cert-request: raise CertificateOperationError if CA disabled

Detect when cert-request returns HTTP 409, which indicates that the target CA is disabled - a valid scenario - and raise CertificateOperationError with a friendly message instead of HTTPRequestError. Fixes: https://fedorahosted.org/freeipa/ticket/6260 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-08-26 11:11:56 +10:00
parent 4c35afccf3
commit 520ad7d865
1 changed files with 10 additions and 2 deletions
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -749,8 +749,16 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
                    info=_("Subject alt name type %s is forbidden") % desc)

        # Request the certificate
-        result = self.Backend.ra.request_certificate(
-            csr, profile_id, ca_id, request_type=request_type)
+        try:
+            result = self.Backend.ra.request_certificate(
+                csr, profile_id, ca_id, request_type=request_type)
+        except errors.HTTPRequestError as e:
+            if e.status == 409:  # pylint: disable=no-member
+                raise errors.CertificateOperationError(
+                    error=_("CA '%s' is disabled") % ca)
+            else:
+                raise e
+
        if not raw:
            self.obj._parse(result, all)
            result['request_id'] = int(result['request_id'])