diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2014-05-09 14:35:01 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2014-05-19 12:29:31 -0400 |
| commit | be31509dd9a8eb710dca6e2961043cb4043f45fa (patch) | |
| tree | ba31db7a5d5415ebce34645695bf1aece2be7a57 | |
| parent | 0334a7bcd62bd31ea18df4240ec42983a1b25489 (diff) | |
| download | pki-be31509dd9a8eb710dca6e2961043cb4043f45fa.tar.gz pki-be31509dd9a8eb710dca6e2961043cb4043f45fa.tar.xz pki-be31509dd9a8eb710dca6e2961043cb4043f45fa.zip | |
Fixed internal errors in RenewalProcessor.
The RenewalProcessor was throwing NumberFormatException if the
renewal request contains an empty serial number. The code has been
modified to check for null and empty string.
If the serial number is unavailable, the code will try to get the
serial number from the client certificate. If that is unavailable
either, the code has been fixed to return a proper message.
Ticket #999
| -rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 3 | ||||
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 13 |
2 files changed, 12 insertions, 4 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java index 74f7b52f6..969cfd1a6 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java @@ -144,6 +144,9 @@ public class CertRequestService extends PKIService implements CertRequestResourc throw new BadRequestException(e.toString()); } catch (EBaseException e) { throw new PKIException(e.toString()); + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e.toString()); } // this will return an error code of 200, instead of 201 diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java index a13a305b8..7daad6c96 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java @@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletRequest; import netscape.security.x509.BasicConstraintsExtension; import netscape.security.x509.X509CertImpl; +import org.apache.commons.lang.StringUtils; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.BadRequestDataException; @@ -107,25 +109,28 @@ public class RenewalProcessor extends CertProcessor { String serial = data.getSerialNum(); BigInteger certSerial = null; - if (serial != null) { + if (StringUtils.isNotEmpty(serial)) { // if serial number is sent with request, then the authentication // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) // usr_origreq evaluator should be used to authorize ownership // of the cert - CMS.debug("RenewalSubmitter: renewal: found serial_num"); + CMS.debug("RenewalSubmitter: renewal: serial number: " + serial); certSerial = new BigInteger(serial); + } else { // ssl client auth is to be used // this is not authentication. Just use the cert to search // for orig request and find the right profile CMS.debug("RenewalSubmitter: renewal: serial_num not found, must do ssl client auth"); certSerial = getSerialNumberFromCert(request); + if (certSerial == null) { - CMS.debug(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + CMS.debug(CMS.getUserMessage(locale, "CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } } + CMS.debug("processRenewal: serial number of cert to renew:" + certSerial.toString()); ICertRecord rec = certdb.readCertificateRecord(certSerial); if (rec == null) { |