diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-30 23:46:36 -0400 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-02-22 16:44:50 -0500 |
commit | 754b15db85c22903b3f9b18742ab2649fc556ad3 (patch) | |
tree | 39827df5a55801e54f0505d87221fd03b4058dd9 /base/ca/src/com/netscape/ca | |
parent | c32dd90ef638e9653136eeb901426c56b511fda4 (diff) | |
download | pki-754b15db85c22903b3f9b18742ab2649fc556ad3.tar.gz pki-754b15db85c22903b3f9b18742ab2649fc556ad3.tar.xz pki-754b15db85c22903b3f9b18742ab2649fc556ad3.zip |
Lightweight CAs: ensure disabled CA cannot create sub-CAs
Fixes: https://fedorahosted.org/pki/ticket/1628
Diffstat (limited to 'base/ca/src/com/netscape/ca')
-rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 449da301f..d2afa64f8 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -2409,6 +2409,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori String subjectDN, String description) throws EBaseException { + if (!authorityEnabled) + throw new CADisabledException("Parent CA is disabled"); + // check requested DN X500Name subjectX500Name = null; try { |