diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-16 16:48:43 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-04-14 16:07:17 +1000 |
commit | 8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39 (patch) | |
tree | be9830bd2da459a955050b240bfc10e52c010e8d /base/server | |
parent | 28bc4ed903bc9e2618390ec412602d889e28354b (diff) | |
download | pki-8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39.tar.gz pki-8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39.tar.xz pki-8f93e60e0057b0706c5d5ad762d7ff7ce20b7b39.zip |
Lightweight CAs: indicate when CA does not yet have keys
When a lightweight CA is created, clones will initialise a local
object when the LDAP replication takes place, however, the signing
keys will not yet have been replicated. Therefore, indicate CA
readiness in authority data and respond appropriately (HTTP 503)
when signing operations are attempted.
Part of: https://fedorahosted.org/pki/ticket/1625
Diffstat (limited to 'base/server')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java index 8558ec23f..b92ffb1d7 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RequestProcessor.java @@ -37,7 +37,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.AuthorityID; -import com.netscape.certsrv.ca.CADisabledException; import com.netscape.certsrv.ca.CANotFoundException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.CertReviewResponse; @@ -350,9 +349,7 @@ public class RequestProcessor extends CertProcessor { if (ca == null) // this shouldn't happen because request was already accepted throw new CANotFoundException("Unknown CA: " + aidString); - if (!ca.getAuthorityEnabled()) - // authority was disabled after request was accepted - throw new CADisabledException("CA '" + aidString + "' is disabled"); + ca.ensureReady(); } /** |