diff options
| author | Jack Magne <jmagne@localhost.localdomain> | 2015-07-01 15:01:45 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@localhost.localdomain> | 2015-07-01 16:08:10 -0700 |
| commit | b253cad196f57e79a5aede53aceffede1c9edfbe (patch) | |
| tree | 149e31a3eeb7977a837001e8914e9f9c82992f70 | |
| parent | 7c1af7f7dac89363c7923802ec759ccb84813bfb (diff) | |
| download | pki-b253cad196f57e79a5aede53aceffede1c9edfbe.tar.gz pki-b253cad196f57e79a5aede53aceffede1c9edfbe.tar.xz pki-b253cad196f57e79a5aede53aceffede1c9edfbe.zip | |
Ability to toggle profile usablity in Web vs CLI tools.
Ticket #1442.
This fix gives the command line enrollment commands the ability to enroll a cert against a profile
that has been marked as not visible but "enabled".
With the simple fix the following scenarios tested to work:
The "caUserCert" Profile was marked as not visible, but enabled.
1. pki -c Secret123 client-cert-request --profile caUserCert uid=jmagne
This is the simplest form of user cert enrollment.
2. pki ca-cert-request-profile-show caUserCert --output testuser.xml
pki ca-cert-request-submit testuser.xml
The first command gives us the profile's xml file, which after modification is used to enroll.
3. pki -d ~/.dogtag/pki -c "" -n "PKI Administrator for localdomain" ca-profile-show caUserCert
This one shows that we can view the contents of a non visible profile. Listing is not allowed.
We felt this appropiate to allow a command line user to get the details of a non visible profile that
they know aobut and want to use.
| -rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java index 969cfd1a6..a11cb470b 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java @@ -336,9 +336,8 @@ public class CertRequestService extends PKIService implements CertRequestResourc } if (! profile.isVisible()) { - CMS.debug("getEnrollmentTemplate(): attempt to get enrollment template for non-visible profile"); - throw new BadRequestException("Cannot provide enrollment template for profile `" + profileId + - "`. Profile not marked as visible"); + CMS.debug("getEnrollmentTemplate(): attempt to get enrollment template for non-visible profile. This is ok since command line enrollments should be able to use enabled but non visible profiles."); + } CertEnrollmentRequest request = new CertEnrollmentRequest(); |