[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] pki-cfu-0080-Ticket-1447-pkispawn-findCertByNickname-fails-to-fin.patch



This patch addressed the following ticket:
https://fedorahosted.org/pki/ticket/1447 pkispawn: findCertByNickname fails to find cert in creating shared tomcat subsystems on HSM

A more conservative approach is taken in this patch so that in the case the token is specified, just prepend token name to the nickname before calling findCertByNickname.

Please review.
thanks,
Christina
>From 52621086ba6d5d1d861aef1a119beb3a6a6cc54d Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu redhat com>
Date: Tue, 30 Jun 2015 18:46:33 -0700
Subject: [PATCH] Ticket 1447 pkispawn: findCertByNickname fails to find cert
 in creating shared tomcat subsystems on HSM

---
 .../src/org/dogtagpki/server/rest/SystemConfigService.java | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index 2de087badfa3f1b87ccf2295f00fc6c490c53517..2857da62d69bf3716ca29755d8d2a7f2aaa333f9 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -335,6 +335,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
                     throw new BadRequestException("No data for '" + tag + "' was found!");
                 }
 
+                String tokenName = certData.getToken() != null ? certData.getToken() : token;
                 if (request.getStandAlone() && request.getStepTwo()) {
                     // Stand-alone PKI (Step 2)
                     if (tag.equals("external_signing")) {
@@ -345,7 +346,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
 
                             if (request.getIssuingCA().equals("External CA")) {
                                 String nickname = certData.getNickname() != null ? certData.getNickname() : "caSigningCert External CA";
-                                String tokenName = certData.getToken() != null ? certData.getToken() : token;
                                 Cert cert = new Cert(tokenName, nickname, tag);
                                 ConfigurationUtils.setExternalCACert(b64, csSubsystem, cs, cert);
 
@@ -377,7 +377,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
                     updateConfiguration(request, certData, "subsystem");
 
                     // get parameters needed for cloning
-                    updateCloneConfiguration(certData, "subsystem");
+                    updateCloneConfiguration(certData, "subsystem", tokenName);
                     continue;
                 }
 
@@ -429,7 +429,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
                     CMS.debug("configure(): step two selected.  keys will not be generated for '" + tag + "'");
                 }
 
-                String tokenName = certData.getToken() != null ? certData.getToken() : token;
                 Cert cert = new Cert(tokenName, nickname, tag);
                 cert.setDN(dn);
                 cert.setSubsystem(cs.getString("preop.cert." + tag + ".subsystem"));
@@ -519,11 +518,16 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
         }
     }
 
-    private void updateCloneConfiguration(SystemCertData cdata, String tag) throws NotInitializedException,
+    private void updateCloneConfiguration(SystemCertData cdata, String tag, String tokenName) throws NotInitializedException,
             ObjectNotFoundException, TokenException {
         // TODO - some of these parameters may only be valid for RSA
         CryptoManager cryptoManager = CryptoManager.getInstance();
-        X509Certificate cert = cryptoManager.findCertByNickname(cdata.getNickname());
+        if (!tokenName.isEmpty())
+            CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName=" + tokenName);
+        else
+            CMS.debug("SystemConfigService:updateCloneConfiguration: tokenName empty; using internal");
+
+        X509Certificate cert = cryptoManager.findCertByNickname(!tokenName.isEmpty()? tokenName + ":" + cdata.getNickname() :  cdata.getNickname());
         PublicKey pubk = cert.getPublicKey();
         byte[] exponent = CryptoUtil.getPublicExponent(pubk);
         byte[] modulus = CryptoUtil.getModulus(pubk);
-- 
1.8.4.2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]