[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] cloning issues in 8.1



This is in response to 

Basically, there are two issues.

1. We want to use the selected CA to generate the SSL server cert.  In
the code though, for a clone, the code that sets the relevant preop
parameter used to determine the right CA to go to - is only run after we
issue the sslserver cert request.  That means it always goes to the
security domain CA.  This code is now reversed.

2. Due to a DS bug (which has been fixed), the attributes on the
pkiSubsystem entry in the clone CA security domain database we in lower
case, rather than the existing case.  Thats actually ok from an ldap
point of view.  We create some XML from those attributes -- just in
case, we should make the XML matches in this case case insensitive.

Please review.

Thanks, 
Ade

Index: base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
===================================================================
--- base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java	(revision 2618)
+++ base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java	(working copy)
@@ -986,20 +986,23 @@
                 // is using an IP Port Separation Schema:
                 Vector v_hostname =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "AdminHost" );
+                                                      "AdminHost",
+                                                      true );
                 if ( v_hostname.isEmpty()) {
                     // No, the Security Domain is using a Port Separation Schema
                     v_hostname = parser.getValuesFromContainer(
-                                            nodeList.item(i), "Host" );
+                                            nodeList.item(i), "Host", true );
                 }
 
                 Vector v_https_admin_port =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                                                      "SecureAdminPort",
+                                                      true );
 
                 Vector v_domain_mgr =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "DomainManager" );
+                                                      "DomainManager",
+                                                      true );
 
                 if( v_hostname.elementAt( 0 ).equals( hostname ) &&
                     v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) {
@@ -1064,38 +1067,44 @@
             CMS.debug("Len " + len);
             for (int i = 0; i < len; i++) {
                 Vector v_clone = parser.getValuesFromContainer(nodeList.item(i),
-                  "Clone");
+                  "Clone", true);
                 String clone = (String)v_clone.elementAt(0);
                 if (clone.equalsIgnoreCase("true"))
                     continue;
                 Vector v_name = parser.getValuesFromContainer(nodeList.item(i),
-                        "SubsystemName");
+                        "SubsystemName", true);
                 // First, check to see if the Security Domain
                 // is using an IP Port Separation Schema:
                 Vector v_host = null;
                 if( portType.equals( "UnSecurePort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "EEHost" );
+                                                            "EEHost",
+                                                            true );
                 } else if( portType.equals( "SecureAgentPort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "AgentHost" );
+                                                            "AgentHost",
+                                                            true );
                 } else if( portType.equals( "SecurePort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "EEHost" );
+                                                            "EEHost",
+                                                            true );
                 } else if( portType.equals( "SecureAdminPort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "AdminHost" );
+                                                            "AdminHost",
+                                                            true );
                 } else if( portType.equals( "SecureEEClientAuthPort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                     "EEClientAuthHost" );
+                                                     "EEClientAuthHost",
+                                                     true );
                 }
                 if (v_host.isEmpty()) {
                     // No, the Security Domain is using a Port Separation Schema
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "Host" );
+                                                            "Host",
+                                                            true );
                 }
                 Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
-                        portType);
+                        portType, true);
 
                 v.addElement( v_name.elementAt(0)
                             + " - https://";
@@ -1161,41 +1170,47 @@
             CMS.debug("Len " + len);
             for (int i = 0; i < len; i++) {
                 Vector v_name = parser.getValuesFromContainer(nodeList.item(i),
-                        "SubsystemName");
+                        "SubsystemName", true);
                 // First, check to see if the Security Domain
                 // is using an IP Port Separation Schema:
                 Vector v_host = null;
                 if( portType.equals( "UnSecurePort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "EEHost" );
+                                                            "EEHost",
+                                                            true );
                 } else if( portType.equals( "SecureAgentPort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "AgentHost" );
+                                                            "AgentHost",
+                                                            true );
                 } else if( portType.equals( "SecurePort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "EEHost" );
+                                                            "EEHost",
+                                                            true );
                 } else if( portType.equals( "SecureAdminPort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "AdminHost" );
+                                                            "AdminHost",
+                                                            true );
                 } else if( portType.equals( "SecureEEClientAuthPort" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                     "EEClientAuthHost" );
+                                                     "EEClientAuthHost",
+                                                      true );
                 }
                 if (v_host.isEmpty()) {
                     // No, the Security Domain is using a Port Separation Schema
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "Host" );
+                                                            "Host",
+                                                            true );
                 }
                 Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
-                        portType);
+                        portType, true);
                 Vector v_admin_host = parser.getValuesFromContainer( nodeList.item(i),
-                           "AdminHost");
+                           "AdminHost", true);
                 if (v_admin_host.isEmpty()) {
                     v_admin_host = v_host;
                 }
 
                 Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i),
-                        "SecureAdminPort");
+                        "SecureAdminPort", true);
               
                 if( ( v_admin_host.elementAt( 0 ).equals( hostname ) ) &&
                     ( v_admin_port.elementAt( 0 ).equals(
@@ -1252,20 +1267,23 @@
                 // is using an IP Port Separation Schema:
                 Vector v_hostname =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "EEHost" );
+                                                      "EEHost",
+                                                      true );
                 if ( v_hostname.isEmpty()) {
                     // No, the Security Domain is using a Port Separation Schema
                     v_hostname = parser.getValuesFromContainer(
-                                            nodeList.item(i), "Host" );
+                                            nodeList.item(i), "Host", true );
                 }
 
                 Vector v_https_ee_port =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecurePort" );
+                                                      "SecurePort",
+                                                      true );
 
                 Vector v_https_admin_port =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                                                      "SecureAdminPort",
+                                                      true );
 
                 if( v_hostname.elementAt( 0 ).equals( hostname ) &&
                     v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
@@ -1311,14 +1329,16 @@
                 // is using an IP Port Separation Schema:
                 Vector v_hostname =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "EEHost" );
+                                                      "EEHost",
+                                                      true );
                 Vector v_https_admin_host =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "AdminHost" );
+                                                      "AdminHost",
+                                                      true );
                 if (v_hostname.isEmpty()) {
                     // No, the Security Domain is using a Port Separation Schema
                     v_hostname = parser.getValuesFromContainer(
-                                            nodeList.item(i), "Host" );
+                                            nodeList.item(i), "Host", true );
                 }
                 if (v_https_admin_host.isEmpty()) {
                     // No, the Security Domain is using a Port Separation Schema
@@ -1327,7 +1347,8 @@
 
                 Vector v_https_ee_port =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecurePort" );
+                                                      "SecurePort",
+                                                      true );
 
                 if( v_hostname.elementAt( 0 ).equals( hostname ) &&
                     v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
@@ -1375,24 +1396,30 @@
             for( int i = 0; i < len; i++ ) {
                 Vector v_admin_port =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                                                      "SecureAdminPort",
+                                                      true );
 
                 Vector v_port = null;
                 if( portType.equals( "UnSecurePort" ) ) {
                     v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "UnSecurePort" );
+                                                            "UnSecurePort",
+                                                            true );
                 } else if( portType.equals( "SecureAgentPort" ) ) {
                     v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecureAgentPort" );
+                                                            "SecureAgentPort",
+                                                            true );
                 } else if( portType.equals( "SecurePort" ) ) {
                     v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecurePort" );
+                                                            "SecurePort",
+                                                            true );
                 } else if( portType.equals( "SecureAdminPort" ) ) {
                     v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecureAdminPort" );
+                                                            "SecureAdminPort",
+                                                            true );
                 } else if( portType.equals( "SecureEEClientAuthPort" ) ) {
                     v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                     "SecureEEClientAuthPort" );
+                                                     "SecureEEClientAuthPort",
+                                                     true );
                 }
 
                 if( ( v_port != null ) &&
@@ -1441,33 +1468,41 @@
             for( int i = 0; i < len; i++ ) {
                 Vector v_admin_host =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "AdminHost" );
+                                                      "AdminHost",
+                                                      true );
                 if(v_admin_host.isEmpty()) {
                     v_admin_host =
                         parser.getValuesFromContainer( nodeList.item(i),
-                                                       "Host" );
+                                                       "Host",
+                                                       true );
                 }
 
                 Vector v_admin_port =
                        parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                                                      "SecureAdminPort",
+                                                      true );
 
                 Vector v_host = null;
                 if( hostType.equals( "Host" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "Host" );
+                                                            "Host",
+                                                            true );
                 } else if( hostType.equals( "AgentHost" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "AgentHost" );
+                                                            "AgentHost",
+                                                            true );
                 } else if( hostType.equals( "EEHost" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "EEHost" );
+                                                            "EEHost",
+                                                            true );
                 } else if( hostType.equals( "AdminHost" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "AdminHost" );
+                                                            "AdminHost",
+                                                            true );
                 } else if( hostType.equals( "EEClientAuthHost" ) ) {
                     v_host = parser.getValuesFromContainer( nodeList.item(i),
-                                                     "EEClientAuthHost" );
+                                                     "EEClientAuthHost",
+                                                     true );
                 }
 
                 if( ( v_admin_host.elementAt( 0 ).equals( hostname ) ) &&
Index: base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
===================================================================
--- base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java	(revision 2618)
+++ base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java	(working copy)
@@ -447,9 +447,9 @@
 
                     for (int i = 0; i < len; i++) {
                         Node nn = (Node) nodeList.item(i);
-                        Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName");
-                        Vector v_host = parser.getValuesFromContainer(nn, "Host");
-                        Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
+                        Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName", true);
+                        Vector v_host = parser.getValuesFromContainer(nn, "Host", true);
+                        Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort", true);
                         if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
                             && (v_adminport.elementAt(0).equals(adminsport))) {
                                 Node parent = nn.getParentNode();
Index: base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
===================================================================
--- base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java	(revision 2618)
+++ base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java	(working copy)
@@ -763,8 +763,6 @@
             String cstype = config.getString("preop.subsystem.select", "");
             if (cstype.equals("clone")) {
                 CMS.debug("NamePanel: clone configuration detected");
-                // still need to handle SSL certificate
-                configCertWithTag(request, response, context, "sslserver");
                 String url = getURL(request, config);
                 if (url != null && !url.equals("External CA")) {
                    // preop.ca.url and admin port are required for setting KRA connector
@@ -778,6 +776,9 @@
 
                 }
                 updateCloneConfig(config);
+
+                // still need to handle SSL certificate
+                configCertWithTag(request, response, context, "sslserver");
                 CMS.debug("NamePanel: clone configuration done");
                 return;
             }
Index: base/util/src/com/netscape/cmsutil/xml/XMLObject.java
===================================================================
--- base/util/src/com/netscape/cmsutil/xml/XMLObject.java	(revision 2618)
+++ base/util/src/com/netscape/cmsutil/xml/XMLObject.java	(working copy)
@@ -122,12 +122,17 @@
     }
 
     public Vector getValuesFromContainer(Node container, String tagname) {
+        return getValuesFromContainer(container, tagname, false);
+    }
+
+    public Vector getValuesFromContainer(Node container, String tagname, boolean ignoreCase) {
         Vector v = new Vector();
         NodeList c = container.getChildNodes();
         int len = c.getLength();
         for (int i=0; i<len; i++) {
             Node subchild = c.item(i);
-            if (subchild.getNodeName().equals(tagname)) {
+            if (subchild.getNodeName().equals(tagname) ||
+               (ignoreCase && subchild.getNodeName().equalsIgnoreCase(tagname))) {
                 NodeList grandchildren = subchild.getChildNodes();
                 if (grandchildren.getLength() > 0) {
                     Node grandchild = grandchildren.item(0);

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]