[Pki-devel] [PATCH] pki-cfu-0148-Ticket-2389-fix-for-regular-CA-installation.patch

Mon, 11 Jul 2016 18:20:06 -0700 

This patch
addresses the issue that with the previous patch, the regular (non-external 
 and non-existing) CA installation fails.

https://fedorahosted.org/pki/ticket/2389


thanks,

Christina


>From 1ddd1db04baa8773d4fc17562ec92e66797927fe Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@dhcp-16-189.sjc.redhat.com>
Date: Mon, 11 Jul 2016 17:51:57 -0700
Subject: [PATCH] Ticket #2389 fix for regular CA installation This patch
 addresses the issue that with the previous patch, the regular (non-external
 and non-existing) CA installation fails.

---
 .../src/com/netscape/cms/servlet/csadmin/CertUtil.java  | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 495e4c0af7918a3406d399ea7503df379d273f88..ed762def6f293dc2b0fa328938fab40373a442a7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -535,9 +535,14 @@ public class CertUtil {
                 CMS.debug("Creating local request exception:" + e.toString());
             }
 
-            // installAdjustValidity tells ValidityDefault to adjust the
-            // notAfter value to that of the CA's signing cert if needed
-            req.setExtData("installAdjustValidity", "true");
+            if (!certTag.equals("signing")) {
+                /*
+                 * (applies to non-CA-signing cert only)
+                 * installAdjustValidity tells ValidityDefault to adjust the
+                 * notAfter value to that of the CA's signing cert if needed
+                 */
+                req.setExtData("installAdjustValidity", "true");
+            }
             processor.populate(req, info);
 
             PrivateKey caPrik = null;
@@ -554,11 +559,11 @@ public class CertUtil {
             }
 
             if (caPrik == null) {
-                CMS.debug("CertUtil::createSelfSignedCert() - "
+                CMS.debug("CertUtil::createLocalCert() - "
                          + "CA private key is null!");
                 throw new IOException("CA private key is null");
             } else {
-                CMS.debug("CertUtil createSelfSignedCert: got CA private key");
+                CMS.debug("CertUtil createLocalCert: got CA private key");
             }
 
             String keyAlgo = x509key.getAlgorithm();
@@ -586,7 +591,7 @@ public class CertUtil {
             }
 
             if (cert != null) {
-                CMS.debug("CertUtil createSelfSignedCert: got cert signed");
+                CMS.debug("CertUtil createLocalCert: got cert signed");
             }
 
         } catch (IOException e) {
-- 
2.7.4


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to