From 2b4b943fee003115a03f287340ef6bdfd47e8486 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 6 Jul 2015 18:03:08 -0400 Subject: Fixed user-cert-add --serial with remote CA. The user-cert-add command has been modified to ask the user for the CA server URI if the CA is not available locally. A new SubsystemClient.exists() method has been added to check whether a subsystem is deployed on the target instance. The SubsystemCLI has been modified to call logout() only if the operation is executed successfully. The certificate approval callback class has been refactored out of PKIConnection into a separate class to clean up circular dependency with PKIClient. https://fedorahosted.org/pki/ticket/1448 --- .../com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'base/server/cms/src/com/netscape') diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index ee88865e6..7e6c2a3c1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -352,17 +352,16 @@ public class ConfigurationUtils { config.setPassword(passwd); PKIClient client = new PKIClient(config, null); - PKIConnection connection = client.getConnection(); // Ignore the "UNTRUSTED_ISSUER" validity status // during PKI instance creation since we are // utilizing an untrusted temporary CA certificate. - connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER); + client.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER); // Ignore the "CA_CERT_INVALID" validity status // during PKI instance creation since we are // utilizing an untrusted temporary CA certificate. - connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.CA_CERT_INVALID); + client.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.CA_CERT_INVALID); AccountClient accountClient = new AccountClient(client, "ca"); SecurityDomainClient sdClient = new SecurityDomainClient(client, "ca"); @@ -3972,12 +3971,11 @@ public class ConfigurationUtils { config.setCertPassword(dbPass); PKIClient client = new PKIClient(config, null); - PKIConnection connection = client.getConnection(); // Ignore the "UNTRUSTED_ISSUER" and "CA_CERT_INVALID" validity status // during PKI instance creation since we are using an untrusted temporary CA cert. - connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER); - connection.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.CA_CERT_INVALID); + client.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER); + client.addIgnoredCertStatus(SSLCertificateApprovalCallback.ValidityStatus.CA_CERT_INVALID); AccountClient accountClient = new AccountClient(client, "tks"); TPSConnectorClient tpsConnectorClient = new TPSConnectorClient(client, "tks"); -- cgit