diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-16 16:48:43 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-04-14 16:07:17 +1000 |
commit | 8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39 (patch) | |
tree | be9830bd2da459a955050b240bfc10e52c010e8d /base/common/src | |
parent | 28bc4ed903bc9e2618390ec412602d889e28354b (diff) | |
download | pki-8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39.tar.gz pki-8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39.tar.xz pki-8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39.zip |
Lightweight CAs: indicate when CA does not yet have keys
When a lightweight CA is created, clones will initialise a local
object when the LDAP replication takes place, however, the signing
keys will not yet have been replicated. Therefore, indicate CA
readiness in authority data and respond appropriately (HTTP 503)
when signing operations are attempted.
Part of: https://fedorahosted.org/pki/ticket/1625
Diffstat (limited to 'base/common/src')
3 files changed, 43 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityData.java b/base/common/src/com/netscape/certsrv/authority/AuthorityData.java index 2312c3989..84679567e 100644 --- a/base/common/src/com/netscape/certsrv/authority/AuthorityData.java +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityData.java @@ -95,6 +95,19 @@ public class AuthorityData { } + /** + * Whether the CA is ready to perform signing operations. + * + * This is a read-only attribute; it cannot be set by the user. + */ + @XmlAttribute + protected Boolean ready; + + public Boolean getReady() { + return ready; + } + + protected Link link; public Link getLink() { @@ -111,13 +124,15 @@ public class AuthorityData { public AuthorityData( Boolean isHostAuthority, String dn, String id, String parentID, - Boolean enabled, String description) { + Boolean enabled, String description, + Boolean ready) { this.isHostAuthority = isHostAuthority; this.dn = dn; this.id = id; this.parentID = parentID; this.enabled = enabled; this.description = description; + this.ready = ready; } } diff --git a/base/common/src/com/netscape/certsrv/base/ServiceUnavailableException.java b/base/common/src/com/netscape/certsrv/base/ServiceUnavailableException.java new file mode 100644 index 000000000..0ee9c8a08 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/base/ServiceUnavailableException.java @@ -0,0 +1,17 @@ +package com.netscape.certsrv.base; + +import javax.ws.rs.core.Response; + +public class ServiceUnavailableException extends PKIException { + + private static final long serialVersionUID = -9160776882517621347L; + + public ServiceUnavailableException(String message) { + super(Response.Status.SERVICE_UNAVAILABLE, message); + } + + public ServiceUnavailableException(String message, Throwable cause) { + super(Response.Status.SERVICE_UNAVAILABLE, message, cause); + } + +} diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 6d83e6d07..dd0d1b085 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -545,6 +545,16 @@ public interface ICertificateAuthority extends ISubsystem { public boolean getAuthorityEnabled(); /** + * Return whether CA is ready to perform signing operations. + */ + public boolean isReady(); + + /** + * Throw an exception if CA is not ready to perform signing operations. + */ + public void ensureReady() throws ECAException; + + /** * Return CA description. May be null. */ public String getAuthorityDescription(); |