To help troubleshooting, the exception handling in some classes have
been modified to re-throw the original exception instead of silently
ignoring it, or to chain the original exception to the new exception
being thrown.
https://fedorahosted.org/pki/ticket/1654
--
Endi S. Dewata
>From 3f7333c5c029f7b02356d67a8bf5a571135348d3 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 1 Apr 2016 03:10:41 +0200
Subject: [PATCH] Fixed exception handling in CertInfoProfile.
The CertInfoProfile.populate() has been modified to re-throw the
exception instead of ignoring it.
https://fedorahosted.org/pki/ticket/1654
---
.../com/netscape/certsrv/profile/CertInfoProfile.java | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java b/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
index 907d8d631bebf2a2588b83308dfad84aaa275d36..566184d1a147672b9071636525d8cffa5562030d 100644
--- a/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
+++ b/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
@@ -21,12 +21,12 @@ import java.util.Enumeration;
import java.util.StringTokenizer;
import java.util.Vector;
-import netscape.security.x509.X509CertInfo;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.request.IRequest;
+import netscape.security.x509.X509CertInfo;
+
public class CertInfoProfile {
private Vector<ICertInfoPolicyDefault> mDefaults = new Vector<ICertInfoPolicyDefault>();
private String mName = null;
@@ -87,19 +87,20 @@ public class CertInfoProfile {
return mProfileSetIDMapping;
}
- public void populate(X509CertInfo info) {
- populate( null /* request */, info);
+ public void populate(X509CertInfo info) throws Exception {
+ populate(null /* request */, info);
}
- public void populate(IRequest request, X509CertInfo info) {
+ public void populate(IRequest request, X509CertInfo info) throws Exception {
Enumeration<ICertInfoPolicyDefault> e1 = mDefaults.elements();
while (e1.hasMoreElements()) {
ICertInfoPolicyDefault def = e1.nextElement();
try {
- def.populate( request, info);
+ CMS.debug("CertInfoProfile: Populating certificate with " + def.getClass().getName());
+ def.populate(request, info);
} catch (Exception e) {
- CMS.debug(e);
- CMS.debug("CertInfoProfile.populate: " + e.toString());
+ CMS.debug("CertInfoProfile: Unable to populate certificate: " + e);
+ throw e;
}
}
}
--
2.4.11
>From b91b5c8b767f11ffb04eaa1419232d17a26a9dfe Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 1 Apr 2016 03:22:33 +0200
Subject: [PATCH] Fixed exception handling in CertificateAuthority.
The CertificateAuthority.getCACert() has been modified to re-throw
the exception instead of ignoring it. All callers have been
modified to bubble up the exception.
https://fedorahosted.org/pki/ticket/1654
---
base/ca/src/com/netscape/ca/CMSCRLExtensions.java | 30 +++++------
.../src/com/netscape/ca/CertificateAuthority.java | 62 ++++++++++++----------
.../netscape/certsrv/authority/ICertAuthority.java | 11 ++--
.../com/netscape/certsrv/ca/ICMSCRLExtension.java | 4 +-
.../netscape/certsrv/ca/ICertificateAuthority.java | 20 +++----
.../crl/CMSAuthorityKeyIdentifierExtension.java | 20 +++----
.../cms/profile/constraint/CAEnrollConstraint.java | 7 +--
.../profile/constraint/CAValidityConstraint.java | 16 ++++--
.../def/AuthorityKeyIdentifierExtDefault.java | 10 +++-
.../netscape/cms/profile/def/CAEnrollDefault.java | 9 ++--
.../netscape/cms/profile/def/EnrollDefault.java | 34 ++++++------
.../com/netscape/cms/servlet/base/CMSServlet.java | 2 +-
.../cms/servlet/cert/RevocationProcessor.java | 19 +++----
.../netscape/cmscore/ldap/PublisherProcessor.java | 10 ++--
14 files changed, 137 insertions(+), 117 deletions(-)
diff --git a/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
index 0c3fb7906440c69b9543559d551ca3a86a4f9958..de13d07f6be37c517c31eb03ea25c41689e4e3c5 100644
--- a/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
+++ b/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
@@ -25,21 +25,6 @@ import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
-import netscape.security.extensions.AuthInfoAccessExtension;
-import netscape.security.x509.AuthorityKeyIdentifierExtension;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLNumberExtension;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.DeltaCRLIndicatorExtension;
-import netscape.security.x509.Extension;
-import netscape.security.x509.FreshestCRLExtension;
-import netscape.security.x509.HoldInstructionExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.IssuerAlternativeNameExtension;
-import netscape.security.x509.IssuingDistributionPointExtension;
-import netscape.security.x509.OIDMap;
-import netscape.security.x509.PKIXExtensions;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.EPropertyNotDefined;
@@ -55,6 +40,21 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.crl.CMSIssuingDistributionPointExtension;
import com.netscape.cmscore.base.SubsystemRegistry;
+import netscape.security.extensions.AuthInfoAccessExtension;
+import netscape.security.x509.AuthorityKeyIdentifierExtension;
+import netscape.security.x509.CRLExtensions;
+import netscape.security.x509.CRLNumberExtension;
+import netscape.security.x509.CRLReasonExtension;
+import netscape.security.x509.DeltaCRLIndicatorExtension;
+import netscape.security.x509.Extension;
+import netscape.security.x509.FreshestCRLExtension;
+import netscape.security.x509.HoldInstructionExtension;
+import netscape.security.x509.InvalidityDateExtension;
+import netscape.security.x509.IssuerAlternativeNameExtension;
+import netscape.security.x509.IssuingDistributionPointExtension;
+import netscape.security.x509.OIDMap;
+import netscape.security.x509.PKIXExtensions;
+
public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_ENABLE = "enable";
public static final String PROP_EXTENSION = "extension";
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 63c7ca4e4a8083dc58b54196af89cc7629e9fd97..2e1f9d7c8f2202d1e755537caa3b10f3b8c6e014 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -33,8 +33,8 @@ import java.security.Signature;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
-import java.util.Arrays;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
@@ -48,30 +48,6 @@ import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
-import netscape.ldap.LDAPAttribute;
-import netscape.ldap.LDAPAttributeSet;
-import netscape.ldap.LDAPConnection;
-import netscape.ldap.LDAPEntry;
-import netscape.ldap.LDAPException;
-import netscape.ldap.LDAPModification;
-import netscape.ldap.LDAPModificationSet;
-import netscape.ldap.LDAPSearchResults;
-import netscape.security.pkcs.PKCS10;
-import netscape.security.util.DerOutputStream;
-import netscape.security.util.DerValue;
-import netscape.security.x509.AlgorithmId;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateIssuerName;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X500Signer;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-import netscape.security.x509.X509ExtensionException;
-import netscape.security.x509.X509Key;
-
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.GeneralizedTime;
@@ -120,8 +96,8 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.ocsp.IOCSPService;
import com.netscape.certsrv.policy.IPolicyProcessor;
import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IProfileSubsystem;
import com.netscape.certsrv.profile.IProfile;
+import com.netscape.certsrv.profile.IProfileSubsystem;
import com.netscape.certsrv.publish.ICRLPublisher;
import com.netscape.certsrv.publish.IPublisherProcessor;
import com.netscape.certsrv.request.ARequestNotifier;
@@ -135,8 +111,8 @@ import com.netscape.certsrv.request.IService;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.certsrv.security.ISigningUnit;
import com.netscape.certsrv.util.IStatsSubsystem;
-import com.netscape.cms.servlet.cert.EnrollmentProcessor;
import com.netscape.cms.servlet.cert.CertEnrollmentRequestFactory;
+import com.netscape.cms.servlet.cert.EnrollmentProcessor;
import com.netscape.cms.servlet.processors.CAProcessor;
import com.netscape.cmscore.base.ArgBlock;
import com.netscape.cmscore.dbs.CRLRepository;
@@ -167,6 +143,30 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
import com.netscape.cmsutil.ocsp.UnknownInfo;
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPAttributeSet;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPEntry;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPModification;
+import netscape.ldap.LDAPModificationSet;
+import netscape.ldap.LDAPSearchResults;
+import netscape.security.pkcs.PKCS10;
+import netscape.security.util.DerOutputStream;
+import netscape.security.util.DerValue;
+import netscape.security.x509.AlgorithmId;
+import netscape.security.x509.CertificateChain;
+import netscape.security.x509.CertificateIssuerName;
+import netscape.security.x509.CertificateSubjectName;
+import netscape.security.x509.CertificateVersion;
+import netscape.security.x509.X500Name;
+import netscape.security.x509.X500Signer;
+import netscape.security.x509.X509CRLImpl;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+import netscape.security.x509.X509ExtensionException;
+import netscape.security.x509.X509Key;
+
/**
* A class represents a Certificate Authority that is
@@ -1272,7 +1272,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return mCACertChain;
}
- public X509CertImpl getCACert() {
+ public X509CertImpl getCACert() throws EBaseException {
if (mCaCert != null) {
return mCaCert;
}
@@ -1282,11 +1282,15 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
if (cert != null) {
return new X509CertImpl(CMS.AtoB(cert));
}
+
} catch (EBaseException e) {
CMS.debug(e);
+ throw e;
+
} catch (CertificateException e) {
- CMS.debug(e);
+ throw new EBaseException(e);
}
+
return null;
}
diff --git a/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java b/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
index 885ca202f0ce050f98a4e7d387894fce8540fd64..4bd3aff075063869fc224c173f397680a21c3c4d 100644
--- a/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
+++ b/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
@@ -17,15 +17,16 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.authority;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CertImpl;
-
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.IPublisherProcessor;
import com.netscape.certsrv.request.IRequestListener;
+import netscape.security.x509.CertificateChain;
+import netscape.security.x509.X500Name;
+import netscape.security.x509.X509CertImpl;
+
/**
* Authority that handles certificates needed by the cert registration
* servlets.
@@ -57,7 +58,7 @@ public interface ICertAuthority extends IAuthority {
*
* @return CA's certificate.
*/
- public X509CertImpl getCACert();
+ public X509CertImpl getCACert() throws EBaseException;
/**
* Returns signing algorithms supported by the CA.
diff --git a/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
index 3e711577171021568e7825d20075dd5c92c33dc9..63071bd27d04644609bb26c762ae2416bff23423 100644
--- a/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
+++ b/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
@@ -17,11 +17,11 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.ca;
-import netscape.security.x509.Extension;
-
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
+import netscape.security.x509.Extension;
+
/**
* An interface representing a CRL extension plugin.
* <P>
diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
index 16d4fc2df62ca0e4ad0eb1c814affcad357503c3..6d83e6d07bf7100d03954ac7caec69134dbb5ec1 100644
--- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
+++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
@@ -23,15 +23,6 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
-import netscape.security.x509.CertificateChain;
-import netscape.security.x509.CertificateIssuerName;
-import netscape.security.x509.CertificateSubjectName;
-import netscape.security.x509.CertificateVersion;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
import org.mozilla.jss.crypto.SignatureAlgorithm;
import com.netscape.certsrv.authentication.IAuthToken;
@@ -50,6 +41,15 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.IService;
import com.netscape.certsrv.security.ISigningUnit;
+import netscape.security.x509.CertificateChain;
+import netscape.security.x509.CertificateIssuerName;
+import netscape.security.x509.CertificateSubjectName;
+import netscape.security.x509.CertificateVersion;
+import netscape.security.x509.X500Name;
+import netscape.security.x509.X509CRLImpl;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+
/**
* An interface represents a Certificate Authority that is
* responsible for certificate specific operations.
@@ -321,7 +321,7 @@ public interface ICertificateAuthority extends ISubsystem {
*
* @return the CA certificate
*/
- public X509CertImpl getCACert();
+ public X509CertImpl getCACert() throws EBaseException;
/**
* Updates the CRL immediately for MasterCRL issuing point if it exists.
diff --git a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
index a34a99373a586409d39e424ee27527e723c932e9..562b8cd11708b05d7149e4f26901f86f84865295 100644
--- a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
+++ b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
@@ -22,6 +22,15 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.util.Locale;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IExtendedPluginInfo;
+import com.netscape.certsrv.ca.ICMSCRLExtension;
+import com.netscape.certsrv.ca.ICRLIssuingPoint;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.common.NameValuePairs;
+import com.netscape.certsrv.logging.ILogger;
+
import netscape.security.x509.AuthorityKeyIdentifierExtension;
import netscape.security.x509.CertificateExtensions;
import netscape.security.x509.Extension;
@@ -33,15 +42,6 @@ import netscape.security.x509.SubjectKeyIdentifierExtension;
import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509CertInfo;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IExtendedPluginInfo;
-import com.netscape.certsrv.ca.ICMSCRLExtension;
-import com.netscape.certsrv.ca.ICRLIssuingPoint;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents an authority key identifier extension.
*
@@ -127,7 +127,7 @@ public class CMSAuthorityKeyIdentifierExtension
.getCACert().getSerialNumber()));
}
- } catch (IOException e) {
+ } catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
}
diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
index c0a9758da39a44304c9f9db13a768b7946cca76b..b0cc927b23f60bb301042ec331186eec3813ddce 100644
--- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
+++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
@@ -17,11 +17,12 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-import netscape.security.x509.X509CertImpl;
-
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.ca.ICertificateAuthority;
+import netscape.security.x509.X509CertImpl;
+
/**
* This class represents an abstract class for CA enrollment
* constraint.
@@ -38,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint {
/**
* Retrieves the CA certificate.
*/
- public X509CertImpl getCACert() {
+ public X509CertImpl getCACert() throws EBaseException {
ICertificateAuthority ca = (ICertificateAuthority)
CMS.getSubsystem(CMS.SUBSYSTEM_CA);
X509CertImpl caCert = ca.getCACert();
diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
index a7a159de3ac9f40ef8b4cc31c71d386505e4fc24..77585c076edab2ffec967b7d222555ef83f21c2b 100644
--- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
+++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
@@ -21,11 +21,8 @@ import java.io.IOException;
import java.util.Date;
import java.util.Locale;
-import netscape.security.x509.CertificateValidity;
-import netscape.security.x509.X509CertImpl;
-import netscape.security.x509.X509CertInfo;
-
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.profile.EProfileException;
import com.netscape.certsrv.profile.ERejectException;
@@ -37,6 +34,10 @@ import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserValidityDefault;
import com.netscape.cms.profile.def.ValidityDefault;
+import netscape.security.x509.CertificateValidity;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+
/**
* This class implements the validity constraint.
* It checks if the validity in the certificate
@@ -56,7 +57,12 @@ public class CAValidityConstraint extends CAEnrollConstraint {
public void init(IProfile profile, IConfigStore config)
throws EProfileException {
super.init(profile, config);
- X509CertImpl caCert = getCACert();
+ X509CertImpl caCert;
+ try {
+ caCert = getCACert();
+ } catch (EBaseException e) {
+ throw new EProfileException(e);
+ }
mDefNotBefore = caCert.getNotBefore();
mDefNotAfter = caCert.getNotAfter();
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
index bd71a4ef8cf710008fc861a022a553d5064c37ba..e2208aba7c51a4ffd5914e039c38fee43343383e 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
@@ -21,6 +21,7 @@ import java.io.IOException;
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.ca.AuthorityID;
import com.netscape.certsrv.ca.ICertificateAuthority;
@@ -173,12 +174,17 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
if (ca == null)
throw new EProfileException("Could not reach requested CA");
- AuthorityKeyIdentifierExtension ext = createExtension(ca, info);
+ AuthorityKeyIdentifierExtension ext;
+ try {
+ ext = createExtension(ca, info);
+ } catch (EBaseException e) {
+ throw new EProfileException(e);
+ }
addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info);
}
public AuthorityKeyIdentifierExtension createExtension(
- ICertificateAuthority ca, X509CertInfo info) {
+ ICertificateAuthority ca, X509CertInfo info) throws EBaseException {
KeyIdentifier kid = null;
String localKey = getConfig("localKey");
if (localKey != null && localKey.equals("true")) {
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java
index 696830ead842767892f77bd8f8c9ea6f667225aa..14484e0c357f35efb1ad8cef68a0a88afaf33e59 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java
@@ -22,6 +22,10 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+
import netscape.security.x509.CertificateX509Key;
import netscape.security.x509.KeyIdentifier;
import netscape.security.x509.PKIXExtensions;
@@ -30,9 +34,6 @@ import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509CertInfo;
import netscape.security.x509.X509Key;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.ca.ICertificateAuthority;
-
/**
* This class implements an abstract CA specific
* Enrollment default. This policy can only be
@@ -68,7 +69,7 @@ public abstract class CAEnrollDefault extends EnrollDefault {
return null;
}
- public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) {
+ public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) throws EBaseException {
X509CertImpl caCert = ca.getCACert();
if (caCert == null) {
// during configuration, we dont have the CA certificate
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
index 8a6fa4cef4bbe8e74a3d6c843cc7a568b0e9d354..00d669e373433d24fe2138df4e81bdf19c4ffc18 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -24,6 +24,23 @@ import java.util.NoSuchElementException;
import java.util.StringTokenizer;
import java.util.Vector;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IAttrSet;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.IPrettyPrintFormat;
+import com.netscape.certsrv.common.NameValuePairs;
+import com.netscape.certsrv.pattern.Pattern;
+import com.netscape.certsrv.profile.EProfileException;
+import com.netscape.certsrv.profile.ICertInfoPolicyDefault;
+import com.netscape.certsrv.profile.IEnrollProfile;
+import com.netscape.certsrv.profile.IPolicyDefault;
+import com.netscape.certsrv.profile.IProfile;
+import com.netscape.certsrv.property.EPropertyException;
+import com.netscape.certsrv.property.IDescriptor;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.cms.profile.common.EnrollProfile;
+
import netscape.security.extensions.KerberosName;
import netscape.security.util.DerInputStream;
import netscape.security.util.DerOutputStream;
@@ -43,23 +60,6 @@ import netscape.security.x509.URIName;
import netscape.security.x509.X500Name;
import netscape.security.x509.X509CertInfo;
-import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.EBaseException;
-import com.netscape.certsrv.base.IAttrSet;
-import com.netscape.certsrv.base.IConfigStore;
-import com.netscape.certsrv.base.IPrettyPrintFormat;
-import com.netscape.certsrv.common.NameValuePairs;
-import com.netscape.certsrv.pattern.Pattern;
-import com.netscape.certsrv.profile.EProfileException;
-import com.netscape.certsrv.profile.ICertInfoPolicyDefault;
-import com.netscape.certsrv.profile.IEnrollProfile;
-import com.netscape.certsrv.profile.IPolicyDefault;
-import com.netscape.certsrv.profile.IProfile;
-import com.netscape.certsrv.property.EPropertyException;
-import com.netscape.certsrv.property.IDescriptor;
-import com.netscape.certsrv.request.IRequest;
-import com.netscape.cms.profile.common.EnrollProfile;
-
/**
* This class implements an enrollment default policy.
*
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
index 146be519b5b46c8ae37c8b7958db39add0a84931..ba7ce5720424d8fb7f620457d6628d975df59d49 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -1510,7 +1510,7 @@ public abstract class CMSServlet extends HttpServlet {
* The main purpose is to avoid revoking the self signed
* CA certificate accidentially.
*/
- protected boolean isSystemCertificate(BigInteger serialNo) {
+ protected boolean isSystemCertificate(BigInteger serialNo) throws EBaseException {
if (!(mAuthority instanceof ICertificateAuthority)) {
return false;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
index e03fc2cfd851ddbb4cd7f557e6878051d5ecaba5..ffcda63f5f295157fe2527942d5f0c9914adf3aa 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java
@@ -27,13 +27,6 @@ import java.util.Collection;
import java.util.Date;
import java.util.Locale;
-import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
-import netscape.security.x509.InvalidityDateExtension;
-import netscape.security.x509.RevocationReason;
-import netscape.security.x509.RevokedCertImpl;
-import netscape.security.x509.X509CertImpl;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.BadRequestException;
import com.netscape.certsrv.base.EBaseException;
@@ -53,6 +46,13 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.certsrv.usrgrp.Certificates;
import com.netscape.certsrv.usrgrp.IUser;
+import netscape.security.x509.CRLExtensions;
+import netscape.security.x509.CRLReasonExtension;
+import netscape.security.x509.InvalidityDateExtension;
+import netscape.security.x509.RevocationReason;
+import netscape.security.x509.RevokedCertImpl;
+import netscape.security.x509.X509CertImpl;
+
/**
* @author Endi S. Dewata
*/
@@ -207,7 +207,8 @@ public class RevocationProcessor extends CertProcessor {
}
}
- public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) {
+ public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert)
+ throws EBaseException {
X509CertImpl targetCert = targetRecord.getCertificate();
BigInteger targetSerialNumber = targetCert.getSerialNumber();
@@ -426,7 +427,7 @@ public class RevocationProcessor extends CertProcessor {
* The main purpose is to avoid revoking the self signed
* CA certificate accidentally.
*/
- public boolean isSystemCertificate(X509Certificate cert) {
+ public boolean isSystemCertificate(X509Certificate cert) throws EBaseException {
X509Certificate caCert = authority.getCACert();
if (caCert == null)
diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java b/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java
index 5df29c10c0af15656bd249f5da4f627a23608904..4397dc255d63ba470cf9163bdceff23d976a2c45 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java
@@ -24,10 +24,6 @@ import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
-import netscape.ldap.LDAPConnection;
-import netscape.security.x509.X500Name;
-import netscape.security.x509.X509CRLImpl;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.ICertAuthority;
import com.netscape.certsrv.base.EBaseException;
@@ -59,6 +55,10 @@ import com.netscape.certsrv.request.IRequestNotifier;
import com.netscape.cmscore.dbs.CertRecord;
import com.netscape.cmscore.util.Debug;
+import netscape.ldap.LDAPConnection;
+import netscape.security.x509.X500Name;
+import netscape.security.x509.X509CRLImpl;
+
public class PublisherProcessor implements
IPublisherProcessor, IXcertPublisherProcessor {
@@ -1364,7 +1364,7 @@ public class PublisherProcessor implements
// for crosscerts
private void publishNow(ILdapMapper mapper, ILdapPublisher publisher,
- IRequest r, byte[] bytes) throws ELdapException {
+ IRequest r, byte[] bytes) throws EBaseException {
if (!enabled())
return;
CMS.debug("PublisherProcessor: in publishNow() for xcerts");
--
2.4.11
>From 9a53cf049cdfad5ff750438243e161212b3d8423 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 1 Apr 2016 22:46:16 +0200
Subject: [PATCH] Fixed exception handling in X509CertInfo.
The methods in X509CertInfo have been modified to chain the
original exception.
https://fedorahosted.org/pki/ticket/1654
---
base/util/src/netscape/security/x509/X509CertInfo.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/base/util/src/netscape/security/x509/X509CertInfo.java b/base/util/src/netscape/security/x509/X509CertInfo.java
index 29757ec8aba051d5f211cc71a27675b7a5720de5..e4768294e704f67527b517bb5864ffe5362ce627 100644
--- a/base/util/src/netscape/security/x509/X509CertInfo.java
+++ b/base/util/src/netscape/security/x509/X509CertInfo.java
@@ -156,7 +156,7 @@ public class X509CertInfo implements CertAttrSet, Serializable {
parse(in);
} catch (IOException e) {
- throw new CertificateParsingException(e.toString());
+ throw new CertificateParsingException(e);
}
}
@@ -172,7 +172,7 @@ public class X509CertInfo implements CertAttrSet, Serializable {
try {
parse(derVal);
} catch (IOException e) {
- throw new CertificateParsingException(e.toString());
+ throw new CertificateParsingException(e);
}
}
@@ -266,9 +266,9 @@ public class X509CertInfo implements CertAttrSet, Serializable {
System.arraycopy(rawCertInfo, 0, dup, 0, dup.length);
return dup;
} catch (IOException e) {
- throw new CertificateEncodingException(e.toString());
+ throw new CertificateEncodingException(e);
} catch (CertificateException e) {
- throw new CertificateEncodingException(e.toString());
+ throw new CertificateEncodingException(e);
}
}
--
2.4.11
>From 01017313566911c6c91fa41c5ec048ec81197431 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Mon, 11 Apr 2016 18:17:30 +0200
Subject: [PATCH] Fixed exception handling in CertificateExtensions.
The CertificateExtensions.parseExtension() and some extension
classes have been modified to chain the original exception.
https://fedorahosted.org/pki/ticket/1654
---
.../security/x509/AuthorityKeyIdentifierExtension.java | 4 ++--
.../security/x509/CRLDistributionPointsExtension.java | 8 ++++----
.../netscape/security/x509/CertificateExtensions.java | 17 ++++++++++++-----
.../security/x509/CertificateIssuerExtension.java | 5 ++---
.../netscape/security/x509/FreshestCRLExtension.java | 8 ++++----
.../security/x509/IssuerAlternativeNameExtension.java | 5 ++---
.../x509/IssuingDistributionPointExtension.java | 17 +++++++----------
.../security/x509/SubjectAlternativeNameExtension.java | 2 +-
8 files changed, 34 insertions(+), 32 deletions(-)
diff --git a/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java b/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
index ec15be4a006d9757c98e1e2084391284fd94caca..a71a3b69ae289868975044a180e89e4448d70640 100644
--- a/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
+++ b/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
@@ -100,7 +100,7 @@ public class AuthorityKeyIdentifierExtension extends Extension
true, TAG_NAMES), tmp1);
}
} catch (Exception e) {
- throw new IOException(e.toString());
+ throw new IOException(e);
}
if (serialNum != null) {
DerOutputStream tmp1 = new DerOutputStream();
@@ -199,7 +199,7 @@ public class AuthorityKeyIdentifierExtension extends Extension
opt.resetTag(DerValue.tag_Sequence);
names = new GeneralNames(opt);
} catch (GeneralNamesException e) {
- throw new IOException(e.toString());
+ throw new IOException(e);
}
} else if (opt.isContextSpecific(TAG_SERIAL_NUM) &&
diff --git a/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java b/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java
index 1cfb770df60b26a7a849b8bc4bea70424e9416df..0cd6505c39fb75768b7362d2bf76318fa168b0ea 100644
--- a/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java
+++ b/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java
@@ -27,13 +27,13 @@ import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
-import netscape.security.util.BitArray;
-import netscape.security.util.DerOutputStream;
-
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.asn1.SEQUENCE;
+import netscape.security.util.BitArray;
+import netscape.security.util.DerOutputStream;
+
/**
* An extension that tells applications where to find the CRL for
* this certificate.
@@ -95,7 +95,7 @@ public class CRLDistributionPointsExtension extends Extension
distributionPoints =
(SEQUENCE) ASN1Util.decode(seqOfCRLDP, extensionValue);
} catch (InvalidBERException e) {
- throw new IOException("Invalid BER-encoding: " + e.toString());
+ throw new IOException("Invalid BER-encoding: " + e, e);
}
} catch (IOException e) {
System.out.println("Big error");
diff --git a/base/util/src/netscape/security/x509/CertificateExtensions.java b/base/util/src/netscape/security/x509/CertificateExtensions.java
index 3a21c2f83cf76df8f60331aeecc526298342e9b3..d76bfe196d2a1a7524e2d6015185237895418be3 100644
--- a/base/util/src/netscape/security/x509/CertificateExtensions.java
+++ b/base/util/src/netscape/security/x509/CertificateExtensions.java
@@ -88,12 +88,19 @@ public class CertificateExtensions extends Vector<Extension>
map.put(certExt.getName(), (Extension) certExt);
addElement((Extension) certExt);
}
- } catch (NoSuchMethodException nosuch) {
- throw new IOException(nosuch.toString());
- } catch (InvocationTargetException invk) {
- throw new IOException(invk.getTargetException().toString());
+
+ } catch (NoSuchMethodException e) {
+ throw new IOException(e);
+
+ } catch (InvocationTargetException e) {
+ Throwable t = e.getTargetException();
+ if (t instanceof IOException) {
+ throw (IOException)t;
+ }
+ throw new IOException(t);
+
} catch (Exception e) {
- throw new IOException(e.toString());
+ throw new IOException(e);
}
}
diff --git a/base/util/src/netscape/security/x509/CertificateIssuerExtension.java b/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
index 4f20cb685a726ddec7bb19645c9d524ec3af0ca1..ae4c2093a7cdd39fe43233ad50f1ce8ab44ddf53 100644
--- a/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
+++ b/base/util/src/netscape/security/x509/CertificateIssuerExtension.java
@@ -73,7 +73,7 @@ public class CertificateIssuerExtension extends Extension
try {
names.encode(os);
} catch (GeneralNamesException e) {
- throw new IOException(e.toString());
+ throw new IOException(e);
}
this.extensionValue = os.toByteArray();
}
@@ -139,8 +139,7 @@ public class CertificateIssuerExtension extends Extension
try {
names = new GeneralNames(val);
} catch (GeneralNamesException e) {
- throw new IOException("CertificateIssuerExtension: " +
- e.toString());
+ throw new IOException("CertificateIssuerExtension: " + e, e);
}
}
diff --git a/base/util/src/netscape/security/x509/FreshestCRLExtension.java b/base/util/src/netscape/security/x509/FreshestCRLExtension.java
index 222a5e9594539395dd816c5bd73eee2a8b0fac05..c084956b5ecdcbe697ee78cb02bb81186b3a6d1c 100644
--- a/base/util/src/netscape/security/x509/FreshestCRLExtension.java
+++ b/base/util/src/netscape/security/x509/FreshestCRLExtension.java
@@ -27,13 +27,13 @@ import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
-import netscape.security.util.BitArray;
-import netscape.security.util.DerOutputStream;
-
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.asn1.SEQUENCE;
+import netscape.security.util.BitArray;
+import netscape.security.util.DerOutputStream;
+
/**
* An extension that tells applications where to find
* the latest (freshest) delta CRL for this certificate
@@ -115,7 +115,7 @@ public class FreshestCRLExtension extends Extension
distributionPoints =
(SEQUENCE) ASN1Util.decode(seqOfCRLDP, extensionValue);
} catch (InvalidBERException e) {
- throw new IOException("Invalid BER-encoding: " + e.toString());
+ throw new IOException("Invalid BER-encoding: " + e, e);
}
} catch (IOException e) {
System.out.println("Big error");
diff --git a/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java b/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
index 62b3ecf94d1118d1b1b4867dec9579a2dd20df0e..469e4722b6064a81777cc26cc0afbda46b1f6c17 100644
--- a/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
+++ b/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java
@@ -71,7 +71,7 @@ public class IssuerAlternativeNameExtension
try {
names.encode(os);
} catch (GeneralNamesException e) {
- throw new IOException(e.toString());
+ throw new IOException(e);
}
this.extensionValue = os.toByteArray();
}
@@ -136,8 +136,7 @@ public class IssuerAlternativeNameExtension
try {
names = new GeneralNames(val);
} catch (GeneralNamesException e) {
- throw new IOException("IssuerAlternativeNameExtension"
- + e.toString());
+ throw new IOException("IssuerAlternativeNameExtension: " + e, e);
}
}
diff --git a/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java b/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java
index b78a891c230e74d5105bbc31770918729d5c20bb..d65dc44f0aefccd87d5db18253c93e252eb347a6 100644
--- a/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java
+++ b/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java
@@ -26,12 +26,12 @@ import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Vector;
+import org.mozilla.jss.asn1.ASN1Util;
+
import netscape.security.util.BitArray;
import netscape.security.util.DerOutputStream;
import netscape.security.util.DerValue;
-import org.mozilla.jss.asn1.ASN1Util;
-
/**
* A critical CRL extension that identifies the CRL distribution point
* for a particular CRL
@@ -162,11 +162,9 @@ public class IssuingDistributionPointExtension extends Extension
issuingDistributionPoint.setFullName(fullName);
}
} catch (GeneralNamesException e) {
- throw new IOException("Invalid encoding of IssuingDistributionPoint "
- + e);
+ throw new IOException("Invalid encoding of IssuingDistributionPoint " + e, e);
} catch (IOException e) {
- throw new IOException("Invalid encoding of IssuingDistributionPoint "
- + e);
+ throw new IOException("Invalid encoding of IssuingDistributionPoint " + e, e);
}
} else {
throw new IOException("Invalid encoding of IssuingDistributionPoint");
@@ -182,8 +180,7 @@ public class IssuingDistributionPointExtension extends Extension
issuingDistributionPoint.setRelativeName(relativeName);
}
} catch (IOException e) {
- throw new IOException("Invalid encoding of IssuingDistributionPoint "
- + e);
+ throw new IOException("Invalid encoding of IssuingDistributionPoint " + e, e);
}
} else {
throw new IOException("Invalid encoding of IssuingDistributionPoint");
@@ -203,7 +200,7 @@ public class IssuingDistributionPointExtension extends Extension
@SuppressWarnings("unused")
byte[] a = reasons.toByteArray(); // check for errors
} catch (IOException e) {
- throw new IOException("Invalid encoding of IssuingDistributionPoint " + e);
+ throw new IOException("Invalid encoding of IssuingDistributionPoint " + e, e);
}
} else {
@@ -218,7 +215,7 @@ public class IssuingDistributionPointExtension extends Extension
issuingDistributionPoint.setIndirectCRL(b);
}
} catch (IOException e) {
- throw new IOException("Invalid encoding of IssuingDistributionPoint " + e);
+ throw new IOException("Invalid encoding of IssuingDistributionPoint " + e, e);
}
}
} else {
diff --git a/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java b/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
index cdeff8f651c0721f9edbc5904345a39709e52bdc..d96c821604308c11723644e8842e1dcc6f224034 100644
--- a/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
+++ b/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java
@@ -139,7 +139,7 @@ public class SubjectAlternativeNameExtension extends Extension
try {
names = new GeneralNames(val);
} catch (GeneralNamesException e) {
- throw new IOException("SubjectAlternativeName: " + e);
+ throw new IOException("SubjectAlternativeName: " + e, e);
}
}
--
2.4.11
>From 0b925cd8b59d96ef76cc8f509b7c4c8729dae803 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Mon, 11 Apr 2016 18:18:52 +0200
Subject: [PATCH] Fixed exception handling in CertUtil.
The CertUtil.createLocalCert() has been modified to re-throw the
exception instead of ignoring it.
https://fedorahosted.org/pki/ticket/1654
---
.../com/netscape/cms/servlet/csadmin/CertUtil.java | 25 ++++++++++++++--------
.../cms/servlet/csadmin/ConfigurationUtils.java | 7 ++----
2 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index f4cd82fcca1a6470018f0a4981fee6b18ee34320..774ff94e317c48f250f1e15bf57b55f006e83ae4 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -453,10 +453,20 @@ public class CertUtil {
} else {
keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm");
}
+
if (!caProvided)
ca = (ICertificateAuthority) CMS.getSubsystem(
ICertificateAuthority.ID);
+
cr = ca.getCertificateRepository();
+
+ if (cr == null) {
+ if (context != null) {
+ context.put("errorString", "Ceritifcate Authority is not ready to serve.");
+ }
+ throw new IOException("Ceritifcate Authority is not ready to serve.");
+ }
+
BigInteger serialNo = cr.getNextSerialNumber();
if (type.equals("selfsign")) {
CMS.debug("Creating local certificate... selfsign cert");
@@ -575,16 +585,13 @@ public class CertUtil {
if (cert != null) {
CMS.debug("CertUtil createSelfSignedCert: got cert signed");
}
+
+ } catch (IOException e) {
+ throw e;
+
} catch (Exception e) {
- CMS.debug(e);
- CMS.debug("CertUtil createLocalCert() exception caught:" + e.toString());
- }
-
- if (cr == null) {
- if (context != null) {
- context.put("errorString", "Ceritifcate Authority is not ready to serve.");
- }
- throw new IOException("Ceritifcate Authority is not ready to serve.");
+ CMS.debug("Unable to create local certificate: " + e);
+ throw new IOException("Unable to create local certificate: " + e, e);
}
ICertRecord record = null;
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 7aeee7e9fc3e3cdf811250ce1f480f3ee9e6a9c8..e2b014f353c13818297e898c02a74ec93994f2c1 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -84,7 +84,6 @@ import org.mozilla.jss.crypto.EncryptionAlgorithm;
import org.mozilla.jss.crypto.IVParameterSpec;
import org.mozilla.jss.crypto.IllegalBlockSizeException;
import org.mozilla.jss.crypto.InternalCertificate;
-import org.mozilla.jss.crypto.InvalidKeyFormatException;
import org.mozilla.jss.crypto.KeyGenAlgorithm;
import org.mozilla.jss.crypto.KeyGenerator;
import org.mozilla.jss.crypto.KeyWrapAlgorithm;
@@ -3055,8 +3054,7 @@ public class ConfigurationUtils {
cr.addCertificateRecord(record);
}
- public static int handleCerts(Cert cert) throws IOException, EBaseException, CertificateException,
- NotInitializedException, TokenException, InvalidKeyException {
+ public static int handleCerts(Cert cert) throws Exception {
String certTag = cert.getCertTag();
String subsystem = cert.getSubsystem();
String nickname = cert.getNickname();
@@ -3491,8 +3489,7 @@ public class ConfigurationUtils {
}
public static void createAdminCertificate(String certRequest, String certRequestType, String subject)
- throws InvalidBERException, IOException, InvalidKeyException, InvalidKeyFormatException,
- NoSuchAlgorithmException, SignatureException, NoSuchProviderException, EBaseException {
+ throws Exception {
IConfigStore cs = CMS.getConfigStore();
X509Key x509key = null;
if (certRequestType.equals("crmf")) {
--
2.4.11
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
