diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-16 13:07:43 +1100 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-04-14 16:07:17 +1000 |
| commit | 28bc4ed903bc9e2618390ec412602d889e28354b (patch) | |
| tree | 94f929e8ee91cd53ac9d60090279081c81d377d6 | |
| parent | a39499f08966a517d52c97ef0cd54d8e6f098fb9 (diff) | |
| download | pki-28bc4ed903bc9e2618390ec412602d889e28354b.tar.gz pki-28bc4ed903bc9e2618390ec412602d889e28354b.tar.xz pki-28bc4ed903bc9e2618390ec412602d889e28354b.zip | |
Lightweight CAs: set DN based on data from LDAP
When initialising a lightweight CA, if we do not have the signing
cert and key in the NSSDB yet, we do not initialise the DN. This
causes NPE in other code that expects getX500Name() to return a
value, e.g. REST API to list or show CA.
To work around this, when loading lightweight CAs set the DN based
on the 'authorityDN' value stored in its LDAP entry.
Part of: https://fedorahosted.org/pki/ticket/1625
| -rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 3bda33f27..60f6b3621 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -337,6 +337,7 @@ public class CertificateAuthority */ private CertificateAuthority( CertificateAuthority hostCA, + X500Name dn, AuthorityID aid, AuthorityID parentAID, String signingKeyNickname, @@ -345,6 +346,11 @@ public class CertificateAuthority ) throws EBaseException { setId(hostCA.getId()); this.hostCA = hostCA; + + // cert and key may not have been replicated to local nssdb + // yet, so set DN based on data from LDAP + this.mName = dn; + this.authorityID = aid; this.authorityParentID = parentAID; this.authorityDescription = authorityDescription; @@ -2596,7 +2602,8 @@ public class CertificateAuthority } return new CertificateAuthority( - hostCA, aid, this.authorityID, nickname, description, true); + hostCA, subjectX500Name, + aid, this.authorityID, nickname, description, true); } /** @@ -3045,7 +3052,7 @@ public class CertificateAuthority try { CertificateAuthority ca = new CertificateAuthority( - hostCA, aid, parentAID, keyNick, desc, enabled); + hostCA, dn, aid, parentAID, keyNick, desc, enabled); caMap.put(aid, ca); entryUSNs.put(aid, newEntryUSN); nsUniqueIds.put(aid, nsUniqueId); |