When a user renews its certificate using pki client-cert-request the CLI will authenticate using the certificate and send an empty request message. The server is supposed to use the certificate's serial number to process the renewal request.
Currently the request fails if the serial number is missing from the request message. The server has been fixed such that it ignores the missing serial number and use the certificate's serial number instead. https://fedorahosted.org/pki/ticket/2476 Pushed to master under one-liner/trivial rule. -- Endi S. Dewata
>From e84e4a33570ce79f3c4d2aae4e6e96236221494b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Thu, 8 Dec 2016 00:24:00 +0100 Subject: [PATCH] Fixed user certificate renewal using pki client-cert-request. When a user renews its certificate using pki client-cert-request the CLI will authenticate using the certificate and send an empty request message. The server is supposed to use the certificate's serial number to process the renewal request. Currently the request fails if the serial number is missing from the request message. The server has been fixed such that it ignores the missing serial number and use the certificate's serial number instead. https://fedorahosted.org/pki/ticket/2476 --- .../src/com/netscape/cms/servlet/cert/RenewalProcessor.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java index 206d23a5d7898af2e7e93f98080dfa8b009d07ef..aefda562512f2a31483982b176ed0603e24fc5fa 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java @@ -18,8 +18,8 @@ package com.netscape.cms.servlet.cert; import java.math.BigInteger; -import java.security.cert.X509Certificate; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Date; import java.util.Enumeration; @@ -155,13 +155,11 @@ public class RenewalProcessor extends CertProcessor { String value = attribute.getValue(); CMS.debug("RenewalProcessor: profile input " + SerialNumRenewInput.SERIAL_NUM + " value: " + value); - if (StringUtils.isEmpty(value)) { - throw new BadRequestException("Missing attribute value for " + SerialNumRenewInput.SERIAL_NUM + " in input " + inputId); + if (!StringUtils.isEmpty(value)) { + serial = new CertId(value); + certSerial = serial.toBigInteger(); + break; } - - serial = new CertId(value); - certSerial = serial.toBigInteger(); - break; } } -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel