From dcdcd1ce88a6d5ed5997f50758dc6fd025df5f41 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 2 Jul 2020 10:44:59 +0200 Subject: [PATCH] ipa cert-show: fix the code setting revocation reason ipa cert-show wrongly displays all certs as Revoked. The dogtag plugin code is checking if the JSON data received from dogtag contains a RevocationReason with: if 'RevocationReason' in resp: but the value can be None. Replace the check with if 'RevocationReason' in resp and esp['RevocationReason'] is not None: as this will execute the code only if there is a value and it is not None. Fixes: https://pagure.io/freeipa/issue/8394 Reviewed-By: Fraser Tweedale Reviewed-By: Alexander Bokovoy --- ipaserver/plugins/dogtag.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index c5d8aebd8..e6a6a3d4c 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1462,12 +1462,18 @@ class ra(rabase.rabase, RestClient): # Call CMS path = 'certs/{}'.format(serial_number) - _http_status, _http_headers, http_body = self._ssldo( - 'GET', path, use_session=False, - headers={ - 'Accept': 'application/json', - }, - ) + try: + _http_status, _http_headers, http_body = self._ssldo( + 'GET', path, use_session=False, + headers={ + 'Accept': 'application/json', + }, + ) + except errors.HTTPRequestError as e: + self.raise_certificate_operation_error( + 'get_certificate', + detail=e.status # pylint: disable=no-member + ) try: resp = json.loads(ipautil.decode_json(http_body)) @@ -1493,7 +1499,7 @@ class ra(rabase.rabase, RestClient): cmd_result['serial_number'] = unicode(serial) cmd_result['serial_number_hex'] = u'0x%X' % serial - if 'RevocationReason' in resp: + if 'RevocationReason' in resp and resp['RevocationReason'] is not None: cmd_result['revocation_reason'] = resp['RevocationReason'] return cmd_result