rpms / pki-core

Clone
Source Code
GIT

Blame SOURCES/0003-acme-PKIIssuer-handle-immediate-issuance.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   cd4c908ee38b4ad0ce1bd1c53e3dcaf94110bd0b
  2.   SOURCES
  3.   0003-acme-PKIIssuer-handle-immediate-issuance.patch
Blob History Raw
cd4c90 
From bd23745577a65c3f39ed1262a0e1f5ef80ffdb5f Mon Sep 17 00:00:00 2001
cd4c90 
From: Fraser Tweedale <ftweedal@redhat.com>
cd4c90 
Date: Wed, 27 May 2020 17:05:27 +1000
cd4c90 
Subject: [PATCH 2/2] acme: PKIIssuer: handle immediate issuance
cd4c90
cd4c90 
Depending on profile configuration and user privileges, the cert
cd4c90 
could be immediately issued.  Furthermore the user may not have
cd4c90 
agent permissions to review/approve a request, but a profile
cd4c90 
configuration could allow immediate issuance for particular
cd4c90 
users/groups.
cd4c90
cd4c90 
Therefore we must detect when the certificate was immediately issued
cd4c90 
and if so, skip the review/approve behaviour.
cd4c90 
---
cd4c90 
 .../org/dogtagpki/acme/issuer/PKIIssuer.java     | 16 ++++++++++------
cd4c90 
 1 file changed, 10 insertions(+), 6 deletions(-)
cd4c90
cd4c90 
diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
cd4c90 
index dd7fc3f85..c01be6f36 100644
cd4c90 
--- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
cd4c90 
+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
cd4c90 
@@ -159,15 +159,19 @@ public class PKIIssuer extends ACMEIssuer {
cd4c90 
             throw new Exception("Unable to generate certificate: " + error);
cd4c90 
         }
cd4c90
cd4c90 
-        CertReviewResponse reviewInfo = certClient.reviewRequest(requestId);
cd4c90 
-        certClient.approveRequest(requestId, reviewInfo);
cd4c90 
+        CertId id = null;
cd4c90 
+        if (info.getRequestStatus() == RequestStatus.COMPLETE) {
cd4c90 
+            id = info.getCertId();
cd4c90 
+        } else {
cd4c90 
+            CertReviewResponse reviewInfo = certClient.reviewRequest(requestId);
cd4c90 
+            certClient.approveRequest(requestId, reviewInfo);
cd4c90
cd4c90 
-        info = certClient.getRequest(requestId);
cd4c90 
-        logger.info("Serial number: " + info.getCertId().toHexString());
cd4c90 
+            info = certClient.getRequest(requestId);
cd4c90 
+            id = info.getCertId();
cd4c90 
+        }
cd4c90
cd4c90 
-        CertId id = info.getCertId();
cd4c90 
+        logger.info("Serial number: " + id.toHexString());
cd4c90 
         BigInteger serialNumber = id.toBigInteger();
cd4c90 
-
cd4c90 
         return Base64.encodeBase64URLSafeString(serialNumber.toByteArray());
cd4c90 
     }
cd4c90
cd4c90 
--
cd4c90 
2.21.0
cd4c90

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation