diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-11 19:14:32 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-11 19:14:32 +0000 |
commit | 57d529cce8f005d2ca98681f4e2df1008ef6130d (patch) | |
tree | d030347ebfa2ba186b45b73f873c49d8d9204789 /pki/base/common | |
parent | 3a0e4d837fdd82c87a460d436033eb76efef7fd2 (diff) | |
download | pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.tar.gz pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.tar.xz pki-57d529cce8f005d2ca98681f4e2df1008ef6130d.zip |
Bugzilla 661142 - Verification should fail when a revoked certificate is added
- adding -P to audit signing certs trust database
- making specific certusage check
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1723 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java | 6 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 0e1c20d2c..720f419f4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -727,7 +727,11 @@ public class CertRequestPanel extends WizardPanelBase { InternalCertificate ic = (InternalCertificate)c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); - ic.setObjectSigningTrust(InternalCertificate.USER); + if (tag.equals("audit_signing")) { + ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + } else { + ic.setObjectSigningTrust(InternalCertificate.USER); + } } } } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 53b172cf5..764e56e89 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -569,6 +569,9 @@ public class RestoreKeyCertPanel extends WizardPanelBase { icert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA | InternalCertificate.VALID_CA); + } else if (name.startsWith("auditSigningCert")) { + InternalCertificate icert = (InternalCertificate)xcert; + icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); |