>From 9459bb3e60dc754fb7a7da6a91b7bdce426893d2 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 18 Jul 2014 02:01:58 -0400 Subject: [PATCH 8/9] Import profiles when spawning CA instance --- base/ca/shared/conf/CS.cfg.in | 1 + .../server/ca/rest/CAInstallerService.java | 116 +++++++++++++++++++++ 2 files changed, 117 insertions(+) diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index 1831f3c8c7edf4cc26de7233460d92bea6c49ebb..5b9f66680d14bbcc9f38133fd032bf2400e75ecc 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -1139,6 +1139,7 @@ subsystem.0.class=com.netscape.ca.CertificateAuthority subsystem.0.id=ca subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem subsystem.1.id=profile +subsystem.1.enabled=false subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem subsystem.2.id=selftests subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java index bb823eece4729599b6badd9ca0e24ef560b9f279..883ab3779a811e35efe571e505d93def090137c5 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java @@ -17,13 +17,28 @@ // --- END COPYRIGHT BLOCK --- package org.dogtagpki.server.ca.rest; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.util.StringTokenizer; + +import netscape.ldap.LDAPAttribute; + import org.dogtagpki.server.rest.SystemConfigService; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.ldap.ELdapException; +import com.netscape.certsrv.ldap.ILdapConnFactory; +import com.netscape.certsrv.registry.IPluginInfo; +import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.system.ConfigurationRequest; import com.netscape.cms.servlet.csadmin.ConfigurationUtils; +import com.netscape.cmscore.base.LDAPConfigStore; +import com.netscape.cmscore.profile.LDAPProfileSubsystem; + /** * @author alee @@ -64,5 +79,106 @@ public class CAInstallerService extends SystemConfigService { CMS.debug(e); throw new PKIException("Errors in determining if security domain host is a master CA"); } + + try { + CMS.enableSubsystem("profile"); + } catch (Exception e) { + CMS.debug(e); + throw new PKIException("Error enabling profile subsystem"); + } + } + + @Override + public void initializeDatabase(ConfigurationRequest data) { + super.initializeDatabase(data); + + if (!data.isClone() + && CMS.getSubsystem("profile") instanceof LDAPProfileSubsystem) { + try { + importProfiles("/usr/share/pki"); + } catch (Exception e) { + throw new PKIException("Error importing profiles."); + } + } + } + + /** + * Import profiles from the filesystem into the database. + * + * @param configRoot Where to look for the profile files. For a + * fresh installation this should be + * "/usr/share/pki". For existing installations it + * should be CMS.getConfigStore().getString("instanceRoot"). + * + */ + public void importProfiles(String configRoot) + throws EBaseException, ELdapException { + IPluginRegistry registry = (IPluginRegistry) + CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); + IConfigStore profileCfg = cs.getSubStore("profile"); + String profileIds = profileCfg.getString("list", ""); + StringTokenizer st = new StringTokenizer(profileIds, ","); + + IConfigStore dbCfg = cs.getSubStore("internaldb"); + ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory(); + dbFactory.init(dbCfg); + + while (st.hasMoreTokens()) { + String profileId = st.nextToken(); + IConfigStore profileSubCfg = profileCfg.getSubStore(profileId); + String classId = profileSubCfg.getString("class_id", ""); + try { + IPluginInfo info = registry.getPluginInfo("profile", classId); + if (info == null) { + throw new EBaseException("No plugins for type : profile, with id " + classId); + } + + String profilePath = configRoot + "/ca/profiles/ca/" + profileId + ".cfg"; + CMS.debug("Importing profile '" + profileId + "' from " + profilePath); + importProfile(dbFactory, classId, profileId, profilePath); + } catch (EBaseException e) { + CMS.debug("Error importing profile '" + profileId + "': " + e.toString()); + CMS.debug(" Continuing with profile import procedure..."); + } + } + } + + /** + * Import one profile from the filesystem into the database. + * + * @param dbFactory LDAP connection factory. + * @param classId The profile class of the profile to import. + * @param profileId The ID of the profile to import. + * @param profilePath Path to the on-disk profile configuration. + */ + public void importProfile( + ILdapConnFactory dbFactory, String classId, + String profileId, String profilePath) + throws EBaseException { + + String basedn = cs.getString("internaldb.basedn", ""); + + String dn = "cn=" + profileId + ",ou=certificateProfiles,ou=ca," + basedn; + + String[] objectClasses = {"top", "certProfile"}; + LDAPAttribute[] createAttrs = { + new LDAPAttribute("objectclass", objectClasses), + new LDAPAttribute("cn", profileId), + new LDAPAttribute("classId", classId) + }; + + IConfigStore configStore = new LDAPConfigStore( + dbFactory, dn, createAttrs, "certProfileConfig"); + + try { + FileInputStream input = new FileInputStream(profilePath); + configStore.load(input); + } catch (FileNotFoundException e) { + throw new EBaseException("Could not find file for profile: " + profileId); + } catch (IOException e) { + throw new EBaseException("Error loading data for profile: " + profileId); + } + + configStore.commit(false /* no backup */); } } -- 2.1.0