diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-05-13 09:00:44 +1000 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-06-05 18:59:30 +0200 |
| commit | cb9eb967b5e24f5fde8bbf8ae87aa615b7033db7 (patch) | |
| tree | 1d51d87f1e09df6592a928e5bf66a8d0b1f4f25a /base/common | |
| parent | 45c26ba97095a82bb91a12e0427fdb14cbe77699 (diff) | |
| download | pki-cb9eb967b5e24f5fde8bbf8ae87aa615b7033db7.tar.gz pki-cb9eb967b5e24f5fde8bbf8ae87aa615b7033db7.tar.xz pki-cb9eb967b5e24f5fde8bbf8ae87aa615b7033db7.zip | |
Lightweight CAs: add method to renew certificate
Add the CertificateAuthority.renewAuthority() method that creates
and processes a renewal request for the lightweight CA's signing
cert. The new certificate replaces the old certificate in the NSSDB
and the serial number is stored in the 'authoritySerial' attribute.
Clones observe when the 'authoritySerial' attribute has changed and
update the certificate in their NSSDB, too.
The renewal behaviour is available in the REST API as a POST to
/ca/rest/authorities/<id>/renew.
Fixes: https://fedorahosted.org/pki/ticket/2327
Diffstat (limited to 'base/common')
| -rw-r--r-- | base/common/src/com/netscape/certsrv/authority/AuthorityResource.java | 7 | ||||
| -rw-r--r-- | base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java | 6 |
2 files changed, 13 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java index c6dc69624..0f8b70ade 100644 --- a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java +++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java @@ -94,6 +94,13 @@ public interface AuthorityResource { @ACLMapping("authorities.modify") public Response disableCA(@PathParam("id") String caIDString); + @POST + @Path("{id}/renew") + @ClientResponseType(entityType=AuthorityData.class) + @AuthMethodMapping("authorities") + @ACLMapping("authorities.modify") + public Response renewCA(@PathParam("id") String caIDString); + @DELETE @Path("{id}") @ClientResponseType(entityType=Void.class) diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index dd0d1b085..308bfba12 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -598,6 +598,12 @@ public interface ICertificateAuthority extends ISubsystem { throws EBaseException; /** + * Renew certificate of CA. + */ + public void renewAuthority(HttpServletRequest httpReq) + throws EBaseException; + + /** * Delete this lightweight CA. */ public void deleteAuthority() |