summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/com
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2016-05-06 16:03:57 +1000
committerFraser Tweedale <ftweedal@redhat.com>2016-05-09 10:43:01 +1000
commitba6c1318711cda4adb9cdb0bdf969bc5ef590bd6 (patch)
treebb2aace4820888d011ea075bbe3bc9cc03dd8bd3 /base/server/cms/src/com
parentde1b8c44d442cac9d2d2209c28c2ef326f923baf (diff)
Lightweight CAs: allow specifying authority via ProfileSubmitServlet
Lightweight CAs were supported in REST-based request submission, but not via ProfileSubmitServlet, however, FreeIPA currently uses ProfileSubmitServlet, so make it possible to use lightweight CAs. Part of: https://fedorahosted.org/pki/ticket/1625
Diffstat (limited to 'base/server/cms/src/com')
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java20
1 files changed, 19 insertions, 1 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index f7b08ece9..7cced7c47 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -33,6 +33,9 @@ import com.netscape.certsrv.authentication.EAuthException;
import com.netscape.certsrv.authorization.EAuthzException;
import com.netscape.certsrv.base.BadRequestDataException;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.ca.AuthorityID;
+import com.netscape.certsrv.ca.CANotFoundException;
+import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.cert.CertEnrollmentRequest;
import com.netscape.certsrv.profile.EProfileException;
import com.netscape.certsrv.profile.IEnrollProfile;
@@ -220,8 +223,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMSTemplate.escapeJavaScriptStringHTML(profileId)));
}
+ String aidString = request.getParameter("authorityId");
+ AuthorityID aid = null;
+ if (aidString != null && !aidString.isEmpty()) {
+ try {
+ aid = new AuthorityID(aidString);
+ } catch (IllegalArgumentException e) {
+ throw new BadRequestDataException("invalid AuthorityID: " + aidString, e);
+ }
+ ICertificateAuthority ca = (ICertificateAuthority)
+ CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ca = ca.getCA(aid);
+ if (ca == null)
+ throw new CANotFoundException("CA not found: " + aidString);
+ }
+
CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
- return processor.processEnrollment(data, request, null, null);
+ return processor.processEnrollment(data, request, aid, null);
}
public HashMap<String, Object> processRenewal(CMSRequest cmsReq) throws EBaseException {
generated by cgit (git 2.34.1) at 2026-03-05 15:09:35 +0000