Ticket #2534 Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status

This patch fixes the reported issue so now the auto-recovered certificate will reflect the actual status of the certificate. Also, since the externalReg tracks its own recovered certificate status, it is consolidated with the certificate status tracking mechanism added in this patch so that they can be uniformly managed.
author: Christina Fu <cfu@dhcp-16-189.sjc.redhat.com> 2016-11-18 12:13:28 -0800
committer: Christina Fu <cfu@dhcp-16-189.sjc.redhat.com> 2016-11-18 17:31:07 -0800
commit: c633da8d43894258d9a4b1050a0d16316c17dbd5 (patch)
tree: 6f2989414b4637607f65ec29d718bbe0a76fb50c /base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
parent: e1c87187b5e47e8e38b6bc91c105c92ea5069c59 (diff)
download: pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.tar.gz
pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.tar.xz
pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 582e3f90c..2b42dc613 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -33,8 +33,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import netscape.security.x509.RevocationReason;
-
 import org.dogtagpki.server.tps.TPSSession;
 import org.dogtagpki.server.tps.TPSSubsystem;
 import org.dogtagpki.server.tps.authentication.AuthUIParameter;
@@ -50,6 +48,7 @@ import org.dogtagpki.server.tps.cms.TKSRemoteRequestHandler;
 import org.dogtagpki.server.tps.config.ProfileDatabase;
 import org.dogtagpki.server.tps.dbs.ActivityDatabase;
 import org.dogtagpki.server.tps.dbs.TPSCertRecord;
+import org.dogtagpki.server.tps.dbs.TokenCertStatus;
 import org.dogtagpki.server.tps.dbs.TokenRecord;
 import org.dogtagpki.server.tps.engine.TPSEngine;
 import org.dogtagpki.server.tps.main.ExternalRegAttrs;
@@ -98,6 +97,8 @@ import com.netscape.certsrv.tps.token.TokenStatus;
 import com.netscape.cms.servlet.tks.SecureChannelProtocol;
 import com.netscape.symkey.SessionKey;
 
+import netscape.security.x509.RevocationReason;
+
 public class TPSProcessor {
 
     public static final int RESULT_NO_ERROR = 0;
@@ -1563,7 +1564,7 @@ public class TPSProcessor {
              * if the certificates are revoked_on_hold, don't do anything because the certificates may
              * be referenced by more than one token.
              */
-            if (cert.getStatus().equals("revoked_on_hold")) {
+            if (cert.getStatus().equals(TokenCertStatus.ONHOLD.toString())) {
                 CMS.debug(method + ": cert " + cert.getSerialNumber()
                         + " has status revoked_on_hold; remove from tokendb and move on");
                 try {
author	Christina Fu <cfu@dhcp-16-189.sjc.redhat.com>	2016-11-18 12:13:28 -0800
committer	Christina Fu <cfu@dhcp-16-189.sjc.redhat.com>	2016-11-18 17:31:07 -0800
commit	c633da8d43894258d9a4b1050a0d16316c17dbd5 (patch)
tree	6f2989414b4637607f65ec29d718bbe0a76fb50c /base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
parent	e1c87187b5e47e8e38b6bc91c105c92ea5069c59 (diff)
download	pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.tar.gz pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.tar.xz pki-c633da8d43894258d9a4b1050a0d16316c17dbd5.zip