Respond 400 if lightweight CA cert issuance fails

If certificate issuance fails during lightweight CA creation (e.g.
due to a profile constraint violation such as Subject DN not
matching pattern) the API responds with status 500.

Raise BadRequestDataException if cert issuance fails in a way that
indicates bad or invalid CSR data, and catch it to respond with
status 400.

Also do some drive-by exception chaining.

Fixes: https://fedorahosted.org/pki/ticket/2388

1 files changed, 2 insertions, 1 deletions

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
index 5ecabacd9..7bca10fa1 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
@@ -38,6 +38,7 @@ import javax.ws.rs.core.UriInfo;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.AuthorityData;
 import com.netscape.certsrv.authority.AuthorityResource;
+import com.netscape.certsrv.base.BadRequestDataException;
 import com.netscape.certsrv.base.BadRequestException;
 import com.netscape.certsrv.base.ConflictingOperationException;
 import com.netscape.certsrv.base.EBaseException;
@@ -207,7 +208,7 @@ public class AuthorityService extends PKIService implements AuthorityResource {
             audit(ILogger.SUCCESS, OpDef.OP_ADD,
                     subCA.getAuthorityID().toString(), auditParams);
             return createOKResponse(readAuthorityData(subCA));
-        } catch (IllegalArgumentException e) {
+        } catch (IllegalArgumentException | BadRequestDataException e) {
             throw new BadRequestException(e.toString());
         } catch (CANotFoundException e) {
             throw new ResourceNotFoundException(e.toString());