rpms / pki-core

Clone
Source Code
GIT

Files

  1.   cd4c908ee38b4ad0ce1bd1c53e3dcaf94110bd0b
  2.   SOURCES
  3.   0002-acme-log-in-CAClient-when-submitting-certificate-req.patch
Blob Blame History Raw 
From a589107d8362bed238f3cdf1662914665b705c0b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 27 May 2020 16:55:05 +1000
Subject: [PATCH 1/2] acme: log in CAClient when submitting certificate request

It is possible to use a lower-privileged RA account to issue
certificates, if the target profile is set up to allow it.
Therefore log in the user before submitting the certificate request.
---
 base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
index ecc074a5f..dd7fc3f85 100644
--- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
@@ -123,6 +123,7 @@ public class PKIIssuer extends ACMEIssuer {
         AuthorityID aid = null;
         X500Name adn = null;
 
+        caClient.login();
         CACertClient certClient = new CACertClient(caClient);
         CertEnrollmentRequest certEnrollmentRequest = certClient.getEnrollmentTemplate(profile);
 
-- 
2.21.0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation