From e0a546113b65d57e4b00b495f4ef50616ad744c1 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 24 Aug 2016 14:40:46 +1000 Subject: [PATCH] Prevent deletion of host CA cert and key from NSSDB If authorityMonitor observes the deletion of the host CA's authority entry, it will treat it the same as any other lightweight CA and delete the signing cert AND KEY from the NSSDB. Because the database is replicated, the change would be observed and deletion immediately effected on all running clones. Unless the main CA private key is backed up somewhere there is no way to recover from this. Although this scenario does not arise in normal operation, the impact is severe so add a check that prevents cert and key deletion for host authority. Fixes: https://fedorahosted.org/pki/ticket/2443 --- base/ca/src/com/netscape/ca/CertificateAuthority.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index a5397da0c0dcea654a15f16e5becc5c430a1bb29..6276100a079ff32757bf2de8540f6e6efa1d1cae 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -2991,6 +2991,13 @@ public class CertificateAuthority /** Delete keys and certs of this authority from NSSDB. */ private void deleteAuthorityNSSDB() throws ECAException { + if (isHostAuthority()) { + String msg = "Attempt to delete host authority signing key; not proceeding"; + log(ILogger.LL_WARN, msg); + CMS.debug(msg); + return; + } + CryptoManager cryptoManager; try { cryptoManager = CryptoManager.getInstance(); -- 2.5.5