From 4f2ebd1b986959075408c2608e525c0602ac76c8 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 16 Mar 2016 13:07:43 +1100
Subject: [PATCH 93/96] Lightweight CAs: set DN based on data from LDAP

When initialising a lightweight CA, if we do not have the signing
cert and key in the NSSDB yet, we do not initialise the DN.  This
causes NPE in other code that expects getX500Name() to return a
value, e.g. REST API to list or show CA.

To work around this, when loading lightweight CAs set the DN based
on the 'authorityDN' value stored in its LDAP entry.

Part of: https://fedorahosted.org/pki/ticket/1625
---
 base/ca/src/com/netscape/ca/CertificateAuthority.java | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 734ad14043550c1978905e76a4de2c0fefef6e34..8f9c6a9a62d7ebd9d2397267df37f6094ff40251 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -335,6 +335,7 @@ public class CertificateAuthority
      */
     private CertificateAuthority(
             CertificateAuthority hostCA,
+            X500Name dn,
             AuthorityID aid,
             AuthorityID parentAID,
             String signingKeyNickname,
@@ -343,6 +344,11 @@ public class CertificateAuthority
             ) throws EBaseException {
         setId(hostCA.getId());
         this.hostCA = hostCA;
+
+        // cert and key may not have been replicated to local nssdb
+        // yet, so set DN based on data from LDAP
+        this.mName = dn;
+
         this.authorityID = aid;
         this.authorityParentID = parentAID;
         this.authorityDescription = authorityDescription;
@@ -2588,7 +2594,8 @@ public class CertificateAuthority
         }
 
         return new CertificateAuthority(
-            hostCA, aid, this.authorityID, nickname, description, true);
+            hostCA, subjectX500Name,
+            aid, this.authorityID, nickname, description, true);
     }
 
     /**
@@ -3037,7 +3044,7 @@ public class CertificateAuthority
 
         try {
             CertificateAuthority ca = new CertificateAuthority(
-                hostCA, aid, parentAID, keyNick, desc, enabled);
+                hostCA, dn, aid, parentAID, keyNick, desc, enabled);
             caMap.put(aid, ca);
             entryUSNs.put(aid, newEntryUSN);
             nsUniqueIds.put(aid, nsUniqueId);
-- 
2.5.5