diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-12-08 00:24:00 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-12-08 00:48:10 +0100 |
| commit | e84e4a33570ce79f3c4d2aae4e6e96236221494b (patch) | |
| tree | e49b96a3d6b274adb68487998d10e1f20bc34e2c /base/server/cms/src | |
| parent | ebd755bac7474acc4389a5454dcf6689f219354b (diff) | |
Fixed user certificate renewal using pki client-cert-request.
When a user renews its certificate using pki client-cert-request
the CLI will authenticate using the certificate and send an empty
request message. The server is supposed to use the certificate's
serial number to process the renewal request.
Currently the request fails if the serial number is missing from
the request message. The server has been fixed such that it
ignores the missing serial number and use the certificate's serial
number instead.
https://fedorahosted.org/pki/ticket/2476
Diffstat (limited to 'base/server/cms/src')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java index 206d23a5d..aefda5625 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java @@ -18,8 +18,8 @@ package com.netscape.cms.servlet.cert; import java.math.BigInteger; -import java.security.cert.X509Certificate; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Date; import java.util.Enumeration; @@ -155,13 +155,11 @@ public class RenewalProcessor extends CertProcessor { String value = attribute.getValue(); CMS.debug("RenewalProcessor: profile input " + SerialNumRenewInput.SERIAL_NUM + " value: " + value); - if (StringUtils.isEmpty(value)) { - throw new BadRequestException("Missing attribute value for " + SerialNumRenewInput.SERIAL_NUM + " in input " + inputId); + if (!StringUtils.isEmpty(value)) { + serial = new CertId(value); + certSerial = serial.toBigInteger(); + break; } - - serial = new CertId(value); - certSerial = serial.toBigInteger(); - break; } } |