Added nonce validation for certificate revocation.ticket-213-3

The certificate REST service has been modified to validate
nonce when revoking a certificate.

Ticket #213

1 files changed, 5 insertions, 3 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java
index d8a4d5295..af0c7da1f 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java
@@ -105,9 +105,9 @@ public class CertRevokeCLI extends CLI {
             return;
         }
 
-        if (!cmd.hasOption("force")) {
+        CertData certData = parent.client.getCert(certID);
 
-            CertData certData = parent.client.getCert(certID);
+        if (!cmd.hasOption("force")) {
 
             if (reason == RevocationReason.CERTIFICATE_HOLD) {
                 System.out.println("Placing certificate on-hold:");
@@ -118,6 +118,7 @@ public class CertRevokeCLI extends CLI {
             }
 
             CertCLI.printCertData(certData, false, false);
+            if (verbose) System.out.println("  Nonce: " + certData.getNonce());
 
             System.out.print("Are you sure (Y/N)? ");
             System.out.flush();
@@ -132,6 +133,7 @@ public class CertRevokeCLI extends CLI {
         CertRevokeRequest request = new CertRevokeRequest();
         request.setReason(reason);
         request.setComments(cmd.getOptionValue("comments"));
+        request.setNonce(certData.getNonce());
 
         CertRequestInfo certRequestInfo;
 
@@ -154,7 +156,7 @@ public class CertRevokeCLI extends CLI {
                 MainCLI.printMessage("Revoked certificate \"" + certID.toHexString() + "\"");
             }
 
-            CertData certData = parent.client.getCert(certID);
+            certData = parent.client.getCert(certID);
             CertCLI.printCertData(certData, false, false);
 
         } else {