Added CRLIssuingPoint.generateDeltaCRL().

The code that generates delta CRL in updateCRLNow() in CRLIssuingPoint has been refactored into a separate generateDeltaCRL() method for clarity. https://pagure.io/dogtagpki/issue/2651 Change-Id: I494524ba3fffd89e4edd995c2fa32b9f55104c4a
author: Endi S. Dewata <edewata@redhat.com> 2017-05-25 00:36:45 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-05-25 01:32:46 +0200
commit: 9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a (patch)
tree: a64bc59f8282196b6b1085c2a4c4b719e341c512 /base/ca
parent: 14e4e7a992c9537b9bf0403e6d94f316009923d0 (diff)
download: pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.tar.gz
pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.tar.xz
pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.zip
1 files changed, 93 insertions, 67 deletions
diff --git a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
index de733eb22..317294ba8 100644
--- a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
+++ b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
@@ -2634,73 +2634,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
 
                 mSplits[1] += System.currentTimeMillis();
 
-                X509CRLImpl newX509DeltaCRL = null;
-
-                try {
-                    mSplits[2] -= System.currentTimeMillis();
-                    byte[] newDeltaCRL;
-
-                    // #56123 - dont generate CRL if no revoked certificates
-                    if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
-                        if (deltaCRLCerts.size() == 0) {
-                            CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated");
-                            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                                    "No Revoked Certificates"));
-                        }
-                    }
-                    X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
-                            AlgorithmId.get(signingAlgorithm),
-                            thisUpdate, nextDeltaUpdate, deltaCRLCerts, ext);
-
-                    newX509DeltaCRL = mCA.sign(crl, signingAlgorithm);
-                    newDeltaCRL = newX509DeltaCRL.getEncoded();
-                    mSplits[2] += System.currentTimeMillis();
-
-                    mSplits[3] -= System.currentTimeMillis();
-                    mCRLRepository.updateDeltaCRL(mId, mNextDeltaCRLNumber,
-                              Long.valueOf(deltaCRLCerts.size()), mNextDeltaUpdate, newDeltaCRL);
-                    mSplits[3] += System.currentTimeMillis();
-
-                    mDeltaCRLSize = deltaCRLCerts.size();
-
-                    long totalTime = 0;
-                    StringBuffer splitTimes = new StringBuffer("  (");
-                    for (int i = 1; i < mSplits.length && i < 5; i++) {
-                        totalTime += mSplits[i];
-                        if (i > 1)
-                            splitTimes.append(",");
-                        splitTimes.append(String.valueOf(mSplits[i]));
-                    }
-                    splitTimes.append(")");
-                    mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
-                            new Object[] {
-                                    getId(),
-                                    getNextCRLNumber(),
-                                    getCRLNumber(),
-                                    getLastUpdate(),
-                                    getNextDeltaUpdate(),
-                                    Long.toString(mDeltaCRLSize),
-                                    Long.toString(totalTime) + splitTimes.toString()
-                            }
-                            );
-                } catch (EBaseException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString()));
-                    mDeltaCRLSize = -1;
-                } catch (NoSuchAlgorithmException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-                    mDeltaCRLSize = -1;
-                } catch (CRLException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-                    mDeltaCRLSize = -1;
-                } catch (X509ExtensionException e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-                    mDeltaCRLSize = -1;
-                } catch (OutOfMemoryError e) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
-                    mDeltaCRLSize = -1;
-                }
+                X509CRLImpl newX509DeltaCRL = generateDeltaCRL(
+                        deltaCRLCerts, signingAlgorithm, thisUpdate, nextDeltaUpdate, ext);
 
                 try {
                     mSplits[4] -= System.currentTimeMillis();
@@ -2964,6 +2899,97 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
         return ext;
     }
 
+    X509CRLImpl generateDeltaCRL(
+            Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts,
+            String signingAlgorithm,
+            Date thisUpdate,
+            Date nextDeltaUpdate,
+            CRLExtensions ext) {
+
+        X509CRLImpl newX509DeltaCRL = null;
+
+        try {
+            mSplits[2] -= System.currentTimeMillis();
+
+            // #56123 - dont generate CRL if no revoked certificates
+            if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+                if (deltaCRLCerts.size() == 0) {
+                    CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated");
+                    throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+                            "No Revoked Certificates"));
+                }
+            }
+
+            X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
+                    AlgorithmId.get(signingAlgorithm),
+                    thisUpdate, nextDeltaUpdate, deltaCRLCerts, ext);
+
+            newX509DeltaCRL = mCA.sign(crl, signingAlgorithm);
+
+            byte[] newDeltaCRL = newX509DeltaCRL.getEncoded();
+
+            mSplits[2] += System.currentTimeMillis();
+
+            mSplits[3] -= System.currentTimeMillis();
+            mCRLRepository.updateDeltaCRL(mId, mNextDeltaCRLNumber,
+                      Long.valueOf(deltaCRLCerts.size()), mNextDeltaUpdate, newDeltaCRL);
+            mSplits[3] += System.currentTimeMillis();
+
+            mDeltaCRLSize = deltaCRLCerts.size();
+
+            long totalTime = 0;
+            StringBuffer splitTimes = new StringBuffer("  (");
+            for (int i = 1; i < mSplits.length && i < 5; i++) {
+                totalTime += mSplits[i];
+                if (i > 1)
+                    splitTimes.append(",");
+                splitTimes.append(String.valueOf(mSplits[i]));
+            }
+            splitTimes.append(")");
+
+            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                    AuditFormat.LEVEL,
+                    CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
+                    new Object[] {
+                            getId(),
+                            getNextCRLNumber(),
+                            getCRLNumber(),
+                            getLastUpdate(),
+                            getNextDeltaUpdate(),
+                            Long.toString(mDeltaCRLSize),
+                            Long.toString(totalTime) + splitTimes.toString()
+                    }
+            );
+
+        } catch (EBaseException e) {
+            CMS.debug(e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString()));
+            mDeltaCRLSize = -1;
+
+        } catch (NoSuchAlgorithmException e) {
+            CMS.debug(e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+            mDeltaCRLSize = -1;
+
+        } catch (CRLException e) {
+            CMS.debug(e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+            mDeltaCRLSize = -1;
+
+        } catch (X509ExtensionException e) {
+            CMS.debug(e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+            mDeltaCRLSize = -1;
+
+        } catch (OutOfMemoryError e) {
+            CMS.debug(e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+            mDeltaCRLSize = -1;
+        }
+
+        return newX509DeltaCRL;
+    }
+
     /**
      * publish CRL. called from updateCRLNow() and init().
      */
author	Endi S. Dewata <edewata@redhat.com>	2017-05-25 00:36:45 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-05-25 01:32:46 +0200
commit	9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a (patch)
tree	a64bc59f8282196b6b1085c2a4c4b719e341c512 /base/ca
parent	14e4e7a992c9537b9bf0403e6d94f316009923d0 (diff)
download	pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.tar.gz pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.tar.xz pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.zip