[Pki-devel] [PATCH] 0102 Lightweight CAs: allow specifying authority via ProfileSubmitServlet

[Fraser Tweedale]

Attached patch does what it says on the tin ;)

Cheers, and have a good weekend y'all.
Fraser
-------------- next part --------------
From cabae0a050fb752b290ece28d5dac927f01b3c01 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Fri, 6 May 2016 16:03:57 +1000
Subject: [PATCH] Lightweight CAs: allow specifying authority via
 ProfileSubmitServlet

Lightweight CAs were supported in REST-based request submission, but
not via ProfileSubmitServlet, however, FreeIPA currently uses
ProfileSubmitServlet, so make it possible to use lightweight CAs.

Part of: https://fedorahosted.org/pki/ticket/1625
---
 .../cms/servlet/profile/ProfileSubmitServlet.java    | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index f7b08ece99e11f1e1633e0d67fb4646a27417d80..4096d0aecfc1eb71481d446a5809631516bc5d27 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -33,6 +33,9 @@ import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.authorization.EAuthzException;
 import com.netscape.certsrv.base.BadRequestDataException;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.ca.AuthorityID;
+import com.netscape.certsrv.ca.CANotFoundException;
+import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.profile.IEnrollProfile;
@@ -220,8 +223,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     CMSTemplate.escapeJavaScriptStringHTML(profileId)));
         }
 
+        String aidString = request.getParameter("authorityId");
+        AuthorityID aid = null;
+        if (aidString != null && !aidString.isEmpty()) {
+            try {
+                aid = new AuthorityID(aidString);
+            } catch (IllegalArgumentException e) {
+                throw new BadRequestDataException("invalid AuthorityID: " + aidString);
+            }
+            ICertificateAuthority ca = (ICertificateAuthority)
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+            ca = ca.getCA(aid);
+            if (ca == null)
+                throw new CANotFoundException("CA not found: " + aidString);
+        }
+
         CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
-        return processor.processEnrollment(data, request, null, null);
+        return processor.processEnrollment(data, request, aid, null);
     }
 
     public HashMap<String, Object> processRenewal(CMSRequest cmsReq) throws EBaseException {
-- 
2.5.5