Re: [Pki-devel] [PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

[John Magne]

ACK

Looks good and non risky.

- Original Message -
From: "Christina Fu" 
To: pki-devel@redhat.com
Sent: Monday, October 10, 2016 5:20:11 PM
Subject: [Pki-devel]    
[PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

This patch addresses:

https://fedorahosted.org/pki/ticket/2498 Token format with external reg 
fails when op.format.externalRegAddToToken.revokeCert=true

It actually could be easily worked around by manually adding the missing 
params

op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1

op.format.externalRegAddToToken.tks.conn=tks1

While fixing the CS.cfg, it was observed that there were some references 
of non-defined ldap2 and ldap3, so they are also changed to ldap1.

A couple useful debug messages are added as well.

Christina


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

[Christina Fu]

This patch addresses:

https://fedorahosted.org/pki/ticket/2498 Token format with external reg 
fails when op.format.externalRegAddToToken.revokeCert=true


It actually could be easily worked around by manually adding the missing 
params


op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1

op.format.externalRegAddToToken.tks.conn=tks1

While fixing the CS.cfg, it was observed that there were some references 
of non-defined ldap2 and ldap3, so they are also changed to ldap1.


A couple useful debug messages are added as well.

Christina

>From 9d91230e99e6d96fd19e18e83b356c8bcbe20f52 Mon Sep 17 00:00:00 2001
From: Christina Fu 
Date: Mon, 10 Oct 2016 16:05:26 -0700
Subject: [PATCH] Ticket #2498 Token format with external reg fails when
 op.format.externalRegAddToToken.revokeCert=true This patch adds the missing
 parameters in the CS.cfg for externalRegAddToToken in regards to format
 operation. It also changed the non-defined ldap2 and ldap3 and ldap1

---
 base/tps/shared/conf/CS.cfg| 18 +++---
 .../server/tps/processor/TPSEnrollProcessor.java   |  3 ++-
 .../dogtagpki/server/tps/processor/TPSProcessor.java   |  1 +
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index d5d9daf00c22d4ac5298443b45952d6094817327..a585e5db7f587a769e775d08a65d26481d3aab31 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -463,7 +463,7 @@ op.format.delegateIEtoken.minimumGPKeyVersion=01
 op.format.delegateIEtoken.maximumGPKeyVersion=FF
 op.format.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
 op.format.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateIEtoken.auth.id=ldap3
+op.format.delegateIEtoken.auth.id=ldap1
 op.format.delegateIEtoken.ca.conn=ca1
 op.format.delegateIEtoken.cardmgr_instance=A3
 op.format.delegateIEtoken.issuerinfo.enable=true
@@ -761,7 +761,7 @@ op.format.delegateISEtoken.minimumGPKeyVersion=01
 op.format.delegateISEtoken.maximumGPKeyVersion=FF
 op.format.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
 op.format.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateISEtoken.auth.id=ldap3
+op.format.delegateISEtoken.auth.id=ldap1
 op.format.delegateISEtoken.ca.conn=ca1
 op.format.delegateISEtoken.cardmgr_instance=A3
 op.format.delegateISEtoken.issuerinfo.enable=true
@@ -857,17 +857,21 @@ op.format.externalRegAddToToken.minimumGPKeyVersion=01
 op.format.externalRegAddToToken.maximumGPKeyVersion=FF
 op.format.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
 op.format.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
+op.format.externalRegAddToToken.auth.id=ldap1
+op.format.externalRegAddToToken.ca.conn=ca1
 op.format.externalRegAddToToken.cardmgr_instance=A3
 op.format.externalRegAddToToken.issuerinfo.enable=true
 op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
+op.format.externalRegAddToToken.loginRequest.enable=true
+op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
+op.format.externalRegAddToToken.tks.conn=tks1
 op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
 op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
 op.format.externalRegAddToToken.update.applet.encryption=true
 op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
 op.format.externalRegAddToToken.update.symmetricKeys.enable=false
 op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
-op.format.externalRegAddToToken.revokeCert=false
-op.format.externalRegAddToToken.revokeCert.reason=0
 op.enroll.allowUnknownToken=true
 op.enroll.mappingResolver=enrollProfileMappingResolver
 op.enroll.soKey.cuidMustMatchKDD=false
@@ -877,7 +881,7 @@ op.enroll.soKey.maximumGPKeyVersion=FF
 op.enroll.soKey.rollbackKeyVersionOnPutKeyFailure=false
 op.enroll.soKey.validateCardKeyInfoAgainstTokenDB=true
 op.enroll.soKey.auth.enable=true
-op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.id=ldap1
 op.enroll.soKey.cardmgr_instance=A3
 op.enroll.soKey.issuerinfo.enable=true
 op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
@@ -1030,7 +1034,7 @@ op.enroll.soKeyTemporary.maximumGPKeyVersion=FF
 op.enroll.soKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
 op.enroll.soKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
 op.enroll.soKeyTemporary.auth.enable=true
-op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.id=ldap1
 op.enroll.soKeyTemporary.cardmgr_instance=A3
 op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
 op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
@@ -1611,7 +1615,7 @@ op.format.soKey.maximumGPKeyVersion=FF
 op.format.soKey.rollbackKey