diff options
| author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-12-16 19:19:16 +0000 |
|---|---|---|
| committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-12-16 19:19:16 +0000 |
| commit | bb6a406784a10fbeb24b36a3faba06316a278cd5 (patch) | |
| tree | 3c4b35dded817ebe9e772798435477dd56f920bd | |
| parent | 717ddc7782211ce853d7b2d48859041e2b59559a (diff) | |
Fix Bugzilla Bug 661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1641 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index 54a058ddc..08756a5ba 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -334,17 +334,22 @@ public class DoRevokeTPS extends CMSServlet { Enumeration e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits); + boolean alreadyRevokedCertFound = false; + boolean badCertsRequested = false; while (e != null && e.hasMoreElements()) { ICertRecord rec = (ICertRecord) e.nextElement(); - if (rec == null) + if (rec == null) { + badCertsRequested = true; continue; + } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); + badCertsRequested = true; continue; } @@ -353,6 +358,7 @@ public class DoRevokeTPS extends CMSServlet { xcert.getSerialNumber().toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + alreadyRevokedCertFound = true; CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); } else { oldCertsV.addElement(xcert); @@ -365,10 +371,29 @@ public class DoRevokeTPS extends CMSServlet { CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); count++; } + } else { + badCertsRequested = true; } } if (count == 0) { + // Situation where no certs were reoked here, but some certs + // requested happened to be already revoked. Don't return error. + if (alreadyRevokedCertFound == true && badCertsRequested == false) { + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); + + audit(auditMessage); + return; + } + errorString = "error=No certificates are revoked."; o_status = "status=2"; log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); |