diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-11-26 03:19:35 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-12-12 14:36:46 -0500 |
commit | 78371f0ecd801ccfb1a637ba8dd95a7f4dd051b9 (patch) | |
tree | 3062a8617bfd8d677a24515e30a19fa89881a540 /base/server/cms/src/org | |
parent | 96f61e1c7e73c91400c2364009dfb1742b509ced (diff) | |
download | pki-78371f0ecd801ccfb1a637ba8dd95a7f4dd051b9.tar.gz pki-78371f0ecd801ccfb1a637ba8dd95a7f4dd051b9.tar.xz pki-78371f0ecd801ccfb1a637ba8dd95a7f4dd051b9.zip |
Fixed problem importing renewed system certificate.
Previously during clone installation if the PKCS12 file contains
both expired and renewed certificates the code might incorrectly
import the expired certificate instead of the renewed one, thus
failing the installation.
The code has been fixed to validate the certificates in the PKCS12
file such that only the valid ones will be imported into the clone.
https://fedorahosted.org/pki/ticket/1093
Diffstat (limited to 'base/server/cms/src/org')
-rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 7ba345d8d..47048c31a 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -808,7 +808,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou try { validCloneUri = ConfigurationUtils.isValidCloneURI(domainXML, masterHost, masterPort); } catch (Exception e) { - e.printStackTrace(); + CMS.debug(e); throw new PKIException("Error in determining whether clone URI is valid"); } @@ -824,30 +824,32 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ConfigurationUtils.importCertChain(masterHost, masterAdminPort, "/ca/admin/ca/getCertChain", "clone"); } catch (Exception e) { - e.printStackTrace(); + CMS.debug(e); throw new PKIException("Failed to import certificate chain from master" + e); } } try { + CMS.debug("SystemConfigService.getCloningData(): get config entries"); ConfigurationUtils.getConfigEntriesFromMaster(); } catch (Exception e) { - e.printStackTrace(); + CMS.debug(e); throw new PKIException("Failed to obtain configuration entries from the master for cloning " + e); } - // restore certs from P12 file if (token.equals(ConfigurationRequest.TOKEN_DEFAULT)) { + CMS.debug("SystemConfigService.getCloningData(): restore certs from P12 file"); String p12File = data.getP12File(); String p12Pass = data.getP12Password(); try { ConfigurationUtils.restoreCertsFromP12(p12File, p12Pass); } catch (Exception e) { - e.printStackTrace(); + CMS.debug(e); throw new PKIException("Failed to restore certificates from p12 file" + e); } } + CMS.debug("SystemConfigService.getCloningData(): verify certs"); boolean cloneReady = ConfigurationUtils.isCertdbCloned(); if (!cloneReady) { CMS.debug("clone does not have all the certificates."); |