diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2017-02-22 11:26:43 +1000 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2017-03-14 11:22:07 +1000 |
commit | 6fa6b692882d00c8228aed7f5780b13f1b09c98c (patch) | |
tree | 7c43c72e1ebb156fc9519c9cefe3fd0328d780ce /base/ca/src/org/dogtagpki/server | |
parent | 18612df432d73ace0523c63ea9f82ee13a4b0b4e (diff) | |
download | pki-6fa6b692882d00c8228aed7f5780b13f1b09c98c.tar.gz pki-6fa6b692882d00c8228aed7f5780b13f1b09c98c.tar.xz pki-6fa6b692882d00c8228aed7f5780b13f1b09c98c.zip |
Include revocation reason in REST cert data
Fixes: https://fedorahosted.org/pki/ticket/2601
Diffstat (limited to 'base/ca/src/org/dogtagpki/server')
-rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/CertService.java | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java index 2f9f46729..ebbab2572 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java @@ -64,6 +64,7 @@ import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.certsrv.dbs.certdb.ICertRecordList; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.dbs.certdb.IRevocationInfo; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequest; @@ -80,8 +81,11 @@ import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; import netscape.security.provider.RSAPublicKey; import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLReasonExtension; import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509ExtensionException; import netscape.security.x509.X509Key; /** @@ -529,6 +533,20 @@ public class CertService extends PKIService implements CertResource { certData.setRevokedOn(record.getRevokedOn()); certData.setRevokedBy(record.getRevokedBy()); + IRevocationInfo revInfo = record.getRevocationInfo(); + if (revInfo != null) { + CRLExtensions revExts = revInfo.getCRLEntryExtensions(); + if (revExts != null) { + try { + CRLReasonExtension ext = (CRLReasonExtension) + revExts.get(CRLReasonExtension.NAME); + certData.setRevocationReason(ext.getReason().getCode()); + } catch (X509ExtensionException e) { + // nothing to do + } + } + } + certData.setStatus(record.getStatus()); if (authority.noncesEnabled() && generateNonce) { |