Ignore repeated requests from client after using ca remove command

diff --git a/lib/cli/caremovecommand.cpp b/lib/cli/caremovecommand.cpp
index ab6e0f811900330819f35d96dcaa496fb00669ca..a174d9e579705cb373533f69e78654dd676e9ccf 100644 (file)
--- a/lib/cli/caremovecommand.cpp
+++ b/lib/cli/caremovecommand.cpp
@@ -61,7 +61,7 @@ int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const
                        << "No request exists for fingerprint '" << ap[0] << "'.";
                return 1;
        }
-
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 700, Utility::LoadJsonFile(requestFile));
        if(remove(requestFile.CStr()) != 0)
                return 1;
 

diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
index 9b537d13864a44b7b8527c39b37e250c3476366d..27a21a6b3e5a0d3904acf8c7fbcad8f7c922d75e 100644 (file)
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -129,6 +129,12 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 
                        return result;
                }
+       } else if (Utility::PathExists(requestDir + "/" + certFingerprint + ".removed")) {
+               Log(LogInformation, "JsonRpcConnection")
+                       << "Certificate for CN " << cn << " has been removed. Ignoring signing request.";
+               result->Set("status_code", 1);
+               result->Set("error", "Ticket for CN " + cn + " declined by administrator.");
+               return result;
        }
 
        std::shared_ptr<X509> newcert;