From edewata at redhat.com Wed Jan 7 02:19:50 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 07 Jan 2015 09:19:50 +0700 Subject: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension In-Reply-To: <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> References: <20141030060943.GY21514@dhcp-40-8.bne.redhat.com> <54526694.60200@redhat.com> <20141217023639.GD4163@dhcp-40-8.bne.redhat.com> <5491C7B0.404@redhat.com> <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> Message-ID: <54AC97C6.5070504@redhat.com> On 12/18/2014 7:59 AM, Fraser Tweedale wrote: > On Wed, Dec 17, 2014 at 10:13:04AM -0800, Christina Fu wrote: >> Hi Fraser, >> Regarding CRL, I found the following: >> https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/ilOoDiCU4JM >> So I think we can just forget it then, unless you want to install old FF to >> try. >> You have an ACK on this patch now. >> >> About upgrade, I can see that you are on the right path there with the >> upgrade script, and it looks to do the thing, but since I don't have much >> experience with Python, could you please ask Endi to take a closer look? >> > Thanks Christina. > > Endi, any comments on upgrade script? > > Currently if you opt out of an upgrade step it aborts the whole > process. I think there could be scope for marking upgrade steps as > optional so that the process doesn't bail out, but I haven't > addressed that in the patch - wanted to solicit feedback first. > > Cheers, > > Fraser I have some comments: 1. The upgrade script will run automatically when you install the RPM. There's no opt-out mechanism with automatic upgrade, so the behavior of existing instances will change. If this is not what we want, we should not add an upgrade script. 2. The path to CS.cfg can be constructed like this: cfg_path = os.path.join(subsystem.conf_dir, 'CS.cfg') 3. The existing CS.cfg should be backed up before doing anything with it using this command: self.backup(cfg_path) 4. Ideally the CS.cfg should be read with a proper CS.cfg parser (e.g. in case it has multi-line properties). But since the parser only exists in Java and we're only modifying a simple property this is fine. 5. If this is going to be added into 10.2.2 you should create an empty common/upgrade/10.2.2 folder with a .gitignore file (just copy from another folder). If this is going to be added into 10.2.1 the script should be moved into server/upgrade/10.2.1 and be renamed to 02-EnableCRLAKIExtension. This patch is conditionally ACKed pending changes to address item #2, #3, and #5. -- Endi S. Dewata From ftweedal at redhat.com Wed Jan 7 05:12:59 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 7 Jan 2015 15:12:59 +1000 Subject: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension In-Reply-To: <54AC97C6.5070504@redhat.com> References: <20141030060943.GY21514@dhcp-40-8.bne.redhat.com> <54526694.60200@redhat.com> <20141217023639.GD4163@dhcp-40-8.bne.redhat.com> <5491C7B0.404@redhat.com> <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> <54AC97C6.5070504@redhat.com> Message-ID: <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> On Wed, Jan 07, 2015 at 09:19:50AM +0700, Endi Sukma Dewata wrote: > On 12/18/2014 7:59 AM, Fraser Tweedale wrote: > >On Wed, Dec 17, 2014 at 10:13:04AM -0800, Christina Fu wrote: > >>Hi Fraser, > >>Regarding CRL, I found the following: > >>https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/ilOoDiCU4JM > >>So I think we can just forget it then, unless you want to install old FF to > >>try. > >>You have an ACK on this patch now. > >> > >>About upgrade, I can see that you are on the right path there with the > >>upgrade script, and it looks to do the thing, but since I don't have much > >>experience with Python, could you please ask Endi to take a closer look? > >> > >Thanks Christina. > > > >Endi, any comments on upgrade script? > > > >Currently if you opt out of an upgrade step it aborts the whole > >process. I think there could be scope for marking upgrade steps as > >optional so that the process doesn't bail out, but I haven't > >addressed that in the patch - wanted to solicit feedback first. > > > >Cheers, > > > >Fraser > > I have some comments: > > 1. The upgrade script will run automatically when you install the RPM. > There's no opt-out mechanism with automatic upgrade, so the behavior of > existing instances will change. If this is not what we want, we should not > add an upgrade script. > I defer to Christina in this. If automatically turning on the extension is not what customers want, we still want a way for them to be able to do it easily. Is there currently a way to leverage the upgrade framework to do this? Perhaps there is scope to declare upgrade modules as automatic (executed when invoked via RPM) and manual (executed when invoked manually). Or something like that. > 2. The path to CS.cfg can be constructed like this: > cfg_path = os.path.join(subsystem.conf_dir, 'CS.cfg') > > 3. The existing CS.cfg should be backed up before doing anything with it > using this command: > self.backup(cfg_path) > > 4. Ideally the CS.cfg should be read with a proper CS.cfg parser (e.g. in > case it has multi-line properties). But since the parser only exists in Java > and we're only modifying a simple property this is fine. > > 5. If this is going to be added into 10.2.2 you should create an empty > common/upgrade/10.2.2 folder with a .gitignore file (just copy from another > folder). > > If this is going to be added into 10.2.1 the script should be moved into > server/upgrade/10.2.1 and be renamed to 02-EnableCRLAKIExtension. > > This patch is conditionally ACKed pending changes to address item #2, #3, > and #5. > Will address these. Thanks! > -- > Endi S. Dewata From edewata at redhat.com Wed Jan 7 10:48:26 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 07 Jan 2015 17:48:26 +0700 Subject: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension In-Reply-To: <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> References: <20141030060943.GY21514@dhcp-40-8.bne.redhat.com> <54526694.60200@redhat.com> <20141217023639.GD4163@dhcp-40-8.bne.redhat.com> <5491C7B0.404@redhat.com> <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> <54AC97C6.5070504@redhat.com> <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> Message-ID: <54AD0EFA.1080708@redhat.com> On 1/7/2015 12:12 PM, Fraser Tweedale wrote: >> 1. The upgrade script will run automatically when you install the RPM. >> There's no opt-out mechanism with automatic upgrade, so the behavior of >> existing instances will change. If this is not what we want, we should not >> add an upgrade script. >> > I defer to Christina in this. If automatically turning on the > extension is not what customers want, we still want a way for them > to be able to do it easily. Is there currently a way to leverage > the upgrade framework to do this? > > Perhaps there is scope to declare upgrade modules as automatic > (executed when invoked via RPM) and manual (executed when invoked > manually). Or something like that. Yes, see this ticket: https://fedorahosted.org/pki/ticket/1135 So the plan is to split structural and behavioral upgrade scripts. Structural upgrade is mandatory and executed automatically, while behavioral upgrade is optional. Your upgrade script seems to be a behavioral one. We probably can use the same upgrade framework, but the behavioral scripts will be put under a separate folder. Also, since the script changes the CS.cfg, we should advise the admin to shutdown the server first to avoid corrupting the file. See: https://fedorahosted.org/pki/ticket/1163 -- Endi S. Dewata From cfu at redhat.com Wed Jan 7 17:19:51 2015 From: cfu at redhat.com (Christina Fu) Date: Wed, 07 Jan 2015 09:19:51 -0800 Subject: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension In-Reply-To: <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> References: <20141030060943.GY21514@dhcp-40-8.bne.redhat.com> <54526694.60200@redhat.com> <20141217023639.GD4163@dhcp-40-8.bne.redhat.com> <5491C7B0.404@redhat.com> <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> <54AC97C6.5070504@redhat.com> <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> Message-ID: <54AD6AB7.3070201@redhat.com> On 01/06/2015 09:12 PM, Fraser Tweedale wrote: > On Wed, Jan 07, 2015 at 09:19:50AM +0700, Endi Sukma Dewata wrote: >> On 12/18/2014 7:59 AM, Fraser Tweedale wrote: >>> On Wed, Dec 17, 2014 at 10:13:04AM -0800, Christina Fu wrote: >>>> Hi Fraser, >>>> Regarding CRL, I found the following: >>>> https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/ilOoDiCU4JM >>>> So I think we can just forget it then, unless you want to install old FF to >>>> try. >>>> You have an ACK on this patch now. >>>> >>>> About upgrade, I can see that you are on the right path there with the >>>> upgrade script, and it looks to do the thing, but since I don't have much >>>> experience with Python, could you please ask Endi to take a closer look? >>>> >>> Thanks Christina. >>> >>> Endi, any comments on upgrade script? >>> >>> Currently if you opt out of an upgrade step it aborts the whole >>> process. I think there could be scope for marking upgrade steps as >>> optional so that the process doesn't bail out, but I haven't >>> addressed that in the patch - wanted to solicit feedback first. >>> >>> Cheers, >>> >>> Fraser >> I have some comments: >> >> 1. The upgrade script will run automatically when you install the RPM. >> There's no opt-out mechanism with automatic upgrade, so the behavior of >> existing instances will change. If this is not what we want, we should not >> add an upgrade script. >> > I defer to Christina in this. If automatically turning on the > extension is not what customers want, we still want a way for them > to be able to do it easily. Is there currently a way to leverage > the upgrade framework to do this? I honestly don't know why that was even an option in the first place. If you have tested successfully all the tests that I suggested, minus that one firefox one, then I think it's fine to change the default. Worst case, they can turn it off manually. > > Perhaps there is scope to declare upgrade modules as automatic > (executed when invoked via RPM) and manual (executed when invoked > manually). Or something like that. > >> 2. The path to CS.cfg can be constructed like this: >> cfg_path = os.path.join(subsystem.conf_dir, 'CS.cfg') >> >> 3. The existing CS.cfg should be backed up before doing anything with it >> using this command: >> self.backup(cfg_path) >> >> 4. Ideally the CS.cfg should be read with a proper CS.cfg parser (e.g. in >> case it has multi-line properties). But since the parser only exists in Java >> and we're only modifying a simple property this is fine. >> >> 5. If this is going to be added into 10.2.2 you should create an empty >> common/upgrade/10.2.2 folder with a .gitignore file (just copy from another >> folder). >> >> If this is going to be added into 10.2.1 the script should be moved into >> server/upgrade/10.2.1 and be renamed to 02-EnableCRLAKIExtension. >> >> This patch is conditionally ACKed pending changes to address item #2, #3, >> and #5. >> > Will address these. Thanks! > >> -- >> Endi S. Dewata From mharmsen at redhat.com Thu Jan 8 02:36:36 2015 From: mharmsen at redhat.com (Matthew Harmsen) Date: Wed, 07 Jan 2015 19:36:36 -0700 Subject: [Pki-devel] [PATCH] Bugzilla Bug #1147924 - dogtag: syntax errors in /usr/share/pki/scripts/operations Message-ID: <54ADED34.9030306@redhat.com> Please review the attached patch which addresses the following bug: * Bugzilla Bug #1147924 - dogtag: syntax errors in /usr/share/pki/scripts/operations -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 20150107-Fixed-bash-syntax-error.patch Type: text/x-patch Size: 2592 bytes Desc: not available URL: From ftweedal at redhat.com Thu Jan 8 04:59:44 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Thu, 8 Jan 2015 14:59:44 +1000 Subject: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension In-Reply-To: <54AD0EFA.1080708@redhat.com> References: <20141030060943.GY21514@dhcp-40-8.bne.redhat.com> <54526694.60200@redhat.com> <20141217023639.GD4163@dhcp-40-8.bne.redhat.com> <5491C7B0.404@redhat.com> <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> <54AC97C6.5070504@redhat.com> <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> <54AD0EFA.1080708@redhat.com> Message-ID: <20150108045944.GL3338@dhcp-40-8.bne.redhat.com> On Wed, Jan 07, 2015 at 05:48:26PM +0700, Endi Sukma Dewata wrote: > On 1/7/2015 12:12 PM, Fraser Tweedale wrote: > >>1. The upgrade script will run automatically when you install the RPM. > >>There's no opt-out mechanism with automatic upgrade, so the behavior of > >>existing instances will change. If this is not what we want, we should not > >>add an upgrade script. > >> > >I defer to Christina in this. If automatically turning on the > >extension is not what customers want, we still want a way for them > >to be able to do it easily. Is there currently a way to leverage > >the upgrade framework to do this? > > > >Perhaps there is scope to declare upgrade modules as automatic > >(executed when invoked via RPM) and manual (executed when invoked > >manually). Or something like that. > > Yes, see this ticket: > https://fedorahosted.org/pki/ticket/1135 > > So the plan is to split structural and behavioral upgrade scripts. > Structural upgrade is mandatory and executed automatically, while behavioral > upgrade is optional. Your upgrade script seems to be a behavioral one. We > probably can use the same upgrade framework, but the behavioral scripts will > be put under a separate folder. > > Also, since the script changes the CS.cfg, we should advise the admin to > shutdown the server first to avoid corrupting the file. See: > https://fedorahosted.org/pki/ticket/1163 > I split the patch into the original part and the upgrade script, pushed the original part (master: 9e8c518), created ticket #1236 to cover the upgrade aspect and closed #1189. So more work is needed before the CS.cfg update can happen in a safe way (#1163 in particular)? I see that those tickets are for 10.3. This change is non-urgent (after all, noone has complained or possibly even noticed that the configuration was non-conformant), so I think it is fine to wait until enough of #1135 and/or #1163 is in place so that we can do the upgrade safely. > -- > Endi S. Dewata From ftweedal at redhat.com Thu Jan 8 07:24:36 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Thu, 8 Jan 2015 17:24:36 +1000 Subject: [Pki-devel] [PATCH] Bugzilla Bug #1147924 - dogtag: syntax errors in /usr/share/pki/scripts/operations In-Reply-To: <54ADED34.9030306@redhat.com> References: <54ADED34.9030306@redhat.com> Message-ID: <20150108072436.GM3338@dhcp-40-8.bne.redhat.com> On Wed, Jan 07, 2015 at 07:36:36PM -0700, Matthew Harmsen wrote: > Please review the attached patch which addresses the following bug: > > * Bugzilla Bug #1147924 - dogtag: syntax errors in > /usr/share/pki/scripts/operations > > > ACK > From 5670a1f115c0d50b86ade800cbe999a49e79d4e7 Mon Sep 17 00:00:00 2001 > From: Matthew Harmsen > Date: Wed, 7 Jan 2015 16:04:45 -0700 > Subject: [PATCH] Fixed bash syntax error > > - Bugzilla Bug #1147924 - dogtag: syntax errors in > /usr/share/pki/scripts/operations > --- > base/server/scripts/operations | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/base/server/scripts/operations b/base/server/scripts/operations > index 2093691..f524a55 100644 > --- a/base/server/scripts/operations > +++ b/base/server/scripts/operations > @@ -1469,7 +1469,7 @@ backup_instance_configuration_files() > echo "WARNING: The '${pki_instance_configuration_file}' is empty!" > echo " ${PKI} backups will be discontinued until this" > echo " issue has been resolved!" > - $((backup_errors++)) > + ((backup_errors++)) > continue > fi > > @@ -1483,7 +1483,7 @@ backup_instance_configuration_files() > echo "WARNING: Since the file '${saved_backup_file}' exists, a" > echo " previous backup attempt has failed! ${PKI} backups" > echo " will be discontinued until this issue has been resolved!" > - $((backup_errors++)) > + ((backup_errors++)) > continue > fi > > @@ -1530,7 +1530,7 @@ backup_instance_configuration_files() > echo " which suggests that the previous backup file has" > echo " been removed! ${PKI} backups will be discontinued" > echo " until this issue has been resolved!" > - $((backup_errors++)) > + ((backup_errors++)) > continue > fi > > @@ -1561,7 +1561,7 @@ backup_instance_configuration_files() > if [ ! -s ${archived_file} ] ; then > # Issue a warning that the archived backup failed > echo "WARNING: Failed to archive '${pki_instance_configuration_file}' to '${archived_file}'!" > - $((backup_errors++)) > + ((backup_errors++)) > continue > fi > > @@ -1576,7 +1576,7 @@ backup_instance_configuration_files() > if [ ! -s ${backup_file} ] ; then > # Issue a warning that the backup failed > echo "WARNING: Failed to backup '${pki_instance_configuration_file}' to '${backup_file}'!" > - $((backup_errors++)) > + ((backup_errors++)) > continue > else > # Report that 'CS.cfg' has been successfully backed up > -- > 1.8.3.1 > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From edewata at redhat.com Sat Jan 10 00:42:01 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Sat, 10 Jan 2015 07:42:01 +0700 Subject: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension In-Reply-To: <20150108045944.GL3338@dhcp-40-8.bne.redhat.com> References: <20141030060943.GY21514@dhcp-40-8.bne.redhat.com> <54526694.60200@redhat.com> <20141217023639.GD4163@dhcp-40-8.bne.redhat.com> <5491C7B0.404@redhat.com> <20141218005949.GH4163@dhcp-40-8.bne.redhat.com> <54AC97C6.5070504@redhat.com> <20150107051258.GI3338@dhcp-40-8.bne.redhat.com> <54AD0EFA.1080708@redhat.com> <20150108045944.GL3338@dhcp-40-8.bne.redhat.com> Message-ID: <54B07559.6080509@redhat.com> On 1/8/2015 11:59 AM, Fraser Tweedale wrote: >> Also, since the script changes the CS.cfg, we should advise the admin to >> shutdown the server first to avoid corrupting the file. See: >> https://fedorahosted.org/pki/ticket/1163 >> > I split the patch into the original part and the upgrade script, > pushed the original part (master: 9e8c518), created ticket #1236 to > cover the upgrade aspect and closed #1189. > > So more work is needed before the CS.cfg update can happen in a safe > way (#1163 in particular)? I see that those tickets are for 10.3. > This change is non-urgent (after all, noone has complained or > possibly even noticed that the configuration was non-conformant), so > I think it is fine to wait until enough of #1135 and/or #1163 is in > place so that we can do the upgrade safely. Yeah, it would require some changes to the code to guarantee a safe CS.cfg modification and we haven't yet decided how to do that properly. BTW, does this change affect CA only? If that's the case the script probably should check the subsystem name. We can also set a default value for this property somewhere else, then remove this property from CS.cfg in new installations. The upgrade script later can optionally remove the property from existing CS.cfg if the admin wants. If the CS.cfg still has that property left, it will override the default value. That way we will convert most systems to use the new recommended behavior, but existing behavior can be preserved if necessary, and we will also incrementally simplify the CS.cfg. -- Endi S. Dewata From edewata at redhat.com Wed Jan 14 19:34:05 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 14 Jan 2015 13:34:05 -0600 Subject: [Pki-devel] [PATCH] 540 Fixed problem cloning Dogtag 10.1.x to 10.2.x. Message-ID: <54B6C4AD.4010307@redhat.com> The JSON format of security domain info has changed between Dogtag 10.1.x and 10.2.x, so the Python client library has been changed to accommodate both formats. https://fedorahosted.org/pki/ticket/1235 -- Endi S. Dewata -------------- next part -------------- From fbebfd2aff27c1c255b907f556a7bb27afd65abc Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 14 Jan 2015 10:36:37 -0500 Subject: [PATCH] Fixed problem cloning Dogtag 10.1.x to 10.2.x. The JSON format of security domain info has changed between Dogtag 10.1.x and 10.2.x, so the Python client library has been changed to accommodate both formats. https://fedorahosted.org/pki/ticket/1235 --- base/common/python/pki/system.py | 65 ++++++++++++++++++++++++++++++++-------- 1 file changed, 53 insertions(+), 12 deletions(-) diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py index a4b5c2feea265ebe49a6ba7ebacdb3c4d2e86405..d3ba44ce9bfdf06b3af9f7f3f4025975b8d8dd94 100644 --- a/base/common/python/pki/system.py +++ b/base/common/python/pki/system.py @@ -44,17 +44,27 @@ class SecurityDomainHost(object): @classmethod def from_json(cls, json_value): + host = cls() + + try: + # 10.2.x + host.id = json_value['id'] + + except KeyError: + # 10.1.x + host.id = json_value['@id'] + host.admin_port = json_value['SecureAdminPort'] host.agent_port = json_value['SecureAgentPort'] host.clone = json_value['Clone'] host.domain_manager = json_value['DomainManager'] host.ee_client_auth_port = json_value['SecureEEClientAuthPort'] host.hostname = json_value['Hostname'] - host.id = json_value['id'] host.secure_port = json_value['SecurePort'] host.subsystem_name = json_value['SubsystemName'] host.unsecure_port = json_value['Port'] + return host @@ -65,11 +75,26 @@ class SecurityDomainSubsystem(object): @classmethod def from_json(cls, json_value): - ret = cls() - ret.name = json_value['id'] - for host in json_value['Host']: - ret.hosts[host['id']] = SecurityDomainHost.from_json(host) - return ret + + subsystem = cls() + + try: + # 10.2.x + subsystem.name = json_value['id'] + + except KeyError: + # 10.1.x + subsystem.name = json_value['@id'] + + hosts = json_value['Host'] + if type(hosts) is dict: + hosts = [ hosts ] + + for h in hosts: + host = SecurityDomainHost.from_json(h) + subsystem.hosts[host.id] = host + + return subsystem class SecurityDomainInfo(object): @@ -79,12 +104,28 @@ class SecurityDomainInfo(object): @classmethod def from_json(cls, json_value): - ret = cls() - ret.name = json_value['id'] - for slist in json_value['Subsystem']: - subsystem = SecurityDomainSubsystem.from_json(slist) - ret.systems[slist['id']] = subsystem - return ret + + security_domain = cls() + + try: + # 10.2.x + security_domain.name = json_value['id'] + subsystems = json_value['Subsystem'] + + except KeyError: + # 10.1.x + domain_info = json_value['DomainInfo'] + security_domain.name = domain_info['@id'] + + subsystems = domain_info['Subsystem'] + if type(subsystems) is dict: + subsystems = [ subsystems ] + + for s in subsystems: + subsystem = SecurityDomainSubsystem.from_json(s) + security_domain.systems[subsystem.name] = subsystem + + return security_domain class SecurityDomainClient(object): -- 1.8.4.2 From edewata at redhat.com Tue Jan 20 20:49:16 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 20 Jan 2015 14:49:16 -0600 Subject: [Pki-devel] [PATCH] 541 Removed unnecessary EBaseException constructor. Message-ID: <54BEBF4C.8070309@redhat.com> One of the constructors in EBaseException has been removed because it's only used once and can be substituted with another constructor. All subclasses of EBaseException have been updated accordingly. https://fedorahosted.org/pki/ticket/915 -- Endi S. Dewata -------------- next part -------------- From 0aac83eb5c13d1fe631e941fccc514967dc68fdc Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 20 Jan 2015 09:25:32 -0500 Subject: [PATCH] Removed unnecessary EBaseException constructor. One of the constructors in EBaseException has been removed because it's only used once and can be substituted with another constructor. All subclasses of EBaseException have been updated accordingly. https://fedorahosted.org/pki/ticket/915 --- .../certsrv/authentication/EAuthException.java | 11 ----------- .../certsrv/authorization/EAuthzException.java | 11 ----------- .../netscape/certsrv/base/BadRequestDataException.java | 5 ----- .../src/com/netscape/certsrv/base/EBaseException.java | 18 ------------------ .../src/com/netscape/certsrv/ca/ECAException.java | 11 ----------- .../src/com/netscape/certsrv/dbs/EDBException.java | 11 ----------- .../certsrv/extensions/EExtensionsException.java | 4 ---- .../src/com/netscape/certsrv/jobs/EJobsException.java | 8 -------- .../src/com/netscape/certsrv/kra/EKRAException.java | 11 ----------- .../src/com/netscape/certsrv/ldap/ELdapException.java | 12 ------------ .../certsrv/listeners/EListenersException.java | 11 ----------- .../certsrv/notification/ENotificationException.java | 8 -------- .../certsrv/password/EPasswordCheckException.java | 11 ----------- .../com/netscape/certsrv/usrgrp/EUsrGrpException.java | 11 ----------- base/ocsp/src/com/netscape/ocsp/EOCSPException.java | 8 -------- .../src/com/netscape/cms/authentication/DNPattern.java | 2 +- .../netscape/cms/servlet/common/ECMSGWException.java | 8 -------- 17 files changed, 1 insertion(+), 160 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthException.java b/base/common/src/com/netscape/certsrv/authentication/EAuthException.java index 94240fdccd9ebc1b2f4d160ca032d3935a278c47..18743c5e70bd8bcf256ab1295cec4d997f6a9323 100644 --- a/base/common/src/com/netscape/certsrv/authentication/EAuthException.java +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthException.java @@ -47,17 +47,6 @@ public class EAuthException extends EBaseException { } /** - * Constructs an authentication exception with a parameter. - *

- * - * @param msgFormat exception details in message string format - * @param param message string parameter - */ - public EAuthException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** * Constructs a auth exception with a exception parameter. *

* diff --git a/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java index ccb81f24487a08f24264873219261d89fb7a6002..3674c8e00aa73ed254805a937a25ac36de08ea72 100644 --- a/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java +++ b/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java @@ -47,17 +47,6 @@ public class EAuthzException extends EBaseException { } /** - * Constructs a authz exception with a parameter. - *

- * - * @param msgFormat exception details in message string format - * @param param message string parameter - */ - public EAuthzException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** * Constructs a authz exception with a exception parameter. *

* diff --git a/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java b/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java index 268221eae726ed93b37d08e3ae721ace3340a43d..d029cd4a78f35bb3dd8b13e28ea61591060cdd62 100644 --- a/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java +++ b/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java @@ -16,9 +16,4 @@ public class BadRequestDataException extends EBaseException { public BadRequestDataException(String msgFormat, Object[] params) { super(msgFormat, params); } - - public BadRequestDataException(String msgFormat, String param) { - super(msgFormat, param); - } - } diff --git a/base/common/src/com/netscape/certsrv/base/EBaseException.java b/base/common/src/com/netscape/certsrv/base/EBaseException.java index 0ce8fdc3d37f5226cc144107d31dbc60a9e2103e..140a6acbcfc71b291ff059b09c8ec7eb3c6199fb 100644 --- a/base/common/src/com/netscape/certsrv/base/EBaseException.java +++ b/base/common/src/com/netscape/certsrv/base/EBaseException.java @@ -63,24 +63,6 @@ public class EBaseException extends Exception { } /** - * Constructs an instance of this exception with the given resource key - * and a parameter as a string. - * - * 

-     * new EBaseException(BaseResource.NO_CONFIG_FILE, fileName);
-     *
- *

- * - * @param msgFormat exception details in message string format - * @param param message string parameter - */ - public EBaseException(String msgFormat, String param) { - super(msgFormat); - mParams = new String[1]; - mParams[0] = param; - } - - /** * Constructs an instance of the exception given the resource key and * a exception parameter. * diff --git a/base/common/src/com/netscape/certsrv/ca/ECAException.java b/base/common/src/com/netscape/certsrv/ca/ECAException.java index 54ddbe8062c6ed09e536c962a4b8d5dce974ed87..01c601e983ceecaf359a17b87694b6c9c415079c 100644 --- a/base/common/src/com/netscape/certsrv/ca/ECAException.java +++ b/base/common/src/com/netscape/certsrv/ca/ECAException.java @@ -51,17 +51,6 @@ public class ECAException extends EBaseException { *

* * @param msgFormat constant from CAResources. - * @param param additional parameters to the message. - */ - public ECAException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a CA exception. - *

- * - * @param msgFormat constant from CAResources. * @param e embedded exception. */ public ECAException(String msgFormat, Exception e) { diff --git a/base/common/src/com/netscape/certsrv/dbs/EDBException.java b/base/common/src/com/netscape/certsrv/dbs/EDBException.java index 1908bdf7ed2e9a8222c8556c9563645d316ed277..279b9fb70834a35104307d32512ad58c3e221e4e 100644 --- a/base/common/src/com/netscape/certsrv/dbs/EDBException.java +++ b/base/common/src/com/netscape/certsrv/dbs/EDBException.java @@ -51,17 +51,6 @@ public class EDBException extends EBaseException { *

* * @param msgFormat message format - * @param param parameter - */ - public EDBException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a database exception. - *

- * - * @param msgFormat message format * @param e exception as parameter */ public EDBException(String msgFormat, Exception e) { diff --git a/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java b/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java index 5374a466acce7884af6e72732fe8cd262097e8e2..e3ce3366e5c0ef0108d0ec5c0f29905f49a4f1a0 100644 --- a/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java +++ b/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java @@ -40,10 +40,6 @@ public class EExtensionsException extends EBaseException { super(msgFormat); } - public EExtensionsException(String msgFormat, String param) { - super(msgFormat, param); - } - public EExtensionsException(String msgFormat, Exception e) { super(msgFormat, e); } diff --git a/base/common/src/com/netscape/certsrv/jobs/EJobsException.java b/base/common/src/com/netscape/certsrv/jobs/EJobsException.java index 38b9db6b9214a9f1d0e500b34b9c25d0433b1eb1..8632d6ca3335400312f8a5eae519e89175585183 100644 --- a/base/common/src/com/netscape/certsrv/jobs/EJobsException.java +++ b/base/common/src/com/netscape/certsrv/jobs/EJobsException.java @@ -48,14 +48,6 @@ public class EJobsException extends EBaseException { * Constructs a Identity exception. *

*/ - public EJobsException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a Identity exception. - *

- */ public EJobsException(String msgFormat, Exception e) { super(msgFormat, e); } diff --git a/base/common/src/com/netscape/certsrv/kra/EKRAException.java b/base/common/src/com/netscape/certsrv/kra/EKRAException.java index a42e8f409b76ea947d08e771a27d580446a996f9..c2b802078af5aeb096ad33f09d4c5cce71c1ea1a 100644 --- a/base/common/src/com/netscape/certsrv/kra/EKRAException.java +++ b/base/common/src/com/netscape/certsrv/kra/EKRAException.java @@ -54,17 +54,6 @@ public class EKRAException extends EBaseException { *

* * @param msgFormat constant from KRAResources. - * @param param additional parameters to the message. - */ - public EKRAException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a KRA exception. - *

- * - * @param msgFormat constant from KRAResources. * @param e embedded exception. */ public EKRAException(String msgFormat, Exception e) { diff --git a/base/common/src/com/netscape/certsrv/ldap/ELdapException.java b/base/common/src/com/netscape/certsrv/ldap/ELdapException.java index 57d7ca9585d24329cc016b3c30a03c04fea4a0c8..2f4943c6d4869d96931f3aeea1a96943c259cfca 100644 --- a/base/common/src/com/netscape/certsrv/ldap/ELdapException.java +++ b/base/common/src/com/netscape/certsrv/ldap/ELdapException.java @@ -51,18 +51,6 @@ public class ELdapException extends EBaseException { * Constructs a Ldap exception. * * @param msgFormat Resource Key, if key not present, serves as the message. - * Include a message string parameter for variable content. - * @param param Message string parameter. - *

- */ - public ELdapException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a Ldap exception. - * - * @param msgFormat Resource Key, if key not present, serves as the message. * @param e Common exception. *

*/ diff --git a/base/common/src/com/netscape/certsrv/listeners/EListenersException.java b/base/common/src/com/netscape/certsrv/listeners/EListenersException.java index 1169de0b17658a39a216b962cfcf06df42947f85..e1db15209f69a612e9843d20ad1521ade206e6ff 100644 --- a/base/common/src/com/netscape/certsrv/listeners/EListenersException.java +++ b/base/common/src/com/netscape/certsrv/listeners/EListenersException.java @@ -47,17 +47,6 @@ public class EListenersException extends EBaseException { } /** - * Constructs a listeners exception. - *

- * - * @param msgFormat exception details in message string format. - * @param param message string parameter. - */ - public EListenersException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** * Constructs a Listeners exception. *

* diff --git a/base/common/src/com/netscape/certsrv/notification/ENotificationException.java b/base/common/src/com/netscape/certsrv/notification/ENotificationException.java index 096d6e3a5674d2544fe01e7e79f45376b29087b1..13371d9b7bf377bdd9d0f84747394be5061f86b1 100644 --- a/base/common/src/com/netscape/certsrv/notification/ENotificationException.java +++ b/base/common/src/com/netscape/certsrv/notification/ENotificationException.java @@ -48,14 +48,6 @@ public class ENotificationException extends EBaseException { * Constructs a Identity exception. *

*/ - public ENotificationException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a Identity exception. - *

- */ public ENotificationException(String msgFormat, Exception e) { super(msgFormat, e); } diff --git a/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java b/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java index 6b2459759c6da166a831b774bff009ef8a163d45..7ed8d90602317535a11828ab920b75e3c932c743 100644 --- a/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java +++ b/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java @@ -52,17 +52,6 @@ public class EPasswordCheckException extends EBaseException { *

* * @param msgFormat exception details in message string format - * @param param message string parameter - */ - public EPasswordCheckException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a password checker exception. - *

- * - * @param msgFormat exception details in message string format * @param exception system exception */ public EPasswordCheckException(String msgFormat, Exception exception) { diff --git a/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java b/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java index cce9f3f3da35a69655c6b4bfa3656840f827e214..dff02cb4123e4f3a0db84119695db683dd9fcfa0 100644 --- a/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java +++ b/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java @@ -49,17 +49,6 @@ public class EUsrGrpException extends EBaseException { /** * Constructs a Identity exception. * - * @param msgFormat exception details in message string format - * @param param message string parameter - *

- */ - public EUsrGrpException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a Identity exception. - * * @param e system exception *

*/ diff --git a/base/ocsp/src/com/netscape/ocsp/EOCSPException.java b/base/ocsp/src/com/netscape/ocsp/EOCSPException.java index 1c878ad75b00b45ac4788cf1dfc33b173fb32a52..30574891fd8d7bd208dc50b055627e85f895408a 100644 --- a/base/ocsp/src/com/netscape/ocsp/EOCSPException.java +++ b/base/ocsp/src/com/netscape/ocsp/EOCSPException.java @@ -48,14 +48,6 @@ public class EOCSPException extends EBaseException { * Constructs a OCSP exception. *

*/ - public EOCSPException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a OCSP exception. - *

- */ public EOCSPException(String msgFormat, Exception e) { super(msgFormat, e); } diff --git a/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java b/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java index ccee3b51284b0a84c6889bfd05099c84d2b48a70..c62af4afcf794d5a5f025cf107535c7bf93e200a 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java +++ b/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java @@ -163,7 +163,7 @@ public class DNPattern { try { lastChar = in.read(); } catch (IOException e) { - throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()); + throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e); } } while (lastChar == ','); diff --git a/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java b/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java index 2c24c112a0e005ef2ad545cb2bc5d2c934972fe8..68a05c4f3a7eccd6d04d634d20466af751c35b6b 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java +++ b/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java @@ -48,14 +48,6 @@ public class ECMSGWException extends EBaseException { * Constructs a CMSGW exception. *

*/ - public ECMSGWException(String msgFormat, String param) { - super(msgFormat, param); - } - - /** - * Constructs a CMSGW exception. - *

- */ public ECMSGWException(String msgFormat, Exception e) { super(msgFormat, e); } -- 1.8.4.2 From edewata at redhat.com Tue Jan 20 20:52:00 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 20 Jan 2015 14:52:00 -0600 Subject: [Pki-devel] [PATCH] 542 Added support for exception chains in EBaseException. Message-ID: <54BEBFF0.8010102@redhat.com> The EBaseException has been modified to provide constructors that can be used to chain exceptions. This way the root cause of the exception can be traced back to help troubleshooting. Some codes have been modified to utilize the proper exception chaining. https://fedorahosted.org/pki/ticket/915 -- Endi S. Dewata -------------- next part -------------- From 6db8b7999007f25b87cd81182222a537fe0c2edc Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 20 Jan 2015 09:25:32 -0500 Subject: [PATCH] Added support for exception chains in EBaseException. The EBaseException has been modified to provide constructors that can be used to chain exceptions. This way the root cause of the exception can be traced back to help troubleshooting. Some codes have been modified to utilize the proper exception chaining. https://fedorahosted.org/pki/ticket/915 --- base/common/src/com/netscape/certsrv/apps/CMS.java | 14 ++--- .../com/netscape/certsrv/base/EBaseException.java | 60 +++++++++++++++++----- .../dogtagpki/server/rest/SystemConfigService.java | 18 +++---- .../cmscore/authentication/AuthSubsystem.java | 20 +++++--- .../ChallengePhraseAuthentication.java | 3 +- 5 files changed, 76 insertions(+), 39 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java index 63c1a2cbde2ffdb0ce116c664ab373aeba91f5a3..8b4bac2c0985637ceab6d55bf3d2b9a00b848412 100644 --- a/base/common/src/com/netscape/certsrv/apps/CMS.java +++ b/base/common/src/com/netscape/certsrv/apps/CMS.java @@ -17,8 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.apps; -import java.io.ByteArrayOutputStream; -import java.io.PrintStream; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -1586,21 +1584,19 @@ public final class CMS { CMS.startup(); } catch (EBaseException e) { // catch everything here purposely - CMS.debug("CMS:Caught EBaseException"); CMS.debug(e); // Raidzilla Bug #57592: Always print error message to stdout. - System.out.println(e.toString()); + System.out.println(e); shutdown(); throw e; + } catch (Exception e) { // catch everything here purposely - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - PrintStream ps = new PrintStream(bos); - - e.printStackTrace(ps); + CMS.debug(e); System.out.println(Constants.SERVER_SHUTDOWN_MESSAGE); - throw new EBaseException(bos.toString()); + + throw new EBaseException(e); // cms.shutdown(); } } diff --git a/base/common/src/com/netscape/certsrv/base/EBaseException.java b/base/common/src/com/netscape/certsrv/base/EBaseException.java index 140a6acbcfc71b291ff059b09c8ec7eb3c6199fb..78d9a6d2d68083a39a91e4ae135bff3541406dad 100644 --- a/base/common/src/com/netscape/certsrv/base/EBaseException.java +++ b/base/common/src/com/netscape/certsrv/base/EBaseException.java @@ -63,25 +63,24 @@ public class EBaseException extends Exception { } /** - * Constructs an instance of the exception given the resource key and - * a exception parameter. + * Constructs an instance of this exception given the resource key and + * the cause exception. * - * 

-     * 		try {
-     *  		...
-     * 		} catch (IOExeption e) {
-     * 		 	throw new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
-     *      }
-     *
- *

+ * 

+     *     try {
+     *         ...
+     *     } catch (IOExeption e) {
+     *         throw new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
+     *     }
+     *
* * @param msgFormat The resource key - * @param param The parameter as an exception + * @param cause The cause exception */ - public EBaseException(String msgFormat, Exception param) { - super(msgFormat); + public EBaseException(String msgFormat, Exception cause) { + super(msgFormat, cause); mParams = new Exception[1]; - mParams[0] = param; + mParams[0] = cause; } /** @@ -98,6 +97,39 @@ public class EBaseException extends Exception { } /** + * Constructs an instance of this exception given the resource key, + * an array of parameters, and the cause exception. + *

+ * + * @param msgFormat The resource key + * @param params Array of params + * @param cause The cause exception + */ + public EBaseException(String msgFormat, Object params[], Exception cause) { + super(msgFormat, cause); + mParams = params; + } + + /** + * Constructs an instance of this exception given the cause exception. + * + * 

+     *     try {
+     *         ...
+     *     } catch (IOExeption e) {
+     *         throw new EBaseException(e);
+     *     }
+     *
+ * + * @param cause The cause exception + */ + public EBaseException(Exception cause) { + super(cause.getMessage() == null ? cause.getClass().getName() : cause.getMessage(), cause); + mParams = new Exception[1]; + mParams[0] = cause; + } + + /** * Returns the list of parameters. *

* diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 47048c31a06b44cd992d4ebd1f09ff550bde9bf0..a594dad0510242357e86201e9d1125f9d0f929f8 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -174,7 +174,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.commit(false); } catch (EBaseException e) { CMS.debug(e); - throw new PKIException("Unable to commit config parameters to file"); + throw new PKIException("Unable to commit config parameters to file", e); } initializeDatabase(data); @@ -200,8 +200,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ConfigurationUtils.setCertPermissions(cert.getCertTag()); CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); } catch (Exception e) { - e.printStackTrace(); - throw new PKIException("Error in configuring system certificates" + e); + CMS.debug(e); + throw new PKIException("Error in configuring system certificates" + e, e); } if (ret != 0) { throw new PKIException("Error in configuring system certificates"); @@ -234,8 +234,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { ConfigurationUtils.removePreopConfigEntries(); } catch (EBaseException e) { - e.printStackTrace(); - throw new PKIException("Errors when removing preop config entries: " + e); + CMS.debug(e); + throw new PKIException("Errors when removing preop config entries: " + e, e); } // Create an empty file that designates the fact that although @@ -915,8 +915,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("securitydomain.host", host); cs.putInteger("securitydomain.httpsadminport",port); } catch (Exception e) { - e.printStackTrace(); - throw new PKIException("Failed to resolve security domain URL"); + CMS.debug(e); + throw new PKIException("Failed to resolve security domain URL", e); } getCertChainFromSecurityDomain(host, port); @@ -957,8 +957,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { installToken = ConfigurationUtils.getInstallToken(host, port, user, pass); } catch (Exception e) { - e.printStackTrace(); - throw new PKIException("Failed to obtain installation token from security domain: " + e); + CMS.debug(e); + throw new PKIException("Failed to obtain installation token from security domain: " + e, e); } if (installToken == null) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java index 549ce01f97fde8fb0ea3da9fb194451a43fdc128..137edb5c5a75916fb8a2b2fdf07ab0a6aa56f0fe 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java @@ -219,21 +219,26 @@ public class AuthSubsystem implements IAuthSubsystem { isEnable = true; log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName)); + } catch (ClassNotFoundException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); + } catch (IllegalAccessException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); + } catch (InstantiationException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); + } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString())); // Skip the authenticaiton instance if // it is mis-configurated. This give // administrator another chance to // fix the problem via console + } catch (Throwable e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString())); // Skip the authenticaiton instance if @@ -330,15 +335,18 @@ public class AuthSubsystem implements IAuthSubsystem { authMgrInst = (IAuthManager) Class.forName(className).newInstance(); return (authMgrInst.getConfigParams()); + } catch (InstantiationException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); + + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); } catch (ClassNotFoundException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); + } catch (IllegalAccessException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); } } diff --git a/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java index f5bde0b54731c46d0ccff2dbc64d435995b23915..11b6104bf93096da03f622c291eabc4016271228 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java +++ b/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java @@ -103,8 +103,9 @@ public class ChallengePhraseAuthentication implements IAuthManager { try { mSHADigest = MessageDigest.getInstance("SHA1"); + } catch (NoSuchAlgorithmException e) { - throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); + throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()), e); } log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name)); -- 1.8.4.2 From edewata at redhat.com Tue Jan 20 20:52:48 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 20 Jan 2015 14:52:48 -0600 Subject: [Pki-devel] [PATCH] 543 Fixed exception chains in ConfigurationUtils. Message-ID: <54BEC020.4080609@redhat.com> The ConfigurationUtils has been modified such that if an exception is triggered by another exception the exceptions will be chained. https://fedorahosted.org/pki/ticket/915 -- Endi S. Dewata -------------- next part -------------- From 8d60e9b06ea6da23f3bb1d149dfffb9182b29fc2 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 20 Jan 2015 14:47:59 -0500 Subject: [PATCH] Fixed exception chains in ConfigurationUtils. The ConfigurationUtils has been modified such that if an exception is triggered by another exception the exceptions will be chained. https://fedorahosted.org/pki/ticket/915 --- .../cms/servlet/csadmin/ConfigurationUtils.java | 40 +++++++++++++--------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 0b1c6f6e26477acdd174bbfbad69c7e22e461ac4..21aaf203bb89a330698cdbc43e4dd1fa8f36854b 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -276,13 +276,15 @@ public class ConfigurationUtils { c = httpresponse.getContent(); //cfu - + } catch (ConnectException e) { CMS.debug("getHttpResponse: " + e.toString()); - throw new IOException("The server you tried to contact is not running."); + throw new IOException("The server you tried to contact is not running.", e); + } catch (Exception e) { CMS.debug("getHttpResponse: " + e.toString()); - throw new IOException(e.toString()); + throw new IOException(e.toString(), e); + } finally { if (httpclient.connected()) { httpclient.disconnect(); @@ -366,6 +368,7 @@ public class ConfigurationUtils { SecurityDomainClient sdClient = new SecurityDomainClient(client, "ca"); try { + CMS.debug("Getting install token"); accountClient.login(); InstallToken token = sdClient.getInstallToken(sdhost, csType); accountClient.logout(); @@ -375,6 +378,7 @@ public class ConfigurationUtils { if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) { // try the old servlet + CMS.debug("Getting old cookie"); String tokenString = getOldCookie(sdhost, sdport, user, passwd); CMS.debug("Token: " + tokenString); return tokenString; @@ -702,7 +706,7 @@ public class ConfigurationUtils { c = getHttpResponse(hostname, eePort, https, serverPath, content, null, null); if (c == null || c.equals("")) { CMS.debug("updateNumberRange: content is null."); - throw new IOException("The server you want to contact is not available"); + throw new IOException("The server you want to contact is not available", e); } CMS.debug("content from ee interface =" + c); parser = new XMLObject(new ByteArrayInputStream(c.getBytes())); @@ -1015,7 +1019,9 @@ public class ConfigurationUtils { return false; } } + } catch (Exception e) { + CMS.debug(e); return false; } @@ -1289,7 +1295,7 @@ public class ConfigurationUtils { try { if (conn != null) conn.disconnect(); } catch (LDAPException e) { - e.printStackTrace(); + CMS.debug(e); CMS.debug("releaseConnection: " + e); } } @@ -1484,7 +1490,7 @@ public class ConfigurationUtils { } catch (LDAPException e) { CMS.debug("populateDB: " + e); - throw new EBaseException("Failed to check database mapping: " + e); + throw new EBaseException("Failed to check database mapping: " + e, e); } } @@ -1506,7 +1512,7 @@ public class ConfigurationUtils { CMS.debug("getDatabaseEntry: Database " + database + " does not exist."); } else { CMS.debug("getDatabaseEntry: " + e); - throw new EBaseException("Failed to determine if database exists: " + e); + throw new EBaseException("Failed to determine if database exists: " + e, e); } } return databaseEntry; @@ -1530,7 +1536,7 @@ public class ConfigurationUtils { CMS.debug("getMappingDNEntry: Mapping for subtree " + baseDN + " does not exist."); } else { CMS.debug("getMappingDNEntry: " + e); - throw new EBaseException("Failed to determine if mapping entry exists: " + e); + throw new EBaseException("Failed to determine if mapping entry exists: " + e, e); } } return mappingEntry; @@ -1553,7 +1559,7 @@ public class ConfigurationUtils { CMS.debug("getBaseDNEntry: Subtree " + baseDN + " does not exist."); } else { CMS.debug("getBaseDNEntry: " + e); - throw new EBaseException("Failed to determine if base DN exists: " + e); + throw new EBaseException("Failed to determine if base DN exists: " + e, e); } } return baseEntry; @@ -1573,10 +1579,10 @@ public class ConfigurationUtils { CMS.debug("checkParentExists: Parent entry " + parentDN + " exists."); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { - throw new EBaseException("Parent entry " + parentDN + "does not exist"); + throw new EBaseException("Parent entry " + parentDN + "does not exist", e); } else { CMS.debug("checkParentExists: " + e); - throw new EBaseException("Failed to determine if base DN exists: " + e); + throw new EBaseException("Failed to determine if base DN exists: " + e, e); } } } @@ -1859,7 +1865,7 @@ public class ConfigurationUtils { CMS.debug("setupEeplication: Failed to set up connection to master:" + e.toString()); e.printStackTrace(); releaseConnection(masterConn); - throw new IOException("Failed to set up replication: No connection to master"); + throw new IOException("Failed to set up replication: No connection to master", e); } // get connection to replica @@ -1875,7 +1881,7 @@ public class ConfigurationUtils { e.printStackTrace(); releaseConnection(masterConn); releaseConnection(replicaConn); - throw new IOException("Failed to set up replication: No connection to replica"); + throw new IOException("Failed to set up replication: No connection to replica", e); } try { @@ -1944,7 +1950,7 @@ public class ConfigurationUtils { } catch (Exception e) { e.printStackTrace(); CMS.debug("setupReplication: " + e.toString()); - throw new IOException("Failed to setup the replication for cloning."); + throw new IOException("Failed to setup the replication for cloning.", e); } finally { releaseConnection(masterConn); releaseConnection(replicaConn); @@ -2954,7 +2960,7 @@ public class ConfigurationUtils { CryptoUtil.importUserCertificate(impl, nickname, false); CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'"); } catch (Exception ee) { - ee.printStackTrace(); + CMS.debug(ee); CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: " + ee.toString()); } } @@ -3239,8 +3245,10 @@ public class ConfigurationUtils { try { fout = new FileOutputStream(fname); fout.write(output); + } catch (Exception e) { - throw new IOException("Failed to store keys in backup file" + e); + throw new IOException("Failed to store keys in backup file " + e, e); + } finally { if (fout != null) { fout.close(); -- 1.8.4.2 From edewata at redhat.com Wed Jan 21 01:01:52 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Tue, 20 Jan 2015 19:01:52 -0600 Subject: [Pki-devel] [PATCH] 531 Moved web application deployment locations. In-Reply-To: <546F6D2A.9030200@redhat.com> References: <544AD6DE.9030909@redhat.com> <544FA33B.5060003@redhat.com> <20141029073605.GW21514@dhcp-40-8.bne.redhat.com> <5450FAB5.1070709@redhat.com> <546F6D2A.9030200@redhat.com> Message-ID: <54BEFA80.2030403@redhat.com> On 11/21/2014 10:49 AM, Endi Sukma Dewata wrote: >>> ACK. >>> >>> Upgrading existing instance and spawning new instance worked and >>> layout was as expected. >> >> Thanks. Per discussion with alee, we're going to wait until the >> following ticket is implemented, at least partially: >> https://fedorahosted.org/pki/ticket/1129 >> This is needed to support upgrading from a prerelease build (e.g. >> 10.2.1-0.1) to the final build (e.g. 10.2.1-1). >> >> It looks like there's a way to implement it without too much work. Right >> now the upgrade folders refer to the version to upgraded from. We're >> going to change that to the version we're going to upgrade to. > > The current upgrade framework actually can upgrade between release > numbers without changing the version number. This patch has been revised > to change the version/release number to 10.2.1-0.2. I've verified the > upgrade from 10.2.0-3 to 10.2.1-0.2 and from 10.2.1-0.1 to 10.2.1-0.2. Rebased the patch. Tested upgrading from 10.1.2 and 10.2.0. -- Endi S. Dewata -------------- next part -------------- >From 50e25d36da7ce337e5818d1e67b9ab9a3d9da0b2 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 12 Oct 2014 00:16:55 -0400 Subject: [PATCH] Moved web application deployment locations. Currently web applications are deployed into Host's appBase (i.e. /webapps). To allow better control of individual subsystem deployments, the web applications have to be moved out of the appBase so that the autoDeploy can work properly later. This patch moves the common web applications to / common/webapps and subsystem web applications to / /webapps. An upgrade script has been added to update existing deployments. https://fedorahosted.org/pki/ticket/1183 --- base/common/upgrade/10.2.1/.gitignore | 4 + base/common/upgrade/10.2.2/.gitignore | 4 + base/server/etc/default.cfg | 5 +- .../python/pki/server/deployment/pkihelper.py | 35 ++++++ .../deployment/scriptlets/instance_layout.py | 34 +++++- .../deployment/scriptlets/subsystem_layout.py | 6 -- .../deployment/scriptlets/webapp_deployment.py | 49 +++++---- base/server/scripts/operations | 25 ++--- .../01-MoveWebApplicationDeploymentLocations | 119 +++++++++++++++++++++ specs/pki-core.spec | 1 + 10 files changed, 229 insertions(+), 53 deletions(-) create mode 100644 base/common/upgrade/10.2.1/.gitignore create mode 100644 base/common/upgrade/10.2.2/.gitignore create mode 100755 base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations diff --git a/base/common/upgrade/10.2.1/.gitignore b/base/common/upgrade/10.2.1/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/common/upgrade/10.2.1/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/common/upgrade/10.2.2/.gitignore b/base/common/upgrade/10.2.2/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..5e7d2734cfc60289debf74293817c0a8f572ff32 --- /dev/null +++ b/base/common/upgrade/10.2.2/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index ecf436d9f15729ed27e09975ab1f1151e504fe94..98a3628572e78f71525a95cedd0e473be8a14d9d 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -217,6 +217,7 @@ pki_tomcat_common_path=%(pki_instance_path)s/common pki_tomcat_common_lib_path=%(pki_tomcat_common_path)s/lib pki_tomcat_tmpdir_path=%(pki_instance_path)s/temp pki_tomcat_webapps_path=%(pki_instance_path)s/webapps +pki_tomcat_common_webapps_path=%(pki_instance_path)s/common/webapps pki_tomcat_work_path=%(pki_instance_path)s/work pki_tomcat_work_catalina_path=%(pki_tomcat_work_path)s/Catalina pki_tomcat_work_catalina_host_path=%(pki_tomcat_work_catalina_path)s/localhost @@ -231,8 +232,8 @@ pki_instance_lib=%(pki_instance_path)s/lib pki_instance_lib_log4j_properties=%(pki_instance_lib)s/log4j.properties pki_instance_systemd_link=%(pki_instance_path)s/%(pki_instance_name)s pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit -pki_subsystem_tomcat_webapps_link=%(pki_subsystem_path)s/webapps -pki_tomcat_webapps_subsystem_path=%(pki_tomcat_webapps_path)s/%(pki_subsystem_type)s +pki_tomcat_subsystem_webapps_path=%(pki_subsystem_path)s/webapps +pki_tomcat_webapps_subsystem_path=%(pki_tomcat_subsystem_webapps_path)s/%(pki_subsystem_type)s pki_tomcat_webapps_subsystem_webinf_classes_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/classes pki_tomcat_webapps_subsystem_webinf_lib_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/lib pki_certsrv_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-certsrv.jar diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 9d2469dec064f8422e649e8fc1be6597e7a04fee..02a2c9e32bdb27b65e59183eeab8ec5e5ecdd4ac 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -40,6 +40,7 @@ from grp import getgrnam from pwd import getpwnam from pwd import getpwuid import xml.etree.ElementTree as ET +from lxml import etree import zipfile import selinux if selinux.is_selinux_enabled(): @@ -4173,4 +4174,38 @@ class PKIDeployer: self.tps_connector = TPSConnector(self) self.config_client = ConfigClient(self) + def deploy_webapp(self, name, doc_base, descriptor): + """ + Deploy a web application into a Tomcat instance. + This method will copy the specified deployment descriptor into + /conf/Catalina/localhost/.xml and point the docBase + to the specified location. The web application will become available + under "/" URL path. + + See also: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html + + :param name: Web application name. + :type name: str + :param doc_base: Path to web application content. + :type doc_base: str + :param descriptor: Path to deployment descriptor (context.xml). + :type descriptor: str + """ + new_descriptor = os.path.join( + self.mdict['pki_instance_configuration_path'], + "Catalina", + "localhost", + name + ".xml") + + parser = etree.XMLParser(remove_blank_text=True) + document = etree.parse(descriptor, parser) + + context = document.getroot() + context.set('docBase', doc_base) + + with open(new_descriptor, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + os.chown(new_descriptor, self.mdict['pki_uid'], self.mdict['pki_gid']) + os.chmod(new_descriptor, config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index 16c3a7f7631aee94eefb37c1dda42c905007e49c..7d4ff3054de382ee65d4f912f0f1875b59af85b1 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -56,6 +56,30 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_instance_configuration_path'], ignore_cb=file_ignore_callback_src_server) + # Deploy ROOT web application + deployer.deploy_webapp( + "ROOT", + os.path.join( + deployer.mdict['pki_tomcat_common_webapps_path'], + "ROOT"), + os.path.join( + deployer.mdict['pki_source_server_path'], + "Catalina", + "localhost", + "ROOT.xml")) + + # Deploy pki web application + deployer.deploy_webapp( + "pki", + os.path.join( + deployer.mdict['pki_tomcat_common_webapps_path'], + "pki"), + os.path.join( + deployer.mdict['pki_source_server_path'], + "Catalina", + "localhost", + "pki.xml")) + # establish Tomcat instance base deployer.directory.create(deployer.mdict['pki_tomcat_common_path']) deployer.directory.create( @@ -75,23 +99,23 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_instance_lib_log4j_properties']) deployer.directory.create(deployer.mdict['pki_tomcat_tmpdir_path']) - # Copy /usr/share/pki/server/webapps to /webapps + # Copy /usr/share/pki/server/webapps to /common/webapps deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "server", "webapps"), - deployer.mdict['pki_tomcat_webapps_path']) + deployer.mdict['pki_tomcat_common_webapps_path']) # If desired and available, # copy selected server theme - # to /webapps/pki - if config.str2bool(deployer.mdict['pki_theme_enable']) and \ + # to /common/webapps/pki + if config.str2bool(deployer.mdict['pki_theme_enable']) and\ os.path.exists(deployer.mdict['pki_theme_server_dir']): deployer.directory.copy( deployer.mdict['pki_theme_server_dir'], os.path.join( - deployer.mdict['pki_tomcat_webapps_path'], + deployer.mdict['pki_tomcat_common_webapps_path'], "pki"), overwrite_flag=True) diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py index 324accad0d6a9230ac15cebd2c67b0eeb1ec756b..c3d06c0796a00d6c5973780706bde7e9e2838bf3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py @@ -103,12 +103,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.file.copy( deployer.mdict['pki_source_transportcert_profile'], deployer.mdict['pki_target_transportcert_profile']) - # establish instance-based Tomcat PKI subsystem registry - # establish instance-based Tomcat PKI subsystem convenience - # symbolic links - deployer.symlink.create( - deployer.mdict['pki_tomcat_webapps_path'], - deployer.mdict['pki_subsystem_tomcat_webapps_link']) # establish instance-based subsystem convenience symbolic links deployer.symlink.create( deployer.mdict['pki_instance_database_link'], diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py index 962de724fcfc034ce0fb389a056928102122679e..dce327ff871f58fb5a954fe76c7ded31867c2af3 100644 --- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py +++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py @@ -44,29 +44,38 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.WEBAPP_DEPLOYMENT_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) + # Create subsystem webapps folder to store custom webapps: + # //webapps. + deployer.directory.create( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) + + # set ownerships, permissions, and acls + deployer.directory.set_mode( + deployer.mdict['pki_tomcat_subsystem_webapps_path']) + # For TPS, deploy web application directly from /usr/share/pki. if deployer.mdict['pki_subsystem'] == "TPS": - deployer.file.copy( + deployer.deploy_webapp( + "tps", + os.path.join( + config.PKI_DEPLOYMENT_SOURCE_ROOT, + "tps", + "webapps", + "tps"), os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, "tps", "conf", "Catalina", "localhost", - "tps.xml"), - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", "tps.xml")) + return self.rv - # For other subsystems, deploy web application into Tomcat instance. - deployer.directory.create( - deployer.mdict['pki_tomcat_webapps_subsystem_path']) + # For other subsystems, deploy as custom web application. # Copy /usr/share/pki//webapps/ - # to /webapps/ + # to //webapps/ deployer.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, @@ -77,7 +86,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): overwrite_flag=True) # Copy /usr/share/pki/server/webapps/pki/admin - # to /webapps//admin + # to //webapps//admin # TODO: common templates should be deployed in common webapp deployer.directory.copy( os.path.join( @@ -131,26 +140,16 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.mdict['pki_tks_jar'], deployer.mdict['pki_tks_jar_link']) - # set ownerships, permissions, and acls - deployer.directory.set_mode( - deployer.mdict['pki_tomcat_webapps_subsystem_path']) - - # Copy web application context file - # from /usr/share/pki//conf/Catalina/localhost/ - # .xml - # to /conf/Catalina/localhost/.xml - deployer.file.copy( + # Deploy subsystem web application. + deployer.deploy_webapp( + deployer.mdict['pki_subsystem'].lower(), + deployer.mdict['pki_tomcat_webapps_subsystem_path'], os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, deployer.mdict['pki_subsystem'].lower(), "conf", "Catalina", "localhost", - deployer.mdict['pki_subsystem'].lower() + ".xml"), - os.path.join( - deployer.mdict['pki_instance_configuration_path'], - "Catalina", - "localhost", deployer.mdict['pki_subsystem'].lower() + ".xml")) return self.rv diff --git a/base/server/scripts/operations b/base/server/scripts/operations index f524a55764a1bf99b75fb9a52da7750c9b61e435..84511588f1e09017301f8615769e746374a3abee 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1108,11 +1108,11 @@ verify_symlinks() pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}" pki_systemd_dir="/etc/systemd/system/pki-tomcatd.target.wants" pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_NAME}.service" - pki_ca_jar_dir="${PKI_INSTANCE_PATH}/webapps/ca/WEB-INF/lib" - pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" - pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" - pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib" - pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib" + pki_ca_jar_dir="${PKI_INSTANCE_PATH}/ca/webapps/ca/WEB-INF/lib" + pki_kra_jar_dir="${PKI_INSTANCE_PATH}/kra/webapps/kra/WEB-INF/lib" + pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/ocsp/webapps/ocsp/WEB-INF/lib" + pki_tks_jar_dir="${PKI_INSTANCE_PATH}/tks/webapps/tks/WEB-INF/lib" + pki_tps_jar_dir="${PKI_INSTANCE_PATH}/tps/webapps/tps/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( @@ -1126,8 +1126,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ca [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ca - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_ca_jar_dir}' symlinks ca_jar_symlinks=( @@ -1144,8 +1143,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/kra [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/kra - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_kra_jar_dir}' symlinks kra_jar_symlinks=( @@ -1162,8 +1160,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ocsp [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ocsp - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_ocsp_jar_dir}' symlinks ocsp_jar_symlinks=( @@ -1180,8 +1177,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tks [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tks - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_tks_jar_dir}' symlinks tks_jar_symlinks=( @@ -1198,8 +1194,7 @@ verify_symlinks() [alias]=${PKI_INSTANCE_PATH}/alias [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps - [registry]=${pki_registry_dir} - [webapps]=${PKI_INSTANCE_PATH}/webapps) + [registry]=${pki_registry_dir}) # '${pki_tps_jar_dir}' symlinks tps_jar_symlinks=( diff --git a/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations new file mode 100755 index 0000000000000000000000000000000000000000..20f35e837d2dbce7bfee01187b9763d4ff592d40 --- /dev/null +++ b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations @@ -0,0 +1,119 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2014 Red Hat, Inc. +# All rights reserved. +# + +import grp +import os +import pwd +import shutil +import signal +import sys +from lxml import etree + +import pki +import pki.server.upgrade + + +class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + + self.message = 'Move Web application deployment locations' + + self.parser = etree.XMLParser(remove_blank_text=True) + + def upgrade_subsystem(self, instance, subsystem): + + subsystem_webapps = os.path.join(instance.base_dir, subsystem.name, 'webapps') + self.backup(subsystem_webapps) + + # remove old subsystem webapps symlink + if os.path.islink(subsystem_webapps): + os.unlink(subsystem_webapps) + + # create new subsytem webapps folder + if not os.path.exists(subsystem_webapps): + os.mkdir(subsystem_webapps) + + uid = pwd.getpwnam('pkiuser').pw_uid + gid = grp.getgrnam('pkiuser').gr_gid + + os.chown(subsystem_webapps, uid, gid) + os.chmod(subsystem_webapps, 0770) + + # move subsystem webapp + subsystem_old_webapp = os.path.join(instance.base_dir, 'webapps', subsystem.name) + subsystem_new_webapp = os.path.join(subsystem_webapps, subsystem.name) + subsystem_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', subsystem.name + '.xml') + + self.move_webapp(subsystem_old_webapp, subsystem_new_webapp, subsystem_context_xml) + + def upgrade_instance(self, instance): + + common_webapps = os.path.join(instance.base_dir, 'common', 'webapps') + self.backup(common_webapps) + + # create new common webapps folder + if not os.path.exists(common_webapps): + os.mkdir(common_webapps) + + uid = pwd.getpwnam('pkiuser').pw_uid + gid = grp.getgrnam('pkiuser').gr_gid + + os.chown(common_webapps, uid, gid) + os.chmod(common_webapps, 0770) + + # move ROOT webapp + root_old_webapp = os.path.join(instance.base_dir, 'webapps', 'ROOT') + root_new_webapp = os.path.join(common_webapps, 'ROOT') + root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + + self.move_webapp(root_old_webapp, root_new_webapp, root_context_xml) + + # move pki webapp + pki_old_webapp = os.path.join(instance.base_dir, 'webapps', 'pki') + pki_new_webapp = os.path.join(common_webapps, 'pki') + pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + + self.move_webapp(pki_old_webapp, pki_new_webapp, pki_context_xml) + + def move_webapp(self, old_webapp, new_webapp, context_xml): + + if not os.path.exists(old_webapp): + return + + # move old webapp to the new webapp + self.backup(old_webapp) + self.backup(new_webapp) + + shutil.move(old_webapp, new_webapp) + + # update docBase in context.xml + self.backup(context_xml) + + document = etree.parse(context_xml, self.parser) + + context = document.getroot() + doc_base = context.get('docBase') + + context.set('docBase', new_webapp) + + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 237f97407d140558b3e41bc58c104e5994c467bf..bac0083f8d1c6f4e62c9653144003fda774b39b8 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -885,6 +885,7 @@ echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 %changelog * Thu Jan 8 2015 Dogtag Team 10.2.2-0.1 - Updated version number to 10.2.2-0.1 +- Moved web application deployment locations. * Thu Jan 8 2015 Dogtag Team 10.2.1-1 - Update release number for release build -- 1.8.4.2 From ftweedal at redhat.com Wed Jan 21 05:13:15 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 21 Jan 2015 15:13:15 +1000 Subject: [Pki-devel] [PATCH] 541 Removed unnecessary EBaseException constructor. In-Reply-To: <54BEBF4C.8070309@redhat.com> References: <54BEBF4C.8070309@redhat.com> Message-ID: <20150121051315.GL5536@dhcp-40-8.bne.redhat.com> On Tue, Jan 20, 2015 at 02:49:16PM -0600, Endi Sukma Dewata wrote: > One of the constructors in EBaseException has been removed > because it's only used once and can be substituted with another > constructor. All subclasses of EBaseException have been updated > accordingly. > > https://fedorahosted.org/pki/ticket/915 > > -- > Endi S. Dewata ACK > From 0aac83eb5c13d1fe631e941fccc514967dc68fdc Mon Sep 17 00:00:00 2001 > From: "Endi S. Dewata" > Date: Tue, 20 Jan 2015 09:25:32 -0500 > Subject: [PATCH] Removed unnecessary EBaseException constructor. > > One of the constructors in EBaseException has been removed > because it's only used once and can be substituted with another > constructor. All subclasses of EBaseException have been updated > accordingly. > > https://fedorahosted.org/pki/ticket/915 > --- > .../certsrv/authentication/EAuthException.java | 11 ----------- > .../certsrv/authorization/EAuthzException.java | 11 ----------- > .../netscape/certsrv/base/BadRequestDataException.java | 5 ----- > .../src/com/netscape/certsrv/base/EBaseException.java | 18 ------------------ > .../src/com/netscape/certsrv/ca/ECAException.java | 11 ----------- > .../src/com/netscape/certsrv/dbs/EDBException.java | 11 ----------- > .../certsrv/extensions/EExtensionsException.java | 4 ---- > .../src/com/netscape/certsrv/jobs/EJobsException.java | 8 -------- > .../src/com/netscape/certsrv/kra/EKRAException.java | 11 ----------- > .../src/com/netscape/certsrv/ldap/ELdapException.java | 12 ------------ > .../certsrv/listeners/EListenersException.java | 11 ----------- > .../certsrv/notification/ENotificationException.java | 8 -------- > .../certsrv/password/EPasswordCheckException.java | 11 ----------- > .../com/netscape/certsrv/usrgrp/EUsrGrpException.java | 11 ----------- > base/ocsp/src/com/netscape/ocsp/EOCSPException.java | 8 -------- > .../src/com/netscape/cms/authentication/DNPattern.java | 2 +- > .../netscape/cms/servlet/common/ECMSGWException.java | 8 -------- > 17 files changed, 1 insertion(+), 160 deletions(-) > > diff --git a/base/common/src/com/netscape/certsrv/authentication/EAuthException.java b/base/common/src/com/netscape/certsrv/authentication/EAuthException.java > index 94240fdccd9ebc1b2f4d160ca032d3935a278c47..18743c5e70bd8bcf256ab1295cec4d997f6a9323 100644 > --- a/base/common/src/com/netscape/certsrv/authentication/EAuthException.java > +++ b/base/common/src/com/netscape/certsrv/authentication/EAuthException.java > @@ -47,17 +47,6 @@ public class EAuthException extends EBaseException { > } > > /** > - * Constructs an authentication exception with a parameter. > - *

> - * > - * @param msgFormat exception details in message string format > - * @param param message string parameter > - */ > - public EAuthException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > * Constructs a auth exception with a exception parameter. > *

> * > diff --git a/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java > index ccb81f24487a08f24264873219261d89fb7a6002..3674c8e00aa73ed254805a937a25ac36de08ea72 100644 > --- a/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java > +++ b/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java > @@ -47,17 +47,6 @@ public class EAuthzException extends EBaseException { > } > > /** > - * Constructs a authz exception with a parameter. > - *

> - * > - * @param msgFormat exception details in message string format > - * @param param message string parameter > - */ > - public EAuthzException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > * Constructs a authz exception with a exception parameter. > *

> * > diff --git a/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java b/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java > index 268221eae726ed93b37d08e3ae721ace3340a43d..d029cd4a78f35bb3dd8b13e28ea61591060cdd62 100644 > --- a/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java > +++ b/base/common/src/com/netscape/certsrv/base/BadRequestDataException.java > @@ -16,9 +16,4 @@ public class BadRequestDataException extends EBaseException { > public BadRequestDataException(String msgFormat, Object[] params) { > super(msgFormat, params); > } > - > - public BadRequestDataException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > } > diff --git a/base/common/src/com/netscape/certsrv/base/EBaseException.java b/base/common/src/com/netscape/certsrv/base/EBaseException.java > index 0ce8fdc3d37f5226cc144107d31dbc60a9e2103e..140a6acbcfc71b291ff059b09c8ec7eb3c6199fb 100644 > --- a/base/common/src/com/netscape/certsrv/base/EBaseException.java > +++ b/base/common/src/com/netscape/certsrv/base/EBaseException.java > @@ -63,24 +63,6 @@ public class EBaseException extends Exception { > } > > /** > - * Constructs an instance of this exception with the given resource key > - * and a parameter as a string. > - * > - * 

> -     * new EBaseException(BaseResource.NO_CONFIG_FILE, fileName);
> -     *
> - *

> - * > - * @param msgFormat exception details in message string format > - * @param param message string parameter > - */ > - public EBaseException(String msgFormat, String param) { > - super(msgFormat); > - mParams = new String[1]; > - mParams[0] = param; > - } > - > - /** > * Constructs an instance of the exception given the resource key and > * a exception parameter. > * > diff --git a/base/common/src/com/netscape/certsrv/ca/ECAException.java b/base/common/src/com/netscape/certsrv/ca/ECAException.java > index 54ddbe8062c6ed09e536c962a4b8d5dce974ed87..01c601e983ceecaf359a17b87694b6c9c415079c 100644 > --- a/base/common/src/com/netscape/certsrv/ca/ECAException.java > +++ b/base/common/src/com/netscape/certsrv/ca/ECAException.java > @@ -51,17 +51,6 @@ public class ECAException extends EBaseException { > *

> * > * @param msgFormat constant from CAResources. > - * @param param additional parameters to the message. > - */ > - public ECAException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a CA exception. > - *

> - * > - * @param msgFormat constant from CAResources. > * @param e embedded exception. > */ > public ECAException(String msgFormat, Exception e) { > diff --git a/base/common/src/com/netscape/certsrv/dbs/EDBException.java b/base/common/src/com/netscape/certsrv/dbs/EDBException.java > index 1908bdf7ed2e9a8222c8556c9563645d316ed277..279b9fb70834a35104307d32512ad58c3e221e4e 100644 > --- a/base/common/src/com/netscape/certsrv/dbs/EDBException.java > +++ b/base/common/src/com/netscape/certsrv/dbs/EDBException.java > @@ -51,17 +51,6 @@ public class EDBException extends EBaseException { > *

> * > * @param msgFormat message format > - * @param param parameter > - */ > - public EDBException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a database exception. > - *

> - * > - * @param msgFormat message format > * @param e exception as parameter > */ > public EDBException(String msgFormat, Exception e) { > diff --git a/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java b/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java > index 5374a466acce7884af6e72732fe8cd262097e8e2..e3ce3366e5c0ef0108d0ec5c0f29905f49a4f1a0 100644 > --- a/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java > +++ b/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java > @@ -40,10 +40,6 @@ public class EExtensionsException extends EBaseException { > super(msgFormat); > } > > - public EExtensionsException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > public EExtensionsException(String msgFormat, Exception e) { > super(msgFormat, e); > } > diff --git a/base/common/src/com/netscape/certsrv/jobs/EJobsException.java b/base/common/src/com/netscape/certsrv/jobs/EJobsException.java > index 38b9db6b9214a9f1d0e500b34b9c25d0433b1eb1..8632d6ca3335400312f8a5eae519e89175585183 100644 > --- a/base/common/src/com/netscape/certsrv/jobs/EJobsException.java > +++ b/base/common/src/com/netscape/certsrv/jobs/EJobsException.java > @@ -48,14 +48,6 @@ public class EJobsException extends EBaseException { > * Constructs a Identity exception. > *

> */ > - public EJobsException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a Identity exception. > - *

> - */ > public EJobsException(String msgFormat, Exception e) { > super(msgFormat, e); > } > diff --git a/base/common/src/com/netscape/certsrv/kra/EKRAException.java b/base/common/src/com/netscape/certsrv/kra/EKRAException.java > index a42e8f409b76ea947d08e771a27d580446a996f9..c2b802078af5aeb096ad33f09d4c5cce71c1ea1a 100644 > --- a/base/common/src/com/netscape/certsrv/kra/EKRAException.java > +++ b/base/common/src/com/netscape/certsrv/kra/EKRAException.java > @@ -54,17 +54,6 @@ public class EKRAException extends EBaseException { > *

> * > * @param msgFormat constant from KRAResources. > - * @param param additional parameters to the message. > - */ > - public EKRAException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a KRA exception. > - *

> - * > - * @param msgFormat constant from KRAResources. > * @param e embedded exception. > */ > public EKRAException(String msgFormat, Exception e) { > diff --git a/base/common/src/com/netscape/certsrv/ldap/ELdapException.java b/base/common/src/com/netscape/certsrv/ldap/ELdapException.java > index 57d7ca9585d24329cc016b3c30a03c04fea4a0c8..2f4943c6d4869d96931f3aeea1a96943c259cfca 100644 > --- a/base/common/src/com/netscape/certsrv/ldap/ELdapException.java > +++ b/base/common/src/com/netscape/certsrv/ldap/ELdapException.java > @@ -51,18 +51,6 @@ public class ELdapException extends EBaseException { > * Constructs a Ldap exception. > * > * @param msgFormat Resource Key, if key not present, serves as the message. > - * Include a message string parameter for variable content. > - * @param param Message string parameter. > - *

> - */ > - public ELdapException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a Ldap exception. > - * > - * @param msgFormat Resource Key, if key not present, serves as the message. > * @param e Common exception. > *

> */ > diff --git a/base/common/src/com/netscape/certsrv/listeners/EListenersException.java b/base/common/src/com/netscape/certsrv/listeners/EListenersException.java > index 1169de0b17658a39a216b962cfcf06df42947f85..e1db15209f69a612e9843d20ad1521ade206e6ff 100644 > --- a/base/common/src/com/netscape/certsrv/listeners/EListenersException.java > +++ b/base/common/src/com/netscape/certsrv/listeners/EListenersException.java > @@ -47,17 +47,6 @@ public class EListenersException extends EBaseException { > } > > /** > - * Constructs a listeners exception. > - *

> - * > - * @param msgFormat exception details in message string format. > - * @param param message string parameter. > - */ > - public EListenersException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > * Constructs a Listeners exception. > *

> * > diff --git a/base/common/src/com/netscape/certsrv/notification/ENotificationException.java b/base/common/src/com/netscape/certsrv/notification/ENotificationException.java > index 096d6e3a5674d2544fe01e7e79f45376b29087b1..13371d9b7bf377bdd9d0f84747394be5061f86b1 100644 > --- a/base/common/src/com/netscape/certsrv/notification/ENotificationException.java > +++ b/base/common/src/com/netscape/certsrv/notification/ENotificationException.java > @@ -48,14 +48,6 @@ public class ENotificationException extends EBaseException { > * Constructs a Identity exception. > *

> */ > - public ENotificationException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a Identity exception. > - *

> - */ > public ENotificationException(String msgFormat, Exception e) { > super(msgFormat, e); > } > diff --git a/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java b/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java > index 6b2459759c6da166a831b774bff009ef8a163d45..7ed8d90602317535a11828ab920b75e3c932c743 100644 > --- a/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java > +++ b/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java > @@ -52,17 +52,6 @@ public class EPasswordCheckException extends EBaseException { > *

> * > * @param msgFormat exception details in message string format > - * @param param message string parameter > - */ > - public EPasswordCheckException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a password checker exception. > - *

> - * > - * @param msgFormat exception details in message string format > * @param exception system exception > */ > public EPasswordCheckException(String msgFormat, Exception exception) { > diff --git a/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java b/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java > index cce9f3f3da35a69655c6b4bfa3656840f827e214..dff02cb4123e4f3a0db84119695db683dd9fcfa0 100644 > --- a/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java > +++ b/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java > @@ -49,17 +49,6 @@ public class EUsrGrpException extends EBaseException { > /** > * Constructs a Identity exception. > * > - * @param msgFormat exception details in message string format > - * @param param message string parameter > - *

> - */ > - public EUsrGrpException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a Identity exception. > - * > * @param e system exception > *

> */ > diff --git a/base/ocsp/src/com/netscape/ocsp/EOCSPException.java b/base/ocsp/src/com/netscape/ocsp/EOCSPException.java > index 1c878ad75b00b45ac4788cf1dfc33b173fb32a52..30574891fd8d7bd208dc50b055627e85f895408a 100644 > --- a/base/ocsp/src/com/netscape/ocsp/EOCSPException.java > +++ b/base/ocsp/src/com/netscape/ocsp/EOCSPException.java > @@ -48,14 +48,6 @@ public class EOCSPException extends EBaseException { > * Constructs a OCSP exception. > *

> */ > - public EOCSPException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a OCSP exception. > - *

> - */ > public EOCSPException(String msgFormat, Exception e) { > super(msgFormat, e); > } > diff --git a/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java b/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java > index ccee3b51284b0a84c6889bfd05099c84d2b48a70..c62af4afcf794d5a5f025cf107535c7bf93e200a 100644 > --- a/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java > +++ b/base/server/cms/src/com/netscape/cms/authentication/DNPattern.java > @@ -163,7 +163,7 @@ public class DNPattern { > try { > lastChar = in.read(); > } catch (IOException e) { > - throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()); > + throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e); > } > } while (lastChar == ','); > > diff --git a/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java b/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java > index 2c24c112a0e005ef2ad545cb2bc5d2c934972fe8..68a05c4f3a7eccd6d04d634d20466af751c35b6b 100644 > --- a/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java > +++ b/base/server/cms/src/com/netscape/cms/servlet/common/ECMSGWException.java > @@ -48,14 +48,6 @@ public class ECMSGWException extends EBaseException { > * Constructs a CMSGW exception. > *

> */ > - public ECMSGWException(String msgFormat, String param) { > - super(msgFormat, param); > - } > - > - /** > - * Constructs a CMSGW exception. > - *

> - */ > public ECMSGWException(String msgFormat, Exception e) { > super(msgFormat, e); > } > -- > 1.8.4.2 > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From ftweedal at redhat.com Wed Jan 21 05:15:47 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 21 Jan 2015 15:15:47 +1000 Subject: [Pki-devel] [PATCH] 542 Added support for exception chains in EBaseException. In-Reply-To: <54BEBFF0.8010102@redhat.com> References: <54BEBFF0.8010102@redhat.com> Message-ID: <20150121051547.GM5536@dhcp-40-8.bne.redhat.com> On Tue, Jan 20, 2015 at 02:52:00PM -0600, Endi Sukma Dewata wrote: > The EBaseException has been modified to provide constructors that > can be used to chain exceptions. This way the root cause of the > exception can be traced back to help troubleshooting. > > Some codes have been modified to utilize the proper exception > chaining. > > https://fedorahosted.org/pki/ticket/915 > > > -- > Endi S. Dewata ACK > From 6db8b7999007f25b87cd81182222a537fe0c2edc Mon Sep 17 00:00:00 2001 > From: "Endi S. Dewata" > Date: Tue, 20 Jan 2015 09:25:32 -0500 > Subject: [PATCH] Added support for exception chains in EBaseException. > > The EBaseException has been modified to provide constructors that > can be used to chain exceptions. This way the root cause of the > exception can be traced back to help troubleshooting. > > Some codes have been modified to utilize the proper exception > chaining. > > https://fedorahosted.org/pki/ticket/915 > --- > base/common/src/com/netscape/certsrv/apps/CMS.java | 14 ++--- > .../com/netscape/certsrv/base/EBaseException.java | 60 +++++++++++++++++----- > .../dogtagpki/server/rest/SystemConfigService.java | 18 +++---- > .../cmscore/authentication/AuthSubsystem.java | 20 +++++--- > .../ChallengePhraseAuthentication.java | 3 +- > 5 files changed, 76 insertions(+), 39 deletions(-) > > diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java > index 63c1a2cbde2ffdb0ce116c664ab373aeba91f5a3..8b4bac2c0985637ceab6d55bf3d2b9a00b848412 100644 > --- a/base/common/src/com/netscape/certsrv/apps/CMS.java > +++ b/base/common/src/com/netscape/certsrv/apps/CMS.java > @@ -17,8 +17,6 @@ > // --- END COPYRIGHT BLOCK --- > package com.netscape.certsrv.apps; > > -import java.io.ByteArrayOutputStream; > -import java.io.PrintStream; > import java.math.BigInteger; > import java.security.NoSuchAlgorithmException; > import java.security.cert.Certificate; > @@ -1586,21 +1584,19 @@ public final class CMS { > CMS.startup(); > > } catch (EBaseException e) { // catch everything here purposely > - CMS.debug("CMS:Caught EBaseException"); > CMS.debug(e); > > // Raidzilla Bug #57592: Always print error message to stdout. > - System.out.println(e.toString()); > + System.out.println(e); > > shutdown(); > throw e; > + > } catch (Exception e) { // catch everything here purposely > - ByteArrayOutputStream bos = new ByteArrayOutputStream(); > - PrintStream ps = new PrintStream(bos); > - > - e.printStackTrace(ps); > + CMS.debug(e); > System.out.println(Constants.SERVER_SHUTDOWN_MESSAGE); > - throw new EBaseException(bos.toString()); > + > + throw new EBaseException(e); > // cms.shutdown(); > } > } > diff --git a/base/common/src/com/netscape/certsrv/base/EBaseException.java b/base/common/src/com/netscape/certsrv/base/EBaseException.java > index 140a6acbcfc71b291ff059b09c8ec7eb3c6199fb..78d9a6d2d68083a39a91e4ae135bff3541406dad 100644 > --- a/base/common/src/com/netscape/certsrv/base/EBaseException.java > +++ b/base/common/src/com/netscape/certsrv/base/EBaseException.java > @@ -63,25 +63,24 @@ public class EBaseException extends Exception { > } > > /** > - * Constructs an instance of the exception given the resource key and > - * a exception parameter. > + * Constructs an instance of this exception given the resource key and > + * the cause exception. > * > - * 

> -     * 		try {
> -     *  		...
> -     * 		} catch (IOExeption e) {
> -     * 		 	throw new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
> -     *      }
> -     *
> - *

> + * 

> +     *     try {
> +     *         ...
> +     *     } catch (IOExeption e) {
> +     *         throw new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
> +     *     }
> +     *
> * > * @param msgFormat The resource key > - * @param param The parameter as an exception > + * @param cause The cause exception > */ > - public EBaseException(String msgFormat, Exception param) { > - super(msgFormat); > + public EBaseException(String msgFormat, Exception cause) { > + super(msgFormat, cause); > mParams = new Exception[1]; > - mParams[0] = param; > + mParams[0] = cause; > } > > /** > @@ -98,6 +97,39 @@ public class EBaseException extends Exception { > } > > /** > + * Constructs an instance of this exception given the resource key, > + * an array of parameters, and the cause exception. > + *

> + * > + * @param msgFormat The resource key > + * @param params Array of params > + * @param cause The cause exception > + */ > + public EBaseException(String msgFormat, Object params[], Exception cause) { > + super(msgFormat, cause); > + mParams = params; > + } > + > + /** > + * Constructs an instance of this exception given the cause exception. > + * > + * 

> +     *     try {
> +     *         ...
> +     *     } catch (IOExeption e) {
> +     *         throw new EBaseException(e);
> +     *     }
> +     *
> + * > + * @param cause The cause exception > + */ > + public EBaseException(Exception cause) { > + super(cause.getMessage() == null ? cause.getClass().getName() : cause.getMessage(), cause); > + mParams = new Exception[1]; > + mParams[0] = cause; > + } > + > + /** > * Returns the list of parameters. > *

> * > diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java > index 47048c31a06b44cd992d4ebd1f09ff550bde9bf0..a594dad0510242357e86201e9d1125f9d0f929f8 100644 > --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java > +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java > @@ -174,7 +174,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou > cs.commit(false); > } catch (EBaseException e) { > CMS.debug(e); > - throw new PKIException("Unable to commit config parameters to file"); > + throw new PKIException("Unable to commit config parameters to file", e); > } > initializeDatabase(data); > > @@ -200,8 +200,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou > ConfigurationUtils.setCertPermissions(cert.getCertTag()); > CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); > } catch (Exception e) { > - e.printStackTrace(); > - throw new PKIException("Error in configuring system certificates" + e); > + CMS.debug(e); > + throw new PKIException("Error in configuring system certificates" + e, e); > } > if (ret != 0) { > throw new PKIException("Error in configuring system certificates"); > @@ -234,8 +234,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou > try { > ConfigurationUtils.removePreopConfigEntries(); > } catch (EBaseException e) { > - e.printStackTrace(); > - throw new PKIException("Errors when removing preop config entries: " + e); > + CMS.debug(e); > + throw new PKIException("Errors when removing preop config entries: " + e, e); > } > > // Create an empty file that designates the fact that although > @@ -915,8 +915,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou > cs.putString("securitydomain.host", host); > cs.putInteger("securitydomain.httpsadminport",port); > } catch (Exception e) { > - e.printStackTrace(); > - throw new PKIException("Failed to resolve security domain URL"); > + CMS.debug(e); > + throw new PKIException("Failed to resolve security domain URL", e); > } > > getCertChainFromSecurityDomain(host, port); > @@ -957,8 +957,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou > try { > installToken = ConfigurationUtils.getInstallToken(host, port, user, pass); > } catch (Exception e) { > - e.printStackTrace(); > - throw new PKIException("Failed to obtain installation token from security domain: " + e); > + CMS.debug(e); > + throw new PKIException("Failed to obtain installation token from security domain: " + e, e); > } > > if (installToken == null) { > diff --git a/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java > index 549ce01f97fde8fb0ea3da9fb194451a43fdc128..137edb5c5a75916fb8a2b2fdf07ab0a6aa56f0fe 100644 > --- a/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java > +++ b/base/server/cmscore/src/com/netscape/cmscore/authentication/AuthSubsystem.java > @@ -219,21 +219,26 @@ public class AuthSubsystem implements IAuthSubsystem { > isEnable = true; > > log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName)); > + > } catch (ClassNotFoundException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); > - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); > + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); > + > } catch (IllegalAccessException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); > - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); > + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); > + > } catch (InstantiationException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); > - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); > + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); > + > } catch (EBaseException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString())); > // Skip the authenticaiton instance if > // it is mis-configurated. This give > // administrator another chance to > // fix the problem via console > + > } catch (Throwable e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString())); > // Skip the authenticaiton instance if > @@ -330,15 +335,18 @@ public class AuthSubsystem implements IAuthSubsystem { > authMgrInst = (IAuthManager) > Class.forName(className).newInstance(); > return (authMgrInst.getConfigParams()); > + > } catch (InstantiationException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); > - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); > + > + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); > } catch (ClassNotFoundException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); > - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); > + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); > + > } catch (IllegalAccessException e) { > log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); > - throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); > + throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className), e); > } > } > > diff --git a/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java > index f5bde0b54731c46d0ccff2dbc64d435995b23915..11b6104bf93096da03f622c291eabc4016271228 100644 > --- a/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java > +++ b/base/server/cmscore/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java > @@ -103,8 +103,9 @@ public class ChallengePhraseAuthentication implements IAuthManager { > > try { > mSHADigest = MessageDigest.getInstance("SHA1"); > + > } catch (NoSuchAlgorithmException e) { > - throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); > + throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()), e); > } > > log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name)); > -- > 1.8.4.2 > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From ftweedal at redhat.com Wed Jan 21 05:16:21 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Wed, 21 Jan 2015 15:16:21 +1000 Subject: [Pki-devel] [PATCH] 543 Fixed exception chains in ConfigurationUtils. In-Reply-To: <54BEC020.4080609@redhat.com> References: <54BEC020.4080609@redhat.com> Message-ID: <20150121051621.GN5536@dhcp-40-8.bne.redhat.com> On Tue, Jan 20, 2015 at 02:52:48PM -0600, Endi Sukma Dewata wrote: > The ConfigurationUtils has been modified such that if an exception > is triggered by another exception the exceptions will be chained. > > https://fedorahosted.org/pki/ticket/915 > > -- > Endi S. Dewata ACK > From 8d60e9b06ea6da23f3bb1d149dfffb9182b29fc2 Mon Sep 17 00:00:00 2001 > From: "Endi S. Dewata" > Date: Tue, 20 Jan 2015 14:47:59 -0500 > Subject: [PATCH] Fixed exception chains in ConfigurationUtils. > > The ConfigurationUtils has been modified such that if an exception > is triggered by another exception the exceptions will be chained. > > https://fedorahosted.org/pki/ticket/915 > --- > .../cms/servlet/csadmin/ConfigurationUtils.java | 40 +++++++++++++--------- > 1 file changed, 24 insertions(+), 16 deletions(-) > > diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java > index 0b1c6f6e26477acdd174bbfbad69c7e22e461ac4..21aaf203bb89a330698cdbc43e4dd1fa8f36854b 100644 > --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java > +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java > @@ -276,13 +276,15 @@ public class ConfigurationUtils { > > c = httpresponse.getContent(); > //cfu > - > + > } catch (ConnectException e) { > CMS.debug("getHttpResponse: " + e.toString()); > - throw new IOException("The server you tried to contact is not running."); > + throw new IOException("The server you tried to contact is not running.", e); > + > } catch (Exception e) { > CMS.debug("getHttpResponse: " + e.toString()); > - throw new IOException(e.toString()); > + throw new IOException(e.toString(), e); > + > } finally { > if (httpclient.connected()) { > httpclient.disconnect(); > @@ -366,6 +368,7 @@ public class ConfigurationUtils { > SecurityDomainClient sdClient = new SecurityDomainClient(client, "ca"); > > try { > + CMS.debug("Getting install token"); > accountClient.login(); > InstallToken token = sdClient.getInstallToken(sdhost, csType); > accountClient.logout(); > @@ -375,6 +378,7 @@ public class ConfigurationUtils { > > if (e.getResponse().getResponseStatus() == Response.Status.NOT_FOUND) { > // try the old servlet > + CMS.debug("Getting old cookie"); > String tokenString = getOldCookie(sdhost, sdport, user, passwd); > CMS.debug("Token: " + tokenString); > return tokenString; > @@ -702,7 +706,7 @@ public class ConfigurationUtils { > c = getHttpResponse(hostname, eePort, https, serverPath, content, null, null); > if (c == null || c.equals("")) { > CMS.debug("updateNumberRange: content is null."); > - throw new IOException("The server you want to contact is not available"); > + throw new IOException("The server you want to contact is not available", e); > } > CMS.debug("content from ee interface =" + c); > parser = new XMLObject(new ByteArrayInputStream(c.getBytes())); > @@ -1015,7 +1019,9 @@ public class ConfigurationUtils { > return false; > } > } > + > } catch (Exception e) { > + CMS.debug(e); > return false; > } > > @@ -1289,7 +1295,7 @@ public class ConfigurationUtils { > try { > if (conn != null) conn.disconnect(); > } catch (LDAPException e) { > - e.printStackTrace(); > + CMS.debug(e); > CMS.debug("releaseConnection: " + e); > } > } > @@ -1484,7 +1490,7 @@ public class ConfigurationUtils { > > } catch (LDAPException e) { > CMS.debug("populateDB: " + e); > - throw new EBaseException("Failed to check database mapping: " + e); > + throw new EBaseException("Failed to check database mapping: " + e, e); > } > } > > @@ -1506,7 +1512,7 @@ public class ConfigurationUtils { > CMS.debug("getDatabaseEntry: Database " + database + " does not exist."); > } else { > CMS.debug("getDatabaseEntry: " + e); > - throw new EBaseException("Failed to determine if database exists: " + e); > + throw new EBaseException("Failed to determine if database exists: " + e, e); > } > } > return databaseEntry; > @@ -1530,7 +1536,7 @@ public class ConfigurationUtils { > CMS.debug("getMappingDNEntry: Mapping for subtree " + baseDN + " does not exist."); > } else { > CMS.debug("getMappingDNEntry: " + e); > - throw new EBaseException("Failed to determine if mapping entry exists: " + e); > + throw new EBaseException("Failed to determine if mapping entry exists: " + e, e); > } > } > return mappingEntry; > @@ -1553,7 +1559,7 @@ public class ConfigurationUtils { > CMS.debug("getBaseDNEntry: Subtree " + baseDN + " does not exist."); > } else { > CMS.debug("getBaseDNEntry: " + e); > - throw new EBaseException("Failed to determine if base DN exists: " + e); > + throw new EBaseException("Failed to determine if base DN exists: " + e, e); > } > } > return baseEntry; > @@ -1573,10 +1579,10 @@ public class ConfigurationUtils { > CMS.debug("checkParentExists: Parent entry " + parentDN + " exists."); > } catch (LDAPException e) { > if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { > - throw new EBaseException("Parent entry " + parentDN + "does not exist"); > + throw new EBaseException("Parent entry " + parentDN + "does not exist", e); > } else { > CMS.debug("checkParentExists: " + e); > - throw new EBaseException("Failed to determine if base DN exists: " + e); > + throw new EBaseException("Failed to determine if base DN exists: " + e, e); > } > } > } > @@ -1859,7 +1865,7 @@ public class ConfigurationUtils { > CMS.debug("setupEeplication: Failed to set up connection to master:" + e.toString()); > e.printStackTrace(); > releaseConnection(masterConn); > - throw new IOException("Failed to set up replication: No connection to master"); > + throw new IOException("Failed to set up replication: No connection to master", e); > } > > // get connection to replica > @@ -1875,7 +1881,7 @@ public class ConfigurationUtils { > e.printStackTrace(); > releaseConnection(masterConn); > releaseConnection(replicaConn); > - throw new IOException("Failed to set up replication: No connection to replica"); > + throw new IOException("Failed to set up replication: No connection to replica", e); > } > > try { > @@ -1944,7 +1950,7 @@ public class ConfigurationUtils { > } catch (Exception e) { > e.printStackTrace(); > CMS.debug("setupReplication: " + e.toString()); > - throw new IOException("Failed to setup the replication for cloning."); > + throw new IOException("Failed to setup the replication for cloning.", e); > } finally { > releaseConnection(masterConn); > releaseConnection(replicaConn); > @@ -2954,7 +2960,7 @@ public class ConfigurationUtils { > CryptoUtil.importUserCertificate(impl, nickname, false); > CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'"); > } catch (Exception ee) { > - ee.printStackTrace(); > + CMS.debug(ee); > CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: " + ee.toString()); > } > } > @@ -3239,8 +3245,10 @@ public class ConfigurationUtils { > try { > fout = new FileOutputStream(fname); > fout.write(output); > + > } catch (Exception e) { > - throw new IOException("Failed to store keys in backup file" + e); > + throw new IOException("Failed to store keys in backup file " + e, e); > + > } finally { > if (fout != null) { > fout.close(); > -- > 1.8.4.2 > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From edewata at redhat.com Wed Jan 21 20:55:19 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 21 Jan 2015 14:55:19 -0600 Subject: [Pki-devel] [PATCH] 541 Removed unnecessary EBaseException constructor. In-Reply-To: <20150121051315.GL5536@dhcp-40-8.bne.redhat.com> References: <54BEBF4C.8070309@redhat.com> <20150121051315.GL5536@dhcp-40-8.bne.redhat.com> Message-ID: <54C01237.6070708@redhat.com> On 1/20/2015 11:13 PM, Fraser Tweedale wrote: > ACK Thanks. Pushed to master. -- Endi S. Dewata From edewata at redhat.com Wed Jan 21 20:55:27 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 21 Jan 2015 14:55:27 -0600 Subject: [Pki-devel] [PATCH] 542 Added support for exception chains in EBaseException. In-Reply-To: <20150121051547.GM5536@dhcp-40-8.bne.redhat.com> References: <54BEBFF0.8010102@redhat.com> <20150121051547.GM5536@dhcp-40-8.bne.redhat.com> Message-ID: <54C0123F.6050302@redhat.com> On 1/20/2015 11:15 PM, Fraser Tweedale wrote: > ACK Thanks. Pushed to master. -- Endi S. Dewata From edewata at redhat.com Wed Jan 21 20:55:33 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 21 Jan 2015 14:55:33 -0600 Subject: [Pki-devel] [PATCH] 543 Fixed exception chains in ConfigurationUtils. In-Reply-To: <20150121051621.GN5536@dhcp-40-8.bne.redhat.com> References: <54BEC020.4080609@redhat.com> <20150121051621.GN5536@dhcp-40-8.bne.redhat.com> Message-ID: <54C01245.4000302@redhat.com> On 1/20/2015 11:16 PM, Fraser Tweedale wrote: > ACK Thanks. Pushed to master. -- Endi S. Dewata From edewata at redhat.com Thu Jan 22 19:20:01 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 22 Jan 2015 13:20:01 -0600 Subject: [Pki-devel] [PATCH] 544 Added server management library. Message-ID: <54C14D61.90900@redhat.com> The PKISubsystem and PKIInstance classes used by the upgrade framework have been converted into a server management library. They have been enhanced to provide the following functionalities: * starting and stopping instances * enabling and disabling subsystems * checking instance and subsystem statuses The validate() invocation has been moved out of the constructors into the upgrade framework such that these objects can be created to represent subsystems and instances that do not exist yet. https://fedorahosted.org/pki/ticket/1183 -- Endi S. Dewata -------------- next part -------------- From 03bf1c8d3a1c987582bc65d2e8df0f3d258f8843 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sat, 11 Oct 2014 13:18:45 -0400 Subject: [PATCH] Added server management library. The PKISubsystem and PKIInstance classes used by the upgrade framework have been converted into a server management library. They have been enhanced to provide the following functionalities: * starting and stopping instances * enabling and disabling subsystems * checking instance and subsystem statuses The validate() invocation has been moved out of the constructors into the upgrade framework such that these objects can be created to represent subsystems and instances that do not exist yet. https://fedorahosted.org/pki/ticket/1183 --- base/common/python/pki/__init__.py | 6 +- base/server/python/pki/server/__init__.py | 142 ++++++++++++++++++++++++++---- base/server/python/pki/server/upgrade.py | 29 +++--- 3 files changed, 146 insertions(+), 31 deletions(-) diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py index 62d87a01c454878d5d0c1dc14b5f5e143326b4d8..01ac2639392c40c799972f50bd78c7023f7187f1 100644 --- a/base/common/python/pki/__init__.py +++ b/base/common/python/pki/__init__.py @@ -27,10 +27,10 @@ import re import requests -CONF_DIR = '/etc/pki' +CONF_DIR = '/etc/pki' SHARE_DIR = '/usr/share/pki' -BASE_DIR = '/var/lib' -LOG_DIR = '/var/log/pki' +BASE_DIR = '/var/lib' +LOG_DIR = '/var/log/pki' PACKAGE_VERSION = SHARE_DIR + '/VERSION' CERT_HEADER = "-----BEGIN CERTIFICATE-----" diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 3eb6b5f97b0c22b2ff95f8f5e73ae3e09d89b693..3c471071fc023903bb7c7a4e7b5175e665800bbb 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -19,41 +19,61 @@ # All rights reserved. # -import re +from lxml import etree +import grp import os +import pwd +import re +import subprocess import pki INSTANCE_BASE_DIR = '/var/lib/pki' -REGISTRY_DIR = '/etc/sysconfig/pki' -SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps'] +REGISTRY_DIR = '/etc/sysconfig/pki' +SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps'] class PKISubsystem(object): def __init__(self, instance, subsystem_name): + self.instance = instance self.name = subsystem_name self.type = instance.type + if self.type >= 10: - self.conf_dir = os.path.join( - INSTANCE_BASE_DIR, - instance.name, 'conf', subsystem_name) - self.base_dir = os.path.join( - INSTANCE_BASE_DIR, - instance.name, subsystem_name) + self.base_dir = os.path.join(self.instance.base_dir, self.name) + self.conf_dir = os.path.join(self.base_dir, 'conf') else: - self.conf_dir = os.path.join(pki.BASE_DIR, instance.name, 'conf') - self.base_dir = os.path.join(pki.BASE_DIR, instance.name) + self.base_dir = instance.base_dir + self.conf_dir = os.path.join(self.base_dir, 'conf') - self.validate() + self.context_xml_template = os.path.join( + pki.SHARE_DIR, self.name, 'conf', 'Catalina', 'localhost', self.name + '.xml') + + self.context_xml = os.path.join( + instance.conf_dir, 'Catalina', 'localhost', self.name + '.xml') + + self.doc_base = os.path.join(self.base_dir, 'webapps', self.name) + + def is_valid(self): + return os.path.exists(self.conf_dir) def validate(self): - if not os.path.exists(self.conf_dir): + if not self.is_valid(): raise pki.PKIException( 'Invalid subsystem: ' + self.__repr__(), None, self.instance) + def is_enabled(self): + return self.instance.is_deployed(self.name) + + def enable(self): + self.instance.deploy(self.name, self.context_xml_template, self.doc_base) + + def disable(self): + self.instance.undeploy(self.name) + def __repr__(self): return str(self.instance) + '/' + self.name @@ -61,22 +81,110 @@ class PKISubsystem(object): class PKIInstance(object): def __init__(self, name, instanceType=10): + self.name = name self.type = instanceType + if self.type >= 10: - self.conf_dir = os.path.join(INSTANCE_BASE_DIR, name, 'conf') self.base_dir = os.path.join(INSTANCE_BASE_DIR, name) + self.conf_dir = os.path.join(self.base_dir, 'conf') else: - self.conf_dir = os.path.join(pki.BASE_DIR, name, 'conf') self.base_dir = os.path.join(pki.BASE_DIR, name) + self.conf_dir = os.path.join(self.base_dir, 'conf') - self.validate() + self.registry_file = os.path.join( + pki.server.REGISTRY_DIR, 'tomcat', self.name, self.name) + + self.service_name = 'pki-tomcatd@%s.service' % self.name + + self.user = None + self.group = None + + def is_valid(self): + return os.path.exists(self.conf_dir) def validate(self): - if not os.path.exists(self.conf_dir): + if not self.is_valid(): raise pki.PKIException( 'Invalid instance: ' + self.__repr__(), None) + def start(self): + subprocess.check_call(['systemctl', 'start', self.service_name]) + + def stop(self): + subprocess.check_call(['systemctl', 'stop', self.service_name]) + + def is_active(self): + rc = subprocess.call(['systemctl', '--quiet', 'is-active', self.service_name]) + return rc == 0 + + def load(self): + with open(self.registry_file, 'r') as registry: + lines = registry.readlines() + + for line in lines: + + m = re.search('^PKI_USER=(.*)$', line) + if m: + self.user = m.group(1) + + m = re.search('^PKI_GROUP=(.*)$', line) + if m: + self.group = m.group(1) + + def is_deployed(self, webapp_name): + context_xml = os.path.join( + self.conf_dir, 'Catalina', 'localhost', webapp_name + '.xml') + return os.path.exists(context_xml) + + def deploy(self, webapp_name, descriptor, doc_base=None): + """ + Deploy a web application into a Tomcat instance. + + This method will copy the specified deployment descriptor into + /conf/Catalina/localhost/.xml and point the docBase + to the specified location. The web application will become available + under "/" URL path. + + See also: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html + + :param webapp_name: Web application name. + :type webapp_name: str + :param descriptor: Path to deployment descriptor (context.xml). + :type descriptor: str + :param doc_base: Path to web application content. + :type doc_base: str + """ + + context_xml = os.path.join( + self.conf_dir, 'Catalina', 'localhost', webapp_name + '.xml') + + # read deployment descriptor + parser = etree.XMLParser(remove_blank_text=True) + document = etree.parse(descriptor, parser) + + if doc_base: + # customize docBase + context = document.getroot() + context.set('docBase', doc_base) + + # write deployment descriptor + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + # find uid and gid + uid = pwd.getpwnam(self.user).pw_uid + gid = grp.getgrnam(self.group).gr_gid + + # set deployment descriptor ownership and permission + os.chown(context_xml, uid, gid) + os.chmod(context_xml, 00660) + + def undeploy(self, webapp_name): + context_xml = os.path.join( + self.conf_dir, 'Catalina', 'localhost', webapp_name + '.xml') + os.remove(context_xml) + def __repr__(self): if self.type == 9: return "Dogtag 9 " + self.name diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index 4cae695d1fa1dd90d959fe17f219b7040863f383..db3d968aa85e977838ebd8a13be798dc373ab172 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -182,8 +182,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): def instances(self): if self.instanceName and self.instanceType: - return [pki.server.PKIInstance( - self.instanceName, self.instanceType)] + instance = pki.server.PKIInstance(self.instanceName, self.instanceType) + instance.validate() + return [instance] instance_list = [] @@ -192,8 +193,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): for instanceName in os.listdir(pki.server.INSTANCE_BASE_DIR): if not self.instanceName or \ self.instanceName == instanceName: - instance_list.append( - pki.server.PKIInstance(instanceName)) + instance = pki.server.PKIInstance(instanceName) + instance.validate() + instance_list.append(instance) if not self.instanceType or self.instanceType == 9: for s in pki.server.SUBSYSTEM_TYPES: @@ -202,8 +204,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): os.path.join(pki.server.REGISTRY_DIR, s)): if not self.instanceName or \ self.instanceName == instanceName: - instance_list.append( - pki.server.PKIInstance(instanceName, 9)) + instance = pki.server.PKIInstance(instanceName, 9) + instance.validate() + instance_list.append(instance) instance_list.sort() @@ -212,7 +215,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): def subsystems(self, instance): if self.subsystemName: - return [pki.server.PKISubsystem(instance, self.subsystemName)] + subsystem = pki.server.PKISubsystem(instance, self.subsystemName) + subsystem.validate() + return [subsystem] subsystem_list = [] @@ -222,8 +227,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): instance.name) for subsystemName in os.listdir(registry_dir): if subsystemName in pki.server.SUBSYSTEM_TYPES: - subsystem_list.append( - pki.server.PKISubsystem(instance, subsystemName)) + subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem.validate() + subsystem_list.append(subsystem) else: for subsystemName in pki.server.SUBSYSTEM_TYPES: registry_dir = os.path.join( @@ -231,8 +237,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): subsystemName, instance.name) if os.path.exists(registry_dir): - subsystem_list.append( - pki.server.PKISubsystem(instance, subsystemName)) + subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem.validate() + subsystem_list.append(subsystem) subsystem_list.sort() -- 1.8.4.2 From edewata at redhat.com Thu Jan 22 19:20:16 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 22 Jan 2015 13:20:16 -0600 Subject: [Pki-devel] [PATCH] 545 Added server management CLI. Message-ID: <54C14D70.9050206@redhat.com> A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183 -- Endi S. Dewata -------------- next part -------------- From f20225af9b168fb62de91d0a76baf76642ad4b5a Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 20 Jan 2015 22:11:50 -0500 Subject: [PATCH] Added server management CLI. A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183 --- base/common/python/pki/cli.py | 145 ++++++++++ base/server/python/pki/server/cli/__init__.py | 0 base/server/python/pki/server/cli/instance.py | 252 +++++++++++++++++ base/server/python/pki/server/cli/subsystem.py | 310 +++++++++++++++++++++ base/server/sbin/pki-server | 84 ++++++ base/server/share/conf/server.xml | 2 +- .../10.2.2/02-EnableWebApplicationAutoDeploy | 56 ++++ pylint-build-scan.sh | 8 +- specs/pki-core.spec | 1 + 9 files changed, 856 insertions(+), 2 deletions(-) create mode 100644 base/common/python/pki/cli.py create mode 100644 base/server/python/pki/server/cli/__init__.py create mode 100644 base/server/python/pki/server/cli/instance.py create mode 100644 base/server/python/pki/server/cli/subsystem.py create mode 100644 base/server/sbin/pki-server create mode 100755 base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy diff --git a/base/common/python/pki/cli.py b/base/common/python/pki/cli.py new file mode 100644 index 0000000000000000000000000000000000000000..d44875fcb42bddd0cad4f4e6314c84890965e3d4 --- /dev/null +++ b/base/common/python/pki/cli.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import sys +import collections + + +class CLI(object): + + def __init__(self, name, description): + + self.name = name + self.description = description + self.parent = None + + self.verbose = False + self.modules = collections.OrderedDict() + + def set_verbose(self, verbose): + self.verbose = verbose + if self.parent: + self.parent.set_verbose(verbose) + + def get_full_name(self): + if self.parent: + return self.parent.get_full_module_name(self.name) + return self.name + + def get_full_module_name(self, module_name): + return self.get_full_name() + '-' + module_name + + def add_module(self, module): + self.modules[module.name] = module + module.parent = self + + def get_module(self, name): + return self.modules.get(name) + + def print_message(self, message): + print '-' * len(message) + print message + print '-' * len(message) + + def print_help(self): + + print 'Commands:' + + for module in self.modules.itervalues(): + full_name = module.get_full_name() + print ' {:30}{:30}'.format(full_name, module.description) + + def init(self): + pass + + def execute(self, args): + + if len(args) == 0: + self.print_help() + sys.exit() + + # A command consists of parts joined by dashes: --...-. + # For example: cert-request-find + command = args[0] + + # The command will be split into module name and sub command, for example: + # - module name: cert + # - sub command: request-find + module_name = None + sub_command = None + + # Search the module by incrementally adding parts into module name. + # Repeat until it finds the module or until there is no more parts to add. + module = None + position = 0 + + while True: + + # Find the next dash. + i = command.find('-', position) + if i >= 0: + # Dash found. Split command into module name and sub command. + module_name = command[0:i] + sub_command = command[i+1:] + else: + # Dash not found. Use the whole command. + module_name = command + sub_command = None + + if self.verbose: + print 'Module: %s' % module_name + + m = self.get_module(module_name) + if m: + # Module found. Check sub command. + if not sub_command: + # No sub command. Use this module. + module = m + break + + # There is a sub command. It must be processed by module's children. + if len(m.modules) > 0: + # Module has children. Use this module. + module = m + break + + # Module doesn't have children. Keep looking. + + # If there's no more dashes, stop. + if i<0: + break + + position = i + 1 + + if not module: + raise Exception('Invalid module "%s".' % self.get_full_module_name(module_name)) + + # Prepare module arguments. + if sub_command: + # If module command exists, include it as arguments: ... + module_args = [sub_command] + args[1:] + + else: + # Otherwise, pass the original arguments: ... + module_args = args[1:] + + module.init() + module.execute(module_args) diff --git a/base/server/python/pki/server/cli/__init__.py b/base/server/python/pki/server/cli/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py new file mode 100644 index 0000000000000000000000000000000000000000..c1ec9ddd728950d2b39384249b25335d25820c6a --- /dev/null +++ b/base/server/python/pki/server/cli/instance.py @@ -0,0 +1,252 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import os +import sys + +import pki.cli +import pki.server + + +class InstanceCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceCLI, self).__init__('instance', 'Instance management commands') + + self.add_module(InstanceFindCLI()) + self.add_module(InstanceShowCLI()) + self.add_module(InstanceStartCLI()) + self.add_module(InstanceStopCLI()) + + @staticmethod + def print_instance(instance): + print ' Instance ID: %s' % instance.name + print ' Active: %s' % instance.is_active() + + +class InstanceFindCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceFindCLI, self).__init__('find', 'Find instances') + + def print_help(self): + print 'Usage: pki-server instance-find [OPTIONS]' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, _ = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + results = [] + if os.path.exists(pki.server.INSTANCE_BASE_DIR): + for f in os.listdir(pki.server.INSTANCE_BASE_DIR): + + if not os.path.isdir: + continue + + results.append(f) + + self.print_message('%s entries matched' % len(results)) + + first = True + for instance_name in results: + if first: + first = False + else: + print + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + InstanceCLI.print_instance(instance) + + +class InstanceShowCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceShowCLI, self).__init__('show', 'Show instance') + + def print_help(self): + print 'Usage: pki-server instance-show [OPTIONS] ' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + InstanceCLI.print_instance(instance) + + +class InstanceStartCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceStartCLI, self).__init__('start', 'Start instance') + + def print_help(self): + print 'Usage: pki-server instance-start [OPTIONS] ' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + instance.start() + + self.print_message('%s instance started' % instance_name) + + +class InstanceStopCLI(pki.cli.CLI): + + def __init__(self): + super(InstanceStopCLI, self).__init__('stop', 'Stop instance') + + def print_help(self): + print 'Usage: pki-server instance-stop [OPTIONS] ' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing instance ID' + self.print_help() + sys.exit(1) + + instance_name = args[0] + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + instance.stop() + + self.print_message('%s instance stopped' % instance_name) diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py new file mode 100644 index 0000000000000000000000000000000000000000..7e487ebee9c82ba193166a91f7bf2c4074d0f7a6 --- /dev/null +++ b/base/server/python/pki/server/cli/subsystem.py @@ -0,0 +1,310 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import os +import sys + +import pki.cli +import pki.server + + +class SubsystemCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemCLI, self).__init__('subsystem', 'Subsystem management commands') + + self.add_module(SubsystemDisableCLI()) + self.add_module(SubsystemEnableCLI()) + self.add_module(SubsystemFindCLI()) + self.add_module(SubsystemShowCLI()) + + @staticmethod + def print_subsystem(subsystem): + print ' Subsystem ID: %s' % subsystem.name + print ' Instance ID: %s' % subsystem.instance.name + print ' Enabled: %s' % subsystem.is_enabled() + + +class SubsystemFindCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemFindCLI, self).__init__('find', 'Find subsystems') + + def usage(self): + print 'Usage: pki-server subsystem-find [OPTIONS]' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, args): + + try: + opts, _ = getopt.getopt(args, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + instance_name = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + results = [] + + for name in os.listdir(instance.base_dir): + + subsystem = pki.server.PKISubsystem(instance, name) + if not subsystem.is_valid(): + continue + + results.append(subsystem) + + self.print_message('%s entries matched' % len(results)) + + first = True + for subsystem in results: + if first: + first = False + else: + print + + SubsystemCLI.print_subsystem(subsystem) + + +class SubsystemShowCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemShowCLI, self).__init__('show', 'Show subsystem') + + def usage(self): + print 'Usage: pki-server subsystem-show [OPTIONS] ' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing subsystem ID' + self.usage() + sys.exit(1) + + subsystem_name = args[0] + instance_name = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + subsystem = pki.server.PKISubsystem(instance, subsystem_name) + + SubsystemCLI.print_subsystem(subsystem) + + +class SubsystemEnableCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemEnableCLI, self).__init__('enable', 'Enable subsystem') + + def usage(self): + print 'Usage: pki-server subsystem-enable [OPTIONS] ' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing subsystem ID' + self.usage() + sys.exit(1) + + subsystem_name = args[0] + instance_name = None + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + subsystem = pki.server.PKISubsystem(instance, subsystem_name) + subsystem.enable() + + self.print_message('Enabled "%s" subsystem' % subsystem_name) + + SubsystemCLI.print_subsystem(subsystem) + + +class SubsystemDisableCLI(pki.cli.CLI): + + def __init__(self): + super(SubsystemDisableCLI, self).__init__('disable', 'Disable subsystem') + + def usage(self): + print 'Usage: pki-server subsystem-disable [OPTIONS] ' + print + print ' -i, --instance Instance ID.' + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.usage() + sys.exit(1) + + if len(args) != 1: + print 'ERROR: missing subsystem ID' + self.usage() + sys.exit(1) + + subsystem_name = args[0] + instance_name = None + + for o, a in opts: + print 'option: %s %s' % (o, a) + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.usage() + sys.exit(1) + + if not instance_name: + print 'ERROR: missing instance ID' + self.usage() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + instance.load() + + subsystem = pki.server.PKISubsystem(instance, subsystem_name) + subsystem.disable() + + self.print_message('Disabled "%s" subsystem' % subsystem_name) + + SubsystemCLI.print_subsystem(subsystem) diff --git a/base/server/sbin/pki-server b/base/server/sbin/pki-server new file mode 100644 index 0000000000000000000000000000000000000000..c730ebd20feef9ef6d853b4a186422af7c3e3a71 --- /dev/null +++ b/base/server/sbin/pki-server @@ -0,0 +1,84 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import getopt +import sys + +import pki.cli +import pki.server.cli.instance +import pki.server.cli.subsystem + +class PKIServerCLI(pki.cli.CLI): + + def __init__(self): + + super(PKIServerCLI, self).__init__('pki-server', 'PKI server command-line interface') + + self.add_module(pki.server.cli.instance.InstanceCLI()) + self.add_module(pki.server.cli.subsystem.SubsystemCLI()) + + def get_full_module_name(self, module_name): + return module_name + + def print_help(self): + + print 'Usage: pki-server [OPTIONS]' + print + print ' -v, --verbose Run in verbose mode.' + print ' --help Show help message.' + print + + super(PKIServerCLI, self).print_help() + + def execute(self, argv): + + try: + opts, args = getopt.getopt(argv[1:], 'v', [ + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + self.print_help() + sys.exit(1) + + for o, _ in opts: + if o in ('-v', '--verbose'): + self.verbose = True + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print 'ERROR: unknown option ' + o + self.print_help() + sys.exit(1) + + if self.verbose: + print 'Command: %s' % ' '.join(args) + + super(PKIServerCLI, self).execute(args) + + +if __name__ == '__main__': + cli = PKIServerCLI() + cli.init() + cli.execute(sys.argv) diff --git a/base/server/share/conf/server.xml b/base/server/share/conf/server.xml index 306ebf25b9a2ac83f90e0e79e4530211ef7fc7ea..b9e8860b2179e1432ebef7d06ff9f2c70985c1b5 100644 --- a/base/server/share/conf/server.xml +++ b/base/server/share/conf/server.xml @@ -253,7 +253,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> > appBase="[PKI_INSTANCE_PATH]/webapps" > - unpackWARs="true" autoDeploy="false" > + unpackWARs="true" autoDeploy="true" > xmlValidation="false" xmlNamespaceAware="false"> > >