[Pki-devel] [PATCH] Bug-1447145-CMC-cmc.popLinkWitnessRequired-false-wou.patch

Mon, 01 May 2017 17:55:04 -0700

The popLinkWitnessRequired check was placed in the wrong location which resulted in 0 requests if 

popLinkWitnessRequired=false.

Workaround was to always set it to true.

This patch fixes it.

It also adds a missing authenticator CMCUserSignedAuth in CS.cfg for ca.

thanks,

Christina


>From c5ae7f6889af0ed218eef93e856eb2fb201f8cfc Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@redhat.com>
Date: Mon, 1 May 2017 17:48:33 -0700
Subject: [PATCH] Bug 1447145 - CMC: cmc.popLinkWitnessRequired=false would
 cause error This patch would fix the issue.  It also adds the
 CMCUserSignedAuth authentication instance that was missed in the CS.cfg

---
 base/ca/shared/conf/CS.cfg                                        | 1 +
 .../cms/src/com/netscape/cms/profile/common/EnrollProfile.java    | 8 +++-----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index b29802c..0a67336 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -180,6 +180,7 @@ auths.impl.SessionAuthentication.class=com.netscape.cms.authentication.SessionAu
 auths.instance.TokenAuth.pluginName=TokenAuth
 auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
 auths.instance.AgentCertAuth.pluginName=AgentCertAuth
+auths.instance.CMCUserSignedAuth.pluginName=CMCUserSignedAuth
 auths.instance.raCertAuth.agentGroup=Registration Manager Agents
 auths.instance.raCertAuth.pluginName=AgentCertAuth
 auths.instance.flatFileAuth.pluginName=FlatFileAuth
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
index 57f07d1..7d52fc8 100644
--- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -885,10 +885,7 @@ public abstract class EnrollProfile extends BasicProfile
             }
 
             int nummsgs = reqSeq.size();
-            if (!popLinkWitnessRequired) {
-                CMS.debug(method + "popLinkWitnessRequired false, skip check");
-            } else if (nummsgs > 0) {
-                CMS.debug(method + "cmc.popLinkWitnessRequired is true");
+            if (nummsgs > 0) {
                 CMS.debug(method + "nummsgs =" + nummsgs);
                 msgs = new TaggedRequest[reqSeq.size()];
                 SEQUENCE bpids = new SEQUENCE();
@@ -896,7 +893,8 @@ public abstract class EnrollProfile extends BasicProfile
                 boolean valid = true;
                 for (int i = 0; i < nummsgs; i++) {
                     msgs[i] = (TaggedRequest) reqSeq.elementAt(i);
-                    if (!context.containsKey("POPLinkWitnessV2") &&
+                    if (popLinkWitnessRequired &&
+                            !context.containsKey("POPLinkWitnessV2") &&
                             !context.containsKey("POPLinkWitness")) {
                         CMS.debug(method + "popLinkWitness(V2) required");
                         if (randomSeed == null) {
-- 
2.7.4


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to