The popLinkWitnessRequired check was placed in the wrong location which
resulted in 0 requests if
popLinkWitnessRequired=false.
Workaround was to always set it to true.
This patch fixes it.
It also adds a missing authenticator CMCUserSignedAuth in CS.cfg for ca.
thanks,
Christina
>From c5ae7f6889af0ed218eef93e856eb2fb201f8cfc Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@redhat.com>
Date: Mon, 1 May 2017 17:48:33 -0700
Subject: [PATCH] Bug 1447145 - CMC: cmc.popLinkWitnessRequired=false would
cause error This patch would fix the issue. It also adds the
CMCUserSignedAuth authentication instance that was missed in the CS.cfg
---
base/ca/shared/conf/CS.cfg | 1 +
.../cms/src/com/netscape/cms/profile/common/EnrollProfile.java | 8 +++-----
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index b29802c..0a67336 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -180,6 +180,7 @@ auths.impl.SessionAuthentication.class=com.netscape.cms.authentication.SessionAu
auths.instance.TokenAuth.pluginName=TokenAuth
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
+auths.instance.CMCUserSignedAuth.pluginName=CMCUserSignedAuth
auths.instance.raCertAuth.agentGroup=Registration Manager Agents
auths.instance.raCertAuth.pluginName=AgentCertAuth
auths.instance.flatFileAuth.pluginName=FlatFileAuth
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
index 57f07d1..7d52fc8 100644
--- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -885,10 +885,7 @@ public abstract class EnrollProfile extends BasicProfile
}
int nummsgs = reqSeq.size();
- if (!popLinkWitnessRequired) {
- CMS.debug(method + "popLinkWitnessRequired false, skip check");
- } else if (nummsgs > 0) {
- CMS.debug(method + "cmc.popLinkWitnessRequired is true");
+ if (nummsgs > 0) {
CMS.debug(method + "nummsgs =" + nummsgs);
msgs = new TaggedRequest[reqSeq.size()];
SEQUENCE bpids = new SEQUENCE();
@@ -896,7 +893,8 @@ public abstract class EnrollProfile extends BasicProfile
boolean valid = true;
for (int i = 0; i < nummsgs; i++) {
msgs[i] = (TaggedRequest) reqSeq.elementAt(i);
- if (!context.containsKey("POPLinkWitnessV2") &&
+ if (popLinkWitnessRequired &&
+ !context.containsKey("POPLinkWitnessV2") &&
!context.containsKey("POPLinkWitness")) {
CMS.debug(method + "popLinkWitness(V2) required");
if (randomSeed == null) {
--
2.7.4
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel