Ticket #1527 (reopened) retrieved wrong ca connector config parameter
This ticket was reopened due to retrieving wrong ca connector
config param under the situation when format is performed during enrollment.
The following is attempted:
op.enroll.userKey.ca.conn
while the following is intended:
op.format.userKey.ca.conn
In addition, this patch also fixes the following issues;
a. reason param name is not conforming: "reason" instead of
"revokeReason"
b. adding default reason to format TPS profiles
c. by default mappingResolver.formatProfileMappingResolver resolves
to tokenKey, while enroll resolves to userKey.
-> now changed the userKey
d. if revocation fails during format, it was forgiving.
-> now changed so that error is logged in activity log and exception
thrown and bail out
Tested to work.
thanks,
Christina
>From 81a475e7a8fe0ff086047bf3295abea253a7e394 Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@redhat.com>
Date: Tue, 17 May 2016 17:57:11 -0700
Subject: [PATCH] Ticket #1527 (reopened) retrieved wrong ca connector config
parameter This ticket was reopened due to retrieving wrong ca connector
config param. The following is attempted: op.enroll.userKey.ca.conn while the
following is intended: op.format.userKey.ca.conn In addition, this patch also
fixes the following issues; a. reason param name is not conforming: "reason"
instead of "revokeReason" b. adding default reason to format TPS profiles c.
by default mappingResolver.formatProfileMappingResolver resolves to
tokenKey, while enroll resolves to userKey. -> now changed the userKey d.
if revocation fails during format, it was forgiving. -> now changed so
that error is logged in activity log and exception thrown and bail out
---
base/tps/shared/conf/CS.cfg | 12 +++++++++++-
.../org/dogtagpki/server/tps/processor/TPSProcessor.java | 14 ++++++++++++--
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index 638787d225ca819f051ad999ca92c75c9d51cb88..90d1747dd4617b097e11207f8c10e0bbd8c5ccee 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -428,6 +428,7 @@ op.format.delegateIEtoken.issuerinfo.enable=true
op.format.delegateIEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.delegateIEtoken.loginRequest.enable=true
op.format.delegateIEtoken.revokeCert=false
+op.format.delegateIEtoken.revokeCert.reason=0
op.format.delegateIEtoken.tks.conn=tks1
op.format.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.format.delegateIEtoken.update.applet.emptyToken.enable=true
@@ -686,6 +687,7 @@ op.format.delegateISEtoken.issuerinfo.enable=true
op.format.delegateISEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.delegateISEtoken.loginRequest.enable=true
op.format.delegateISEtoken.revokeCert=false
+op.format.delegateISEtoken.revokeCert.reason=0
op.format.delegateISEtoken.tks.conn=tks1
op.format.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.format.delegateISEtoken.update.applet.emptyToken.enable=true
@@ -770,6 +772,7 @@ op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
op.format.externalRegAddToToken.update.symmetricKeys.enable=false
op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
op.enroll.allowUnknownToken=true
op.enroll.mappingResolver=enrollProfileMappingResolver
op.enroll.soKey.cuidMustMatchKDD=false
@@ -1392,6 +1395,7 @@ op.format.cleanToken.issuerinfo.enable=true
op.format.cleanToken.issuerinfo.value=
op.format.cleanToken.loginRequest.enable=true
op.format.cleanToken.revokeCert=true
+op.format.cleanToken.revokeCert.reason=0
op.format.cleanToken.tks.conn=tks1
op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
op.format.cleanToken.update.applet.emptyToken.enable=true
@@ -1413,6 +1417,7 @@ op.format.soCleanSOToken.issuerinfo.enable=true
op.format.soCleanSOToken.issuerinfo.value=
op.format.soCleanSOToken.loginRequest.enable=false
op.format.soCleanSOToken.revokeCert=true
+op.format.soCleanSOToken.revokeCert.reason=0
op.format.soCleanSOToken.tks.conn=tks1
op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
op.format.soCleanSOToken.update.applet.emptyToken.enable=true
@@ -1434,6 +1439,7 @@ op.format.soCleanUserToken.issuerinfo.enable=true
op.format.soCleanUserToken.issuerinfo.value=
op.format.soCleanUserToken.loginRequest.enable=false
op.format.soCleanUserToken.revokeCert=true
+op.format.soCleanUserToken.revokeCert.reason=0
op.format.soCleanUserToken.tks.conn=tks1
op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
op.format.soCleanUserToken.update.applet.emptyToken.enable=true
@@ -1455,6 +1461,7 @@ op.format.soKey.issuerinfo.enable=true
op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.soKey.loginRequest.enable=true
op.format.soKey.revokeCert=true
+op.format.soKey.revokeCert.reason=0
op.format.soKey.tks.conn=tks1
op.format.soKey.update.applet.directory=[TPS_DIR]/applets
op.format.soKey.update.applet.emptyToken.enable=true
@@ -1476,6 +1483,7 @@ op.format.soUserKey.issuerinfo.enable=true
op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.soUserKey.loginRequest.enable=false
op.format.soUserKey.revokeCert=true
+op.format.soUserKey.revokeCert.reason=0
op.format.soUserKey.tks.conn=tks1
op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
op.format.soUserKey.update.applet.emptyToken.enable=true
@@ -1497,6 +1505,7 @@ op.format.tokenKey.issuerinfo.enable=true
op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.tokenKey.loginRequest.enable=true
op.format.tokenKey.revokeCert=true
+op.format.tokenKey.revokeCert.reason=0
op.format.tokenKey.tks.conn=tks1
op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
op.format.tokenKey.update.applet.emptyToken.enable=true
@@ -1518,6 +1527,7 @@ op.format.userKey.issuerinfo.enable=true
op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.userKey.loginRequest.enable=true
op.format.userKey.revokeCert=true
+op.format.userKey.revokeCert.reason=0
op.format.userKey.tks.conn=tks1
op.format.userKey.update.applet.directory=[TPS_DIR]/applets
op.format.userKey.update.applet.emptyToken.enable=true
@@ -1768,7 +1778,7 @@ mappingResolver.formatProfileMappingResolver.mapping.6.filter.appletMinorVersion
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.start=
-mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=tokenKey
+mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=userKey
mappingResolver.formatProfileMappingResolver.mapping.order=0,1,2,3,4,5,6
mappingResolver.pinResetProfileMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.appletMajorVersion=
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index bbc9fcb5e226dc291a7d15790e2f790efd22e7d7..1c6e59dd00f8a92f4802f754a55c0c8c441c2e4a 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -1376,7 +1376,7 @@ public class TPSProcessor {
".ca.conn";
CMS.debug(method + " finding config: " + config);
} else {
- config = "op." + currentTokenOperation + "." +
+ config = TPSEngine.OP_FORMAT_PREFIX + "." +
selectedTokenType +
".ca.conn";
CMS.debug(method + " finding config: " + config);
@@ -1424,7 +1424,9 @@ public class TPSProcessor {
String logMsg;
IConfigStore configStore = CMS.getConfigStore();
- String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert.revokeReason";
+ String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert.reason";
+ CMS.debug(method + " finding config: " + configName);
+
RevocationReason revokeReason = RevocationReason.UNSPECIFIED;
try {
int revokeReasonInt = configStore.getInteger(configName);
@@ -2138,6 +2140,14 @@ public class TPSProcessor {
} catch (TPSException te) {
// failed revocation; capture message and continue
logMsg = te.getMessage();
+ tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg,
+ "failure");
+ throw new TPSException(logMsg);
+ } catch (Exception ee) {
+ logMsg = ee.toString();
+ tps.tdb.tdbActivity(ActivityDatabase.OP_FORMAT, tokenRecord, session.getIpAddress(), logMsg,
+ "failure");
+ throw new TPSException(logMsg);
}
}
--
2.4.3
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
