diff options
| -rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java | 3 | ||||
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 13 |
2 files changed, 12 insertions, 4 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java index 74f7b52f6..969cfd1a6 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java @@ -144,6 +144,9 @@ public class CertRequestService extends PKIService implements CertRequestResourc throw new BadRequestException(e.toString()); } catch (EBaseException e) { throw new PKIException(e.toString()); + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e.toString()); } // this will return an error code of 200, instead of 201 diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java index a13a305b8..7daad6c96 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java @@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletRequest; import netscape.security.x509.BasicConstraintsExtension; import netscape.security.x509.X509CertImpl; +import org.apache.commons.lang.StringUtils; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.BadRequestDataException; @@ -107,25 +109,28 @@ public class RenewalProcessor extends CertProcessor { String serial = data.getSerialNum(); BigInteger certSerial = null; - if (serial != null) { + if (StringUtils.isNotEmpty(serial)) { // if serial number is sent with request, then the authentication // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) // usr_origreq evaluator should be used to authorize ownership // of the cert - CMS.debug("RenewalSubmitter: renewal: found serial_num"); + CMS.debug("RenewalSubmitter: renewal: serial number: " + serial); certSerial = new BigInteger(serial); + } else { // ssl client auth is to be used // this is not authentication. Just use the cert to search // for orig request and find the right profile CMS.debug("RenewalSubmitter: renewal: serial_num not found, must do ssl client auth"); certSerial = getSerialNumberFromCert(request); + if (certSerial == null) { - CMS.debug(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); - throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + CMS.debug(CMS.getUserMessage(locale, "CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } } + CMS.debug("processRenewal: serial number of cert to renew:" + certSerial.toString()); ICertRecord rec = certdb.readCertificateRecord(certSerial); if (rec == null) { |