From e7251c9908dccac5cd2caf4883b34ac84453d835 Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Wed, 19 Jul 2023 15:15:40 +0200 Subject: [PATCH] Modify init order for OCSP subsystem The init order for OCSP is modified to allow CRL retrieval before creating connection with DS or other services. Secure`connections will be verified against the CRL. Solve RHCS-4262 --- .../org/dogtagpki/server/ocsp/OCSPEngine.java | 36 +++++++++++++++++ .../com/netscape/cmscore/apps/CMSEngine.java | 40 ++++++++++--------- 2 files changed, 58 insertions(+), 18 deletions(-) diff --git a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java index bba325e51ae..a9983551b91 100644 --- a/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java +++ b/base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java @@ -64,4 +64,40 @@ public void initSubsystem(ISubsystem subsystem, IConfigStore subsystemConfig) th super.initSubsystem(subsystem, subsystemConfig); } + + @Override + protected void initSequence() throws Exception { + + initDebug(); + init(); + initPasswordStore(); + initSubsystemListeners(); + initSecurityProvider(); + initPluginRegistry(); + initLogSubsystem(); + initDatabase(); + initJssSubsystem(); + initDBSubsystem(); + initUGSubsystem(); + initOIDLoaderSubsystem(); + initX500NameSubsystem(); + // skip TP subsystem; + // problem in needing dbsubsystem in constructor. and it's not used. + initRequestSubsystem(); + + + startupSubsystems(); + + initAuthSubsystem(); + initAuthzSubsystem(); + initJobsScheduler(); + + configureAutoShutdown(); + configureServerCertNickname(); + configureExcludedLdapAttrs(); + + initSecurityDomain(); + } + + } diff --git a/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java b/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java index 7671828fa70..07b00092925 100644 --- a/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java @@ -1102,6 +1102,28 @@ public void start() throws Exception { CMS.setCMSEngine(this); + initSequence(); + + // Register realm for this subsystem + ProxyRealm.registerRealm(id, new PKIRealm()); + + ready = true; + isStarted = true; + + mStartupTime = System.currentTimeMillis(); + + logger.info(name + " engine started"); + // Register TomcatJSS socket listener + TomcatJSS tomcatJss = TomcatJSS.getInstance(); + if(serverSocketListener == null) { + serverSocketListener = new PKIServerSocketListener(); + } + tomcatJss.addSocketListener(serverSocketListener); + + notifySubsystemStarted(); + } + + protected void initSequence() throws Exception { initDebug(); initPasswordStore(); initSubsystemListeners(); @@ -1131,24 +1153,6 @@ public void start() throws Exception { configureExcludedLdapAttrs(); initSecurityDomain(); - - // Register realm for this subsystem - ProxyRealm.registerRealm(id, new PKIRealm()); - - ready = true; - isStarted = true; - - mStartupTime = System.currentTimeMillis(); - - logger.info(name + " engine started"); - // Register TomcatJSS socket listener - TomcatJSS tomcatJss = TomcatJSS.getInstance(); - if(serverSocketListener == null) { - serverSocketListener = new PKIServerSocketListener(); - } - tomcatJss.addSocketListener(serverSocketListener); - - notifySubsystemStarted(); } public boolean isInRunningState() {