ipa cert-show: fix the code setting revocation reason

ipa cert-show wrongly displays all certs as Revoked. The dogtag plugin code is checking if the JSON data received from dogtag contains a RevocationReason with: if 'RevocationReason' in resp: but the value can be None. Replace the check with if 'RevocationReason' in resp and esp['RevocationReason'] is not None: as this will execute the code only if there is a value and it is not None. Fixes: https://pagure.io/freeipa/issue/8394 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-07-02 10:44:59 +02:00 · 2020-07-02 10:44:59 +02:00 · dcdcd1ce88
commit dcdcd1ce88
parent ea7b8d6653
1 changed files with 13 additions and 7 deletions
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@ -1462,12 +1462,18 @@ class ra(rabase.rabase, RestClient):

        # Call CMS
        path = 'certs/{}'.format(serial_number)
+        try:
            _http_status, _http_headers, http_body = self._ssldo(
                'GET', path, use_session=False,
                headers={
                    'Accept': 'application/json',
                },
            )
+        except errors.HTTPRequestError as e:
+            self.raise_certificate_operation_error(
+                'get_certificate',
+                detail=e.status  # pylint: disable=no-member
+            )

        try:
            resp = json.loads(ipautil.decode_json(http_body))
@ -1493,7 +1499,7 @@ class ra(rabase.rabase, RestClient):
            cmd_result['serial_number'] = unicode(serial)
            cmd_result['serial_number_hex'] = u'0x%X' % serial

-        if 'RevocationReason' in resp:
+        if 'RevocationReason' in resp and resp['RevocationReason'] is not None:
            cmd_result['revocation_reason'] = resp['RevocationReason']

        return cmd_result