457983 CA certificate enrollment profile framework allows user-specified extensions by default

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@74 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2008-08-06 18:05:30 +0000
committer: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2008-08-06 18:05:30 +0000
commit: aa977c69563d670b4f1cf172ba6b6b087f59687c (patch)
tree: f70c8162e502aa11e91492b388b46c553680b31a /pki/base/common/src/com/netscape/cms/profile/def
parent: bf11408fdcf61fd017b5721c1bf9b8863b98fbbd (diff)
download: pki-aa977c69563d670b4f1cf172ba6b6b087f59687c.tar.gz
pki-aa977c69563d670b4f1cf172ba6b6b087f59687c.tar.xz
pki-aa977c69563d670b4f1cf172ba6b6b087f59687c.zip
1 files changed, 11 insertions, 2 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
index 5be4198ca..cc956412e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
@@ -135,11 +135,20 @@ public class UserExtensionDefault extends EnrollExtDefault {
     public void populate(IRequest request, X509CertInfo info)
         throws EProfileException {
         CertificateExtensions inExts = null;
+        String oid = getConfig(CONFIG_OID);
 
         inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS);
+        if (inExts == null)
+          return; 
         Extension ext = getExtension(getConfig(CONFIG_OID), inExts);
-        if (ext == null)
+        if (ext == null) {
+          CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid);
           return;
-        addExtension(getConfig(CONFIG_OID), ext, info);
+        }
+
+        // user supplied the ext that's allowed, replace the def set by system
+        deleteExtension(oid, info);
+        CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid);
+        addExtension(oid, ext, info);
     }
 }
author	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2008-08-06 18:05:30 +0000
committer	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2008-08-06 18:05:30 +0000
commit	aa977c69563d670b4f1cf172ba6b6b087f59687c (patch)
tree	f70c8162e502aa11e91492b388b46c553680b31a /pki/base/common/src/com/netscape/cms/profile/def
parent	bf11408fdcf61fd017b5721c1bf9b8863b98fbbd (diff)
download	pki-aa977c69563d670b4f1cf172ba6b6b087f59687c.tar.gz pki-aa977c69563d670b4f1cf172ba6b6b087f59687c.tar.xz pki-aa977c69563d670b4f1cf172ba6b6b087f59687c.zip