This patch addresses:
https://fedorahosted.org/pki/ticket/2498 Token format with external reg
fails when op.format.externalRegAddToToken.revokeCert=true
It actually could be easily worked around by manually adding the missing
params
op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1
op.format.externalRegAddToToken.tks.conn=tks1
While fixing the CS.cfg, it was observed that there were some references
of non-defined ldap2 and ldap3, so they are also changed to ldap1.
A couple useful debug messages are added as well.
Christina
>From 9d91230e99e6d96fd19e18e83b356c8bcbe20f52 Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@dhcp-16-189.sjc.redhat.com>
Date: Mon, 10 Oct 2016 16:05:26 -0700
Subject: [PATCH] Ticket #2498 Token format with external reg fails when
op.format.externalRegAddToToken.revokeCert=true This patch adds the missing
parameters in the CS.cfg for externalRegAddToToken in regards to format
operation. It also changed the non-defined ldap2 and ldap3 and ldap1
---
base/tps/shared/conf/CS.cfg | 18 +++++++++++-------
.../server/tps/processor/TPSEnrollProcessor.java | 3 ++-
.../dogtagpki/server/tps/processor/TPSProcessor.java | 1 +
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index d5d9daf00c22d4ac5298443b45952d6094817327..a585e5db7f587a769e775d08a65d26481d3aab31 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -463,7 +463,7 @@ op.format.delegateIEtoken.minimumGPKeyVersion=01
op.format.delegateIEtoken.maximumGPKeyVersion=FF
op.format.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateIEtoken.auth.id=ldap3
+op.format.delegateIEtoken.auth.id=ldap1
op.format.delegateIEtoken.ca.conn=ca1
op.format.delegateIEtoken.cardmgr_instance=A0000000030000
op.format.delegateIEtoken.issuerinfo.enable=true
@@ -761,7 +761,7 @@ op.format.delegateISEtoken.minimumGPKeyVersion=01
op.format.delegateISEtoken.maximumGPKeyVersion=FF
op.format.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateISEtoken.auth.id=ldap3
+op.format.delegateISEtoken.auth.id=ldap1
op.format.delegateISEtoken.ca.conn=ca1
op.format.delegateISEtoken.cardmgr_instance=A0000000030000
op.format.delegateISEtoken.issuerinfo.enable=true
@@ -857,17 +857,21 @@ op.format.externalRegAddToToken.minimumGPKeyVersion=01
op.format.externalRegAddToToken.maximumGPKeyVersion=FF
op.format.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
+op.format.externalRegAddToToken.auth.id=ldap1
+op.format.externalRegAddToToken.ca.conn=ca1
op.format.externalRegAddToToken.cardmgr_instance=A0000000030000
op.format.externalRegAddToToken.issuerinfo.enable=true
op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
+op.format.externalRegAddToToken.loginRequest.enable=true
+op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
+op.format.externalRegAddToToken.tks.conn=tks1
op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
op.format.externalRegAddToToken.update.applet.encryption=true
op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
op.format.externalRegAddToToken.update.symmetricKeys.enable=false
op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
-op.format.externalRegAddToToken.revokeCert=false
-op.format.externalRegAddToToken.revokeCert.reason=0
op.enroll.allowUnknownToken=true
op.enroll.mappingResolver=enrollProfileMappingResolver
op.enroll.soKey.cuidMustMatchKDD=false
@@ -877,7 +881,7 @@ op.enroll.soKey.maximumGPKeyVersion=FF
op.enroll.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKey.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKey.auth.enable=true
-op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.id=ldap1
op.enroll.soKey.cardmgr_instance=A0000000030000
op.enroll.soKey.issuerinfo.enable=true
op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
@@ -1030,7 +1034,7 @@ op.enroll.soKeyTemporary.maximumGPKeyVersion=FF
op.enroll.soKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKeyTemporary.auth.enable=true
-op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.id=ldap1
op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
@@ -1611,7 +1615,7 @@ op.format.soKey.maximumGPKeyVersion=FF
op.format.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.format.soKey.validateCardKeyInfoAgainstTokenDB=true
op.format.soKey.auth.enable=true
-op.format.soKey.auth.id=ldap2
+op.format.soKey.auth.id=ldap1
op.format.soKey.ca.conn=ca1
op.format.soKey.cardmgr_instance=A0000000030000
op.format.soKey.issuerinfo.enable=true
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index db9a230cb0dfaa257f5489172f0edef3ade530e1..6225ea11b92b6866b6502265026bbd0c194d88c3 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -302,7 +302,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
}
do_force_format = tokenPolicy.isForceTokenFormat(cuid);
- CMS.debug(method + " Will force format first due to policy.");
+ if (do_force_format)
+ CMS.debug(method + " Will force format first due to policy.");
if (!isExternalReg &&
!tokenPolicy.isAllowdTokenReenroll(cuid) &&
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 94e6497ce164dddb51de1b794bbbb07e8f968593..00628ed250c47ebe44ee926364c3ee55373d1cbd 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -1442,6 +1442,7 @@ public class TPSProcessor {
String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert";
boolean revokeCert = false;
try {
+ CMS.debug(method + ": getting config:" + configName);
revokeCert = configStore.getBoolean(configName, false);
} catch (EBaseException e) {
logMsg = method + ": config not found: " + configName +
--
2.7.4
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel