From 1ee1d50819811d364778add187026d4069b8ab68 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 22 Feb 2017 11:26:43 +1000 Subject: [PATCH 165/165] Include revocation reason in REST cert data Fixes: https://fedorahosted.org/pki/ticket/2601 --- .../src/org/dogtagpki/server/ca/rest/CertService.java | 18 ++++++++++++++++++ .../common/src/com/netscape/certsrv/cert/CertData.java | 10 ++++++++++ 2 files changed, 28 insertions(+) diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java index 2f9f467294322428620e2dc800618cde59faf28d..ebbab25728b0df2b9f64e7042a1e8002aebcdce2 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java @@ -64,6 +64,7 @@ import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.dbs.certdb.ICertRecord; import com.netscape.certsrv.dbs.certdb.ICertRecordList; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; +import com.netscape.certsrv.dbs.certdb.IRevocationInfo; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequest; @@ -80,8 +81,11 @@ import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; import netscape.security.provider.RSAPublicKey; import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLReasonExtension; import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509ExtensionException; import netscape.security.x509.X509Key; /** @@ -529,6 +533,20 @@ public class CertService extends PKIService implements CertResource { certData.setRevokedOn(record.getRevokedOn()); certData.setRevokedBy(record.getRevokedBy()); + IRevocationInfo revInfo = record.getRevocationInfo(); + if (revInfo != null) { + CRLExtensions revExts = revInfo.getCRLEntryExtensions(); + if (revExts != null) { + try { + CRLReasonExtension ext = (CRLReasonExtension) + revExts.get(CRLReasonExtension.NAME); + certData.setRevocationReason(ext.getReason().getCode()); + } catch (X509ExtensionException e) { + // nothing to do + } + } + } + certData.setStatus(record.getStatus()); if (authority.noncesEnabled() && generateNonce) { diff --git a/base/common/src/com/netscape/certsrv/cert/CertData.java b/base/common/src/com/netscape/certsrv/cert/CertData.java index bb6d4c07cec27ad2f63d77c55d01f02102cd223f..1e9ce04eb7c11cbc2d8d0823e0c404e25f96b91f 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertData.java +++ b/base/common/src/com/netscape/certsrv/cert/CertData.java @@ -71,6 +71,7 @@ public class CertData { String status; Date revokedOn; String revokedBy; + Integer revocationReason; Long nonce; @@ -186,6 +187,15 @@ public class CertData { this.revokedBy = revokedBy; } + @XmlElement(name="RevocationReason") + public Integer getRevocationReason() { + return revocationReason; + } + + public void setRevocationReason(Integer revocationReason) { + this.revocationReason = revocationReason; + } + @XmlElement(name="Link") public Link getLink() { return link; -- 2.9.3