Author: Ade Lee <[email protected]>
Date: Fri Apr 15 14:36:00 2016 -0400
Add script to enable USN plugin
New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.
In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.
The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured thorugh pkispawn.
Please review,
AdeFrom 5837f6bd5c6ee1e796c8b7250fc6da9c7d28a913 Mon Sep 17 00:00:00 2001
From: Ade Lee <[email protected]>
Date: Fri, 15 Apr 2016 14:36:00 -0400
Subject: [PATCH] Add script to enable USN plugin
New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.
In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.
The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured thorugh pkispawn.
---
base/ca/shared/conf/CS.cfg.in | 1 +
base/ca/src/com/netscape/ca/CertificateAuthority.java | 13 +++++++++----
.../cms/servlet/csadmin/ConfigurationUtils.java | 17 +++++++++++++++++
.../org/dogtagpki/server/rest/SystemConfigService.java | 1 +
base/server/share/conf/usn.ldif | 4 ++++
5 files changed, 32 insertions(+), 4 deletions(-)
create mode 100644 base/server/share/conf/usn.ldif
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index d10d9bcd0b12ff85bae82509297a245e84d81897..3f25d0ec3d4ac34b5372135cb8f930ba07987ade 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -833,6 +833,7 @@ preop.internaldb.post_ldif=/usr/share/pki/ca/conf/vlv.ldif,/usr/share/pki/ca/con
preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config
preop.internaldb.index_task_ldif=/usr/share/pki/ca/conf/indextasks.ldif
preop.internaldb.index_wait_dn=cn=index1160589770,cn=index,cn=tasks,cn=config
+preop.internaldb.usn.ldif=/usr/share/pki/server/conf/usn.ldif
internaldb.multipleSuffix.enable=false
jobsScheduler._000=##
jobsScheduler._001=## jobScheduler
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index d96b8841449f4a19e652cc2512f834fed87f64e5..37f1e95fc97f3d21ec6dc379962e27b42fb5b074 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -163,7 +163,6 @@ import netscape.ldap.LDAPSearchResults;
import netscape.ldap.controls.LDAPEntryChangeControl;
import netscape.ldap.controls.LDAPPersistSearchControl;
import netscape.ldap.util.DN;
-
import netscape.security.pkcs.PKCS10;
import netscape.security.util.DerOutputStream;
import netscape.security.util.DerValue;
@@ -3003,8 +3002,14 @@ public class CertificateAuthority
AuthorityID aid = new AuthorityID((String)
aidAttr.getStringValues().nextElement());
- Integer newEntryUSN = new Integer(
- entry.getAttribute("entryUSN").getStringValueArray()[0]);
+ LDAPAttribute entryUSN = entry.getAttribute("entryUSN");
+ if (entryUSN == null) {
+ log(ILogger.LL_FAILURE, "Authority entry has no entryUSN. " +
+ "This is likely because the USN plugin is not enabled in the database");
+ return;
+ }
+
+ Integer newEntryUSN = new Integer(entryUSN.getStringValueArray()[0]);
CMS.debug("readAuthority: new entryUSN = " + newEntryUSN);
Integer knownEntryUSN = entryUSNs.get(aid);
if (knownEntryUSN != null) {
@@ -3085,7 +3090,7 @@ public class CertificateAuthority
AuthorityID aid = null;
attr = entry.getAttribute("authorityID");
if (attr != null) {
- aid = new AuthorityID((String) attr.getStringValueArray()[0]);
+ aid = new AuthorityID(attr.getStringValueArray()[0]);
forgetAuthority(aid);
}
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index e2b014f353c13818297e898c02a74ec93994f2c1..8c353f0c7af47772af7fe3aab371fdf1ec0a6f29 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -1283,6 +1283,23 @@ public class ConfigurationUtils {
}
}
+ public static void enableUSNPlugin() throws IOException, EBaseException {
+ IConfigStore cs = CMS.getConfigStore();
+
+ IConfigStore dbCfg = cs.getSubStore("internaldb");
+ ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("ConfigurationUtils");
+ dbFactory.init(dbCfg);
+ LDAPConnection conn = dbFactory.getConn();
+ try {
+ importLDIFS("preop.internaldb.usn.ldif", conn);
+ } catch (Exception e) {
+ CMS.debug("Failed to enable USNPlugin: " + e);
+ throw new EBaseException("Failed to enable USN plugin: " + e, e);
+ } finally {
+ releaseConnection(conn);
+ }
+ }
+
public static void populateDB() throws IOException, EBaseException {
IConfigStore cs = CMS.getConfigStore();
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index d3410bcb43ba748abd514d794d9752e68d5e86e2..a96575d0675018d489c8788c4afbb510cbefbe09 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -753,6 +753,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
psStore.commit(false);
if (!data.getStepTwo()) {
+ ConfigurationUtils.enableUSNPlugin();
ConfigurationUtils.populateDB();
cs.putString("preop.internaldb.replicationpwd", replicationPassword);
diff --git a/base/server/share/conf/usn.ldif b/base/server/share/conf/usn.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..b5a45e6bc9cae77a994a4cb8486b4f26040a35bf
--- /dev/null
+++ b/base/server/share/conf/usn.ldif
@@ -0,0 +1,4 @@
+dn: cn=USN,cn=plugins,cn=config
+changetype: modify
+replace: nsslapd-pluginEnabled
+nsslapd-pluginEnabled: on
--
2.4.3
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
