diff options
author | Christina Fu <cfu@dhcp-16-189.sjc.redhat.com> | 2016-11-18 12:13:28 -0800 |
---|---|---|
committer | Christina Fu <cfu@dhcp-16-189.sjc.redhat.com> | 2016-11-18 17:31:07 -0800 |
commit | c633da8d43894258d9a4b1050a0d16316c17dbd5 (patch) | |
tree | 6f2989414b4637607f65ec29d718bbe0a76fb50c /base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | |
parent | e1c87187b5e47e8e38b6bc91c105c92ea5069c59 (diff) | |
download | pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.tar.gz pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.tar.xz pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.zip |
Ticket #2534 Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status
This patch fixes the reported issue so now the auto-recovered certificate will reflect the actual status of the certificate. Also, since the externalReg tracks its own recovered certificate status, it is consolidated with the certificate status tracking mechanism added in this patch so that they can be uniformly managed.
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 582e3f90c..2b42dc613 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -33,8 +33,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import netscape.security.x509.RevocationReason; - import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.authentication.AuthUIParameter; @@ -50,6 +48,7 @@ import org.dogtagpki.server.tps.cms.TKSRemoteRequestHandler; import org.dogtagpki.server.tps.config.ProfileDatabase; import org.dogtagpki.server.tps.dbs.ActivityDatabase; import org.dogtagpki.server.tps.dbs.TPSCertRecord; +import org.dogtagpki.server.tps.dbs.TokenCertStatus; import org.dogtagpki.server.tps.dbs.TokenRecord; import org.dogtagpki.server.tps.engine.TPSEngine; import org.dogtagpki.server.tps.main.ExternalRegAttrs; @@ -98,6 +97,8 @@ import com.netscape.certsrv.tps.token.TokenStatus; import com.netscape.cms.servlet.tks.SecureChannelProtocol; import com.netscape.symkey.SessionKey; +import netscape.security.x509.RevocationReason; + public class TPSProcessor { public static final int RESULT_NO_ERROR = 0; @@ -1563,7 +1564,7 @@ public class TPSProcessor { * if the certificates are revoked_on_hold, don't do anything because the certificates may * be referenced by more than one token. */ - if (cert.getStatus().equals("revoked_on_hold")) { + if (cert.getStatus().equals(TokenCertStatus.ONHOLD.toString())) { CMS.debug(method + ": cert " + cert.getSerialNumber() + " has status revoked_on_hold; remove from tokendb and move on"); try { |