From 4f2ebd1b986959075408c2608e525c0602ac76c8 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 16 Mar 2016 13:07:43 +1100 Subject: [PATCH 93/96] Lightweight CAs: set DN based on data from LDAP When initialising a lightweight CA, if we do not have the signing cert and key in the NSSDB yet, we do not initialise the DN. This causes NPE in other code that expects getX500Name() to return a value, e.g. REST API to list or show CA. To work around this, when loading lightweight CAs set the DN based on the 'authorityDN' value stored in its LDAP entry. Part of: https://fedorahosted.org/pki/ticket/1625 --- base/ca/src/com/netscape/ca/CertificateAuthority.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 734ad14043550c1978905e76a4de2c0fefef6e34..8f9c6a9a62d7ebd9d2397267df37f6094ff40251 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -335,6 +335,7 @@ public class CertificateAuthority */ private CertificateAuthority( CertificateAuthority hostCA, + X500Name dn, AuthorityID aid, AuthorityID parentAID, String signingKeyNickname, @@ -343,6 +344,11 @@ public class CertificateAuthority ) throws EBaseException { setId(hostCA.getId()); this.hostCA = hostCA; + + // cert and key may not have been replicated to local nssdb + // yet, so set DN based on data from LDAP + this.mName = dn; + this.authorityID = aid; this.authorityParentID = parentAID; this.authorityDescription = authorityDescription; @@ -2588,7 +2594,8 @@ public class CertificateAuthority } return new CertificateAuthority( - hostCA, aid, this.authorityID, nickname, description, true); + hostCA, subjectX500Name, + aid, this.authorityID, nickname, description, true); } /** @@ -3037,7 +3044,7 @@ public class CertificateAuthority try { CertificateAuthority ca = new CertificateAuthority( - hostCA, aid, parentAID, keyNick, desc, enabled); + hostCA, dn, aid, parentAID, keyNick, desc, enabled); caMap.put(aid, ca); entryUSNs.put(aid, newEntryUSN); nsUniqueIds.put(aid, nsUniqueId); -- 2.5.5