diff options
| author | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-12 20:04:05 +0000 |
|---|---|---|
| committer | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-12 20:04:05 +0000 |
| commit | 46b9ff8346df69b9637b8c3c93984374714c0ab2 (patch) | |
| tree | 2a5e309f9e9914f8a4d8c58049b40236f8449cb1 | |
| parent | c402014371bb72953632b36d8438d0570411874f (diff) | |
| download | pki-46b9ff8346df69b9637b8c3c93984374714c0ab2.tar.gz pki-46b9ff8346df69b9637b8c3c93984374714c0ab2.tar.xz pki-46b9ff8346df69b9637b8c3c93984374714c0ab2.zip | |
Bugzilla bug #502694.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@596 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java index 50f55a4dc..fe5ea3343 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java @@ -23,6 +23,7 @@ import com.netscape.cms.servlet.base.*; import java.util.Enumeration; import java.util.Locale; +import java.util.Random; import java.io.IOException; import java.math.BigInteger; @@ -71,6 +72,10 @@ public class RevocationServlet extends CMSServlet { private String mFormPath = null; private boolean mRevokeByDN = true; + private Random mRandom = null; + private Nonces mNonces = null; + + public RevocationServlet() { super(); } @@ -93,6 +98,13 @@ public class RevocationServlet extends CMSServlet { if (mFormPath == null) mFormPath = "/" + TPL_FILE; + if (mAuthority instanceof ICertificateAuthority) { + if (((ICertificateAuthority) mAuthority).noncesEnabled()) { + mNonces = ((ICertificateAuthority) mAuthority).getNonces(); + mRandom = new Random(); + } + } + // set to false by revokeByDN=false in web.xml mRevokeByDN = false; String tmp = sc.getInitParameter(PROP_REVOKEBYDN); @@ -188,6 +200,14 @@ public class RevocationServlet extends CMSServlet { // header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000); // header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000); + if (mNonces != null) { + long n = mRandom.nextLong(); + long m = mNonces.addNonce(n, (X509Certificate)old_cert); + if ((n + m) != 0) { + header.addStringValue("nonce", Long.toString(m)); + } + } + boolean noInfo = false; X509CertImpl[] certsToRevoke = null; |