
public static String tks_admin_hostname = null;
public static String tks_admin_port = null;
@@ -389,27 +393,43 @@
sleep_time();
// TKS choice panel
+ //
+ // Use the following precedence:
+ //
+ // (1) tks_url set to tks_key_management_url, or
+ // (2) tks_url set to tks_agent_host and tks_agent_port, or
+ // (3) original query_string (no tks_url)
+ //
String tks_url = null;
if ( ( tks_key_management_url != null ) &&
( !tks_key_management_url.equals( "" ) ) &&
( !tks_key_management_url.equals( "empty" ) ) ) {
tks_url = tks_key_management_url;
- } else {
+ } else if ( ( tks_agent_hostname != null ) &&
+ ( !tks_agent_hostname.equals( "" ) ) &&
+ ( !tks_agent_hostname.equals( "empty" ) ) ) {
// Use the TKS Agent hostname and the TKS Agent port
tks_url = "https://" + tks_agent_hostname + ":" + tks_agent_port;
}
- System.out.println("SubsystemPanel() tks_url='" +
- tks_url + "'.");
- query_string = "p=7" +
- "&urls=" +
- URLEncoder.encode(tks_url) +
- "&adminhost=" +
- URLEncoder.encode(tks_admin_hostname) +
- "&adminport=" +
- tks_admin_port +
- "&op=next" +
- "&xml=true" ;
+ if ( tks_url != null ) {
+ System.out.println("SubsystemPanel() tks_url='" +
+ tks_url + "'.");
+ query_string = "p=7" +
+ "&urls=" +
+ URLEncoder.encode(tks_url) +
+ "&adminhost=" +
+ URLEncoder.encode(tks_admin_hostname) +
+ "&adminport=" +
+ tks_admin_port +
+ "&op=next" +
+ "&xml=true" ;
+ } else {
+ query_string = "p=7" +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true" ;
+ }
hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
@@ -425,28 +445,44 @@
ss_keygen = "keygen";
}
+ // Use the following precedence:
+ //
+ // (1) drm_url set to drm_server_side_keygen_url, or
+ // (2) drm_url set to drm_agent_host and drm_agent_port, or
+ // (3) original query_string (no drm_url)
+ //
String drm_url = null;
if ( ( drm_server_side_keygen_url != null ) &&
( !drm_server_side_keygen_url.equals( "" ) ) &&
( !drm_server_side_keygen_url.equals( "empty" ) ) ) {
drm_url = drm_server_side_keygen_url;
- } else {
+ } else if ( ( drm_agent_hostname != null ) &&
+ ( !drm_agent_hostname.equals( "" ) ) &&
+ ( !drm_agent_hostname.equals( "empty" ) ) ) {
// Use the DRM Agent hostname and the DRM Agent port
drm_url = "https://" + drm_agent_hostname + ":" + drm_agent_port;
}
- System.out.println("SubsystemPanel() drm_url='" +
- drm_url + "'.");
- query_string = "p=8" +
- "&choice=" + ss_keygen +
- "&urls=" +
- URLEncoder.encode(drm_url) +
- "&adminhost=" +
- URLEncoder.encode(drm_admin_hostname) +
- "&adminport=" +
- drm_admin_port +
- "&op=next" +
- "&xml=true" ;
+ if ( drm_url != null ) {
+ System.out.println("SubsystemPanel() drm_url='" +
+ drm_url + "'.");
+ query_string = "p=8" +
+ "&choice=" + ss_keygen +
+ "&urls=" +
+ URLEncoder.encode(drm_url) +
+ "&adminhost=" +
+ URLEncoder.encode(drm_admin_hostname) +
+ "&adminport=" +
+ drm_admin_port +
+ "&op=next" +
+ "&xml=true" ;
+ } else {
+ query_string = "p=8" +
+ "&choice=" + ss_keygen +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true" ;
+ }
hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
@@ -999,6 +1035,14 @@
return true;
}
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
public static void main(String args[])
{
ConfigureTPS ca = new ConfigureTPS();
@@ -1023,11 +1067,15 @@
StringHolder x_drm_agent_hostname = new StringHolder();
StringHolder x_drm_agent_port = new StringHolder();
+ StringHolder x_drm_hostname = new StringHolder();
+ StringHolder x_drm_ssl_port = new StringHolder();
StringHolder x_drm_admin_hostname = new StringHolder();
StringHolder x_drm_admin_port = new StringHolder();
StringHolder x_tks_agent_hostname = new StringHolder();
StringHolder x_tks_agent_port = new StringHolder();
+ StringHolder x_tks_hostname = new StringHolder();
+ StringHolder x_tks_ssl_port = new StringHolder();
StringHolder x_tks_admin_hostname = new StringHolder();
StringHolder x_tks_admin_port = new StringHolder();
@@ -1136,24 +1184,32 @@
parser.addOption ("-ca_admin_port %s #CA SSL Admin port",
x_ca_admin_port);
- parser.addOption ("-drm_agent_hostname %s #DRM Agent Hostname",
+ parser.addOption ("-drm_agent_hostname %s #DRM Agent Hostname (optional but recommended if used with IP Port Separated DRM)",
x_drm_agent_hostname);
- parser.addOption ("-drm_agent_port %s #DRM Agent SSL port",
+ parser.addOption ("-drm_agent_port %s #DRM Agent SSL port (optional but recommended if used with IP Port Separated DRM)",
x_drm_agent_port);
+ parser.addOption ("-drm_hostname %s #DRM Hostname (unused & deprecated - replaced by optional '-drm_agent_hostname')",
+ x_drm_hostname);
+ parser.addOption ("-drm_ssl_port %s #DRM SSL port (unused & deprecated - replaced by optional '-drm_agent_port')",
+ x_drm_ssl_port);
parser.addOption ("-ss_keygen %s #Enable Server Side Keygen [true,false]",
x_ss_keygen);
- parser.addOption ("-drm_admin_hostname %s #DRM Admin Hostname",
+ parser.addOption ("-drm_admin_hostname %s #DRM Admin Hostname (optional but recommended if used with IP Port Separated DRM)",
x_drm_admin_hostname);
- parser.addOption ("-drm_admin_port %s #DRM SSL Admin port",
+ parser.addOption ("-drm_admin_port %s #DRM SSL Admin port (optional but recommended if used with IP Port Separated DRM)",
x_drm_admin_port);
- parser.addOption ("-tks_agent_hostname %s #TKS Agent Hostname",
+ parser.addOption ("-tks_agent_hostname %s #TKS Agent Hostname (optional but recommended if used with IP Port Separated TKS)",
x_tks_agent_hostname);
- parser.addOption ("-tks_agent_port %s #TKS Agent SSL port",
+ parser.addOption ("-tks_agent_port %s #TKS Agent SSL port (optional but recommended if used with IP Port Separated TKS)",
x_tks_agent_port);
- parser.addOption ("-tks_admin_hostname %s #TKS Admin Hostname",
+ parser.addOption ("-tks_hostname %s #TKS Agent Hostname (unused & deprecated - replaced by optional '-tks_agent_hostname')",
+ x_tks_hostname);
+ parser.addOption ("-tks_ssl_port %s #TKS Agent SSL port (unused & deprecated - replaced by optional '-tks_agent_port')",
+ x_tks_ssl_port);
+ parser.addOption ("-tks_admin_hostname %s #TKS Admin Hostname (optional but recommended if used with IP Port Separated TKS)",
x_tks_admin_hostname);
- parser.addOption ("-tks_admin_port %s #TKS SSL Admin port",
+ parser.addOption ("-tks_admin_port %s #TKS SSL Admin port (optional but recommended if used with IP Port Separated TKS)",
x_tks_admin_port);
parser.addOption ("-client_certdb_dir %s #Client CertDB dir",
@@ -1245,7 +1301,7 @@
x_subsystem_name);
parser.addOption (
- "-ca_issuance_url %s #URL to CA used to Issue Certificates",
+ "-ca_issuance_url %s #URL to CA used to Issue Certificates (optional but recommended if used with IP Port Separated CA",
x_ca_issuance_url);
parser.addOption (
@@ -1257,7 +1313,7 @@
x_drm_server_side_keygen_url);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for TPS Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for TPS Instance Creation (optional but recommended if used with IP Port Separated CA)",
x_ca_domain_url);
@@ -1291,15 +1347,19 @@
ca_ssl_port = x_ca_ssl_port.value;
ca_admin_port = x_ca_admin_port.value;
- tks_agent_hostname = x_tks_agent_hostname.value;
- tks_agent_port = x_tks_agent_port.value;
- tks_admin_hostname = x_tks_admin_hostname.value;
- tks_admin_port = x_tks_admin_port.value;
+ tks_agent_hostname = set_default(x_tks_agent_hostname.value, "empty");
+ tks_agent_port = set_default(x_tks_agent_port.value, "13443");
+ tks_hostname = set_default(x_tks_hostname.value, tks_agent_hostname);
+ tks_ssl_port = set_default(x_tks_ssl_port.value, tks_agent_port);
+ tks_admin_hostname = set_default(x_tks_admin_hostname.value, "empty");
+ tks_admin_port = set_default(x_tks_admin_port.value, "13445");
- drm_agent_hostname = x_drm_agent_hostname.value;
- drm_agent_port = x_drm_agent_port.value;
- drm_admin_hostname = x_drm_admin_hostname.value;
- drm_admin_port = x_drm_admin_port.value;
+ drm_agent_hostname = set_default(x_drm_agent_hostname.value, "empty");
+ drm_agent_port = set_default(x_drm_agent_port.value, "10443");
+ drm_hostname = set_default(x_drm_hostname.value, drm_agent_hostname);
+ drm_ssl_port = set_default(x_drm_ssl_port.value, drm_agent_port);
+ drm_admin_hostname = set_default(x_drm_admin_hostname.value, "empty");
+ drm_admin_port = set_default(x_drm_admin_port.value, "10445");
client_certdb_dir = x_client_certdb_dir.value;
client_token_name = x_client_token_name.value;
@@ -1358,13 +1418,13 @@
subsystem_name = x_subsystem_name.value ;
- ca_issuance_url = x_ca_issuance_url.value;
+ ca_issuance_url = set_default(x_ca_issuance_url.value, "empty");
- tks_key_management_url = x_tks_key_management_url.value;
+ tks_key_management_url = set_default(x_tks_key_management_url.value, "empty");
- drm_server_side_keygen_url = x_drm_server_side_keygen_url.value;
+ drm_server_side_keygen_url = set_default(x_drm_server_side_keygen_url.value, "empty");
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
Index: base/silent/src/subca/ConfigureSubCA.java
===================================================================
--- base/silent/src/subca/ConfigureSubCA.java (revision 2625)
+++ base/silent/src/subca/ConfigureSubCA.java (working copy)
@@ -1219,7 +1219,7 @@
x_subsystem_name);
parser.addOption (
- "-ca_domain_url %s #URL to CA used to Issue Certificates for SubCA Instance Creation",
+ "-ca_domain_url %s #URL to CA used to Issue Certificates for SubCA Instance Creation (optional but recommended for IP Port Separation)",
x_ca_domain_url);
parser.addOption (
@@ -1326,7 +1326,7 @@
backup_pwd = x_backup_pwd.value;
subsystem_name = x_subsystem_name.value;
- ca_domain_url = x_ca_domain_url.value;
+ ca_domain_url = set_default(x_ca_domain_url.value, "empty");
subca_sign_cert_subject_name = x_subca_sign_cert_subject_name.value ;
subca_subsystem_cert_subject_name =
More information about the Pki-devel
mailing list