Bugzilla 661142 - Verification should fail when a revoked certificate is added

- adding -P to audit signing certs trust database - making specific certusage check git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1723 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-01-11 19:14:32 +0000
committer: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-01-11 19:14:32 +0000
commit: 57d529cce8f005d2ca98681f4e2df1008ef6130d (patch)
tree: d030347ebfa2ba186b45b73f873c49d8d9204789 /pki/base/common/src/com/netscape/cms/servlet/csadmin
parent: 3a0e4d837fdd82c87a460d436033eb76efef7fd2 (diff)
download: pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.tar.gz
pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.tar.xz
pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.zip
2 files changed, 8 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
index 0e1c20d2c..720f419f4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -727,7 +727,11 @@ public class CertRequestPanel extends WizardPanelBase {
                     InternalCertificate ic = (InternalCertificate)c;
                     ic.setSSLTrust(InternalCertificate.USER);
                     ic.setEmailTrust(InternalCertificate.USER);
-                    ic.setObjectSigningTrust(InternalCertificate.USER);
+                    if (tag.equals("audit_signing")) {
+                        ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
+                    } else {
+                        ic.setObjectSigningTrust(InternalCertificate.USER);
+                    }
                 }
             }  
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 53b172cf5..764e56e89 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -569,6 +569,9 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                         icert.setSSLTrust(InternalCertificate.TRUSTED_CA 
                           | InternalCertificate.TRUSTED_CLIENT_CA
                           | InternalCertificate.VALID_CA);
+                    } else if (name.startsWith("auditSigningCert")) {
+                        InternalCertificate icert = (InternalCertificate)xcert;
+                        icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
                     }
                 } else
                     cm.importCACertPackage(cert);
author	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-01-11 19:14:32 +0000
committer	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-01-11 19:14:32 +0000
commit	57d529cce8f005d2ca98681f4e2df1008ef6130d (patch)
tree	d030347ebfa2ba186b45b73f873c49d8d9204789 /pki/base/common/src/com/netscape/cms/servlet/csadmin
parent	3a0e4d837fdd82c87a460d436033eb76efef7fd2 (diff)
download	pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.tar.gz pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.tar.xz pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.zip