summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-08-17 16:44:48 +0200
committerEndi S. Dewata <edewata@redhat.com>2016-08-22 20:15:32 +0200
commitbde2cd1d3e65850c82a6ea7a6cebcae46a4408f2 (patch)
tree24db0e977e9337bc4b22dd0d134842b29d5dc7ea
parentfdd5e984874a3f6b31e0509f646785428d643ece (diff)
downloadpki-bde2cd1d3e65850c82a6ea7a6cebcae46a4408f2.tar.gz
pki-bde2cd1d3e65850c82a6ea7a6cebcae46a4408f2.tar.xz
pki-bde2cd1d3e65850c82a6ea7a6cebcae46a4408f2.zip
Allowing optional CA signing CSR.
The CA signing CSR is already stored in request record which will be imported as part of migration process, so it's not necessary to export and reimport the CSR file again for migration. To allow optional CSR, the pki-server subsystem-cert-validate CLI has been modified to no longer check the CSR in CS.cfg. The ConfigurationUtils.loadCertRequest() has been modified to ignore the missing CSR in CS.cfg. https://fedorahosted.org/pki/ticket/2440
Diffstat
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java13
-rw-r--r--base/server/python/pki/server/cli/subsystem.py4
2 files changed, 10 insertions, 7 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 992ccc105..cdb284495 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -2947,10 +2947,17 @@ public class ConfigurationUtils {
cert.setDN(subjectDN);
String subsystem = config.getString(PCERT_PREFIX + tag + ".subsystem");
- String certreq = config.getString(subsystem + "." + tag + ".certreq");
- String formattedCertreq = CryptoUtil.reqFormat(certreq);
- cert.setRequest(formattedCertreq);
+ try {
+ String certreq = config.getString(subsystem + "." + tag + ".certreq");
+ String formattedCertreq = CryptoUtil.reqFormat(certreq);
+
+ cert.setRequest(formattedCertreq);
+
+ } catch (EPropertyNotFound e) {
+ // The CSR is optional for existing CA case.
+ CMS.debug("ConfigurationUtils.loadCertRequest: " + tag + " cert has no CSR");
+ }
}
public static void generateCertRequest(IConfigStore config, String certTag, Cert cert) throws Exception {
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index 4651d74db..c173ea255 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -917,10 +917,6 @@ class SubsystemCertValidateCLI(pki.cli.CLI):
print(' Cert ID: %s' % cert['id'])
- if not cert['request']:
- print(' Status: ERROR: missing certificate request')
- return False
-
if not cert['data']:
print(' Status: ERROR: missing certificate data')
return False
generated by cgit (git 2.34.1) at 2026-01-07 20:22:34 +0000