Bugzilla Bug #480714 and #481659 - renewal fixes for expired_revoked certs and prevent key archival for renewals

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@503 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-05-29 20:31:10 +0000
committer: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-05-29 20:31:10 +0000
commit: beb0b50bb52ee682eb2a38899392717e34a69991 (patch)
tree: 10c1ca456f69a2c229dd87b4ee4d3fadb050537a /pki/base
parent: 4f337397d710061c6ba965d503d13595aed409f5 (diff)
download: pki-beb0b50bb52ee682eb2a38899392717e34a69991.tar.gz
pki-beb0b50bb52ee682eb2a38899392717e34a69991.tar.xz
pki-beb0b50bb52ee682eb2a38899392717e34a69991.zip
2 files changed, 4 insertions, 3 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
index 21788a51e..90f6290b2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
@@ -111,7 +111,8 @@ public class CAEnrollProfile extends EnrollProfile {
         // to DRM
         byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
 
-        if (optionsData != null) {
+        // do not archive keys for renewal requests
+        if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
             PKIArchiveOptions options = (PKIArchiveOptions)
                 toPKIArchiveOptions(optionsData);
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 6a5263fcf..18231f770 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -684,8 +684,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     return;
                 } else {
                     CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString());
-                    // check to see if the cert is revoked
-                    if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+                    // check to see if the cert is revoked or revoked_expired
+                    if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
                       CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString());
                       args.set(ARG_ERROR_CODE, "1");
                       args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
author	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-05-29 20:31:10 +0000
committer	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-05-29 20:31:10 +0000
commit	beb0b50bb52ee682eb2a38899392717e34a69991 (patch)
tree	10c1ca456f69a2c229dd87b4ee4d3fadb050537a /pki/base
parent	4f337397d710061c6ba965d503d13595aed409f5 (diff)
download	pki-beb0b50bb52ee682eb2a38899392717e34a69991.tar.gz pki-beb0b50bb52ee682eb2a38899392717e34a69991.tar.xz pki-beb0b50bb52ee682eb2a38899392717e34a69991.zip