diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-05-25 00:36:45 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-05-25 01:32:46 +0200 |
commit | 9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a (patch) | |
tree | a64bc59f8282196b6b1085c2a4c4b719e341c512 /base/ca | |
parent | 14e4e7a992c9537b9bf0403e6d94f316009923d0 (diff) | |
download | pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.tar.gz pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.tar.xz pki-9af1f0d3b48d6dd358a4c63f938f2c5d0e119d7a.zip |
Added CRLIssuingPoint.generateDeltaCRL().
The code that generates delta CRL in updateCRLNow()
in CRLIssuingPoint has been refactored into a separate
generateDeltaCRL() method for clarity.
https://pagure.io/dogtagpki/issue/2651
Change-Id: I494524ba3fffd89e4edd995c2fa32b9f55104c4a
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/src/com/netscape/ca/CRLIssuingPoint.java | 160 |
1 files changed, 93 insertions, 67 deletions
diff --git a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java index de733eb22..317294ba8 100644 --- a/base/ca/src/com/netscape/ca/CRLIssuingPoint.java +++ b/base/ca/src/com/netscape/ca/CRLIssuingPoint.java @@ -2634,73 +2634,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mSplits[1] += System.currentTimeMillis(); - X509CRLImpl newX509DeltaCRL = null; - - try { - mSplits[2] -= System.currentTimeMillis(); - byte[] newDeltaCRL; - - // #56123 - dont generate CRL if no revoked certificates - if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) { - if (deltaCRLCerts.size() == 0) { - CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated"); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "No Revoked Certificates")); - } - } - X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(), - AlgorithmId.get(signingAlgorithm), - thisUpdate, nextDeltaUpdate, deltaCRLCerts, ext); - - newX509DeltaCRL = mCA.sign(crl, signingAlgorithm); - newDeltaCRL = newX509DeltaCRL.getEncoded(); - mSplits[2] += System.currentTimeMillis(); - - mSplits[3] -= System.currentTimeMillis(); - mCRLRepository.updateDeltaCRL(mId, mNextDeltaCRLNumber, - Long.valueOf(deltaCRLCerts.size()), mNextDeltaUpdate, newDeltaCRL); - mSplits[3] += System.currentTimeMillis(); - - mDeltaCRLSize = deltaCRLCerts.size(); - - long totalTime = 0; - StringBuffer splitTimes = new StringBuffer(" ("); - for (int i = 1; i < mSplits.length && i < 5; i++) { - totalTime += mSplits[i]; - if (i > 1) - splitTimes.append(","); - splitTimes.append(String.valueOf(mSplits[i])); - } - splitTimes.append(")"); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"), - new Object[] { - getId(), - getNextCRLNumber(), - getCRLNumber(), - getLastUpdate(), - getNextDeltaUpdate(), - Long.toString(mDeltaCRLSize), - Long.toString(totalTime) + splitTimes.toString() - } - ); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString())); - mDeltaCRLSize = -1; - } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); - mDeltaCRLSize = -1; - } catch (CRLException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); - mDeltaCRLSize = -1; - } catch (X509ExtensionException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); - mDeltaCRLSize = -1; - } catch (OutOfMemoryError e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); - mDeltaCRLSize = -1; - } + X509CRLImpl newX509DeltaCRL = generateDeltaCRL( + deltaCRLCerts, signingAlgorithm, thisUpdate, nextDeltaUpdate, ext); try { mSplits[4] -= System.currentTimeMillis(); @@ -2964,6 +2899,97 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { return ext; } + X509CRLImpl generateDeltaCRL( + Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts, + String signingAlgorithm, + Date thisUpdate, + Date nextDeltaUpdate, + CRLExtensions ext) { + + X509CRLImpl newX509DeltaCRL = null; + + try { + mSplits[2] -= System.currentTimeMillis(); + + // #56123 - dont generate CRL if no revoked certificates + if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) { + if (deltaCRLCerts.size() == 0) { + CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated"); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "No Revoked Certificates")); + } + } + + X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(), + AlgorithmId.get(signingAlgorithm), + thisUpdate, nextDeltaUpdate, deltaCRLCerts, ext); + + newX509DeltaCRL = mCA.sign(crl, signingAlgorithm); + + byte[] newDeltaCRL = newX509DeltaCRL.getEncoded(); + + mSplits[2] += System.currentTimeMillis(); + + mSplits[3] -= System.currentTimeMillis(); + mCRLRepository.updateDeltaCRL(mId, mNextDeltaCRLNumber, + Long.valueOf(deltaCRLCerts.size()), mNextDeltaUpdate, newDeltaCRL); + mSplits[3] += System.currentTimeMillis(); + + mDeltaCRLSize = deltaCRLCerts.size(); + + long totalTime = 0; + StringBuffer splitTimes = new StringBuffer(" ("); + for (int i = 1; i < mSplits.length && i < 5; i++) { + totalTime += mSplits[i]; + if (i > 1) + splitTimes.append(","); + splitTimes.append(String.valueOf(mSplits[i])); + } + splitTimes.append(")"); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"), + new Object[] { + getId(), + getNextCRLNumber(), + getCRLNumber(), + getLastUpdate(), + getNextDeltaUpdate(), + Long.toString(mDeltaCRLSize), + Long.toString(totalTime) + splitTimes.toString() + } + ); + + } catch (EBaseException e) { + CMS.debug(e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString())); + mDeltaCRLSize = -1; + + } catch (NoSuchAlgorithmException e) { + CMS.debug(e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); + mDeltaCRLSize = -1; + + } catch (CRLException e) { + CMS.debug(e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); + mDeltaCRLSize = -1; + + } catch (X509ExtensionException e) { + CMS.debug(e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); + mDeltaCRLSize = -1; + + } catch (OutOfMemoryError e) { + CMS.debug(e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString())); + mDeltaCRLSize = -1; + } + + return newX509DeltaCRL; + } + /** * publish CRL. called from updateCRLNow() and init(). */ |