summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2013-01-24 09:46:22 -0500
committerAde Lee <alee@redhat.com>2013-02-11 11:14:31 -0500
commitc687255a284008f9ee5c998b7c8d5705a3e21880 (patch)
treec7a483a153425a9d1c2d5b572d8a944e9d3163bd
parent41885178559ad00d711a9bc3367a30dc830303fd (diff)
downloadpki-c687255a284008f9ee5c998b7c8d5705a3e21880.zip
pki-c687255a284008f9ee5c998b7c8d5705a3e21880.tar.gz
pki-c687255a284008f9ee5c998b7c8d5705a3e21880.tar.xz
Fix get cert chain to use admin port only
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java9
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java5
2 files changed, 11 insertions, 3 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index 7ecbb0c..462e054 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -195,6 +195,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
}
try {
+ String cstype = config.getString("cs.type", "");
config.putString("preop.subsystem.name", HttpInput.getName(request, "subsystemName"));
if (select.equals("newsubsystem")) {
@@ -214,7 +215,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
}
- // get the master CA
+ // get the masterURL
String index = request.getParameter("urls");
String url = "";
@@ -243,8 +244,12 @@ public class CreateSubsystemPanel extends WizardPanelBase {
throw new IOException("Invalid clone URI provided. Does not match the available subsystems in " +
"the security domain");
}
+ if (cstype.equals("CA")) {
+ int https_admin_port = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
+ host, https_ee_port, "CA", "SecurePort", "SecureAdminPort");
- ConfigurationUtils.importCertChain(host, https_ee_port, "/ca/ee/ca/getCertChain", "clone");
+ ConfigurationUtils.importCertChain(host, https_admin_port, "/ca/admin/ca/getCertChain", "clone");
+ }
} else {
CMS.debug("CreateSubsystemPanel: invalid choice " + select);
context.put("updateStatus", "failure");
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
index 2e7f061..4304f5b 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigService.java
@@ -251,7 +251,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
if (csType.equals("CA")) {
try {
- ConfigurationUtils.importCertChain(masterHost, masterPort, "/ca/ee/ca/getCertChain", "clone");
+ int masterAdminPort = ConfigurationUtils.getPortFromSecurityDomain(domainXML,
+ masterHost, masterPort, "CA", "SecurePort", "SecureAdminPort");
+ ConfigurationUtils.importCertChain(masterHost, masterAdminPort, "/ca/admin/ca/getCertChain",
+ "clone");
} catch (Exception e) {
e.printStackTrace();
throw new PKIException("Failed to import certificate chain from master" + e);