From cabae0a050fb752b290ece28d5dac927f01b3c01 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 6 May 2016 16:03:57 +1000 Subject: [PATCH] Lightweight CAs: allow specifying authority via ProfileSubmitServlet Lightweight CAs were supported in REST-based request submission, but not via ProfileSubmitServlet, however, FreeIPA currently uses ProfileSubmitServlet, so make it possible to use lightweight CAs. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../cms/servlet/profile/ProfileSubmitServlet.java | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index f7b08ece99e11f1e1633e0d67fb4646a27417d80..4096d0aecfc1eb71481d446a5809631516bc5d27 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -33,6 +33,9 @@ import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.authorization.EAuthzException; import com.netscape.certsrv.base.BadRequestDataException; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.AuthorityID; +import com.netscape.certsrv.ca.CANotFoundException; +import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IEnrollProfile; @@ -220,8 +223,23 @@ public class ProfileSubmitServlet extends ProfileServlet { CMSTemplate.escapeJavaScriptStringHTML(profileId))); } + String aidString = request.getParameter("authorityId"); + AuthorityID aid = null; + if (aidString != null && !aidString.isEmpty()) { + try { + aid = new AuthorityID(aidString); + } catch (IllegalArgumentException e) { + throw new BadRequestDataException("invalid AuthorityID: " + aidString); + } + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ca = ca.getCA(aid); + if (ca == null) + throw new CANotFoundException("CA not found: " + aidString); + } + CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale); - return processor.processEnrollment(data, request, null, null); + return processor.processEnrollment(data, request, aid, null); } public HashMap processRenewal(CMSRequest cmsReq) throws EBaseException { -- 2.5.5