[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] 820 Allowing optional CA signing CSR.



The CA signing CSR is already stored in request record which will
be imported as part of migration process, so it's not necessary to
export and reimport the CSR file again for migration.

To allow optional CSR, the pki-server subsystem-cert-validate
CLI has been modified to no longer check the CSR in CS.cfg. The
ConfigurationUtils.loadCertRequest() has been modified to ignore
the missing CSR in CS.cfg.

https://fedorahosted.org/pki/ticket/2440

--
Endi S. Dewata
>From 46c667d2f93a35ed82822d1cb286c5409a4e566f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata redhat com>
Date: Wed, 17 Aug 2016 16:44:48 +0200
Subject: [PATCH] Allowing optional CA signing CSR.

The CA signing CSR is already stored in request record which will
be imported as part of migration process, so it's not necessary to
export and reimport the CSR file again for migration.

To allow optional CSR, the pki-server subsystem-cert-validate
CLI has been modified to no longer check the CSR in CS.cfg. The
ConfigurationUtils.loadCertRequest() has been modified to ignore
the missing CSR in CS.cfg.

https://fedorahosted.org/pki/ticket/2440
---
 .../netscape/cms/servlet/csadmin/ConfigurationUtils.java    | 13 ++++++++++---
 base/server/python/pki/server/cli/subsystem.py              |  4 ----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 992ccc105047954b6f9be7847a43247711d8d1ee..cdb2844953e788abaed3acb70793a4fe857303e7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -2947,10 +2947,17 @@ public class ConfigurationUtils {
         cert.setDN(subjectDN);
 
         String subsystem = config.getString(PCERT_PREFIX + tag + ".subsystem");
-        String certreq = config.getString(subsystem + "." + tag + ".certreq");
-        String formattedCertreq = CryptoUtil.reqFormat(certreq);
 
-        cert.setRequest(formattedCertreq);
+        try {
+            String certreq = config.getString(subsystem + "." + tag + ".certreq");
+            String formattedCertreq = CryptoUtil.reqFormat(certreq);
+
+            cert.setRequest(formattedCertreq);
+
+        } catch (EPropertyNotFound e) {
+            // The CSR is optional for existing CA case.
+            CMS.debug("ConfigurationUtils.loadCertRequest: " + tag + " cert has no CSR");
+        }
     }
 
     public static void generateCertRequest(IConfigStore config, String certTag, Cert cert) throws Exception {
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index 4651d74db51efd6c9880c058f9d5c1489326c057..c173ea255e5e7bca26e2ada5a4685ca14ba2b03f 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -917,10 +917,6 @@ class SubsystemCertValidateCLI(pki.cli.CLI):
 
         print('  Cert ID: %s' % cert['id'])
 
-        if not cert['request']:
-            print('  Status: ERROR: missing certificate request')
-            return False
-
         if not cert['data']:
             print('  Status: ERROR: missing certificate data')
             return False
-- 
2.5.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]