[Pki-devel] [PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

Christina Fu Mon, 10 Oct 2016 17:21:06 -0700

This patch addresses:

https://fedorahosted.org/pki/ticket/2498 Token format with external regfails when op.format.externalRegAddToToken.revokeCert=true

It actually could be easily worked around by manually adding the missingparams


op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1

op.format.externalRegAddToToken.tks.conn=tks1

While fixing the CS.cfg, it was observed that there were some referencesof non-defined ldap2 and ldap3, so they are also changed to ldap1.


A couple useful debug messages are added as well.

Christina

>From 9d91230e99e6d96fd19e18e83b356c8bcbe20f52 Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@dhcp-16-189.sjc.redhat.com>
Date: Mon, 10 Oct 2016 16:05:26 -0700
Subject: [PATCH] Ticket #2498 Token format with external reg fails when
 op.format.externalRegAddToToken.revokeCert=true This patch adds the missing
 parameters in the CS.cfg for externalRegAddToToken in regards to format
 operation. It also changed the non-defined ldap2 and ldap3 and ldap1

---
 base/tps/shared/conf/CS.cfg                            | 18 +++++++++++-------
 .../server/tps/processor/TPSEnrollProcessor.java       |  3 ++-
 .../dogtagpki/server/tps/processor/TPSProcessor.java   |  1 +
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index d5d9daf00c22d4ac5298443b45952d6094817327..a585e5db7f587a769e775d08a65d26481d3aab31 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -463,7 +463,7 @@ op.format.delegateIEtoken.minimumGPKeyVersion=01
 op.format.delegateIEtoken.maximumGPKeyVersion=FF
 op.format.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
 op.format.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateIEtoken.auth.id=ldap3
+op.format.delegateIEtoken.auth.id=ldap1
 op.format.delegateIEtoken.ca.conn=ca1
 op.format.delegateIEtoken.cardmgr_instance=A0000000030000
 op.format.delegateIEtoken.issuerinfo.enable=true
@@ -761,7 +761,7 @@ op.format.delegateISEtoken.minimumGPKeyVersion=01
 op.format.delegateISEtoken.maximumGPKeyVersion=FF
 op.format.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
 op.format.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateISEtoken.auth.id=ldap3
+op.format.delegateISEtoken.auth.id=ldap1
 op.format.delegateISEtoken.ca.conn=ca1
 op.format.delegateISEtoken.cardmgr_instance=A0000000030000
 op.format.delegateISEtoken.issuerinfo.enable=true
@@ -857,17 +857,21 @@ op.format.externalRegAddToToken.minimumGPKeyVersion=01
 op.format.externalRegAddToToken.maximumGPKeyVersion=FF
 op.format.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
 op.format.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
+op.format.externalRegAddToToken.auth.id=ldap1
+op.format.externalRegAddToToken.ca.conn=ca1
 op.format.externalRegAddToToken.cardmgr_instance=A0000000030000
 op.format.externalRegAddToToken.issuerinfo.enable=true
 op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
+op.format.externalRegAddToToken.loginRequest.enable=true
+op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
+op.format.externalRegAddToToken.tks.conn=tks1
 op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
 op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
 op.format.externalRegAddToToken.update.applet.encryption=true
 op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
 op.format.externalRegAddToToken.update.symmetricKeys.enable=false
 op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
-op.format.externalRegAddToToken.revokeCert=false
-op.format.externalRegAddToToken.revokeCert.reason=0
 op.enroll.allowUnknownToken=true
 op.enroll.mappingResolver=enrollProfileMappingResolver
 op.enroll.soKey.cuidMustMatchKDD=false
@@ -877,7 +881,7 @@ op.enroll.soKey.maximumGPKeyVersion=FF
 op.enroll.soKey.rollbackKeyVersionOnPutKeyFailure=false
 op.enroll.soKey.validateCardKeyInfoAgainstTokenDB=true
 op.enroll.soKey.auth.enable=true
-op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.id=ldap1
 op.enroll.soKey.cardmgr_instance=A0000000030000
 op.enroll.soKey.issuerinfo.enable=true
 op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
@@ -1030,7 +1034,7 @@ op.enroll.soKeyTemporary.maximumGPKeyVersion=FF
 op.enroll.soKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
 op.enroll.soKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
 op.enroll.soKeyTemporary.auth.enable=true
-op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.id=ldap1
 op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
 op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
 op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
@@ -1611,7 +1615,7 @@ op.format.soKey.maximumGPKeyVersion=FF
 op.format.soKey.rollbackKeyVersionOnPutKeyFailure=false
 op.format.soKey.validateCardKeyInfoAgainstTokenDB=true
 op.format.soKey.auth.enable=true
-op.format.soKey.auth.id=ldap2
+op.format.soKey.auth.id=ldap1
 op.format.soKey.ca.conn=ca1
 op.format.soKey.cardmgr_instance=A0000000030000
 op.format.soKey.issuerinfo.enable=true
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index db9a230cb0dfaa257f5489172f0edef3ade530e1..6225ea11b92b6866b6502265026bbd0c194d88c3 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -302,7 +302,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
             }
 
             do_force_format = tokenPolicy.isForceTokenFormat(cuid);
-            CMS.debug(method + " Will force format first due to policy.");
+            if (do_force_format)
+                CMS.debug(method + " Will force format first due to policy.");
 
             if (!isExternalReg &&
                     !tokenPolicy.isAllowdTokenReenroll(cuid) &&
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 94e6497ce164dddb51de1b794bbbb07e8f968593..00628ed250c47ebe44ee926364c3ee55373d1cbd 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -1442,6 +1442,7 @@ public class TPSProcessor {
         String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert";
         boolean revokeCert = false;
         try {
+            CMS.debug(method + ": getting config:" + configName);
             revokeCert = configStore.getBoolean(configName, false);
         } catch (EBaseException e) {
             logMsg = method + ": config not found: " + configName +
-- 
2.7.4

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

Reply via email to