Bugzilla BZ 548699 - subCA's admin certificate should be generated by itself

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1219 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

2 files changed, 17 insertions, 29 deletions

diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index d1ca680a6..1ba80999a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -270,15 +270,13 @@ public class AdminPanel extends WizardPanelBase {
         }
 
         // REMINDER:  This panel is NOT used by "clones"
-        if( ( ca != null ) && ( security_domain_type.equals( "new" ) ) ) {
+        if( ca != null ) {
             if( selected_hierarchy.equals( "root" ) ) {
                 CMS.debug( "AdminPanel update:  "
-                         + "Root CA subsystem - "
-                         + "(new Security Domain)" );
+                         + "Root CA subsystem");
             } else {
                 CMS.debug( "AdminPanel update:  "
-                         + "Subordinate CA subsystem - "
-                         + "(new Security Domain)" );
+                         + "Subordinate CA subsystem");
             }
 
             try {
@@ -292,27 +290,13 @@ public class AdminPanel extends WizardPanelBase {
         } else {
             String ca_hostname = null;
             int ca_port = -1;
-            boolean caRoot = false;
 
             // REMINDER:  This panel is NOT used by "clones"
-            if( subsystemtype.equals( "CA" ) ) {
-                if( selected_hierarchy.equals( "root" ) ) {
-                    CMS.debug( "AdminPanel update:  "
-                             + "Root CA subsystem - "
-                             + "(existing Security Domain)" );
-                    caRoot = true;
-                } else {
-                    CMS.debug( "AdminPanel update:  "
-                             + "Subordinate CA subsystem - "
-                             + "(existing Security Domain)" );
-                }
-            } else {
-                CMS.debug( "AdminPanel update:  "
+            CMS.debug( "AdminPanel update:  "
                          + subsystemtype
                          + " subsystem" );
-            }
 
-            if ((type.equals("sdca")) && (!caRoot)) {
+            if (type.equals("sdca")) {
                 try {
                     ca_hostname = config.getString("preop.ca.hostname");
                     ca_port = config.getInteger("preop.ca.httpsport");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index 7487694df..fc7338485 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -133,24 +133,28 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         if (ca == null) {
             if (type.equals("otherca")) {
                 try {
+                    // this is a non-CA system that has elected to have its certificates 
+                    // signed by a CA outside of the security domain.
+                    // in this case, we submitted the cert request for the admin cert to
+                    // to security domain host.
                     caHost = cs.getString("securitydomain.host", "");
                     caPort = cs.getString("securitydomain.httpsadminport", "");
                 } catch (Exception e) {}
             } else if (type.equals("sdca")) {
                 try {
-                    // If this code is selected (e. g. - Subordinate CAs
-                    // that are NOT their own Security Domain), it MUST
-                    // still pass the "httpsadminport" associated with the
-                    // Security Domain CA as defined via the NamePanel.
+                    // this is a non-CA system that submitted its certs to a CA
+                    // within the security domain.  In this case, we submitted the cert
+                    // request for the admin cert to this CA
                     caHost = cs.getString("preop.ca.hostname", "");
                     caPort = cs.getString("preop.ca.httpsadminport", "");
                 } catch (Exception e) {}
             }
         } else {
-            // Provide default Security Domain values for 'caHost' and 'caPort'
+            // for CAs, we always generate our own admin certs
+            // send our own connection details
             try {
-                caHost = cs.getString("securitydomain.host", "");
-                caPort = cs.getString("securitydomain.httpsadminport", "");
+                caHost = cs.getString("service.machineName", "");
+                caPort = cs.getString("pkicreate.admin_secure_port", "");
             } catch (Exception e) {}
         }
 
@@ -207,7 +211,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         X509CertImpl certs[] = new X509CertImpl[1];
 
         // REMINDER:  This panel is NOT used by "clones"
-        if( ( ca != null ) && ( security_domain_type.equals( "new" ) ) ) {
+        if( ca != null ) {
             String serialno = null;
 
             if( selected_hierarchy.equals( "root" ) ) {