From ab3d3c8075a0b5244765a931ff11e6658130ade1 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 8 Jan 2013 20:05:53 +0700 Subject: Added nonce validation for certificate revocation. The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213 --- base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java | 7 ++++--- base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java | 8 +++++--- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'base/java-tools/src/com/netscape') diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java index b5c604a86..a112d3616 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertHoldCLI.java @@ -77,14 +77,14 @@ public class CertHoldCLI extends CLI { } CertId certID = new CertId(cmdArgs[0]); + CertData certData = parent.client.reviewCert(certID); if (!cmd.hasOption("force")) { - CertData certData = parent.client.getCert(certID); - System.out.println("Placing certificate on-hold:"); CertCLI.printCertData(certData, false, false); + if (verbose) System.out.println(" Nonce: " + certData.getNonce()); System.out.print("Are you sure (Y/N)? "); System.out.flush(); @@ -99,6 +99,7 @@ public class CertHoldCLI extends CLI { CertRevokeRequest request = new CertRevokeRequest(); request.setReason(RevocationReason.CERTIFICATE_HOLD); request.setComments(cmd.getOptionValue("comments")); + request.setNonce(certData.getNonce()); CertRequestInfo certRequestInfo = parent.client.revokeCert(certID, request); @@ -108,7 +109,7 @@ public class CertHoldCLI extends CLI { if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" on-hold"); - CertData certData = parent.client.getCert(certID); + certData = parent.client.getCert(certID); CertCLI.printCertData(certData, false, false); } else { diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java index d8a4d5295..1a867d079 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRevokeCLI.java @@ -105,9 +105,9 @@ public class CertRevokeCLI extends CLI { return; } - if (!cmd.hasOption("force")) { + CertData certData = parent.client.reviewCert(certID); - CertData certData = parent.client.getCert(certID); + if (!cmd.hasOption("force")) { if (reason == RevocationReason.CERTIFICATE_HOLD) { System.out.println("Placing certificate on-hold:"); @@ -118,6 +118,7 @@ public class CertRevokeCLI extends CLI { } CertCLI.printCertData(certData, false, false); + if (verbose) System.out.println(" Nonce: " + certData.getNonce()); System.out.print("Are you sure (Y/N)? "); System.out.flush(); @@ -132,6 +133,7 @@ public class CertRevokeCLI extends CLI { CertRevokeRequest request = new CertRevokeRequest(); request.setReason(reason); request.setComments(cmd.getOptionValue("comments")); + request.setNonce(certData.getNonce()); CertRequestInfo certRequestInfo; @@ -154,7 +156,7 @@ public class CertRevokeCLI extends CLI { MainCLI.printMessage("Revoked certificate \"" + certID.toHexString() + "\""); } - CertData certData = parent.client.getCert(certID); + certData = parent.client.getCert(certID); CertCLI.printCertData(certData, false, false); } else { -- cgit