diff options
author | Andrew Wnuk <awnuk@redhat.com> | 2012-07-17 16:55:22 -0700 |
---|---|---|
committer | Andrew Wnuk <awnuk@redhat.com> | 2012-07-17 16:55:22 -0700 |
commit | 46d5f7838c3869a8037fe30116bac5d37549e38e (patch) | |
tree | 427bdc532e81a9afd1524698459f79e806f737df /base | |
parent | b46d51b4267e20e2e923bd48a210af357887f993 (diff) | |
download | pki-46d5f7838c3869a8037fe30116bac5d37549e38e.tar.gz pki-46d5f7838c3869a8037fe30116bac5d37549e38e.tar.xz pki-46d5f7838c3869a8037fe30116bac5d37549e38e.zip |
CA removal
This patch provides fix to OCSP agent inability of removing a CA from the List of Certificate Authorities in some circumstances.
Bug: 837124.
Diffstat (limited to 'base')
-rw-r--r-- | base/common/src/com/netscape/cms/ocsp/DefStore.java | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/base/common/src/com/netscape/cms/ocsp/DefStore.java b/base/common/src/com/netscape/cms/ocsp/DefStore.java index 5cee87273..4b88cadde 100644 --- a/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -231,6 +231,14 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void deleteOldCRLsInCA(String caName) throws EBaseException { + deleteCRLsInCA (caName, true); + } + + public void deleteAllCRLsInCA(String caName) throws EBaseException { + deleteCRLsInCA (caName, false); + } + + public void deleteCRLsInCA(String caName, boolean oldCRLs) throws EBaseException { IDBSSession s = mDBService.createSession(); try { @@ -242,10 +250,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { return; // nothing to do String thisUpdate = Long.toString( cp.getThisUpdate().getTime()); - Enumeration<IRepositoryRecord> e = searchRepository( - caName, - "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + - thisUpdate + ")"); + String filter = (oldCRLs)? "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + thisUpdate + ")": "ou=*"; + Enumeration e = searchRepository( caName, filter); while (e != null && e.hasMoreElements()) { IRepositoryRecord r = e.nextElement(); @@ -649,8 +655,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { s = mDBService.createSession(); String name = "cn=" + transformDN(id) + "," + getBaseDN(); CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name); - if (s != null) + if (s != null) { + deleteAllCRLsInCA(id); s.delete(name); + } } finally { if (s != null) s.close(); |