IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

cert-request: raise CertificateOperationError if CA disabled

Browse Source 
Detect when cert-request returns HTTP 409, which indicates that the
target CA is disabled - a valid scenario - and raise
CertificateOperationError with a friendly message instead of
HTTPRequestError.

Fixes: https://fedorahosted.org/freeipa/ticket/6260
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Fraser Tweedale
2016-08-26 11:11:56 +10:00
committed by Martin Babinsky
parent 4c35afccf3
commit 520ad7d865
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ipaserver/plugins/cert.py
View File

@@ -749,8 +749,16 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
info=_("Subject alt name type %s is forbidden") % desc) info=_("Subject alt name type %s is forbidden") % desc)
# Request the certificate # Request the certificate
result = self.Backend.ra.request_certificate( try:
csr, profile_id, ca_id, request_type=request_type) result = self.Backend.ra.request_certificate(
csr, profile_id, ca_id, request_type=request_type)
except errors.HTTPRequestError as e:
if e.status == 409: # pylint: disable=no-member
raise errors.CertificateOperationError(
error=_("CA '%s' is disabled") % ca)
else:
raise e
if not raw: if not raw:
self.obj._parse(result, all) self.obj._parse(result, all)
result['request_id'] = int(result['request_id']) result['request_id'] = int(result['request_id'])