diff options
author | Christina Fu <cfu@redhat.com> | 2015-06-15 15:04:39 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2015-06-15 15:07:45 -0700 |
commit | 177cae5a7bca20ab82cc5b2f96d81b6ba57d7adc (patch) | |
tree | e9c94564a33b832946315aeacbd4039c0eef43f0 /base | |
parent | 3ea331ef85c341a3769865304eb7ab256f9f5e6b (diff) | |
download | pki-177cae5a7bca20ab82cc5b2f96d81b6ba57d7adc.tar.gz pki-177cae5a7bca20ab82cc5b2f96d81b6ba57d7adc.tar.xz pki-177cae5a7bca20ab82cc5b2f96d81b6ba57d7adc.zip |
Ticket 1410 Issue with Generic Extension being critical
- patch ported from https://bugzilla.redhat.com/show_bug.cgi?id=1011984
Diffstat (limited to 'base')
4 files changed, 35 insertions, 10 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java index 5c2029a0f..8a6fa4cef 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -259,7 +259,11 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe setValue(name, locale, info, value); - request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); + boolean ret = request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); + if (ret == false) { + CMS.debug("EnrollDefault: setValue(): request.setExtData() returned false"); + throw new EPropertyException("EnrollDefault: setValue(): request.setExtData() failed"); + } } /** @@ -328,6 +332,11 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe protected Extension getExtension(String name, X509CertInfo info) { CertificateExtensions exts = null; + if (info == null) { + CMS.debug("EnrollDefault: getExtension(), info == null"); + return null; + } + try { exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); diff --git a/base/server/cms/src/com/netscape/cms/profile/def/GenericExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/GenericExtDefault.java index f344648ab..5c9fdd5c8 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/GenericExtDefault.java @@ -99,6 +99,11 @@ public class GenericExtDefault extends EnrollExtDefault { public void setValue(String name, Locale locale, X509CertInfo info, String value) throws EPropertyException { + if (info == null) { + CMS.debug("GenericExtDefault: setValue() info == null"); + throw new EPropertyException("GenericExtDefault: setValue() info == null"); + } + try { Extension ext = null; @@ -136,7 +141,11 @@ public class GenericExtDefault extends EnrollExtDefault { replaceExtension(ext.getExtensionId().toString(), ext, info); } catch (EProfileException e) { - CMS.debug("GenericExtDefault: setValue " + e.toString()); + CMS.debug("GenericExtDefault: setValue() " + e.toString()); + throw new EPropertyException("GenericExtDefault:"+ e.toString()); + } catch (Exception e) { + // catch all other exceptions + CMS.debug("GenericExtDefault: setValue() " + e.toString()); } } @@ -150,6 +159,12 @@ public class GenericExtDefault extends EnrollExtDefault { locale, "CMS_INVALID_PROPERTY", name)); } + if (info == null) { + CMS.debug("GenericExtDefault : getValue(): info == null"); + throw new EPropertyException(CMS.getUserMessage( + locale, "GenericExtDefault : getValue(): info == null")); + } + ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); ext = getExtension(oid.toString(), info); diff --git a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java index 446c3b18d..3d82f8eb5 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java +++ b/base/server/cmscore/src/com/netscape/cmscore/request/ARequestQueue.java @@ -1108,6 +1108,7 @@ class Request implements IRequest { try { return new X509CertImpl(data); } catch (CertificateException e) { + CMS.debug("ARequestQueue: getExtDataInCert(): "+e.toString()); return null; } } @@ -1139,6 +1140,7 @@ class Request implements IRequest { try { certArray[index] = new X509CertImpl(CMS.AtoB(stringArray[index])); } catch (CertificateException e) { + CMS.debug("ARequestQueue: getExtDataInCertArray(): "+e.toString()); return null; } } @@ -1162,6 +1164,7 @@ class Request implements IRequest { try { return new X509CertInfo(data); } catch (CertificateException e) { + CMS.debug("ARequestQueue: getExtDataInCertInfo(): "+e.toString()); return null; } } @@ -1193,6 +1196,7 @@ class Request implements IRequest { try { certArray[index] = new X509CertInfo(CMS.AtoB(stringArray[index])); } catch (CertificateException e) { + CMS.debug("ARequestQueue: getExtDataInCertInfoArray(): "+e.toString()); return null; } } @@ -1310,8 +1314,10 @@ class Request implements IRequest { try { data.encode(byteStream); } catch (CertificateException e) { + CMS.debug("ARequestQueue: setExtData(): "+e.toString()); return false; } catch (IOException e) { + CMS.debug("ARequestQueue: setExtData(): "+e.toString()); return false; } return setExtData(key, byteStream.toByteArray()); diff --git a/base/util/src/netscape/security/x509/CertificateExtensions.java b/base/util/src/netscape/security/x509/CertificateExtensions.java index 31d1e21b4..3a21c2f83 100644 --- a/base/util/src/netscape/security/x509/CertificateExtensions.java +++ b/base/util/src/netscape/security/x509/CertificateExtensions.java @@ -67,14 +67,9 @@ public class CertificateExtensions extends Vector<Extension> @SuppressWarnings("unchecked") Class<CertAttrSet> extClass = (Class<CertAttrSet>) OIDMap.getClass(ext.getExtensionId()); if (extClass == null) { // Unsupported extension - if (ext.isCritical()) { - throw new IOException("Unsupported CRITICAL extension: " - + ext.getExtensionId()); - } else { - map.put(ext.getExtensionId().toString(), ext); - addElement(ext); - return; - } + map.put(ext.getExtensionId().toString(), ext); + addElement(ext); + return; } Class<?>[] params = { Boolean.class, Object.class }; Constructor<CertAttrSet> cons = extClass.getConstructor(params); |