Previously cert enrollment might fail after editing the profile using the console. This is because the console added an empty rangeUnit parameter, but the server rejected the empty value.
The convertRangeUnit() methods in several classes have been modified to accept the empty value and convert it into the default value (i.e. day). https://fedorahosted.org/pki/ticket/2308 -- Endi S. Dewata
>From 5a16f0ee1ae38a43971b0c63cf8aeee824984dff Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Thu, 19 May 2016 16:54:17 +0200 Subject: [PATCH] Fixed cert enrollment problem with empty rangeUnit in profile. Previously cert enrollment might fail after editing the profile using the console. This is because the console added an empty rangeUnit parameter, but the server rejected the empty value. The convertRangeUnit() methods in several classes have been modified to accept the empty value and convert it into the default value (i.e. day). https://fedorahosted.org/pki/ticket/2308 --- .../com/netscape/cms/profile/constraint/ValidityConstraint.java | 8 ++++---- .../cms/src/com/netscape/cms/profile/def/CAValidityDefault.java | 2 +- .../cms/src/com/netscape/cms/profile/def/ValidityDefault.java | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index eaf0b3bbfd7d1584263ef53a12faac37ff62b3c5..dcb11daf169a462d942fb44b7ffc527bb092729d 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -22,9 +22,6 @@ import java.util.Calendar; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; @@ -41,6 +38,9 @@ import com.netscape.cms.profile.def.RandomizedValidityDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.X509CertInfo; + /** * This class implements the validity constraint. * It checks if the validity in the certificate @@ -113,7 +113,7 @@ public class ValidityConstraint extends EnrollConstraint { } else if (unit.equals("month")) { return Calendar.MONTH; - } else if (unit.equals("day")) { + } else if (unit.equals("day") || unit.equals("")) { return Calendar.DAY_OF_YEAR; } else if (unit.equals("hour")) { diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java index a98b2c28c12c78ac6ffa420c880ba0c317f5f94b..2df256eb1621a866e7e0c2a4d530f48139a982fc 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -316,7 +316,7 @@ public class CAValidityDefault extends EnrollDefault { } else if (unit.equals("month")) { return Calendar.MONTH; - } else if (unit.equals("day")) { + } else if (unit.equals("day") || unit.equals("")) { return Calendar.DAY_OF_YEAR; } else if (unit.equals("hour")) { diff --git a/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java index 02807346fbddc4ffc4d0a36d49fcb6262de231ad..ad4281b808f0a8ab1250717a74256a42b4527b4f 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -24,9 +24,6 @@ import java.util.Calendar; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; @@ -36,6 +33,9 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.X509CertInfo; + /** * This class implements an enrollment default policy * that populates a server-side configurable validity @@ -231,7 +231,7 @@ public class ValidityDefault extends EnrollDefault { } else if (unit.equals("month")) { return Calendar.MONTH; - } else if (unit.equals("day")) { + } else if (unit.equals("day") || unit.equals("")) { return Calendar.DAY_OF_YEAR; } else if (unit.equals("hour")) { -- 2.4.11
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
