diff options
| author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-02-01 01:15:39 +0000 |
|---|---|---|
| committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-02-01 01:15:39 +0000 |
| commit | 1a3349426fd39450b0627858bbbc1a016a8a97e0 (patch) | |
| tree | 3dd5c41d2b4fb264d1c2b9fed44d9e79d7569490 | |
| parent | 14940a816a18d87cb34cb859a7974db3c21cb48c (diff) | |
Bugzilla Bug 669804 - on active token re-enroll, TPS does not revoke and remove existing certs.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1803 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/tps/src/processor/RA_Enroll_Processor.cpp | 17 | ||||
| -rw-r--r-- | pki/base/tps/src/processor/RA_Processor.cpp | 8 |
2 files changed, 23 insertions, 2 deletions
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index b51c412f4..c7c64c663 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -2951,6 +2951,23 @@ bool RA_Enroll_Processor::GenerateCertificates(AuthParams *login, RA_Session *se } + if (noFailedCerts == true) { + //In this special case of re-enroll + //Revoke current certs for this token + // before the just enrolled certs are written to the db + char error_msg[512]; + bool success = RevokeCertificates(session, cuid,error_msg,(char *)final_applet_version, + NULL,(char *)tokenType,(char *)userid,o_status + ); + + RA::Debug("GenerateCertificates","Revoke result %d ",(int) success); + + if (!success) { + //Don't blow the whole thing up for this. + RA::Debug("GenerateCertificates","Revocation failure %s ",error_msg); + } + + } loser: if(lastErrorStatus != STATUS_NO_ERROR) { o_status = lastErrorStatus; diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp index 0a240e332..f70ee2398 100644 --- a/pki/base/tps/src/processor/RA_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Processor.cpp @@ -2459,7 +2459,7 @@ bool RA_Processor::RevokeCertificates(RA_Session *session, char *cuid,char *audi LDAPMessage *e = NULL; bool revocation_failed = false; - RA::Debug("RA_Processor::RevokeCertificates","RevokeCertificates!"); + RA::Debug("RA_Processor::RevokeCertificates","RevokeCertificates! cuid %s",cuid); PR_snprintf((char *)filter, 256, "(tokenID=%s)", cuid); rc = RA::ra_find_tus_certificate_entries_by_order(filter, 100, &result, 1); if (rc == 0) { @@ -2536,6 +2536,7 @@ bool RA_Processor::RevokeCertificates(RA_Session *session, char *cuid,char *audi continue; } statusNum = certEnroll->RevokeCertificate("1", serial, connid, statusString); + RA::Debug("RA_Processor::RevokeCertificates", "Revoke cert %s status %d",serial,statusNum); if (statusNum == 0) { RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid, @@ -2582,7 +2583,10 @@ bool RA_Processor::RevokeCertificates(RA_Session *session, char *cuid,char *audi goto loser; } - rc = RA::tdb_update("", cuid, (char *)final_applet_version, keyVersion, "uninitialized", "", tokenType); + rc = 0; + if (keyVersion != NULL) { + rc = RA::tdb_update("", cuid, (char *)final_applet_version, keyVersion, "uninitialized", "", tokenType); + } if (rc != 0) { RA::Debug(LL_PER_PDU, "RA_Processor::RevokeCertificates", |