summaryrefslogtreecommitdiffstats
path: root/pki/base
diff options
context:
space:
mode:
authoralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-29 20:31:10 +0000
committeralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-29 20:31:10 +0000
commitbeb0b50bb52ee682eb2a38899392717e34a69991 (patch)
tree10c1ca456f69a2c229dd87b4ee4d3fadb050537a /pki/base
parent4f337397d710061c6ba965d503d13595aed409f5 (diff)
downloadpki-beb0b50bb52ee682eb2a38899392717e34a69991.tar.gz
pki-beb0b50bb52ee682eb2a38899392717e34a69991.tar.xz
pki-beb0b50bb52ee682eb2a38899392717e34a69991.zip
Bugzilla Bug #480714 and #481659 - renewal fixes for expired_revoked certs and prevent key archival for renewals
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@503 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java4
2 files changed, 4 insertions, 3 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
index 21788a51e..90f6290b2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
@@ -111,7 +111,8 @@ public class CAEnrollProfile extends EnrollProfile {
// to DRM
byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
- if (optionsData != null) {
+ // do not archive keys for renewal requests
+ if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
PKIArchiveOptions options = (PKIArchiveOptions)
toPKIArchiveOptions(optionsData);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 6a5263fcf..18231f770 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -684,8 +684,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
return;
} else {
CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString());
- // check to see if the cert is revoked
- if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+ // check to see if the cert is revoked or revoked_expired
+ if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,