Lightweight CAs: indicate when CA does not yet have keys

When a lightweight CA is created, clones will initialise a local
object when the LDAP replication takes place, however, the signing
keys will not yet have been replicated.  Therefore, indicate CA
readiness in authority data and respond appropriately (HTTP 503)
when signing operations are attempted.

Part of: https://fedorahosted.org/pki/ticket/1625

1 files changed, 16 insertions, 1 deletions

diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityData.java b/base/common/src/com/netscape/certsrv/authority/AuthorityData.java
index 2312c3989..84679567e 100644
--- a/base/common/src/com/netscape/certsrv/authority/AuthorityData.java
+++ b/base/common/src/com/netscape/certsrv/authority/AuthorityData.java
@@ -95,6 +95,19 @@ public class AuthorityData {
     }
 
 
+    /**
+     * Whether the CA is ready to perform signing operations.
+     *
+     * This is a read-only attribute; it cannot be set by the user.
+     */
+    @XmlAttribute
+    protected Boolean ready;
+
+    public Boolean getReady() {
+        return ready;
+    }
+
+
     protected Link link;
 
     public Link getLink() {
@@ -111,13 +124,15 @@ public class AuthorityData {
     public AuthorityData(
             Boolean isHostAuthority,
             String dn, String id, String parentID,
-            Boolean enabled, String description) {
+            Boolean enabled, String description,
+            Boolean ready) {
         this.isHostAuthority = isHostAuthority;
         this.dn = dn;
         this.id = id;
         this.parentID = parentID;
         this.enabled = enabled;
         this.description = description;
+        this.ready = ready;
     }
 
 }