diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-04-01 03:22:33 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-12 16:27:02 +0200 |
commit | ca2332dfed7834c2fdcd2fe0c2201d58725388e9 (patch) | |
tree | 46dd1254a51f373542266bdc65581767f278324a | |
parent | 80fa9eefaeaeea94c650400f914b5831f1e28261 (diff) | |
download | pki-ca2332dfed7834c2fdcd2fe0c2201d58725388e9.tar.gz pki-ca2332dfed7834c2fdcd2fe0c2201d58725388e9.tar.xz pki-ca2332dfed7834c2fdcd2fe0c2201d58725388e9.zip |
Fixed exception handling in CertificateAuthority.
The CertificateAuthority.getCACert() has been modified to re-throw
the exception instead of ignoring it. All callers have been
modified to bubble up the exception.
https://fedorahosted.org/pki/ticket/1654
14 files changed, 137 insertions, 117 deletions
diff --git a/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/base/ca/src/com/netscape/ca/CMSCRLExtensions.java index 0c3fb7906..de13d07f6 100644 --- a/base/ca/src/com/netscape/ca/CMSCRLExtensions.java +++ b/base/ca/src/com/netscape/ca/CMSCRLExtensions.java @@ -25,21 +25,6 @@ import java.util.Map; import java.util.StringTokenizer; import java.util.Vector; -import netscape.security.extensions.AuthInfoAccessExtension; -import netscape.security.x509.AuthorityKeyIdentifierExtension; -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLNumberExtension; -import netscape.security.x509.CRLReasonExtension; -import netscape.security.x509.DeltaCRLIndicatorExtension; -import netscape.security.x509.Extension; -import netscape.security.x509.FreshestCRLExtension; -import netscape.security.x509.HoldInstructionExtension; -import netscape.security.x509.InvalidityDateExtension; -import netscape.security.x509.IssuerAlternativeNameExtension; -import netscape.security.x509.IssuingDistributionPointExtension; -import netscape.security.x509.OIDMap; -import netscape.security.x509.PKIXExtensions; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotDefined; @@ -55,6 +40,21 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.crl.CMSIssuingDistributionPointExtension; import com.netscape.cmscore.base.SubsystemRegistry; +import netscape.security.extensions.AuthInfoAccessExtension; +import netscape.security.x509.AuthorityKeyIdentifierExtension; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLNumberExtension; +import netscape.security.x509.CRLReasonExtension; +import netscape.security.x509.DeltaCRLIndicatorExtension; +import netscape.security.x509.Extension; +import netscape.security.x509.FreshestCRLExtension; +import netscape.security.x509.HoldInstructionExtension; +import netscape.security.x509.InvalidityDateExtension; +import netscape.security.x509.IssuerAlternativeNameExtension; +import netscape.security.x509.IssuingDistributionPointExtension; +import netscape.security.x509.OIDMap; +import netscape.security.x509.PKIXExtensions; + public class CMSCRLExtensions implements ICMSCRLExtensions { public static final String PROP_ENABLE = "enable"; public static final String PROP_EXTENSION = "extension"; diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 63c7ca4e4..2e1f9d7c8 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -33,8 +33,8 @@ import java.security.Signature; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; -import java.util.Arrays; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.Enumeration; @@ -48,30 +48,6 @@ import java.util.Vector; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPAttributeSet; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPModification; -import netscape.ldap.LDAPModificationSet; -import netscape.ldap.LDAPSearchResults; -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.CertificateIssuerName; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X500Name; -import netscape.security.x509.X500Signer; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509ExtensionException; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.GeneralizedTime; @@ -120,8 +96,8 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPService; import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.publish.ICRLPublisher; import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.request.ARequestNotifier; @@ -135,8 +111,8 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.security.ISigningUnit; import com.netscape.certsrv.util.IStatsSubsystem; -import com.netscape.cms.servlet.cert.EnrollmentProcessor; import com.netscape.cms.servlet.cert.CertEnrollmentRequestFactory; +import com.netscape.cms.servlet.cert.EnrollmentProcessor; import com.netscape.cms.servlet.processors.CAProcessor; import com.netscape.cmscore.base.ArgBlock; import com.netscape.cmscore.dbs.CRLRepository; @@ -167,6 +143,30 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPAttributeSet; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPModification; +import netscape.ldap.LDAPModificationSet; +import netscape.ldap.LDAPSearchResults; +import netscape.security.pkcs.PKCS10; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.CertificateIssuerName; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.X500Name; +import netscape.security.x509.X500Signer; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509ExtensionException; +import netscape.security.x509.X509Key; + /** * A class represents a Certificate Authority that is @@ -1272,7 +1272,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori return mCACertChain; } - public X509CertImpl getCACert() { + public X509CertImpl getCACert() throws EBaseException { if (mCaCert != null) { return mCaCert; } @@ -1282,11 +1282,15 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori if (cert != null) { return new X509CertImpl(CMS.AtoB(cert)); } + } catch (EBaseException e) { CMS.debug(e); + throw e; + } catch (CertificateException e) { - CMS.debug(e); + throw new EBaseException(e); } + return null; } diff --git a/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java b/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java index 885ca202f..4bd3aff07 100644 --- a/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java +++ b/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java @@ -17,15 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.authority; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.request.IRequestListener; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Authority that handles certificates needed by the cert registration * servlets. @@ -57,7 +58,7 @@ public interface ICertAuthority extends IAuthority { * * @return CA's certificate. */ - public X509CertImpl getCACert(); + public X509CertImpl getCACert() throws EBaseException; /** * Returns signing algorithms supported by the CA. diff --git a/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java index 3e7115771..63071bd27 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java +++ b/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java @@ -17,11 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; -import netscape.security.x509.Extension; - import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; +import netscape.security.x509.Extension; + /** * An interface representing a CRL extension plugin. * <P> diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 16d4fc2df..6d83e6d07 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -23,15 +23,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.CertificateIssuerName; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.crypto.SignatureAlgorithm; import com.netscape.certsrv.authentication.IAuthToken; @@ -50,6 +41,15 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.CertificateIssuerName; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * An interface represents a Certificate Authority that is * responsible for certificate specific operations. @@ -321,7 +321,7 @@ public interface ICertificateAuthority extends ISubsystem { * * @return the CA certificate */ - public X509CertImpl getCACert(); + public X509CertImpl getCACert() throws EBaseException; /** * Updates the CRL immediately for MasterCRL issuing point if it exists. diff --git a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index a34a99373..562b8cd11 100644 --- a/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/base/server/cms/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -22,6 +22,15 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; import java.util.Locale; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.ca.ICRLIssuingPoint; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + import netscape.security.x509.AuthorityKeyIdentifierExtension; import netscape.security.x509.CertificateExtensions; import netscape.security.x509.Extension; @@ -33,15 +42,6 @@ import netscape.security.x509.SubjectKeyIdentifierExtension; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IExtendedPluginInfo; -import com.netscape.certsrv.ca.ICMSCRLExtension; -import com.netscape.certsrv.ca.ICRLIssuingPoint; -import com.netscape.certsrv.ca.ICertificateAuthority; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.logging.ILogger; - /** * This represents an authority key identifier extension. * @@ -127,7 +127,7 @@ public class CMSAuthorityKeyIdentifierExtension .getCACert().getSerialNumber())); } - } catch (IOException e) { + } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); } diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index c0a9758da..b0cc927b2 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,11 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; -import netscape.security.x509.X509CertImpl; - import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; +import netscape.security.x509.X509CertImpl; + /** * This class represents an abstract class for CA enrollment * constraint. @@ -38,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { /** * Retrieves the CA certificate. */ - public X509CertImpl getCACert() { + public X509CertImpl getCACert() throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index a7a159de3..77585c076 100644 --- a/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -21,11 +21,8 @@ import java.io.IOException; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.ERejectException; @@ -37,6 +34,10 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * This class implements the validity constraint. * It checks if the validity in the certificate @@ -56,7 +57,12 @@ public class CAValidityConstraint extends CAEnrollConstraint { public void init(IProfile profile, IConfigStore config) throws EProfileException { super.init(profile, config); - X509CertImpl caCert = getCACert(); + X509CertImpl caCert; + try { + caCert = getCACert(); + } catch (EBaseException e) { + throw new EProfileException(e); + } mDefNotBefore = caCert.getNotBefore(); mDefNotAfter = caCert.getNotAfter(); diff --git a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index bd71a4ef8..e2208aba7 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.Locale; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.ca.ICertificateAuthority; @@ -173,12 +174,17 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { if (ca == null) throw new EProfileException("Could not reach requested CA"); - AuthorityKeyIdentifierExtension ext = createExtension(ca, info); + AuthorityKeyIdentifierExtension ext; + try { + ext = createExtension(ca, info); + } catch (EBaseException e) { + throw new EProfileException(e); + } addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); } public AuthorityKeyIdentifierExtension createExtension( - ICertificateAuthority ca, X509CertInfo info) { + ICertificateAuthority ca, X509CertInfo info) throws EBaseException { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java index 696830ead..14484e0c3 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -22,6 +22,10 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.ca.ICertificateAuthority; + import netscape.security.x509.CertificateX509Key; import netscape.security.x509.KeyIdentifier; import netscape.security.x509.PKIXExtensions; @@ -30,9 +34,6 @@ import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.ca.ICertificateAuthority; - /** * This class implements an abstract CA specific * Enrollment default. This policy can only be @@ -68,7 +69,7 @@ public abstract class CAEnrollDefault extends EnrollDefault { return null; } - public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) { + public KeyIdentifier getCAKeyIdentifier(ICertificateAuthority ca) throws EBaseException { X509CertImpl caCert = ca.getCACert(); if (caCert == null) { // during configuration, we dont have the CA certificate diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java index 8a6fa4cef..00d669e37 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -24,6 +24,23 @@ import java.util.NoSuchElementException; import java.util.StringTokenizer; import java.util.Vector; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IAttrSet; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IPrettyPrintFormat; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.pattern.Pattern; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.ICertInfoPolicyDefault; +import com.netscape.certsrv.profile.IEnrollProfile; +import com.netscape.certsrv.profile.IPolicyDefault; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.property.EPropertyException; +import com.netscape.certsrv.property.IDescriptor; +import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.profile.common.EnrollProfile; + import netscape.security.extensions.KerberosName; import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; @@ -43,23 +60,6 @@ import netscape.security.x509.URIName; import netscape.security.x509.X500Name; import netscape.security.x509.X509CertInfo; -import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IAttrSet; -import com.netscape.certsrv.base.IConfigStore; -import com.netscape.certsrv.base.IPrettyPrintFormat; -import com.netscape.certsrv.common.NameValuePairs; -import com.netscape.certsrv.pattern.Pattern; -import com.netscape.certsrv.profile.EProfileException; -import com.netscape.certsrv.profile.ICertInfoPolicyDefault; -import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IPolicyDefault; -import com.netscape.certsrv.profile.IProfile; -import com.netscape.certsrv.property.EPropertyException; -import com.netscape.certsrv.property.IDescriptor; -import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.profile.common.EnrollProfile; - /** * This class implements an enrollment default policy. * diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index 146be519b..ba7ce5720 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -1510,7 +1510,7 @@ public abstract class CMSServlet extends HttpServlet { * The main purpose is to avoid revoking the self signed * CA certificate accidentially. */ - protected boolean isSystemCertificate(BigInteger serialNo) { + protected boolean isSystemCertificate(BigInteger serialNo) throws EBaseException { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java index e03fc2cfd..ffcda63f5 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RevocationProcessor.java @@ -27,13 +27,6 @@ import java.util.Collection; import java.util.Date; import java.util.Locale; -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLReasonExtension; -import netscape.security.x509.InvalidityDateExtension; -import netscape.security.x509.RevocationReason; -import netscape.security.x509.RevokedCertImpl; -import netscape.security.x509.X509CertImpl; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.EBaseException; @@ -53,6 +46,13 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.usrgrp.Certificates; import com.netscape.certsrv.usrgrp.IUser; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLReasonExtension; +import netscape.security.x509.InvalidityDateExtension; +import netscape.security.x509.RevocationReason; +import netscape.security.x509.RevokedCertImpl; +import netscape.security.x509.X509CertImpl; + /** * @author Endi S. Dewata */ @@ -207,7 +207,8 @@ public class RevocationProcessor extends CertProcessor { } } - public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) { + public void validateCertificateToRevoke(String subjectDN, ICertRecord targetRecord, boolean revokingCACert) + throws EBaseException { X509CertImpl targetCert = targetRecord.getCertificate(); BigInteger targetSerialNumber = targetCert.getSerialNumber(); @@ -426,7 +427,7 @@ public class RevocationProcessor extends CertProcessor { * The main purpose is to avoid revoking the self signed * CA certificate accidentally. */ - public boolean isSystemCertificate(X509Certificate cert) { + public boolean isSystemCertificate(X509Certificate cert) throws EBaseException { X509Certificate caCert = authority.getCACert(); if (caCert == null) diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java b/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java index 5df29c10c..4397dc255 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java +++ b/base/server/cmscore/src/com/netscape/cmscore/ldap/PublisherProcessor.java @@ -24,10 +24,6 @@ import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; -import netscape.ldap.LDAPConnection; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CRLImpl; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.ICertAuthority; import com.netscape.certsrv.base.EBaseException; @@ -59,6 +55,10 @@ import com.netscape.certsrv.request.IRequestNotifier; import com.netscape.cmscore.dbs.CertRecord; import com.netscape.cmscore.util.Debug; +import netscape.ldap.LDAPConnection; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CRLImpl; + public class PublisherProcessor implements IPublisherProcessor, IXcertPublisherProcessor { @@ -1364,7 +1364,7 @@ public class PublisherProcessor implements // for crosscerts private void publishNow(ILdapMapper mapper, ILdapPublisher publisher, - IRequest r, byte[] bytes) throws ELdapException { + IRequest r, byte[] bytes) throws EBaseException { if (!enabled()) return; CMS.debug("PublisherProcessor: in publishNow() for xcerts"); |