From e7c6b5ea5a109da2a2385aeb616825082c2ddd60 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 21 May 2015 23:48:41 -0400
Subject: Fixed key archival problem in CLI with separate KRA instance.

The CLI has been modified such that when enrolling a certificate
with key archival it will obtain the transport certificate from
the CA instead of KRA because the KRA may not reside on the same
instance. The CA REST service has been modified such that it will
obtain the transport certificate from the KRA connector.

https://fedorahosted.org/pki/ticket/1384
---
 .../netscape/cmstools/client/ClientCertRequestCLI.java | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'base/java-tools/src/com')

diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index ebca55bc0..e6bd0d981 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -217,7 +217,7 @@ public class ClientCertRequestCLI extends CLI {
 
             String encoded;
             if (transportCertFilename == null) {
-                SystemCertClient certClient = new SystemCertClient(client, "kra");
+                SystemCertClient certClient = new SystemCertClient(client, "ca");
                 encoded = certClient.getTransportCert().getEncoded();
 
             } else {
@@ -251,13 +251,19 @@ public class ClientCertRequestCLI extends CLI {
 
         CertEnrollmentRequest request = certClient.getEnrollmentTemplate(profileID);
 
-        ProfileInput kg = request.getInput("Key Generation");
+        // Key Generation / Dual Key Generation
+        for (ProfileInput input : request.getInputs()) {
 
-        ProfileAttribute typeAttr = kg.getAttribute("cert_request_type");
-        typeAttr.setValue(requestType);
+            ProfileAttribute typeAttr = input.getAttribute("cert_request_type");
+            if (typeAttr != null) {
+                typeAttr.setValue(requestType);
+            }
 
-        ProfileAttribute csrAttr = kg.getAttribute("cert_request");
-        csrAttr.setValue(csr);
+            ProfileAttribute csrAttr = input.getAttribute("cert_request");
+            if (csrAttr != null) {
+                csrAttr.setValue(csr);
+            }
+        }
 
         ProfileInput sn = request.getInput("Subject Name");
         if (sn != null) {
-- 
cgit