From ab3d3c8075a0b5244765a931ff11e6658130ade1 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 8 Jan 2013 20:05:53 +0700 Subject: Added nonce validation for certificate revocation. The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213 --- base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java') diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java index b5c604a86..a112d3616 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java @@ -77,14 +77,14 @@ public class CertHoldCLI extends CLI { } CertId certID = new CertId(cmdArgs[0]); + CertData certData = parent.client.reviewCert(certID); if (!cmd.hasOption("force")) { - CertData certData = parent.client.getCert(certID); - System.out.println("Placing certificate on-hold:"); CertCLI.printCertData(certData, false, false); + if (verbose) System.out.println(" Nonce: " + certData.getNonce()); System.out.print("Are you sure (Y/N)? "); System.out.flush(); @@ -99,6 +99,7 @@ public class CertHoldCLI extends CLI { CertRevokeRequest request = new CertRevokeRequest(); request.setReason(RevocationReason.CERTIFICATE_HOLD); request.setComments(cmd.getOptionValue("comments")); + request.setNonce(certData.getNonce()); CertRequestInfo certRequestInfo = parent.client.revokeCert(certID, request); @@ -108,7 +109,7 @@ public class CertHoldCLI extends CLI { if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" on-hold"); - CertData certData = parent.client.getCert(certID); + certData = parent.client.getCert(certID); CertCLI.printCertData(certData, false, false); } else { -- cgit