From 196f449467d63c7967edd43989b9afb0d35c1464 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Thu, 5 Aug 2021 14:42:06 -0700
Subject: [PATCH] Bug1990608 PS Allowing Token Transactions while the CA is
 Down

This patch propagates the exception thrown when revocation/unrevocation
fails so that the token record is not updated on TPS; This allows
the TPS token to be consistent with the certs on the CA.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=1990608
---
 .../java/org/dogtagpki/server/tps/TPSTokendb.java  | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/main/java/org/dogtagpki/server/tps/TPSTokendb.java
index e6ed34a8b1e..68605a38243 100644
--- a/base/tps/src/main/java/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/main/java/org/dogtagpki/server/tps/TPSTokendb.java
@@ -614,7 +614,7 @@ private boolean isLastActiveSharedCert(String serial, String issuer, String cuid
     }
 
     private void revokeCert(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
-            String ipAddress, String remoteUser) {
+            String ipAddress, String remoteUser) throws Exception {
 
         String method = "TPSTokendb.revokeCert";
         String logMsg;
@@ -677,12 +677,15 @@ private void revokeCert(TokenRecord tokenRecord, TPSCertRecord cert, String toke
             tdbActivity(ActivityDatabase.OP_CERT_REVOCATION, tokenRecord,
                     ipAddress, e.getMessage(), "failure", remoteUser);
 
-            // continue revoking the next certificate
+            // bail out if revocation failed; This will allow the token
+            // status info to be consistent with that of the certs on the
+            // CA
+            throw e;
         }
     }
 
     private void unrevokeCert(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
-            String ipAddress, String remoteUser) {
+            String ipAddress, String remoteUser) throws Exception {
 
         String method = "TPSTokendb.unrevokeCert";
         String logMsg;
@@ -733,7 +736,10 @@ private void unrevokeCert(TokenRecord tokenRecord, TPSCertRecord cert, String to
             tdbActivity(ActivityDatabase.OP_CERT_RESTORATION, tokenRecord,
                     ipAddress, e.getMessage(), "failure", remoteUser);
 
-            // continue unrevoking the next certificate
+            // bail out if unrevocation failed; This will allow the token
+            // status info to be consistent with that of the certs on the
+            // CA
+            throw e;
         }
     }