Due to changes in aaacd71a2f125501645885d3da1de18459782572, when pki_import_admin_cert is set to False the installation code performs an unnecessary URL encoding on the admin certificate request. The extra URL encoding has now been removed.
https://fedorahosted.org/pki/ticket/1803 -- Endi S. Dewata
>From c7992bc5453505de826f480b882aac48853a1749 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Mon, 21 Mar 2016 17:10:39 +0100 Subject: [PATCH] Removed unnecessary URL encoding on admin cert request. Due to changes in aaacd71a2f125501645885d3da1de18459782572, when pki_import_admin_cert is set to False the installation code performs an unnecessary URL encoding on the admin certificate request. The extra URL encoding has now been removed. https://fedorahosted.org/pki/ticket/1803 --- .../src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 6 ++++-- .../cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 3c69fa75ffa086d4de75f99fbf78e36e2d0e0cd8..51e5f082434b45ab667005ef598b183be4ada189 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -30,7 +30,6 @@ import java.io.PrintStream; import java.math.BigInteger; import java.net.URI; import java.net.URISyntaxException; -import java.net.URLEncoder; import java.security.DigestException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; @@ -3640,12 +3639,15 @@ public class ConfigurationUtils { public static String submitAdminCertRequest(String ca_hostname, int ca_port, String profileId, String certRequestType, String certRequest, String subjectDN) throws Exception { + + CMS.debug("ConfigurationUtils: submitAdminCertRequest()"); + IConfigStore config = CMS.getConfigStore(); if (profileId == null) { profileId = config.getString("preop.admincert.profile", "caAdminCert"); } - certRequest = URLEncoder.encode(certRequest, "UTF-8"); + String session_id = CMS.getConfigSDSessionId(); MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>(); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index f7e5a6b05d39f3fcab4f1f45f0d283c1a379bce1..c56f33281bca9965b1d593dac3248295d235838d 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -609,11 +609,13 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } public void configureAdministrator(ConfigurationRequest data, ConfigurationResponse response) { + if (!data.isClone()) { try { X509CertImpl admincerts[] = new X509CertImpl[1]; ConfigurationUtils.createAdmin(data.getAdminUID(), data.getAdminEmail(), data.getAdminName(), data.getAdminPassword()); + if (data.getImportAdminCert().equalsIgnoreCase("true")) { String b64 = CryptoUtil.stripCertBrackets(data.getAdminCert().trim()); if (data.getStandAlone() && data.getStepTwo()) { @@ -625,6 +627,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou // Convert Admin Cert to X509CertImpl byte[] b = CryptoUtil.base64Decode(b64); admincerts[0] = new X509CertImpl(b); + } else { if (csType.equals("CA")) { ConfigurationUtils.createAdminCertificate(data.getAdminCertRequest(), @@ -634,6 +637,7 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(ICertificateAuthority.ID); ICertificateRepository repo = ca.getCertificateRepository(); admincerts[0] = repo.getX509Certificate(new BigInteger(serialno, 16)); + } else { String type = cs.getString("preop.ca.type", ""); String ca_hostname = ""; -- 2.4.3
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
