IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't try to revoke a cert that is already revoked.

Browse Source 
We get a bit of an unusual error message back from dogtag when trying
to revoke a revoked cert so check its status first.
This commit is contained in:
Rob Crittenden 2010-02-26 12:30:01 -05:00
parent fc13134455
commit 0700f4d7ca
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ipalib/plugins/cert.py
View File

@ -286,11 +286,18 @@ class cert_request(VirtualCommand):
if 'usercertificate' in service: if 'usercertificate' in service:
serial = get_serial(base64.b64encode(service['usercertificate'][0])) serial = get_serial(base64.b64encode(service['usercertificate'][0]))
# revoke the certificate and remove it from the service # revoke the certificate and remove it from the service
# entry before proceeding # entry before proceeding. First we retrieve the certificate to
# see if it is already revoked, if not then we revoke it.
try: try:
api.Command['cert_revoke'](unicode(serial), revocation_reason=4) result = api.Command['cert_get'](unicode(serial))['result']
if 'revocation_reason' not in result:
try:
api.Command['cert_revoke'](unicode(serial), revocation_reason=4)
except errors.NotImplementedError:
# some CA's might not implement revoke
pass
except errors.NotImplementedError: except errors.NotImplementedError:
# some CA's might not implement revoke # some CA's might not implement get
pass pass
api.Command['service_mod'](principal, usercertificate=None) api.Command['service_mod'](principal, usercertificate=None)
@ -367,6 +374,10 @@ class cert_get(VirtualCommand):
label=_('Subject'), label=_('Subject'),
flags=['no_create', 'no_update', 'no_search'], flags=['no_create', 'no_update', 'no_search'],
), ),
Str('revocation_reason?',
label=_('Revocation reason'),
flags=['no_create', 'no_update', 'no_search'],
),
) )
operation="retrieve certificate" operation="retrieve certificate"

10
ipalib/plugins/service.py
View File

@ -199,9 +199,15 @@ class service_del(LDAPDelete):
if cert: if cert:
serial = unicode(get_serial(cert)) serial = unicode(get_serial(cert))
try: try:
self.api.Command['cert_revoke'](serial, revocation_reason=5) result = api.Command['cert_get'](unicode(serial))['result']
if 'revocation_reason' not in result:
try:
api.Command['cert_revoke'](unicode(serial), revocation_reason=4)
except errors.NotImplementedError:
# some CA's might not implement revoke
pass
except errors.NotImplementedError: except errors.NotImplementedError:
# selfsign CA doesn't do revocation # some CA's might not implement revoke
pass pass
return dn return dn