From be31509dd9a8eb710dca6e2961043cb4043f45fa Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 9 May 2014 14:35:01 -0400
Subject: Fixed internal errors in RenewalProcessor.

The RenewalProcessor was throwing NumberFormatException if the
renewal request contains an empty serial number. The code has been
modified to check for null and empty string.

If the serial number is unavailable, the code will try to get the
serial number from the client certificate. If that is unavailable
either, the code has been fixed to return a proper message.

Ticket #999
---
 .../src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'base/server/cms/src/com')

diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
index a13a305b8..7daad6c96 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
@@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletRequest;
 import netscape.security.x509.BasicConstraintsExtension;
 import netscape.security.x509.X509CertImpl;
 
+import org.apache.commons.lang.StringUtils;
+
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.BadRequestDataException;
@@ -107,25 +109,28 @@ public class RenewalProcessor extends CertProcessor {
             String serial = data.getSerialNum();
             BigInteger certSerial = null;
 
-            if (serial != null) {
+            if (StringUtils.isNotEmpty(serial)) {
                 // if serial number is sent with request, then the authentication
                 // method is not ssl client auth.  In this case, an alternative
                 // authentication method is used (default: ldap based)
                 // usr_origreq evaluator should be used to authorize ownership
                 // of the cert
-                CMS.debug("RenewalSubmitter: renewal: found serial_num");
+                CMS.debug("RenewalSubmitter: renewal: serial number: " + serial);
                 certSerial = new BigInteger(serial);
+
             } else {
                 // ssl client auth is to be used
                 // this is not authentication. Just use the cert to search
                 // for orig request and find the right profile
                 CMS.debug("RenewalSubmitter: renewal: serial_num not found, must do ssl client auth");
                 certSerial = getSerialNumberFromCert(request);
+
                 if (certSerial == null) {
-                    CMS.debug(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
-                    throw new EBaseException(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+                    CMS.debug(CMS.getUserMessage(locale, "CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+                    throw new EBaseException(CMS.getUserMessage(locale, "CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
                 }
             }
+
             CMS.debug("processRenewal: serial number of cert to renew:" + certSerial.toString());
             ICertRecord rec = certdb.readCertificateRecord(certSerial);
             if (rec == null) {
-- 
cgit