|
|
86bca3 |
diff --git a/base/common/src/com/netscape/certsrv/client/SubsystemClient.java b/base/common/src/com/netscape/certsrv/client/SubsystemClient.java
|
|
|
86bca3 |
index 2e7ca34..0aa5c6c 100644
|
|
|
86bca3 |
--- a/base/common/src/com/netscape/certsrv/client/SubsystemClient.java
|
|
|
86bca3 |
+++ b/base/common/src/com/netscape/certsrv/client/SubsystemClient.java
|
|
|
86bca3 |
@@ -17,9 +17,12 @@
|
|
|
86bca3 |
// --- END COPYRIGHT BLOCK ---
|
|
|
86bca3 |
package com.netscape.certsrv.client;
|
|
|
86bca3 |
|
|
|
86bca3 |
+import java.net.URI;
|
|
|
86bca3 |
import java.net.URISyntaxException;
|
|
|
86bca3 |
|
|
|
86bca3 |
-import javax.ws.rs.core.Response;
|
|
|
86bca3 |
+import org.apache.http.HttpResponse;
|
|
|
86bca3 |
+import org.apache.http.client.methods.HttpGet;
|
|
|
86bca3 |
+import org.apache.http.impl.client.DefaultHttpClient;
|
|
|
86bca3 |
|
|
|
86bca3 |
import com.netscape.certsrv.account.AccountClient;
|
|
|
86bca3 |
import com.netscape.certsrv.account.AccountInfo;
|
|
|
86bca3 |
@@ -49,12 +52,23 @@ public class SubsystemClient extends Client {
|
|
|
86bca3 |
|
|
|
86bca3 |
public boolean exists() throws Exception {
|
|
|
86bca3 |
|
|
|
86bca3 |
+ ClientConfig config = client.getConfig();
|
|
|
86bca3 |
+ URI serverURI = config.getServerURI();
|
|
|
86bca3 |
|
|
|
86bca3 |
- PKIConnection connection = client.getConnection();
|
|
|
86bca3 |
- Response response = connection.get("/" + name);
|
|
|
86bca3 |
+ URI subsystemURI = new URI(
|
|
|
86bca3 |
+ serverURI.getScheme(),
|
|
|
86bca3 |
+ null,
|
|
|
86bca3 |
+ serverURI.getHost(),
|
|
|
86bca3 |
+ serverURI.getPort(),
|
|
|
86bca3 |
+ "/" + name,
|
|
|
86bca3 |
+ null,
|
|
|
86bca3 |
+ null);
|
|
|
86bca3 |
|
|
|
86bca3 |
+ DefaultHttpClient client = new DefaultHttpClient();
|
|
|
86bca3 |
+ HttpGet method = new HttpGet(subsystemURI);
|
|
|
86bca3 |
try {
|
|
|
86bca3 |
- int code = response.getStatus();
|
|
|
86bca3 |
+ HttpResponse response = client.execute(method);
|
|
|
86bca3 |
+ int code = response.getStatusLine().getStatusCode();
|
|
|
86bca3 |
|
|
|
86bca3 |
if (code == 200) {
|
|
|
86bca3 |
return true;
|
|
|
86bca3 |
@@ -63,11 +77,11 @@ public class SubsystemClient extends Client {
|
|
|
86bca3 |
return false;
|
|
|
86bca3 |
|
|
|
86bca3 |
} else {
|
|
|
86bca3 |
- throw new Exception("Error: " + response.getStatusInfo());
|
|
|
86bca3 |
+ throw new Exception("Error: " + response.getStatusLine());
|
|
|
86bca3 |
}
|
|
|
86bca3 |
|
|
|
86bca3 |
} finally {
|
|
|
86bca3 |
- response.close();
|
|
|
86bca3 |
+ method.releaseConnection();
|
|
|
86bca3 |
}
|
|
|
86bca3 |
}
|
|
|
86bca3 |
|
|
|
86bca3 |
diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
|
|
|
86bca3 |
index f20ab4b..8a8ed2e 100644
|
|
|
86bca3 |
--- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
|
|
|
86bca3 |
+++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java
|
|
|
86bca3 |
@@ -32,9 +32,6 @@ import com.netscape.certsrv.request.RequestId;
|
|
|
86bca3 |
import com.netscape.cms.logging.Logger;
|
|
|
86bca3 |
import com.netscape.cms.logging.SignedAuditLogger;
|
|
|
86bca3 |
|
|
|
86bca3 |
-import netscape.security.util.DerValue;
|
|
|
86bca3 |
-import netscape.security.x509.X509Key;
|
|
|
86bca3 |
-
|
|
|
86bca3 |
/**
|
|
|
86bca3 |
* This implementation services SecurityData Recovery requests.
|
|
|
86bca3 |
*
|
|
|
86bca3 |
diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java
|
|
|
86bca3 |
index 98d5e29..c289245 100644
|
|
|
86bca3 |
--- a/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java
|
|
|
86bca3 |
+++ b/base/server/cms/src/com/netscape/cms/authentication/CMCAuth.java
|
|
|
86bca3 |
@@ -29,7 +29,6 @@ import java.io.ByteArrayInputStream;
|
|
|
86bca3 |
import java.io.ByteArrayOutputStream;
|
|
|
86bca3 |
import java.io.IOException;
|
|
|
86bca3 |
import java.math.BigInteger;
|
|
|
86bca3 |
-import java.security.cert.X509Certificate;
|
|
|
86bca3 |
import java.security.MessageDigest;
|
|
|
86bca3 |
import java.security.PublicKey;
|
|
|
86bca3 |
import java.security.cert.X509Certificate;
|
|
|
86bca3 |
diff --git a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
|
|
|
86bca3 |
index 97971dd..b3136a0 100644
|
|
|
86bca3 |
--- a/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
|
|
|
86bca3 |
+++ b/base/server/cms/src/com/netscape/cms/authentication/CMCUserSignedAuth.java
|
|
|
86bca3 |
@@ -28,7 +28,6 @@ package com.netscape.cms.authentication;
|
|
|
86bca3 |
import java.io.ByteArrayInputStream;
|
|
|
86bca3 |
import java.io.ByteArrayOutputStream;
|
|
|
86bca3 |
import java.io.IOException;
|
|
|
86bca3 |
-import java.security.cert.X509Certificate;
|
|
|
86bca3 |
import java.math.BigInteger;
|
|
|
86bca3 |
import java.security.MessageDigest;
|
|
|
86bca3 |
import java.security.PublicKey;
|
|
|
86bca3 |
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
|
|
|
86bca3 |
index 7398891..cc65c78 100644
|
|
|
86bca3 |
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
|
|
|
86bca3 |
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
|
|
|
86bca3 |
@@ -54,34 +54,6 @@ import javax.ws.rs.core.MultivaluedMap;
|
|
|
86bca3 |
import javax.ws.rs.core.Response;
|
|
|
86bca3 |
import javax.xml.parsers.ParserConfigurationException;
|
|
|
86bca3 |
|
|
|
86bca3 |
-import netscape.ldap.LDAPAttribute;
|
|
|
86bca3 |
-import netscape.ldap.LDAPAttributeSet;
|
|
|
86bca3 |
-import netscape.ldap.LDAPConnection;
|
|
|
86bca3 |
-import netscape.ldap.LDAPDN;
|
|
|
86bca3 |
-import netscape.ldap.LDAPEntry;
|
|
|
86bca3 |
-import netscape.ldap.LDAPException;
|
|
|
86bca3 |
-import netscape.ldap.LDAPModification;
|
|
|
86bca3 |
-import netscape.ldap.LDAPSearchConstraints;
|
|
|
86bca3 |
-import netscape.ldap.LDAPSearchResults;
|
|
|
86bca3 |
-import netscape.ldap.LDAPv3;
|
|
|
86bca3 |
-import netscape.security.pkcs.ContentInfo;
|
|
|
86bca3 |
-import netscape.security.pkcs.PKCS10;
|
|
|
86bca3 |
-import netscape.security.pkcs.PKCS12;
|
|
|
86bca3 |
-import netscape.security.pkcs.PKCS12Util;
|
|
|
86bca3 |
-import netscape.security.pkcs.PKCS7;
|
|
|
86bca3 |
-import netscape.security.pkcs.SignerInfo;
|
|
|
86bca3 |
-import netscape.security.util.DerOutputStream;
|
|
|
86bca3 |
-import netscape.security.util.ObjectIdentifier;
|
|
|
86bca3 |
-import netscape.security.x509.AlgorithmId;
|
|
|
86bca3 |
-import netscape.security.x509.BasicConstraintsExtension;
|
|
|
86bca3 |
-import netscape.security.x509.CertificateChain;
|
|
|
86bca3 |
-import netscape.security.x509.Extension;
|
|
|
86bca3 |
-import netscape.security.x509.Extensions;
|
|
|
86bca3 |
-import netscape.security.x509.KeyUsageExtension;
|
|
|
86bca3 |
-import netscape.security.x509.X500Name;
|
|
|
86bca3 |
-import netscape.security.x509.X509CertImpl;
|
|
|
86bca3 |
-import netscape.security.x509.X509Key;
|
|
|
86bca3 |
-
|
|
|
86bca3 |
import org.apache.commons.lang.StringUtils;
|
|
|
86bca3 |
import org.apache.velocity.context.Context;
|
|
|
86bca3 |
import org.mozilla.jss.CryptoManager;
|
|
|
86bca3 |
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetStatus.java
|
|
|
86bca3 |
index 338e26b..1cb8a4c 100644
|
|
|
86bca3 |
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetStatus.java
|
|
|
86bca3 |
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetStatus.java
|
|
|
86bca3 |
@@ -138,7 +138,7 @@ public class GetStatus extends CMSServlet {
|
|
|
86bca3 |
try {
|
|
|
86bca3 |
inputStream = new FileInputStream(versionFilePathName);
|
|
|
86bca3 |
String contents = IOUtils.toString(inputStream);
|
|
|
86bca3 |
-
|
|
|
86bca3 |
+
|
|
|
86bca3 |
if(contents != null) {
|
|
|
86bca3 |
CMS.debug("Returning product version: " + version);
|
|
|
86bca3 |
version = contents.trim();
|
|
|
86bca3 |
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
|
|
|
86bca3 |
index 0ae0764..515136b 100644
|
|
|
86bca3 |
--- a/base/server/etc/default.cfg
|
|
|
86bca3 |
+++ b/base/server/etc/default.cfg
|
|
|
86bca3 |
@@ -399,11 +399,6 @@ pki_master_crl_enable=True
|
|
|
86bca3 |
# based on the CMS hostname and port.
|
|
|
86bca3 |
pki_default_ocsp_uri=
|
|
|
86bca3 |
|
|
|
86bca3 |
-# Default OCSP URI added by AuthInfoAccessExtDefault if the profile
|
|
|
86bca3 |
-# config is blank. If both are blank, the value is constructed
|
|
|
86bca3 |
-# based on the CMS hostname and port.
|
|
|
86bca3 |
-pki_default_ocsp_uri=
|
|
|
86bca3 |
-
|
|
|
86bca3 |
# Paths
|
|
|
86bca3 |
# These are used in the processing of pkispawn and are not supposed
|
|
|
86bca3 |
# to be overwritten by user configuration files.
|
|
|
86bca3 |
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
|
|
|
86bca3 |
index e0989a9..45af9a0 100644
|
|
|
86bca3 |
--- a/base/server/python/pki/server/__init__.py
|
|
|
86bca3 |
+++ b/base/server/python/pki/server/__init__.py
|
|
|
86bca3 |
@@ -202,20 +202,21 @@ class PKISubsystem(object):
|
|
|
86bca3 |
def load(self):
|
|
|
86bca3 |
self.config.clear()
|
|
|
86bca3 |
|
|
|
86bca3 |
- lines = open(self.cs_conf).read().splitlines()
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- for index, line in enumerate(lines):
|
|
|
86bca3 |
- if not line or line.startswith('#'):
|
|
|
86bca3 |
- continue
|
|
|
86bca3 |
- parts = line.split('=', 1)
|
|
|
86bca3 |
- if len(parts) < 2:
|
|
|
86bca3 |
- raise Exception('Missing delimiter in %s line %d' % (self.cs_conf, index + 1))
|
|
|
86bca3 |
- name = parts[0]
|
|
|
86bca3 |
- value = parts[1]
|
|
|
86bca3 |
- self.config[name] = value
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- self.type = self.config['cs.type']
|
|
|
86bca3 |
- self.prefix = self.type.lower()
|
|
|
86bca3 |
+ if os.path.exists(self.cs_conf):
|
|
|
86bca3 |
+ lines = open(self.cs_conf).read().splitlines()
|
|
|
86bca3 |
+
|
|
|
86bca3 |
+ for index, line in enumerate(lines):
|
|
|
86bca3 |
+ if not line or line.startswith('#'):
|
|
|
86bca3 |
+ continue
|
|
|
86bca3 |
+ parts = line.split('=', 1)
|
|
|
86bca3 |
+ if len(parts) < 2:
|
|
|
86bca3 |
+ raise Exception('Missing delimiter in %s line %d' % (self.cs_conf, index + 1))
|
|
|
86bca3 |
+ name = parts[0]
|
|
|
86bca3 |
+ value = parts[1]
|
|
|
86bca3 |
+ self.config[name] = value
|
|
|
86bca3 |
+
|
|
|
86bca3 |
+ self.type = self.config['cs.type']
|
|
|
86bca3 |
+ self.prefix = self.type.lower()
|
|
|
86bca3 |
|
|
|
86bca3 |
def find_system_certs(self):
|
|
|
86bca3 |
certs = []
|
|
|
86bca3 |
diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py
|
|
|
86bca3 |
index 9e1cab5..cb71db9 100644
|
|
|
86bca3 |
--- a/base/server/python/pki/server/deployment/pkiconfig.py
|
|
|
86bca3 |
+++ b/base/server/python/pki/server/deployment/pkiconfig.py
|
|
|
86bca3 |
@@ -39,9 +39,7 @@ PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin"
|
|
|
86bca3 |
PKI_DEPLOYMENT_DEFAULT_UID = 17
|
|
|
86bca3 |
PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
|
|
|
86bca3 |
|
|
|
86bca3 |
-PKI_SUBSYSTEMS = ["CA", "KRA", "OCSP", "RA", "TKS", "TPS"]
|
|
|
86bca3 |
-PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
|
|
|
86bca3 |
-PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
|
|
|
86bca3 |
+PKI_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
|
|
|
86bca3 |
PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
|
|
|
86bca3 |
"lib", "logs", "ocsp", "temp", "tks", "tps",
|
|
|
86bca3 |
"webapps", "work"]
|
|
|
86bca3 |
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
|
|
|
86bca3 |
index 77594ec..9b9e1b8 100644
|
|
|
86bca3 |
--- a/base/server/python/pki/server/deployment/pkihelper.py
|
|
|
86bca3 |
+++ b/base/server/python/pki/server/deployment/pkihelper.py
|
|
|
86bca3 |
@@ -914,7 +914,7 @@ class Instance:
|
|
|
86bca3 |
# Return list of PKI subsystems in the specified tomcat instance
|
|
|
86bca3 |
rv = []
|
|
|
86bca3 |
try:
|
|
|
86bca3 |
- for subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
|
|
|
86bca3 |
+ for subsystem in config.PKI_SUBSYSTEMS:
|
|
|
86bca3 |
path = os.path.join(
|
|
|
86bca3 |
self.mdict['pki_instance_path'],
|
|
|
86bca3 |
subsystem.lower()
|
|
|
86bca3 |
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
|
|
|
86bca3 |
index 4515b55..b35e82c 100644
|
|
|
86bca3 |
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
|
|
|
86bca3 |
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
|
|
|
86bca3 |
@@ -155,7 +155,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
|
|
|
86bca3 |
deployer.security_domain.deregister(None)
|
|
|
86bca3 |
|
|
|
86bca3 |
except Exception as e: # pylint: disable=broad-except
|
|
|
86bca3 |
- config.pki_log.error(str(e))
|
|
|
86bca3 |
+ config.pki_log.error(log.PKI_OSERROR_1, e,
|
|
|
86bca3 |
+ extra=config.PKI_INDENTATION_LEVEL_0)
|
|
|
86bca3 |
# If it is a normal destroy, pass any exception
|
|
|
86bca3 |
if not deployer.mdict['pki_force_destroy']:
|
|
|
86bca3 |
raise
|
|
|
86bca3 |
diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
|
|
|
86bca3 |
index fb9f754..32b716a 100644
|
|
|
86bca3 |
--- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
|
|
|
86bca3 |
+++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
|
|
|
86bca3 |
@@ -42,10 +42,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
|
|
|
86bca3 |
deployer.directory.create(deployer.mdict['pki_subsystem_log_path'])
|
|
|
86bca3 |
deployer.directory.create(
|
|
|
86bca3 |
deployer.mdict['pki_subsystem_archive_log_path'])
|
|
|
86bca3 |
- if deployer.mdict['pki_subsystem'] in \
|
|
|
86bca3 |
- config.PKI_SIGNED_AUDIT_SUBSYSTEMS:
|
|
|
86bca3 |
- deployer.directory.create(
|
|
|
86bca3 |
- deployer.mdict['pki_subsystem_signed_audit_log_path'])
|
|
|
86bca3 |
+
|
|
|
86bca3 |
+ deployer.directory.create(
|
|
|
86bca3 |
+ deployer.mdict['pki_subsystem_signed_audit_log_path'])
|
|
|
86bca3 |
|
|
|
86bca3 |
# create /var/lib/pki/<instance>/<subsystem>/conf
|
|
|
86bca3 |
deployer.directory.create(
|
|
|
86bca3 |
@@ -127,10 +126,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
|
|
|
86bca3 |
|
|
|
86bca3 |
# remove instance-based subsystem logs only if --remove-logs flag is specified
|
|
|
86bca3 |
if deployer.mdict['pki_remove_logs']:
|
|
|
86bca3 |
- if deployer.mdict['pki_subsystem'] in \
|
|
|
86bca3 |
- config.PKI_SIGNED_AUDIT_SUBSYSTEMS:
|
|
|
86bca3 |
- deployer.directory.delete(
|
|
|
86bca3 |
- deployer.mdict['pki_subsystem_signed_audit_log_path'])
|
|
|
86bca3 |
+ deployer.directory.delete(
|
|
|
86bca3 |
+ deployer.mdict['pki_subsystem_signed_audit_log_path'])
|
|
|
86bca3 |
deployer.directory.delete(
|
|
|
86bca3 |
deployer.mdict['pki_subsystem_archive_log_path'])
|
|
|
86bca3 |
deployer.directory.delete(
|
|
|
86bca3 |
diff --git a/base/server/upgrade/10.3.5/03-UpdateAJPLoopbackAddress b/base/server/upgrade/10.3.5/03-UpdateAJPLoopbackAddress
|
|
|
86bca3 |
deleted file mode 100755
|
|
|
86bca3 |
index b7d5c0e..0000000
|
|
|
86bca3 |
--- a/base/server/upgrade/10.3.5/03-UpdateAJPLoopbackAddress
|
|
|
86bca3 |
+++ /dev/null
|
|
|
86bca3 |
@@ -1,62 +0,0 @@
|
|
|
86bca3 |
-#!/usr/bin/python
|
|
|
86bca3 |
-# Authors:
|
|
|
86bca3 |
-# Endi S. Dewata <edewata@redhat.com>
|
|
|
86bca3 |
-#
|
|
|
86bca3 |
-# This program is free software; you can redistribute it and/or modify
|
|
|
86bca3 |
-# it under the terms of the GNU General Public License as published by
|
|
|
86bca3 |
-# the Free Software Foundation; version 2 of the License.
|
|
|
86bca3 |
-#
|
|
|
86bca3 |
-# This program is distributed in the hope that it will be useful,
|
|
|
86bca3 |
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
86bca3 |
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
86bca3 |
-# GNU General Public License for more details.
|
|
|
86bca3 |
-#
|
|
|
86bca3 |
-# You should have received a copy of the GNU General Public License along
|
|
|
86bca3 |
-# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
86bca3 |
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
86bca3 |
-#
|
|
|
86bca3 |
-# Copyright (C) 2017 Red Hat, Inc.
|
|
|
86bca3 |
-# All rights reserved.
|
|
|
86bca3 |
-#
|
|
|
86bca3 |
-
|
|
|
86bca3 |
-from __future__ import absolute_import
|
|
|
86bca3 |
-import os
|
|
|
86bca3 |
-from lxml import etree
|
|
|
86bca3 |
-
|
|
|
86bca3 |
-import pki
|
|
|
86bca3 |
-
|
|
|
86bca3 |
-
|
|
|
86bca3 |
-class UpdateAJPLoopbackAddress(
|
|
|
86bca3 |
- pki.server.upgrade.PKIServerUpgradeScriptlet):
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- def __init__(self):
|
|
|
86bca3 |
- super(UpdateAJPLoopbackAddress, self).__init__()
|
|
|
86bca3 |
- self.message = 'Update AJP loopback address'
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- self.parser = etree.XMLParser(remove_blank_text=True)
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- def upgrade_instance(self, instance):
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- server_xml = os.path.join(instance.conf_dir, 'server.xml')
|
|
|
86bca3 |
- self.backup(server_xml)
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- document = etree.parse(server_xml, self.parser)
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- server = document.getroot()
|
|
|
86bca3 |
- connectors = server.findall('.//Connector')
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- # replace IPv4- or IPv6-specific AJP loopback address with localhost
|
|
|
86bca3 |
- for connector in connectors:
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- protocol = connector.get('protocol')
|
|
|
86bca3 |
- if protocol != 'AJP/1.3':
|
|
|
86bca3 |
- continue
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- address = connector.get('address')
|
|
|
86bca3 |
- if address != '127.0.0.1' and address != '::1':
|
|
|
86bca3 |
- continue
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- connector.set('address', 'localhost')
|
|
|
86bca3 |
-
|
|
|
86bca3 |
- with open(server_xml, 'wb') as f:
|
|
|
86bca3 |
- document.write(f, pretty_print=True, encoding='utf-8')
|