diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-05-09 12:57:32 +1000 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-05-13 12:23:30 +1000 |
| commit | 54c18d85a778775c86bcddab4eee929719ac4d23 (patch) | |
| tree | 32ff2e24f345aee5e131ecd52d7d767bb295b98a /base/server/cms/src/com | |
| parent | 7e0f52b62e003ab0f66ed12fdd27e05713166b74 (diff) | |
Reject cert request if resultant subject DN is invalid
An unparseable subject DN is ignored, causing NPE in subsequent
processing becaues the subject DN was not set. Throw
ERejectException if the subject DN is invalid, to ensure that a
useful response can be returned to the requestor.
Fixes: https://fedorahosted.org/pki/ticket/2317
Diffstat (limited to 'base/server/cms/src/com')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java index 31aee6dd6..629f4bcc1 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/SubjectNameDefault.java @@ -27,6 +27,7 @@ import netscape.security.x509.X509CertInfo; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.ERejectException; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.EPropertyException; @@ -166,19 +167,14 @@ public class SubjectNameDefault extends EnrollDefault { return; try { name = new X500Name(subjectName); - } catch (IOException e) { - // failed to build x500 name - CMS.debug("SubjectNameDefault: populate " + e.toString()); - } - if (name == null) { - // failed to build x500 name - } - try { info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { - // failed to insert subject name - CMS.debug("SubjectNameDefault: populate " + e.toString()); + CMS.debug("SubjectNameDefault: failed to populate: " + e); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", + subjectName), e); } } } |