rpms / pki-core

Clone
Source Code
GIT

Blame SOURCES/0002-acme-log-in-CAClient-when-submitting-certificate-req.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   cd4c908ee38b4ad0ce1bd1c53e3dcaf94110bd0b
  2.   SOURCES
  3.   0002-acme-log-in-CAClient-when-submitting-certificate-req.patch
Blob History Raw
cd4c90 
From a589107d8362bed238f3cdf1662914665b705c0b Mon Sep 17 00:00:00 2001
cd4c90 
From: Fraser Tweedale <ftweedal@redhat.com>
cd4c90 
Date: Wed, 27 May 2020 16:55:05 +1000
cd4c90 
Subject: [PATCH 1/2] acme: log in CAClient when submitting certificate request
cd4c90
cd4c90 
It is possible to use a lower-privileged RA account to issue
cd4c90 
certificates, if the target profile is set up to allow it.
cd4c90 
Therefore log in the user before submitting the certificate request.
cd4c90 
---
cd4c90 
 base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java | 1 +
cd4c90 
 1 file changed, 1 insertion(+)
cd4c90
cd4c90 
diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
cd4c90 
index ecc074a5f..dd7fc3f85 100644
cd4c90 
--- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
cd4c90 
+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
cd4c90 
@@ -123,6 +123,7 @@ public class PKIIssuer extends ACMEIssuer {
cd4c90 
         AuthorityID aid = null;
cd4c90 
         X500Name adn = null;
cd4c90
cd4c90 
+        caClient.login();
cd4c90 
         CACertClient certClient = new CACertClient(caClient);
cd4c90 
         CertEnrollmentRequest certEnrollmentRequest = certClient.getEnrollmentTemplate(profile);
cd4c90
cd4c90 
--
cd4c90 
2.21.0
cd4c90

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation