Lightweight CAs: renew certs with same issuer

When renewing a certificate, propagate the Authority ID from the
original request to the new request, to ensure that the new
certificate is issued by the same issuer as the original.

Part of: https://fedorahosted.org/pki/ticket/2327

1 files changed, 7 insertions, 0 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
index b22cc1ce4..8efa9162a 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
@@ -214,6 +214,9 @@ public class RenewalProcessor extends CertProcessor {
             String profileId = origReq.getExtDataInString("profileId");
             CMS.debug("RenewalSubmitter: renewal original profileId=" + profileId);
 
+            String aidString = origReq.getExtDataInString(
+                    IEnrollProfile.REQUEST_AUTHORITY_ID);
+
             Integer origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
             IProfile profile = ps.getProfile(profileId);
             if (profile == null) {
@@ -226,6 +229,10 @@ public class RenewalProcessor extends CertProcessor {
             }
 
             IProfileContext ctx = profile.createContext();
+
+            if (aidString != null)
+                ctx.set(IEnrollProfile.REQUEST_AUTHORITY_ID, aidString);
+
             IProfileAuthenticator authenticator = renewProfile.getAuthenticator();
             IProfileAuthenticator origAuthenticator = profile.getAuthenticator();