diff options
Diffstat (limited to 'base/ca')
3 files changed, 31 insertions, 10 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 60f6b3621..d96b88414 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -363,9 +363,20 @@ public class CertificateAuthority return hostCA == this; } - private void ensureEnabled() throws CADisabledException { + public void ensureReady() + throws ECAException { if (!authorityEnabled) throw new CADisabledException("Authority is disabled"); + if (!isReady()) { + if (signingUnitException != null) + throw signingUnitException; + else + throw new CAMissingKeyException("Authority does not yet have signing key and cert in local NSSDB"); + } + } + + public boolean isReady() { + return hasKeys; } public boolean getAuthorityEnabled() { @@ -1191,7 +1202,7 @@ public class CertificateAuthority */ public X509CRLImpl sign(X509CRLImpl crl, String algname) throws EBaseException { - ensureEnabled(); + ensureReady(); X509CRLImpl signedcrl = null; IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); @@ -1264,7 +1275,7 @@ public class CertificateAuthority */ public X509CertImpl sign(X509CertInfo certInfo, String algname) throws EBaseException { - ensureEnabled(); + ensureReady(); X509CertImpl signedcert = null; @@ -1349,7 +1360,7 @@ public class CertificateAuthority */ public byte[] sign(byte[] data, String algname) throws EBaseException { - ensureEnabled(); + ensureReady(); return mSigningUnit.sign(data, algname); } @@ -2261,7 +2272,7 @@ public class CertificateAuthority } private BasicOCSPResponse sign(ResponseData rd) throws EBaseException { - ensureEnabled(); + ensureReady(); try (DerOutputStream out = new DerOutputStream()) { DerOutputStream tmp = new DerOutputStream(); @@ -2490,8 +2501,7 @@ public class CertificateAuthority String subjectDN, String description) throws EBaseException { - if (!authorityEnabled) - throw new CADisabledException("Parent CA is disabled"); + ensureReady(); // check requested DN X500Name subjectX500Name = null; diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java index fa9e1038b..582248d4c 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java @@ -43,9 +43,12 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.ResourceNotFoundException; +import com.netscape.certsrv.base.ServiceUnavailableException; import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.ca.CAEnabledException; import com.netscape.certsrv.ca.CADisabledException; +import com.netscape.certsrv.ca.CAMissingCertException; +import com.netscape.certsrv.ca.CAMissingKeyException; import com.netscape.certsrv.ca.CANotFoundException; import com.netscape.certsrv.ca.CANotLeafException; import com.netscape.certsrv.ca.CATypeException; @@ -207,6 +210,8 @@ public class AuthorityService extends PKIService implements AuthorityResource { auditParams.put("exception", e.toString()); audit(ILogger.FAILURE, OpDef.OP_ADD, "<unknown>", auditParams); throw new ConflictingOperationException(e.toString()); + } catch (CAMissingCertException | CAMissingKeyException e) { + throw new ServiceUnavailableException(e.toString()); } catch (Exception e) { CMS.debug(e); auditParams.put("exception", e.toString()); @@ -261,14 +266,14 @@ public class AuthorityService extends PKIService implements AuthorityResource { public Response enableCA(String aidString) { return modifyCA( aidString, - new AuthorityData(null, null, null, null, true, null)); + new AuthorityData(null, null, null, null, true, null, null)); } @Override public Response disableCA(String aidString) { return modifyCA( aidString, - new AuthorityData(null, null, null, null, false, null)); + new AuthorityData(null, null, null, null, false, null, null)); } @Override @@ -322,7 +327,8 @@ public class AuthorityService extends PKIService implements AuthorityResource { ca.getAuthorityID().toString(), parentAID != null ? parentAID.toString() : null, ca.getAuthorityEnabled(), - ca.getAuthorityDescription() + ca.getAuthorityDescription(), + ca.isReady() ); } diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java index cddbeb1ba..80aaf6f78 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertRequestService.java @@ -43,9 +43,12 @@ import com.netscape.certsrv.base.ConflictingOperationException; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.ResourceNotFoundException; +import com.netscape.certsrv.base.ServiceUnavailableException; import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.ca.CADisabledException; +import com.netscape.certsrv.ca.CAMissingCertException; +import com.netscape.certsrv.ca.CAMissingKeyException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfo; @@ -252,6 +255,8 @@ public class CertRequestService extends PKIService implements CertRequestResourc } catch (CADisabledException e) { CMS.debug("changeRequestState: CA disabled: " + e); throw new ConflictingOperationException(e.toString()); + } catch (CAMissingCertException | CAMissingKeyException e) { + throw new ServiceUnavailableException(e.toString()); } catch (EPropertyException e) { CMS.debug("changeRequestState: execution error " + e); throw new PKIException(CMS.getUserMessage(getLocale(headers), |