Modify init order for OCSP subsystem

The init order for OCSP is modified to allow CRL retrieval before creating connection with DS or other services. Secure`connections will be verified against the CRL. Solve RHCS-4262
dogtagpki · Jul 19, 2023 · e7251c9 · e7251c9
1 parent 2b8c802
commit e7251c9
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 18 deletions.
diff --git a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java
@@ -64,4 +64,40 @@ public void initSubsystem(ISubsystem subsystem, IConfigStore subsystemConfig) th
 
         super.initSubsystem(subsystem, subsystemConfig);
     }
+
+    @Override
+    protected void initSequence() throws Exception {
+
+        initDebug();
+        init();
+        initPasswordStore();
+        initSubsystemListeners();
+        initSecurityProvider();
+        initPluginRegistry();
+        initLogSubsystem();
+        initDatabase();
+        initJssSubsystem();
+        initDBSubsystem();
+        initUGSubsystem();
+        initOIDLoaderSubsystem();
+        initX500NameSubsystem();
+        // skip TP subsystem;
+        // problem in needing dbsubsystem in constructor. and it's not used.
+        initRequestSubsystem();
+
+
+        startupSubsystems();
+
+        initAuthSubsystem();
+        initAuthzSubsystem();
+        initJobsScheduler();
+
+        configureAutoShutdown();
+        configureServerCertNickname();
+        configureExcludedLdapAttrs();
+
+        initSecurityDomain();
+    }
+
+
 }
diff --git a/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java b/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java
@@ -1102,6 +1102,28 @@ public void start() throws Exception {
 
         CMS.setCMSEngine(this);
 
+        initSequence();
+
+        // Register realm for this subsystem
+        ProxyRealm.registerRealm(id, new PKIRealm());
+
+        ready = true;
+        isStarted = true;
+
+        mStartupTime = System.currentTimeMillis();
+
+        logger.info(name + " engine started");
+        // Register TomcatJSS socket listener
+        TomcatJSS tomcatJss = TomcatJSS.getInstance();
+        if(serverSocketListener == null) {
+            serverSocketListener = new PKIServerSocketListener();
+        }
+        tomcatJss.addSocketListener(serverSocketListener);
+
+        notifySubsystemStarted();
+    }
+
+    protected void initSequence() throws Exception {
         initDebug();
         initPasswordStore();
         initSubsystemListeners();
@@ -1131,24 +1153,6 @@ public void start() throws Exception {
         configureExcludedLdapAttrs();
 
         initSecurityDomain();
-
-        // Register realm for this subsystem
-        ProxyRealm.registerRealm(id, new PKIRealm());
-
-        ready = true;
-        isStarted = true;
-
-        mStartupTime = System.currentTimeMillis();
-
-        logger.info(name + " engine started");
-        // Register TomcatJSS socket listener
-        TomcatJSS tomcatJss = TomcatJSS.getInstance();
-        if(serverSocketListener == null) {
-            serverSocketListener = new PKIServerSocketListener();
-        }
-        tomcatJss.addSocketListener(serverSocketListener);
-
-        notifySubsystemStarted();
     }
 
     public boolean isInRunningState() {