>From 0b925cd8b59d96ef76cc8f509b7c4c8729dae803 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 11 Apr 2016 18:18:52 +0200 Subject: [PATCH] Fixed exception handling in CertUtil. The CertUtil.createLocalCert() has been modified to re-throw the exception instead of ignoring it. https://fedorahosted.org/pki/ticket/1654 --- .../com/netscape/cms/servlet/csadmin/CertUtil.java | 25 ++++++++++++++-------- .../cms/servlet/csadmin/ConfigurationUtils.java | 7 ++---- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index f4cd82fcca1a6470018f0a4981fee6b18ee34320..774ff94e317c48f250f1e15bf57b55f006e83ae4 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -453,10 +453,20 @@ public class CertUtil { } else { keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm"); } + if (!caProvided) ca = (ICertificateAuthority) CMS.getSubsystem( ICertificateAuthority.ID); + cr = ca.getCertificateRepository(); + + if (cr == null) { + if (context != null) { + context.put("errorString", "Ceritifcate Authority is not ready to serve."); + } + throw new IOException("Ceritifcate Authority is not ready to serve."); + } + BigInteger serialNo = cr.getNextSerialNumber(); if (type.equals("selfsign")) { CMS.debug("Creating local certificate... selfsign cert"); @@ -575,16 +585,13 @@ public class CertUtil { if (cert != null) { CMS.debug("CertUtil createSelfSignedCert: got cert signed"); } + + } catch (IOException e) { + throw e; + } catch (Exception e) { - CMS.debug(e); - CMS.debug("CertUtil createLocalCert() exception caught:" + e.toString()); - } - - if (cr == null) { - if (context != null) { - context.put("errorString", "Ceritifcate Authority is not ready to serve."); - } - throw new IOException("Ceritifcate Authority is not ready to serve."); + CMS.debug("Unable to create local certificate: " + e); + throw new IOException("Unable to create local certificate: " + e, e); } ICertRecord record = null; diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 7aeee7e9fc3e3cdf811250ce1f480f3ee9e6a9c8..e2b014f353c13818297e898c02a74ec93994f2c1 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -84,7 +84,6 @@ import org.mozilla.jss.crypto.EncryptionAlgorithm; import org.mozilla.jss.crypto.IVParameterSpec; import org.mozilla.jss.crypto.IllegalBlockSizeException; import org.mozilla.jss.crypto.InternalCertificate; -import org.mozilla.jss.crypto.InvalidKeyFormatException; import org.mozilla.jss.crypto.KeyGenAlgorithm; import org.mozilla.jss.crypto.KeyGenerator; import org.mozilla.jss.crypto.KeyWrapAlgorithm; @@ -3055,8 +3054,7 @@ public class ConfigurationUtils { cr.addCertificateRecord(record); } - public static int handleCerts(Cert cert) throws IOException, EBaseException, CertificateException, - NotInitializedException, TokenException, InvalidKeyException { + public static int handleCerts(Cert cert) throws Exception { String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); String nickname = cert.getNickname(); @@ -3491,8 +3489,7 @@ public class ConfigurationUtils { } public static void createAdminCertificate(String certRequest, String certRequestType, String subject) - throws InvalidBERException, IOException, InvalidKeyException, InvalidKeyFormatException, - NoSuchAlgorithmException, SignatureException, NoSuchProviderException, EBaseException { + throws Exception { IConfigStore cs = CMS.getConfigStore(); X509Key x509key = null; if (certRequestType.equals("crmf")) { -- 2.4.11