Fixed cert import for exiting certs case.

The configuration servlet has been fixed to properly import the
externally-signed certs in existing CA and external KRA/OCSP cases.

https://pagure.io/dogtagpki/issue/2901

Change-Id: Ida7bd7758670c72063765462b7d735f69a465804
(cherry picked from commit 441b832)

base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java

@@ -401,24 +401,32 @@ public Cert processCert(
         cert.setSubsystem(subsystem);
         cert.setType(cs.getString("preop.cert." + tag + ".type"));
 
+        String fullName;
+        if (!CryptoUtil.isInternalToken(tokenName)) {
+            fullName = tokenName + ":" + nickname;
+        } else {
+            fullName = nickname;
+        }
+
         CMS.debug("SystemConfigService: checking " + tag + " cert in NSS database");
 
         CryptoManager cm = CryptoManager.getInstance();
         X509Certificate x509Cert;
         try {
-            x509Cert = cm.findCertByNickname(nickname);
+            x509Cert = cm.findCertByNickname(fullName);
         } catch (ObjectNotFoundException e) {
             x509Cert = null;
         }
 
         // For external/existing CA case, some/all system certs may be provided.
         // The SSL server cert will always be generated for the current host.
 
-        // For standalone KRA/OCSP case, all system certs will be provided.
+        // For external/standalone KRA/OCSP case, all system certs will be provided.
         // No system certs will be generated including the SSL server cert.
 
-        if (request.isExternal() && !tag.equals("sslserver") && x509Cert != null
-                || request.getStandAlone()) {
+        if (request.isExternal() && "ca".equals(subsystem) && !tag.equals("sslserver") && x509Cert != null
+                || request.getStandAlone()
+                || request.isExternal() && ("kra".equals(subsystem) || "ocsp".equals(subsystem))) {
 
             CMS.debug("SystemConfigService: loading existing " + tag + " cert");
             byte[] bytes = x509Cert.getEncoded();