From 43758522d23ecf9fcf28a2f1c9c79ba6f6b13ee5 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@dhcp-16-189.sjc.redhat.com>
Date: Mon, 10 Oct 2016 16:05:26 -0700
Subject: [PATCH] Ticket #2498 Token format with external reg fails when
op.format.externalRegAddToToken.revokeCert=true This patch adds the missing
parameters in the CS.cfg for externalRegAddToToken in regards to format
operation. It also changed the non-defined ldap2 and ldap3 and ldap1
(cherry picked from commit 34b0a80790d6aca7d9e2307716abf1db9d8bb562)
---
base/tps/shared/conf/CS.cfg | 18 +++++++++++-------
.../server/tps/processor/TPSEnrollProcessor.java | 3 ++-
.../dogtagpki/server/tps/processor/TPSProcessor.java | 1 +
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index d5d9daf..a585e5d 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -463,7 +463,7 @@ op.format.delegateIEtoken.minimumGPKeyVersion=01
op.format.delegateIEtoken.maximumGPKeyVersion=FF
op.format.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateIEtoken.auth.id=ldap3
+op.format.delegateIEtoken.auth.id=ldap1
op.format.delegateIEtoken.ca.conn=ca1
op.format.delegateIEtoken.cardmgr_instance=A0000000030000
op.format.delegateIEtoken.issuerinfo.enable=true
@@ -761,7 +761,7 @@ op.format.delegateISEtoken.minimumGPKeyVersion=01
op.format.delegateISEtoken.maximumGPKeyVersion=FF
op.format.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateISEtoken.auth.id=ldap3
+op.format.delegateISEtoken.auth.id=ldap1
op.format.delegateISEtoken.ca.conn=ca1
op.format.delegateISEtoken.cardmgr_instance=A0000000030000
op.format.delegateISEtoken.issuerinfo.enable=true
@@ -857,17 +857,21 @@ op.format.externalRegAddToToken.minimumGPKeyVersion=01
op.format.externalRegAddToToken.maximumGPKeyVersion=FF
op.format.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
+op.format.externalRegAddToToken.auth.id=ldap1
+op.format.externalRegAddToToken.ca.conn=ca1
op.format.externalRegAddToToken.cardmgr_instance=A0000000030000
op.format.externalRegAddToToken.issuerinfo.enable=true
op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
+op.format.externalRegAddToToken.loginRequest.enable=true
+op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
+op.format.externalRegAddToToken.tks.conn=tks1
op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
op.format.externalRegAddToToken.update.applet.encryption=true
op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
op.format.externalRegAddToToken.update.symmetricKeys.enable=false
op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
-op.format.externalRegAddToToken.revokeCert=false
-op.format.externalRegAddToToken.revokeCert.reason=0
op.enroll.allowUnknownToken=true
op.enroll.mappingResolver=enrollProfileMappingResolver
op.enroll.soKey.cuidMustMatchKDD=false
@@ -877,7 +881,7 @@ op.enroll.soKey.maximumGPKeyVersion=FF
op.enroll.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKey.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKey.auth.enable=true
-op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.id=ldap1
op.enroll.soKey.cardmgr_instance=A0000000030000
op.enroll.soKey.issuerinfo.enable=true
op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
@@ -1030,7 +1034,7 @@ op.enroll.soKeyTemporary.maximumGPKeyVersion=FF
op.enroll.soKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKeyTemporary.auth.enable=true
-op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.id=ldap1
op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
@@ -1611,7 +1615,7 @@ op.format.soKey.maximumGPKeyVersion=FF
op.format.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.format.soKey.validateCardKeyInfoAgainstTokenDB=true
op.format.soKey.auth.enable=true
-op.format.soKey.auth.id=ldap2
+op.format.soKey.auth.id=ldap1
op.format.soKey.ca.conn=ca1
op.format.soKey.cardmgr_instance=A0000000030000
op.format.soKey.issuerinfo.enable=true
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
index c5015cc..7824da9 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java
@@ -303,7 +303,8 @@ public class TPSEnrollProcessor extends TPSProcessor {
}
do_force_format = tokenPolicy.isForceTokenFormat(cuid);
- CMS.debug(method + " Will force format first due to policy.");
+ if (do_force_format)
+ CMS.debug(method + " Will force format first due to policy.");
if (!isExternalReg &&
!tokenPolicy.isAllowdTokenReenroll(cuid) &&
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 94e6497..00628ed 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -1442,6 +1442,7 @@ public class TPSProcessor {
String configName = TPSEngine.OP_FORMAT_PREFIX + "." + selectedTokenType + ".revokeCert";
boolean revokeCert = false;
try {
+ CMS.debug(method + ": getting config:" + configName);
revokeCert = configStore.getBoolean(configName, false);
} catch (EBaseException e) {
logMsg = method + ": config not found: " + configName +
--
1.8.3.1