--- loncom/interface/domainprefs.pm	2023/04/11 20:35:19	1.422
+++ loncom/interface/domainprefs.pm	2023/05/22 21:10:55	1.423
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: domainprefs.pm,v 1.422 2023/04/11 20:35:19 raeburn Exp $
+# $Id: domainprefs.pm,v 1.423 2023/05/22 21:10:55 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -227,10 +227,21 @@ sub handler {
         &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring','linkprot'],$dom,undef,1);
     if (ref($domconfig{'ltitools'}) eq 'HASH') {
         if (ref($encconfig{'ltitools'}) eq 'HASH') {
+            my $is_home;
+            my $home = &Apache::lonnet::domain($dom,'primary');
+            unless (($home eq 'no_host') || ($home eq '')) {
+                my @ids=&Apache::lonnet::current_machine_ids();
+                if (grep(/^\Q$home\E$/,@ids)) {
+                    $is_home = 1;
+                }
+            }
             foreach my $id (keys(%{$domconfig{'ltitools'}})) {
                 if ((ref($domconfig{'ltitools'}{$id}) eq 'HASH') &&
                     (ref($encconfig{'ltitools'}{$id}) eq 'HASH')) {
                     $domconfig{'ltitools'}{$id}{'key'} = $encconfig{'ltitools'}{$id}{'key'};
+                    if (($is_home) && ($phase eq 'process')) {
+                        $domconfig{'ltitools'}{$id}{'secret'} = $encconfig{'ltitools'}{$id}{'secret'};
+                    }
                 }
             }
         }
@@ -14245,15 +14256,22 @@ sub modify_ltitools {
                                    $action => { %newtoolsenc }
                                );
             &Apache::lonnet::put_dom('encconfig',\%toolsenchash,$dom,undef,1);
+            my $cachetime = 24*60*60;
+            &Apache::lonnet::do_cache_new('ltitoolsenc',$dom,\%newtoolsenc,$cachetime);
             &store_security($dom,'ltitools',\%secchanges,\%newkeyset,\%keystore,$lastactref);
         }
         $resulttext = &mt('Changes made:').'<ul>';
         if (keys(%secchanges) > 0) {
-            $resulttext .= &lti_security_results('ltitools',\%secchanges,\%newtoolsec,\%newkeyset,\%keystore);
+            $resulttext .= &lti_security_results($dom,'ltitools',\%secchanges,\%newtoolsec,\%newkeyset,\%keystore);
         }
         if (keys(%ltitoolschg) > 0) {
             $resulttext .= $ltitoolsoutput;
         }
+        my $cachetime = 24*60*60;
+        &Apache::lonnet::do_cache_new('ltitools',$dom,\%newltitools,$cachetime);
+        if (ref($lastactref) eq 'HASH') {
+            $lastactref->{'ltitools'} = 1;
+        }
     } else {
         $errors .= '<li><span class="LC_error">'.&mt('Failed to save changes').'</span></li>';
     }
@@ -14382,10 +14400,13 @@ sub store_security {
 }
 
 sub lti_security_results {
-    my ($context,$secchanges,$newsec,$newkeyset,$keystore) = @_;
+    my ($dom,$context,$secchanges,$newsec,$newkeyset,$keystore) = @_;
     my $output;
+    my %domdefaults = &Apache::lonnet::get_domain_defaults($dom);
+    my $needs_update;
     foreach my $item (keys(%{$secchanges})) {
         if ($item eq 'encrypt') {
+            $needs_update = 1;
             my %encrypted;
             if ($context eq 'lti') {
                 %encrypted = (
@@ -14417,12 +14438,29 @@ sub lti_security_results {
             }
             my @types= ('crs','dom');
             if ($context eq 'lti') {
+                foreach my $type (@types) {
+                    undef($domdefaults{'linkprotenc_'.$type});
+                }
                 push(@types,'consumers');
+                undef($domdefaults{'ltienc_consumers'});
+            } elsif ($context eq 'ltitools') {
+                foreach my $type (@types) {
+                    undef($domdefaults{'toolenc_'.$type});
+                }
             }
             foreach my $type (@types) {
                 my $shown = $encrypted{$type}{'off'};
                 if (ref($newsec->{$item}) eq 'HASH') {
                     if ($newsec->{$item}{$type}) {
+                        if ($context eq 'lti') {
+                            if ($type eq 'consumers') {
+                                $domdefaults{'ltienc_consumers'} = 1;
+                            } else {
+                                $domdefaults{'linkprotenc_'.$type} = 1;
+                            }
+                        } elsif ($context eq 'ltitools') {
+                            $domdefaults{'toolenc_'.$type} = 1;
+                        }
                         $shown = $encrypted{$type}{'on'};
                     }
                 }
@@ -14466,10 +14504,27 @@ sub lti_security_results {
                 $output .= '<li>'.&mt('[_1] set to none',$titles{'chars'}).'</li>';
             }
         } elsif ($item eq 'private') {
+            $needs_update = 1;
+            if ($context eq 'lti') {
+                undef($domdefaults{'ltiprivhosts'});
+            } elsif ($context eq 'ltitools') {
+                undef($domdefaults{'toolprivhosts'});
+            }
             if (keys(%{$newkeyset})) {
+                my @privhosts;
                 foreach my $hostid (sort(keys(%{$newkeyset}))) {
                     if ($keystore->{$hostid} eq 'ok') {
                         $output .= '<li>'.&mt('Encryption key for storage of shared secrets saved for [_1]',$hostid).'</li>';
+                        unless (grep(/^\Q$hostid\E$/,@privhosts)) {
+                            push(@privhosts,$hostid);
+                        }
+                    }
+                }
+                if (@privhosts) {
+                    if ($context eq 'lti') {
+                        $domdefaults{'ltiprivhosts'} = \@privhosts;
+                    } elsif ($context eq 'ltitools') {
+                        $domdefaults{'toolprivhosts'} = \@privhosts;
                     }
                 }
             }
@@ -14477,6 +14532,10 @@ sub lti_security_results {
             next;
         }
     }
+    if ($needs_update) {
+        my $cachetime = 24*60*60;
+        &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+    }
     return $output;
 }
 
@@ -15423,7 +15482,7 @@ sub modify_lti {
         }
         $resulttext = &mt('Changes made:').'<ul>';
         if (keys(%secchanges) > 0) {
-            $resulttext .= &lti_security_results('lti',\%secchanges,\%newltisec,\%newkeyset,\%keystore);
+            $resulttext .= &lti_security_results($dom,'lti',\%secchanges,\%newltisec,\%newkeyset,\%keystore);
             if (exists($secchanges{'linkprot'})) {
                 $resulttext .= $linkprotoutput;
             }