From bd23745577a65c3f39ed1262a0e1f5ef80ffdb5f Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 27 May 2020 17:05:27 +1000
Subject: [PATCH 2/2] acme: PKIIssuer: handle immediate issuance
Depending on profile configuration and user privileges, the cert
could be immediately issued. Furthermore the user may not have
agent permissions to review/approve a request, but a profile
configuration could allow immediate issuance for particular
users/groups.
Therefore we must detect when the certificate was immediately issued
and if so, skip the review/approve behaviour.
---
.../org/dogtagpki/acme/issuer/PKIIssuer.java | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
index dd7fc3f85..c01be6f36 100644
--- a/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
+++ b/base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
@@ -159,15 +159,19 @@ public class PKIIssuer extends ACMEIssuer {
throw new Exception("Unable to generate certificate: " + error);
}
- CertReviewResponse reviewInfo = certClient.reviewRequest(requestId);
- certClient.approveRequest(requestId, reviewInfo);
+ CertId id = null;
+ if (info.getRequestStatus() == RequestStatus.COMPLETE) {
+ id = info.getCertId();
+ } else {
+ CertReviewResponse reviewInfo = certClient.reviewRequest(requestId);
+ certClient.approveRequest(requestId, reviewInfo);
- info = certClient.getRequest(requestId);
- logger.info("Serial number: " + info.getCertId().toHexString());
+ info = certClient.getRequest(requestId);
+ id = info.getCertId();
+ }
- CertId id = info.getCertId();
+ logger.info("Serial number: " + id.toHexString());
BigInteger serialNumber = id.toBigInteger();
-
return Base64.encodeBase64URLSafeString(serialNumber.toByteArray());
}
--
2.21.0