diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-05-24 06:38:50 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-05-24 18:54:18 +0200 |
| commit | f6cc8db2fbd9ab509c4285e944306b31cf068a5f (patch) | |
| tree | 978b65b849d555cdd58f4dab6b8a0c140ed4c780 /base/server/cms/src/com/netscape/cms/ocsp/DefStore.java | |
| parent | 1d6860b20970dae43b81e9f943fb49575f377099 (diff) | |
| download | pki-f6cc8db2fbd9ab509c4285e944306b31cf068a5f.tar.gz pki-f6cc8db2fbd9ab509c4285e944306b31cf068a5f.tar.xz pki-f6cc8db2fbd9ab509c4285e944306b31cf068a5f.zip | |
Cleaned up DefStore.processRequest() (part 1).
An if-statement in DefStore.processRequest() has been modified
to return early for clarity. The code indentation has been adjusted
accordingly.
https://pagure.io/dogtagpki/issue/2652
Change-Id: Ib506bdac88e017197b2a192e952b54be1456eac0
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/ocsp/DefStore.java')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/ocsp/DefStore.java | 121 |
1 files changed, 62 insertions, 59 deletions
diff --git a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java index 217c56833..9882acd3a 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java @@ -27,11 +27,6 @@ import java.util.Hashtable; import java.util.Locale; import java.util.Vector; -import netscape.security.x509.RevokedCertificate; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509Key; - import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.GeneralizedTime; import org.mozilla.jss.asn1.INTEGER; @@ -73,6 +68,11 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; +import netscape.security.x509.RevokedCertificate; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509Key; + /** * This is the default OCSP store that stores revocation information * as certificate record (CMS internal data structure). @@ -481,77 +481,80 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { incReqCount(theRec.getId()); } + if (theCert == null) { + return null; + } + // check the serial number - if (theCert != null) { - INTEGER serialNo = cid.getSerialNumber(); + INTEGER serialNo = cid.getSerialNumber(); - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16)); - CMS.debug("DefStore: process request 0x" + serialNo.toString(16)); - CertStatus certStatus = null; - GeneralizedTime thisUpdate = null; + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16)); + CMS.debug("DefStore: process request 0x" + serialNo.toString(16)); + CertStatus certStatus = null; + GeneralizedTime thisUpdate = null; + if (theRec == null) { + thisUpdate = new GeneralizedTime(CMS.getCurrentDate()); + } else { + thisUpdate = new GeneralizedTime( + theRec.getThisUpdate()); + } + GeneralizedTime nextUpdate = null; + + if (includeNextUpdate()) { + // this is an optional field if (theRec == null) { - thisUpdate = new GeneralizedTime(CMS.getCurrentDate()); + nextUpdate = new GeneralizedTime(CMS.getCurrentDate()); } else { - thisUpdate = new GeneralizedTime( - theRec.getThisUpdate()); - } - GeneralizedTime nextUpdate = null; - - if (includeNextUpdate()) { - // this is an optional field - if (theRec == null) { - nextUpdate = new GeneralizedTime(CMS.getCurrentDate()); - } else { - nextUpdate = new GeneralizedTime( - theRec.getNextUpdate()); - } + nextUpdate = new GeneralizedTime( + theRec.getNextUpdate()); } + } - if (theCRL == null) { - certStatus = new UnknownInfo(); - - // if crl is not available, we can try crl cache - if (theRec != null) { - CMS.debug("DefStore: evaluating crl cache"); - Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone(); - if (cache != null) { - RevokedCertificate rc = cache.get(new BigInteger(serialNo.toString())); - if (rc == null) { - if (isNotFoundGood()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); - } + if (theCRL == null) { + certStatus = new UnknownInfo(); + + // if crl is not available, we can try crl cache + if (theRec != null) { + CMS.debug("DefStore: evaluating crl cache"); + Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone(); + if (cache != null) { + RevokedCertificate rc = cache.get(new BigInteger(serialNo.toString())); + if (rc == null) { + if (isNotFoundGood()) { + certStatus = new GoodInfo(); } else { - - certStatus = new RevokedInfo( - new GeneralizedTime( - rc.getRevocationDate())); + certStatus = new UnknownInfo(); } + } else { + + certStatus = new RevokedInfo( + new GeneralizedTime( + rc.getRevocationDate())); } } + } - } else { - CMS.debug("DefStore: evaluating x509 crl impl"); - X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString())); + } else { + CMS.debug("DefStore: evaluating x509 crl impl"); + X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString())); - if (crlentry == null) { - // good or unknown - if (isNotFoundGood()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); - } + if (crlentry == null) { + // good or unknown + if (isNotFoundGood()) { + certStatus = new GoodInfo(); } else { - certStatus = new RevokedInfo(new GeneralizedTime( - crlentry.getRevocationDate())); - + certStatus = new UnknownInfo(); } + } else { + certStatus = new RevokedInfo(new GeneralizedTime( + crlentry.getRevocationDate())); + } - return new SingleResponse(cid, certStatus, thisUpdate, - nextUpdate); } + return new SingleResponse(cid, certStatus, thisUpdate, + nextUpdate); + } catch (Exception e) { // error log CMS.debug("DefStore: failed processing request e=" + e); |