From a589107d8362bed238f3cdf1662914665b705c0b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 27 May 2020 16:55:05 +1000
Subject: [PATCH 1/2] acme: log in CAClient when submitting certificate request
It is possible to use a lower-privileged RA account to issue
certificates, if the target profile is set up to allow it.
Therefore log in the user before submitting the certificate request.
---
base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
index ecc074a5f..dd7fc3f85 100644
--- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
@@ -123,6 +123,7 @@ public class PKIIssuer extends ACMEIssuer {
AuthorityID aid = null;
X500Name adn = null;
+ caClient.login();
CACertClient certClient = new CACertClient(caClient);
CertEnrollmentRequest certEnrollmentRequest = certClient.getEnrollmentTemplate(profile);
--
2.21.0