diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-04-01 03:22:33 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-12 16:27:02 +0200 |
commit | ca2332dfed7834c2fdcd2fe0c2201d58725388e9 (patch) | |
tree | 46dd1254a51f373542266bdc65581767f278324a /base/ca/src/com/netscape/ca | |
parent | 80fa9eefaeaeea94c650400f914b5831f1e28261 (diff) | |
download | pki-ca2332dfed7834c2fdcd2fe0c2201d58725388e9.tar.gz pki-ca2332dfed7834c2fdcd2fe0c2201d58725388e9.tar.xz pki-ca2332dfed7834c2fdcd2fe0c2201d58725388e9.zip |
Fixed exception handling in CertificateAuthority.
The CertificateAuthority.getCACert() has been modified to re-throw
the exception instead of ignoring it. All callers have been
modified to bubble up the exception.
https://fedorahosted.org/pki/ticket/1654
Diffstat (limited to 'base/ca/src/com/netscape/ca')
-rw-r--r-- | base/ca/src/com/netscape/ca/CMSCRLExtensions.java | 30 | ||||
-rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 62 |
2 files changed, 48 insertions, 44 deletions
diff --git a/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/base/ca/src/com/netscape/ca/CMSCRLExtensions.java index 0c3fb7906..de13d07f6 100644 --- a/base/ca/src/com/netscape/ca/CMSCRLExtensions.java +++ b/base/ca/src/com/netscape/ca/CMSCRLExtensions.java @@ -25,21 +25,6 @@ import java.util.Map; import java.util.StringTokenizer; import java.util.Vector; -import netscape.security.extensions.AuthInfoAccessExtension; -import netscape.security.x509.AuthorityKeyIdentifierExtension; -import netscape.security.x509.CRLExtensions; -import netscape.security.x509.CRLNumberExtension; -import netscape.security.x509.CRLReasonExtension; -import netscape.security.x509.DeltaCRLIndicatorExtension; -import netscape.security.x509.Extension; -import netscape.security.x509.FreshestCRLExtension; -import netscape.security.x509.HoldInstructionExtension; -import netscape.security.x509.InvalidityDateExtension; -import netscape.security.x509.IssuerAlternativeNameExtension; -import netscape.security.x509.IssuingDistributionPointExtension; -import netscape.security.x509.OIDMap; -import netscape.security.x509.PKIXExtensions; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotDefined; @@ -55,6 +40,21 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.crl.CMSIssuingDistributionPointExtension; import com.netscape.cmscore.base.SubsystemRegistry; +import netscape.security.extensions.AuthInfoAccessExtension; +import netscape.security.x509.AuthorityKeyIdentifierExtension; +import netscape.security.x509.CRLExtensions; +import netscape.security.x509.CRLNumberExtension; +import netscape.security.x509.CRLReasonExtension; +import netscape.security.x509.DeltaCRLIndicatorExtension; +import netscape.security.x509.Extension; +import netscape.security.x509.FreshestCRLExtension; +import netscape.security.x509.HoldInstructionExtension; +import netscape.security.x509.InvalidityDateExtension; +import netscape.security.x509.IssuerAlternativeNameExtension; +import netscape.security.x509.IssuingDistributionPointExtension; +import netscape.security.x509.OIDMap; +import netscape.security.x509.PKIXExtensions; + public class CMSCRLExtensions implements ICMSCRLExtensions { public static final String PROP_ENABLE = "enable"; public static final String PROP_EXTENSION = "extension"; diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 63c7ca4e4..2e1f9d7c8 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -33,8 +33,8 @@ import java.security.Signature; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; -import java.util.Arrays; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.Enumeration; @@ -48,30 +48,6 @@ import java.util.Vector; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPAttributeSet; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPModification; -import netscape.ldap.LDAPModificationSet; -import netscape.ldap.LDAPSearchResults; -import netscape.security.pkcs.PKCS10; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; -import netscape.security.x509.AlgorithmId; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.CertificateIssuerName; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X500Name; -import netscape.security.x509.X500Signer; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; -import netscape.security.x509.X509ExtensionException; -import netscape.security.x509.X509Key; - import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.GeneralizedTime; @@ -120,8 +96,8 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPService; import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.profile.IEnrollProfile; -import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.profile.IProfileSubsystem; import com.netscape.certsrv.publish.ICRLPublisher; import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.request.ARequestNotifier; @@ -135,8 +111,8 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.request.RequestStatus; import com.netscape.certsrv.security.ISigningUnit; import com.netscape.certsrv.util.IStatsSubsystem; -import com.netscape.cms.servlet.cert.EnrollmentProcessor; import com.netscape.cms.servlet.cert.CertEnrollmentRequestFactory; +import com.netscape.cms.servlet.cert.EnrollmentProcessor; import com.netscape.cms.servlet.processors.CAProcessor; import com.netscape.cmscore.base.ArgBlock; import com.netscape.cmscore.dbs.CRLRepository; @@ -167,6 +143,30 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPAttributeSet; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPModification; +import netscape.ldap.LDAPModificationSet; +import netscape.ldap.LDAPSearchResults; +import netscape.security.pkcs.PKCS10; +import netscape.security.util.DerOutputStream; +import netscape.security.util.DerValue; +import netscape.security.x509.AlgorithmId; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.CertificateIssuerName; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.X500Name; +import netscape.security.x509.X500Signer; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509ExtensionException; +import netscape.security.x509.X509Key; + /** * A class represents a Certificate Authority that is @@ -1272,7 +1272,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori return mCACertChain; } - public X509CertImpl getCACert() { + public X509CertImpl getCACert() throws EBaseException { if (mCaCert != null) { return mCaCert; } @@ -1282,11 +1282,15 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori if (cert != null) { return new X509CertImpl(CMS.AtoB(cert)); } + } catch (EBaseException e) { CMS.debug(e); + throw e; + } catch (CertificateException e) { - CMS.debug(e); + throw new EBaseException(e); } + return null; } |