summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/src/com/netscape/ca
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
committerAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
commit171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch)
tree1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/ca/src/com/netscape/ca
parentadad2fcee8a29fdb82376fbce07dedb11fccc182 (diff)
downloadpki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/ca/src/com/netscape/ca')
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAPolicy.java54
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAService.java1245
-rw-r--r--pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java416
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java1671
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java35
-rw-r--r--pki/base/ca/src/com/netscape/ca/CertificateAuthority.java949
-rw-r--r--pki/base/ca/src/com/netscape/ca/SigningUnit.java188
7 files changed, 2039 insertions, 2519 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CAPolicy.java b/pki/base/ca/src/com/netscape/ca/CAPolicy.java
index 6326cf8c8..80c801a42 100644
--- a/pki/base/ca/src/com/netscape/ca/CAPolicy.java
+++ b/pki/base/ca/src/com/netscape/ca/CAPolicy.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
@@ -31,11 +32,14 @@ import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cmscore.policy.GenericPolicyProcessor;
import com.netscape.cmscore.util.Debug;
+
/**
- * XXX Just inherit 'GenericPolicyProcessor' (from RA) for now. This really bad.
- * need to make a special case just for connector. would like a much better way
- * of doing this to handle both EE and connectors. XXX2 moved to just implement
- * IPolicy since GenericPolicyProcessor is unuseable for CA.
+ * XXX Just inherit 'GenericPolicyProcessor' (from RA) for now.
+ * This really bad. need to make a special case just for connector.
+ * would like a much better way of doing this to handle both EE and
+ * connectors.
+ * XXX2 moved to just implement IPolicy since GenericPolicyProcessor is
+ * unuseable for CA.
*
* @version $Revision$, $Date$
*/
@@ -43,7 +47,8 @@ public class CAPolicy implements IPolicy {
IConfigStore mConfig = null;
ICertificateAuthority mCA = null;
- public static String PROP_PROCESSOR = "processor";
+ public static String PROP_PROCESSOR =
+ "processor";
// These are the different types of policy that are
// allowed for the "processor" property
public static String PR_TYPE_CLASSIC = "classic";
@@ -59,19 +64,19 @@ public class CAPolicy implements IPolicy {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mCA = (ICertificateAuthority) owner;
mConfig = config;
- String processorType = // XXX - need to upgrade 4.2
- config.getString(PROP_PROCESSOR, PR_TYPE_CLASSIC);
+ String processorType = // XXX - need to upgrade 4.2
+ config.getString(PROP_PROCESSOR, PR_TYPE_CLASSIC);
Debug.trace("selected policy processor = " + processorType);
if (processorType.equals(PR_TYPE_CLASSIC)) {
mPolicies = new GenericPolicyProcessor();
} else {
- throw new EBaseException("Unknown policy processor type ("
- + processorType + ")");
+ throw new EBaseException("Unknown policy processor type (" +
+ processorType + ")");
}
mPolicies.init(mCA, mConfig);
@@ -94,31 +99,33 @@ public class CAPolicy implements IPolicy {
return PolicyResult.REJECTED;
}
- Debug.trace("in CAPolicy.apply(requestType=" + r.getRequestType()
- + ",requestId=" + r.getRequestId().toString()
- + ",requestStatus=" + r.getRequestStatus().toString() + ")");
+ Debug.trace("in CAPolicy.apply(requestType=" +
+ r.getRequestType() + ",requestId=" +
+ r.getRequestId().toString() + ",requestStatus=" +
+ r.getRequestStatus().toString() + ")");
- if (isProfileRequest(r)) {
- Debug.trace("CAPolicy: Profile-base Request "
- + r.getRequestId().toString());
+ if (isProfileRequest(r)) {
+ Debug.trace("CAPolicy: Profile-base Request " +
+ r.getRequestId().toString());
- CMS.debug("CAPolicy: requestId=" + r.getRequestId().toString());
+ CMS.debug("CAPolicy: requestId=" +
+ r.getRequestId().toString());
String profileId = r.getExtDataInString("profileId");
- if (profileId == null || profileId.equals("")) {
+ if (profileId == null || profileId.equals("")) {
return PolicyResult.REJECTED;
}
- IProfileSubsystem ps = (IProfileSubsystem) CMS
- .getSubsystem("profile");
+ IProfileSubsystem ps = (IProfileSubsystem)
+ CMS.getSubsystem("profile");
try {
- IProfile profile = ps.getProfile(profileId);
+ IProfile profile = ps.getProfile(profileId);
r.setExtData("dbStatus", "NOT_UPDATED");
- profile.populate(r);
- profile.validate(r);
+ profile.populate(r);
+ profile.validate(r);
return PolicyResult.ACCEPTED;
} catch (EBaseException e) {
CMS.debug("CAPolicy: " + e.toString());
@@ -130,3 +137,4 @@ public class CAPolicy implements IPolicy {
}
}
+
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java
index 44ab65bcf..159539d45 100644
--- a/pki/base/ca/src/com/netscape/ca/CAService.java
+++ b/pki/base/ca/src/com/netscape/ca/CAService.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -91,6 +92,7 @@ import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.dbs.RevocationInfo;
import com.netscape.cmscore.util.Debug;
+
/**
* Request Service for CertificateAuthority.
*/
@@ -111,31 +113,56 @@ public class CAService implements ICAService, IService {
private Hashtable mCRLIssuingPoints = new Hashtable();
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
+ private final static String
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
public CAService(ICertificateAuthority ca) {
mCA = ca;
- // init services.
- mServants.put(IRequest.ENROLLMENT_REQUEST, new serviceIssue(this));
- mServants.put(IRequest.RENEWAL_REQUEST, new serviceRenewal(this));
- mServants.put(IRequest.REVOCATION_REQUEST, new serviceRevoke(this));
- mServants.put(IRequest.CMCREVOKE_REQUEST, new serviceRevoke(this));
- mServants.put(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST,
- new serviceCheckChallenge(this));
- mServants.put(IRequest.GETCERTS_FOR_CHALLENGE_REQUEST,
- new getCertsForChallenge(this));
- mServants.put(IRequest.UNREVOCATION_REQUEST, new serviceUnrevoke(this));
- mServants.put(IRequest.GETCACHAIN_REQUEST, new serviceGetCAChain(this));
- mServants.put(IRequest.GETCRL_REQUEST, new serviceGetCRL(this));
- mServants.put(IRequest.GETREVOCATIONINFO_REQUEST,
- new serviceGetRevocationInfo(this));
- mServants.put(IRequest.GETCERTS_REQUEST, new serviceGetCertificates(
- this));
- mServants.put(IRequest.CLA_CERT4CRL_REQUEST, new serviceCert4Crl(this));
- mServants.put(IRequest.CLA_UNCERT4CRL_REQUEST, new serviceUnCert4Crl(
- this));
- mServants.put(IRequest.GETCERT_STATUS_REQUEST, new getCertStatus(this));
+ // init services.
+ mServants.put(
+ IRequest.ENROLLMENT_REQUEST,
+ new serviceIssue(this));
+ mServants.put(
+ IRequest.RENEWAL_REQUEST,
+ new serviceRenewal(this));
+ mServants.put(
+ IRequest.REVOCATION_REQUEST,
+ new serviceRevoke(this));
+ mServants.put(
+ IRequest.CMCREVOKE_REQUEST,
+ new serviceRevoke(this));
+ mServants.put(
+ IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST,
+ new serviceCheckChallenge(this));
+ mServants.put(
+ IRequest.GETCERTS_FOR_CHALLENGE_REQUEST,
+ new getCertsForChallenge(this));
+ mServants.put(
+ IRequest.UNREVOCATION_REQUEST,
+ new serviceUnrevoke(this));
+ mServants.put(
+ IRequest.GETCACHAIN_REQUEST,
+ new serviceGetCAChain(this));
+ mServants.put(
+ IRequest.GETCRL_REQUEST,
+ new serviceGetCRL(this));
+ mServants.put(
+ IRequest.GETREVOCATIONINFO_REQUEST,
+ new serviceGetRevocationInfo(this));
+ mServants.put(
+ IRequest.GETCERTS_REQUEST,
+ new serviceGetCertificates(this));
+ mServants.put(
+ IRequest.CLA_CERT4CRL_REQUEST,
+ new serviceCert4Crl(this));
+ mServants.put(
+ IRequest.CLA_UNCERT4CRL_REQUEST,
+ new serviceUnCert4Crl(this));
+ mServants.put(
+ IRequest.GETCERT_STATUS_REQUEST,
+ new getCertStatus(this));
}
public void init(IConfigStore config) throws EBaseException {
@@ -143,32 +170,28 @@ public class CAService implements ICAService, IService {
try {
// MOVED TO com.netscape.certsrv.apps.CMS
- // java.security.Security.addProvider(new
- // netscape.security.provider.CMS());
- // java.security.Provider pr =
- // java.security.Security.getProvider("CMS");
- // if (pr != null) {
- // ;
- // }
- // else
- // Debug.trace("Something is wrong in CMS install !");
- java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory
- .getInstance("X.509");
+ // java.security.Security.addProvider(new netscape.security.provider.CMS());
+ // java.security.Provider pr = java.security.Security.getProvider("CMS");
+ // if (pr != null) {
+ // ;
+ // }
+ // else
+ // Debug.trace("Something is wrong in CMS install !");
+ java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
Debug.trace("CertificateFactory Type : " + cf.getType());
- Debug.trace("CertificateFactory Provider : "
- + cf.getProvider().getInfo());
+ Debug.trace("CertificateFactory Provider : " + cf.getProvider().getInfo());
} catch (java.security.cert.CertificateException e) {
- Debug.trace("Something is happen in install CMS provider !"
- + e.toString());
- }
+ Debug.trace("Something is happen in install CMS provider !" + e.toString());
+ }
}
public void startup() throws EBaseException {
IConfigStore kraConfig = mConfig.getSubStore("KRA");
if (kraConfig != null) {
- mArchivalRequired = kraConfig.getBoolean("archivalRequired", true);
+ mArchivalRequired = kraConfig.getBoolean(
+ "archivalRequired", true);
mKRAConnector = getConnector(kraConfig);
if (mKRAConnector != null) {
if (Debug.ON) {
@@ -205,7 +228,8 @@ public class CAService implements ICAService, IService {
mKRAConnector = c;
}
- public IConnector getConnector(IConfigStore config) throws EBaseException {
+ public IConnector getConnector(IConfigStore config)
+ throws EBaseException {
IConnector connector = null;
if (config == null || config.size() <= 0) {
@@ -217,15 +241,13 @@ public class CAService implements ICAService, IService {
if (extConnector != null) {
try {
- connector = (IConnector) Class.forName(extConnector)
- .newInstance();
+ connector = (IConnector)
+ Class.forName(extConnector).newInstance();
// connector.start() will be called later on
return connector;
} catch (Exception e) {
// ignore external class if error
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_LOAD_CONNECTOR",
- extConnector, e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_LOAD_CONNECTOR", extConnector, e.toString()));
}
}
@@ -241,8 +263,7 @@ public class CAService implements ICAService, IService {
if (authority == null) {
String msg = "local authority " + id + " not found.";
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_AUTHORITY_NOT_FOUND", id));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_AUTHORITY_NOT_FOUND", id));
throw new EBaseException(msg);
}
connector = new LocalConnector((ICertAuthority) mCA, authority);
@@ -257,27 +278,25 @@ public class CAService implements ICAService, IService {
int timeout = config.getInteger("timeout", 0);
// Insert end
// Changed by beomsuk
- // RemoteAuthority remauthority =
- // new RemoteAuthority(host, port, uri);
- RemoteAuthority remauthority = new RemoteAuthority(host, port, uri,
- timeout);
+ //RemoteAuthority remauthority =
+ // new RemoteAuthority(host, port, uri);
+ RemoteAuthority remauthority =
+ new RemoteAuthority(host, port, uri, timeout);
- // Change end
- if (nickname == null)
+ // Change end
+ if (nickname == null)
nickname = mCA.getNickname();
- // Changed by beomsuk
- // connector =
- // new HttpConnector(mCA, nickname, remauthority, resendInterval);
+ // Changed by beomsuk
+ //connector =
+ // new HttpConnector(mCA, nickname, remauthority, resendInterval);
if (timeout == 0)
- connector = new HttpConnector((IAuthority) mCA, nickname,
- remauthority, resendInterval, config);
+ connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config);
else
- connector = new HttpConnector((IAuthority) mCA, nickname,
- remauthority, resendInterval, config, timeout);
- // Change end
+ connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout);
+ // Change end
- // log(ILogger.LL_INFO, "remote authority "+
- // host+":"+port+" "+uri+" inited");
+ // log(ILogger.LL_INFO, "remote authority "+
+ // host+":"+port+" "+uri+" inited");
}
return connector;
}
@@ -292,12 +311,13 @@ public class CAService implements ICAService, IService {
}
/**
- * After population of defaults, and constraint validation, the profile
- * request is processed here.
+ * After population of defaults, and constraint validation,
+ * the profile request is processed here.
*/
- public void serviceProfileRequest(IRequest request) throws EBaseException {
- CMS.debug("CAService: serviceProfileRequest requestId="
- + request.getRequestId().toString());
+ public void serviceProfileRequest(IRequest request)
+ throws EBaseException {
+ CMS.debug("CAService: serviceProfileRequest requestId=" +
+ request.getRequestId().toString());
String profileId = request.getExtDataInString("profileId");
@@ -305,7 +325,8 @@ public class CAService implements ICAService, IService {
throw new EBaseException("profileId not found");
}
- IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem("profile");
+ IProfileSubsystem ps = (IProfileSubsystem)
+ CMS.getSubsystem("profile");
IProfile profile = null;
try {
@@ -319,26 +340,25 @@ public class CAService implements ICAService, IService {
// assumed rejected
request.setExtData("dbStatus", "NOT_UPDATED");
- // profile.populate(request);
+ // profile.populate(request);
profile.validate(request);
profile.execute(request);
// This function is called only from ConnectorServlet
- // serialize to request queue
+ // serialize to request queue
}
/**
- * method interface for IService
+ * method interface for IService
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used
- * whenever a user private key archive request is made. This is an option in
- * a cert enrollment request detected by an RA or a CA, so, if selected, it
- * should be logged immediately following the certificate request.
+ * whenever a user private key archive request is made. This is an option
+ * in a cert enrollment request detected by an RA or a CA, so, if selected,
+ * it should be logged immediately following the certificate request.
* </ul>
- *
* @param request a certificate enrollment request from an RA or CA
* @return true or false
*/
@@ -353,25 +373,23 @@ public class CAService implements ICAService, IService {
// short cut profile-based request
if (isProfileRequest(request)) {
try {
- CMS.debug("CAServic: x0 requestStatus="
- + request.getRequestStatus().toString() + " instance="
- + request);
+ CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance=" + request);
serviceProfileRequest(request);
request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
- CMS.debug("CAServic: x1 requestStatus="
- + request.getRequestStatus().toString());
+ CMS.debug("CAServic: x1 requestStatus=" + request.getRequestStatus().toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.SUCCESS, auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
return true;
} catch (EBaseException e) {
- CMS.debug("CAServic: x2 requestStatus="
- + request.getRequestStatus().toString());
+ CMS.debug("CAServic: x2 requestStatus=" + request.getRequestStatus().toString());
// need to put error into the request
CMS.debug("CAService: serviceRequest " + e.toString());
request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
@@ -379,9 +397,11 @@ public class CAService implements ICAService, IService {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -393,18 +413,17 @@ public class CAService implements ICAService, IService {
IServant servant = (IServant) mServants.get(type);
if (servant == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type));
request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
- request.setExtData(
- IRequest.ERROR,
- new ECAException(CMS.getUserMessage(
- "CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type)));
+ request.setExtData(IRequest.ERROR,
+ new ECAException(CMS.getUserMessage("CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type)));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -413,9 +432,8 @@ public class CAService implements ICAService, IService {
try {
// send request to KRA first
- if (type.equals(IRequest.ENROLLMENT_REQUEST)
- && isPKIArchiveOptionPresent(request)
- && mKRAConnector != null) {
+ if (type.equals(IRequest.ENROLLMENT_REQUEST) &&
+ isPKIArchiveOptionPresent(request) && mKRAConnector != null) {
if (Debug.ON) {
Debug.trace("*** Sending enrollment request to KRA");
}
@@ -423,36 +441,36 @@ public class CAService implements ICAService, IService {
if (mArchivalRequired == true) {
if (sendStatus == false) {
- request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
- request.setExtData(
- IRequest.ERROR,
- new ECAException(
- CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST")));
+ request.setExtData(IRequest.RESULT,
+ IRequest.RES_ERROR);
+ request.setExtData(IRequest.ERROR,
+ new ECAException(CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST")));
// store a message in the signed audit log file
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditArchiveID);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
return true;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
- request.setExtData(IRequest.RESULT,
- IRequest.RES_SUCCESS);
+ request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
request.deleteExtData(IRequest.ERROR);
}
}
if (request.getExtDataInString(IRequest.ERROR) != null) {
// store a message in the signed audit log file
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditArchiveID);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -461,8 +479,7 @@ public class CAService implements ICAService, IService {
}
} else {
if (Debug.ON) {
- Debug.trace("*** NOT Send to KRA type=" + type
- + " ENROLLMENT=" + IRequest.ENROLLMENT_REQUEST);
+ Debug.trace("*** NOT Send to KRA type=" + type + " ENROLLMENT=" + IRequest.ENROLLMENT_REQUEST);
}
}
@@ -474,9 +491,11 @@ public class CAService implements ICAService, IService {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -487,14 +506,16 @@ public class CAService implements ICAService, IService {
if (Debug.ON)
Debug.trace("serviceRequest completed = " + completed);
- if (!(type.equals(IRequest.REVOCATION_REQUEST)
- || type.equals(IRequest.UNREVOCATION_REQUEST) || type
- .equals(IRequest.CMCREVOKE_REQUEST))) {
+ if (!(type.equals(IRequest.REVOCATION_REQUEST) ||
+ type.equals(IRequest.UNREVOCATION_REQUEST) ||
+ type.equals(IRequest.CMCREVOKE_REQUEST))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID, ILogger.SUCCESS, auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
}
@@ -503,7 +524,7 @@ public class CAService implements ICAService, IService {
}
/**
- * register CRL Issuing Point
+ * register CRL Issuing Point
*/
public void addCRLIssuingPoint(String id, ICRLIssuingPoint crlIssuingPoint) {
mCRLIssuingPoints.put(id, crlIssuingPoint);
@@ -520,8 +541,8 @@ public class CAService implements ICAService, IService {
* Checks if PKIArchiveOption present in the request.
*/
private boolean isPKIArchiveOptionPresent(IRequest request) {
- String crmfBlob = request.getExtDataInString(IRequest.HTTP_PARAMS,
- CRMF_REQUEST);
+ String crmfBlob = request.getExtDataInString(
+ IRequest.HTTP_PARAMS, CRMF_REQUEST);
if (crmfBlob == null) {
if (Debug.ON) {
@@ -529,8 +550,7 @@ public class CAService implements ICAService, IService {
}
} else {
try {
- PKIArchiveOptionsContainer opts[] = CRMFParser
- .getPKIArchiveOptions(crmfBlob);
+ PKIArchiveOptionsContainer opts[] = CRMFParser.getPKIArchiveOptions(crmfBlob);
if (opts != null) {
return true;
@@ -542,19 +562,20 @@ public class CAService implements ICAService, IService {
return false;
}
- // /
- // / CA related routines.
- // /
+ ///
+ /// CA related routines.
+ ///
- public X509CertImpl issueX509Cert(X509CertInfo certi) throws EBaseException {
+ public X509CertImpl issueX509Cert(X509CertInfo certi)
+ throws EBaseException {
return issueX509Cert(certi, null, null);
}
/**
* issue cert for enrollment.
*/
- public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId,
- String rid) throws EBaseException {
+ public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid)
+ throws EBaseException {
CMS.debug("issueX509Cert");
X509CertImpl certImpl = issueX509Cert("", certi, false, null);
@@ -565,7 +586,7 @@ public class CAService implements ICAService, IService {
}
X509CertImpl issueX509Cert(String rid, X509CertInfo certi)
- throws EBaseException {
+ throws EBaseException {
return issueX509Cert(rid, certi, false, null);
}
@@ -573,7 +594,7 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
void storeX509Cert(String profileId, String rid, X509CertImpl cert)
- throws EBaseException {
+ throws EBaseException {
storeX509Cert(rid, cert, false, null, null, null, profileId);
}
@@ -581,27 +602,28 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId)
- throws EBaseException {
+ throws EBaseException {
storeX509Cert(rid, cert, false, null, crmfReqId, null, null);
}
- void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId,
- String challengePassword) throws EBaseException {
- storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword,
- null);
+ void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId,
+ String challengePassword) throws EBaseException {
+ storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword, null);
}
/**
- * issue cert for enrollment and renewal. renewal is expected to have
- * original cert serial no. in cert info field.
+ * issue cert for enrollment and renewal.
+ * renewal is expected to have original cert serial no. in cert info
+ * field.
*/
- X509CertImpl issueX509Cert(String rid, X509CertInfo certi, boolean renewal,
- BigInteger oldSerialNo) throws EBaseException {
+ X509CertImpl issueX509Cert(String rid, X509CertInfo certi,
+ boolean renewal, BigInteger oldSerialNo)
+ throws EBaseException {
String algname = null;
X509CertImpl cert = null;
- // NOTE: In this implementation, the "oldSerialNo"
- // parameter is NOT used!
+ // NOTE: In this implementation, the "oldSerialNo"
+ // parameter is NOT used!
boolean doUTF8 = mConfig.getBoolean("dnUTF8Encoding", false);
@@ -609,12 +631,11 @@ public class CAService implements ICAService, IService {
try {
// check required fields in certinfo.
- if (certi.get(X509CertInfo.SUBJECT) == null
- || certi.get(X509CertInfo.KEY) == null) {
+ if (certi.get(X509CertInfo.SUBJECT) == null ||
+ certi.get(X509CertInfo.KEY) == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR"));
- // XXX how do you reject a request in the service object ?
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR"));
+ // XXX how do you reject a request in the service object ?
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_REQD_FIELDS_IN_CERTISSUE"));
}
@@ -626,31 +647,34 @@ public class CAService implements ICAService, IService {
}
// set default validity if not set.
- // validity would normally be set by policies or by
- // agent or by authentication module.
- CertificateValidity validity = (CertificateValidity) certi
- .get(X509CertInfo.VALIDITY);
+ // validity would normally be set by policies or by
+ // agent or by authentication module.
+ CertificateValidity validity = (CertificateValidity)
+ certi.get(X509CertInfo.VALIDITY);
Date begin = null, end = null;
if (validity != null) {
- begin = (Date) validity.get(CertificateValidity.NOT_BEFORE);
- end = (Date) validity.get(CertificateValidity.NOT_AFTER);
+ begin = (Date)
+ validity.get(CertificateValidity.NOT_BEFORE);
+ end = (Date)
+ validity.get(CertificateValidity.NOT_AFTER);
}
- if (validity == null
- || (begin.getTime() == 0 && end.getTime() == 0)) {
+ if (validity == null ||
+ (begin.getTime() == 0 && end.getTime() == 0)) {
if (Debug.ON) {
Debug.trace("setting default validity");
}
-
+
begin = CMS.getCurrentDate();
end = new Date(begin.getTime() + mCA.getDefaultValidity());
- certi.set(CertificateValidity.NAME, new CertificateValidity(
- begin, end));
+ certi.set(CertificateValidity.NAME,
+ new CertificateValidity(begin, end));
}
/*
- * For non-CA certs, check if validity exceeds CA time. If so, set
- * to CA's not after if default validity exceeds ca's not after.
+ * For non-CA certs, check if validity exceeds CA time.
+ * If so, set to CA's not after if default validity
+ * exceeds ca's not after.
*/
// First find out if it is a CA cert
@@ -659,26 +683,21 @@ public class CAService implements ICAService, IService {
BasicConstraintsExtension bc_ext = null;
try {
- exts = (CertificateExtensions) certi
- .get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions)
+ certi.get(X509CertInfo.EXTENSIONS);
if (exts != null) {
Enumeration e = exts.getElements();
while (e.hasMoreElements()) {
- netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e
- .nextElement();
+ netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement();
- if (ext.getExtensionId()
- .toString()
- .equals(PKIXExtensions.BasicConstraints_Id
- .toString())) {
+ if (ext.getExtensionId().toString().equals(PKIXExtensions.BasicConstraints_Id.toString())) {
bc_ext = (BasicConstraintsExtension) ext;
}
}
- if (bc_ext != null) {
- Boolean isCA = (Boolean) bc_ext
- .get(BasicConstraintsExtension.IS_CA);
+ if(bc_ext != null) {
+ Boolean isCA = (Boolean) bc_ext.get(BasicConstraintsExtension.IS_CA);
is_ca = isCA.booleanValue();
}
} // exts != null
@@ -686,108 +705,95 @@ public class CAService implements ICAService, IService {
CMS.debug("EnrollDefault: getExtension " + e.toString());
}
- Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter();
+ Date caNotAfter =
+ mCA.getSigningUnit().getCertImpl().getNotAfter();
if (begin.after(caNotAfter)) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY"));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CERT_BEGIN_AFTER_CA_VALIDITY"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY"));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_BEGIN_AFTER_CA_VALIDITY"));
}
if (end.after(caNotAfter)) {
- if (!is_ca) {
+ if(!is_ca) {
if (!mCA.isEnablePastCATime()) {
end = caNotAfter;
- certi.set(CertificateValidity.NAME,
- new CertificateValidity(begin, caNotAfter));
+ certi.set(CertificateValidity.NAME,
+ new CertificateValidity(begin, caNotAfter));
CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime != true...resetting");
} else {
CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime = true...not resetting");
}
} else {
CMS.debug("CAService: issueX509Cert: CA cert issuance past CA's NOT_AFTER.");
- } // !is_ca
- mCA.log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_PAST_NOT_AFTER"));
+ } //!is_ca
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_PAST_NOT_AFTER"));
}
// check algorithm in certinfo.
AlgorithmId algid = null;
- CertificateAlgorithmId algor = (CertificateAlgorithmId) certi
- .get(X509CertInfo.ALGORITHM_ID);
+ CertificateAlgorithmId algor = (CertificateAlgorithmId)
+ certi.get(X509CertInfo.ALGORITHM_ID);
- if (algor == null
- || algor.toString().equals(
- CertInfo.SERIALIZE_ALGOR.toString())) {
+ if (algor == null || algor.toString().equals(CertInfo.SERIALIZE_ALGOR.toString())) {
algname = mCA.getSigningUnit().getDefaultAlgorithm();
algid = AlgorithmId.get(algname);
- certi.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(algid));
+ certi.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(algid));
} else {
- algid = (AlgorithmId) algor
- .get(CertificateAlgorithmId.ALGORITHM);
+ algid = (AlgorithmId)
+ algor.get(CertificateAlgorithmId.ALGORITHM);
algname = algid.getName();
}
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
if (Debug.ON) {
e.printStackTrace();
}
throw new ECAException(
CMS.getUserMessage("CMS_CA_ERROR_GETTING_FIELDS_IN_ISSUE"));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
if (Debug.ON) {
e.printStackTrace();
}
throw new ECAException(
CMS.getUserMessage("CMS_CA_ERROR_GETTING_FIELDS_IN_ISSUE"));
} catch (NoSuchAlgorithmException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname));
if (Debug.ON) {
e.printStackTrace();
}
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
}
// get old cert serial number if renewal
if (renewal) {
try {
- CertificateSerialNumber serialno = (CertificateSerialNumber) certi
- .get(X509CertInfo.SERIAL_NUMBER);
+ CertificateSerialNumber serialno = (CertificateSerialNumber)
+ certi.get(X509CertInfo.SERIAL_NUMBER);
if (serialno == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
- SerialNumber serialnum = (SerialNumber) serialno
- .get(CertificateSerialNumber.NUMBER);
+ SerialNumber serialnum = (SerialNumber)
+ serialno.get(CertificateSerialNumber.NUMBER);
if (serialnum == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
} catch (CertificateException e) {
- // not possible
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL",
- e.getMessage()));
+ // not possible
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", e.getMessage()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
} catch (IOException e) {
- // not possible.
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL",
- e.getMessage()));
+ // not possible.
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", e.getMessage()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
@@ -795,43 +801,34 @@ public class CAService implements ICAService, IService {
// set issuer, serial number
try {
- BigInteger serialNo = mCA.getCertificateRepository()
- .getNextSerialNumber();
-
- certi.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
- serialNo));
- mCA.log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL",
- serialNo.toString(16)));
+ BigInteger serialNo =
+ mCA.getCertificateRepository().getNextSerialNumber();
+
+ certi.set(X509CertInfo.SERIAL_NUMBER,
+ new CertificateSerialNumber(serialNo));
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL", serialNo.toString(16)));
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_NO_NEXT_SERIAL", e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_NEXT_SERIAL", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_NOSERIALNO", rid));
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SET_SERIALNO_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SET_SERIALNO_FAILED", rid));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SET_SERIALNO_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SET_SERIALNO_FAILED", rid));
}
try {
- certi.set(X509CertInfo.ISSUER,
- new CertificateIssuerName(mCA.getX500Name()));
+ certi.set(X509CertInfo.ISSUER,
+ new CertificateIssuerName(mCA.getX500Name()));
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
}
byte[] utf8_encodingOrder = { DerValue.tag_UTF8String };
@@ -840,28 +837,20 @@ public class CAService implements ICAService, IService {
try {
CMS.debug("doUTF8 true, updating subject.");
- CertificateSubjectName sName = (CertificateSubjectName) certi
- .get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sName = (CertificateSubjectName) certi.get(X509CertInfo.SUBJECT);
String subject = certi.get(X509CertInfo.SUBJECT).toString();
certi.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- new X500Name(subject, new LdapV3DNStrConverter(
- X500NameAttrMap.getDirDefault(), true),
- utf8_encodingOrder)));
+ new X500Name(subject,
+ new LdapV3DNStrConverter(X500NameAttrMap.getDirDefault(), true), utf8_encodingOrder)));
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT",
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT",
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
}
}
@@ -870,21 +859,22 @@ public class CAService implements ICAService, IService {
return cert;
}
- void storeX509Cert(String rid, X509CertImpl cert, boolean renewal,
- BigInteger oldSerialNo) throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert,
+ boolean renewal, BigInteger oldSerialNo)
+ throws EBaseException {
storeX509Cert(rid, cert, renewal, oldSerialNo, null, null, null);
}
- void storeX509Cert(String rid, X509CertImpl cert, boolean renewal,
- BigInteger oldSerialNo, String crmfReqId, String challengePassword,
- String profileId) throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert,
+ boolean renewal, BigInteger oldSerialNo, String crmfReqId,
+ String challengePassword, String profileId) throws EBaseException {
// now store in repository.
- // if renewal, set the old serial number in the new cert,
- // set the new serial number in the old cert.
+ // if renewal, set the old serial number in the new cert,
+ // set the new serial number in the old cert.
CMS.debug("In storeX509Cert");
try {
- BigInteger newSerialNo = cert.getSerialNumber();
+ BigInteger newSerialNo = cert.getSerialNumber();
MetaInfo metaInfo = new MetaInfo();
if (profileId != null)
@@ -894,37 +884,34 @@ public class CAService implements ICAService, IService {
if (challengePassword != null && !challengePassword.equals(""))
metaInfo.set("challengePhrase", challengePassword);
if (crmfReqId != null) {
- // System.out.println("Adding crmf reqid "+crmfReqId);
+ //System.out.println("Adding crmf reqid "+crmfReqId);
metaInfo.set(CertRecord.META_CRMF_REQID, crmfReqId);
}
if (renewal)
metaInfo.set(CertRecord.META_OLD_CERT, oldSerialNo.toString());
mCA.getCertificateRepository().addCertificateRecord(
- new CertRecord(newSerialNo, cert, metaInfo));
+ new CertRecord(newSerialNo, cert, metaInfo));
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage(
- "CMSCORE_CA_STORE_SERIAL",
- cert.getSerialNumber().toString(16)));
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_STORE_SERIAL", cert.getSerialNumber().toString(16)));
if (renewal) {
/*
- * mCA.getCertificateRepository().markCertificateAsRenewed(
- * BigIntegerMapper.BigIntegerToDB(oldSerialNo));
- * mCA.mCertRepot.markCertificateAsRenewed(oldSerialNo);
+ mCA.getCertificateRepository().markCertificateAsRenewed(
+ BigIntegerMapper.BigIntegerToDB(oldSerialNo));
+ mCA.mCertRepot.markCertificateAsRenewed(oldSerialNo);
*/
MetaInfo oldMeta = null;
- CertRecord oldCertRec = (CertRecord) mCA
- .getCertificateRepository().readCertificateRecord(
- oldSerialNo);
+ CertRecord oldCertRec = (CertRecord)
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
if (oldCertRec == null) {
- Exception e = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR",
- "Cannot read cert record for " + oldSerialNo));
+ Exception e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+ "Cannot read cert record for " + oldSerialNo));
e.printStackTrace();
}
- if (oldCertRec != null)
+ if (oldCertRec != null)
oldMeta = oldCertRec.getMetaInfo();
if (oldMeta == null) {
if (Debug.ON) {
@@ -939,29 +926,25 @@ public class CAService implements ICAService, IService {
while (n.hasMoreElements()) {
String name = (String) n.nextElement();
- System.out.println("name " + name + " value "
- + oldMeta.get(name));
+ System.out.println("name " + name + " value " +
+ oldMeta.get(name));
}
}
}
- oldMeta.set(CertRecord.META_RENEWED_CERT,
- newSerialNo.toString());
+ oldMeta.set(CertRecord.META_RENEWED_CERT,
+ newSerialNo.toString());
ModificationSet modSet = new ModificationSet();
- modSet.add(CertRecord.ATTR_AUTO_RENEW,
- Modification.MOD_REPLACE, CertRecord.AUTO_RENEWAL_DONE);
- modSet.add(ICertRecord.ATTR_META_INFO,
- Modification.MOD_REPLACE, oldMeta);
- mCA.getCertificateRepository().modifyCertificateRecord(
- oldSerialNo, modSet);
- mCA.log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL",
- oldSerialNo.toString(16),
- newSerialNo.toString(16)));
+ modSet.add(CertRecord.ATTR_AUTO_RENEW,
+ Modification.MOD_REPLACE,
+ CertRecord.AUTO_RENEWAL_DONE);
+ modSet.add(ICertRecord.ATTR_META_INFO,
+ Modification.MOD_REPLACE, oldMeta);
+ mCA.getCertificateRepository().modifyCertificateRecord(oldSerialNo, modSet);
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", oldSerialNo.toString(16), newSerialNo.toString(16)));
if (Debug.ON) {
- CertRecord check = (CertRecord) mCA
- .getCertificateRepository().readCertificateRecord(
- oldSerialNo);
+ CertRecord check = (CertRecord)
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
MetaInfo meta = check.getMetaInfo();
Enumeration n = oldMeta.getElements();
@@ -973,9 +956,7 @@ public class CAService implements ICAService, IService {
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber()
- .toString(16)));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber().toString(16)));
if (Debug.ON)
e.printStackTrace();
throw e;
@@ -985,25 +966,23 @@ public class CAService implements ICAService, IService {
/**
* revoke cert, check fields in crlentry, etc.
*/
- public void revokeCert(RevokedCertImpl crlentry) throws EBaseException {
+ public void revokeCert(RevokedCertImpl crlentry)
+ throws EBaseException {
revokeCert(crlentry, null);
}
public void revokeCert(RevokedCertImpl crlentry, String requestId)
- throws EBaseException {
+ throws EBaseException {
BigInteger serialno = crlentry.getSerialNumber();
Date revdate = crlentry.getRevocationDate();
CRLExtensions crlentryexts = crlentry.getExtensions();
- CertRecord certRec = (CertRecord) mCA.getCertificateRepository()
- .readCertificateRecord(serialno);
+ CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialno);
if (certRec == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND",
- serialno.toString(16)));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CANT_FIND_CERT_SERIAL",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialno.toString(16)));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
"0x" + serialno.toString(16)));
}
RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo();
@@ -1014,8 +993,8 @@ public class CAService implements ICAService, IService {
exts = revInfo.getCRLEntryExtensions();
if (exts != null) {
try {
- reasonext = (CRLReasonExtension) exts
- .get(CRLReasonExtension.NAME);
+ reasonext = (CRLReasonExtension)
+ exts.get(CRLReasonExtension.NAME);
} catch (X509ExtensionException e) {
// this means no crl reason extension set.
}
@@ -1023,18 +1002,16 @@ public class CAService implements ICAService, IService {
// allow revoking certs that are on hold.
String certStatus = certRec.getStatus();
- if (certStatus.equals(ICertRecord.STATUS_REVOKED)
- || certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CERT_ALREADY_REVOKED",
+ if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
+ certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_ALREADY_REVOKED",
"0x" + Long.toHexString(serialno.longValue())));
}
try {
- mCA.getCertificateRepository().markAsRevoked(serialno,
- new RevocationInfo(revdate, crlentryexts));
- mCA.log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED",
- serialno.toString(16)));
+ mCA.getCertificateRepository().markAsRevoked(serialno,
+ new RevocationInfo(revdate, crlentryexts));
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED",
+ serialno.toString(16)));
// inform all CRLIssuingPoints about revoked certificate
Enumeration eIPs = mCRLIssuingPoints.elements();
@@ -1047,28 +1024,23 @@ public class CAService implements ICAService, IService {
if (ip.isCACertsOnly()) {
X509CertImpl cert = certRec.getCertificate();
- if (cert != null)
- b = cert.getBasicConstraintsIsCA();
+ if (cert != null) b = cert.getBasicConstraintsIsCA();
}
if (ip.isProfileCertsOnly()) {
MetaInfo metaInfo = certRec.getMetaInfo();
if (metaInfo != null) {
- String profileId = (String) metaInfo
- .get("profileId");
+ String profileId = (String)metaInfo.get("profileId");
if (profileId != null) {
b = ip.checkCurrentProfile(profileId);
}
}
}
- if (b)
- ip.addRevokedCert(serialno, crlentry, requestId);
+ if (b) ip.addRevokedCert(serialno, crlentry, requestId);
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION",
- serialno.toString(), e.toString()));
- // e.printStackTrace();
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION", serialno.toString(), e.toString()));
+ //e.printStackTrace();
throw e;
}
return;
@@ -1077,21 +1049,19 @@ public class CAService implements ICAService, IService {
/**
* unrevoke cert, check serial number, etc.
*/
- void unrevokeCert(BigInteger serialNo) throws EBaseException {
+ void unrevokeCert(BigInteger serialNo)
+ throws EBaseException {
unrevokeCert(serialNo, null);
}
void unrevokeCert(BigInteger serialNo, String requestId)
- throws EBaseException {
- CertRecord certRec = (CertRecord) mCA.getCertificateRepository()
- .readCertificateRecord(serialNo);
+ throws EBaseException {
+ CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialNo);
if (certRec == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND",
- serialNo.toString(16)));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CANT_FIND_CERT_SERIAL",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialNo.toString(16)));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
"0x" + serialNo.toString(16)));
}
RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo();
@@ -1099,42 +1069,34 @@ public class CAService implements ICAService, IService {
CRLReasonExtension reasonext = null;
if (revInfo == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
- serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
exts = revInfo.getCRLEntryExtensions();
if (exts != null) {
try {
- reasonext = (CRLReasonExtension) exts
- .get(CRLReasonExtension.NAME);
+ reasonext = (CRLReasonExtension)
+ exts.get(CRLReasonExtension.NAME);
} catch (X509ExtensionException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
- serialNo.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_IS_NOT_ON_HOLD", serialNo.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ serialNo.toString()));
}
} else {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
- serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
// allow unrevoking certs that are on hold.
- if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) || certRec
- .getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))
- && reasonext != null
- && reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) {
+ if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) ||
+ certRec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED)) &&
+ reasonext != null &&
+ reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) {
try {
mCA.getCertificateRepository().unmarkRevoked(serialNo, revInfo,
- certRec.getRevokedOn(), certRec.getRevokedBy());
- mCA.log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED",
- serialNo.toString(16)));
+ certRec.getRevokedOn(), certRec.getRevokedBy());
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", serialNo.toString(16)));
// inform all CRLIssuingPoints about unrevoked certificate
Enumeration eIPs = mCRLIssuingPoints.elements();
@@ -1147,34 +1109,27 @@ public class CAService implements ICAService, IService {
if (ip.isCACertsOnly()) {
X509CertImpl cert = certRec.getCertificate();
- if (cert != null)
- b = cert.getBasicConstraintsIsCA();
+ if (cert != null) b = cert.getBasicConstraintsIsCA();
}
if (ip.isProfileCertsOnly()) {
MetaInfo metaInfo = certRec.getMetaInfo();
if (metaInfo != null) {
- String profileId = (String) metaInfo
- .get("profileId");
+ String profileId = (String)metaInfo.get("profileId");
if (profileId != null) {
b = ip.checkCurrentProfile(profileId);
}
}
}
- if (b)
- ip.addUnrevokedCert(serialNo, requestId);
+ if (b) ip.addUnrevokedCert(serialNo, requestId);
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_ERROR_UNREVOKE",
- serialNo.toString(16)));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ERROR_UNREVOKE", serialNo.toString(16)));
throw e;
}
} else {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
- serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
"0x" + serialNo.toString(16)));
}
@@ -1183,10 +1138,10 @@ public class CAService implements ICAService, IService {
/**
* Signed Audit Log
- *
+ *
* This method is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
private void audit(String msg) {
@@ -1197,17 +1152,20 @@ public class CAService implements ICAService, IService {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
- ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is called to obtain the "SubjectID" for a signed audit log
- * message.
+ *
+ * This method is called to obtain the "SubjectID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
private String auditSubjectID() {
@@ -1222,7 +1180,8 @@ public class CAService implements ICAService, IService {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String) auditContext.get(SessionContext.USER_ID);
+ subjectID = (String)
+ auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -1238,11 +1197,11 @@ public class CAService implements ICAService, IService {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for a signed audit log
- * message.
+ *
+ * This method is called to obtain the "RequesterID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message RequesterID
*/
private String auditRequesterID() {
@@ -1257,8 +1216,8 @@ public class CAService implements ICAService, IService {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- requesterID = (String) auditContext
- .get(SessionContext.REQUESTER_ID);
+ requesterID = (String)
+ auditContext.get(SessionContext.REQUESTER_ID);
if (requesterID != null) {
requesterID = requesterID.trim();
@@ -1273,14 +1232,16 @@ public class CAService implements ICAService, IService {
}
}
-// /
-// / servant classes
-// /
+
+///
+/// servant classes
+///
interface IServant {
public boolean service(IRequest request) throws EBaseException;
}
+
class serviceIssue implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1290,8 +1251,9 @@ class serviceIssue implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
- // XXX This is ugly. should associate attributes with
+ public boolean service(IRequest request)
+ throws EBaseException {
+ // XXX This is ugly. should associate attributes with
// request types, not policy.
// XXX how do we know what to look for in request ?
@@ -1300,23 +1262,21 @@ class serviceIssue implements IServant {
else
return false; // Don't know what it is ?????
}
-
- public boolean serviceX509(IRequest request) throws EBaseException {
- // XXX This is ugly. should associate attributes with
+
+ public boolean serviceX509(IRequest request)
+ throws EBaseException {
+ // XXX This is ugly. should associate attributes with
// request types, not policy.
// XXX how do we know what to look for in request ?
- X509CertInfo certinfos[] = request
- .getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certinfos[] =
+ request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certinfos == null || certinfos[0] == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId()
- .toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ"));
}
- String challengePassword = request
- .getExtDataInString(CAService.CHALLENGE_PHRASE);
+ String challengePassword =
+ request.getExtDataInString(CAService.CHALLENGE_PHRASE);
X509CertImpl[] certs = new X509CertImpl[certinfos.length];
String rid = request.getRequestId().toString();
@@ -1326,9 +1286,7 @@ class serviceIssue implements IServant {
try {
certs[i] = mService.issueX509Cert(rid, certinfos[i]);
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR",
- Integer.toString(i), rid, e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR", Integer.toString(i), rid, e.toString()));
throw e;
}
}
@@ -1337,31 +1295,25 @@ class serviceIssue implements IServant {
for (i = 0; i < certs.length; i++) {
try {
- mService.storeX509Cert(rid, certs[i], crmfReqId,
- challengePassword);
+ mService.storeX509Cert(rid, certs[i], crmfReqId, challengePassword);
} catch (EBaseException e) {
e.printStackTrace();
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_STORE_ERROR",
- Integer.toString(i), rid, e.toString()));
- ex = e; // save to throw later.
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_STORE_ERROR", Integer.toString(i), rid, e.toString()));
+ ex = e; // save to throw later.
break;
}
}
if (ex != null) {
for (int j = 0; j < i; j++) {
- // delete the stored cert records from the database.
- // we issue all or nothing.
- BigInteger serialNo = ((X509Certificate) certs[i])
- .getSerialNumber();
+ // delete the stored cert records from the database.
+ // we issue all or nothing.
+ BigInteger serialNo =
+ ((X509Certificate) certs[i]).getSerialNumber();
try {
- mCA.getCertificateRepository().deleteCertificateRecord(
- serialNo);
+ mCA.getCertificateRepository().deleteCertificateRecord(serialNo);
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_DELETE_CERT_ERROR",
- serialNo.toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", serialNo.toString(), e.toString()));
}
}
throw ex;
@@ -1373,6 +1325,7 @@ class serviceIssue implements IServant {
}
}
+
class serviceRenewal implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1382,15 +1335,14 @@ class serviceRenewal implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
// XXX if one fails should all fail ? - can't backtrack.
- X509CertInfo certinfos[] = request
- .getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certinfos[] =
+ request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certinfos == null || certinfos[0] == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId()
- .toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
@@ -1410,37 +1362,31 @@ class serviceRenewal implements IServant {
SerialNumber serialnum = null;
try {
- CertificateSerialNumber serialno = (CertificateSerialNumber) certinfos[i]
- .get(X509CertInfo.SERIAL_NUMBER);
+ CertificateSerialNumber serialno = (CertificateSerialNumber)
+ certinfos[i].get(X509CertInfo.SERIAL_NUMBER);
if (serialno == null) {
- mCA.log(ILogger.LL_FAILURE, CMS
- .getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
- serialnum = (SerialNumber) serialno
- .get(CertificateSerialNumber.NUMBER);
+ serialnum = (SerialNumber)
+ serialno.get(CertificateSerialNumber.NUMBER);
} catch (IOException e) {
if (Debug.ON)
e.printStackTrace();
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT",
- e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", e.toString()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
} catch (CertificateException e) {
if (Debug.ON)
e.printStackTrace();
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT",
- e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", e.toString()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
if (serialnum == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", ""));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", ""));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
@@ -1448,30 +1394,26 @@ class serviceRenewal implements IServant {
BigInteger oldSerialNo = serialnumBigInt.toBigInteger();
// get cert record
- CertRecord certRecord = (CertRecord) mCA
- .getCertificateRepository().readCertificateRecord(
- oldSerialNo);
+ CertRecord certRecord = (CertRecord)
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
if (certRecord == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString()));
- svcerrors[i] = new ECAException(CMS.getUserMessage(
- "CMS_CA_CANT_FIND_CERT_SERIAL",
- oldSerialNo.toString())).toString();
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString()));
+ svcerrors[i] = new ECAException(
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ oldSerialNo.toString())).toString();
continue;
}
- // check if cert has been revoked.
+ // check if cert has been revoked.
String certStatus = certRecord.getStatus();
- if (certStatus.equals(ICertRecord.STATUS_REVOKED)
- || certStatus
- .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString()));
- svcerrors[i] = new ECAException(CMS.getUserMessage(
- "CMS_CA_CANNOT_RENEW_REVOKED_CERT", "0x"
- + oldSerialNo.toString(16))).toString();
+ if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
+ certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString()));
+ svcerrors[i] = new ECAException(
+ CMS.getUserMessage("CMS_CA_CANNOT_RENEW_REVOKED_CERT",
+ "0x" + oldSerialNo.toString(16))).toString();
continue;
}
@@ -1479,87 +1421,75 @@ class serviceRenewal implements IServant {
MetaInfo metaInfo = certRecord.getMetaInfo();
if (metaInfo != null) {
- String renewed = (String) metaInfo
- .get(ICertRecord.META_RENEWED_CERT);
+ String renewed = (String)
+ metaInfo.get(ICertRecord.META_RENEWED_CERT);
if (renewed != null) {
BigInteger serial = new BigInteger(renewed);
- X509CertImpl cert = (X509CertImpl) mCA
- .getCertificateRepository().getX509Certificate(
- serial);
+ X509CertImpl cert = (X509CertImpl)
+ mCA.getCertificateRepository().getX509Certificate(serial);
if (cert == null) {
- // something wrong
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_MISSING_RENEWED",
- serial.toString()));
- svcerrors[i] = new ECAException(CMS.getUserMessage(
- "CMS_CA_ERROR_GETTING_RENEWED_CERT",
- oldSerialNo.toString(), serial.toString()))
- .toString();
+ // something wrong
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_RENEWED", serial.toString()));
+ svcerrors[i] = new ECAException(
+ CMS.getUserMessage("CMS_CA_ERROR_GETTING_RENEWED_CERT",
+ oldSerialNo.toString(), serial.toString())).toString();
continue;
}
// get cert record
- CertRecord cRecord = (CertRecord) mCA
- .getCertificateRepository()
- .readCertificateRecord(serial);
+ CertRecord cRecord = (CertRecord)
+ mCA.getCertificateRepository().readCertificateRecord(serial);
if (cRecord == null) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA",
- serial.toString()));
- svcerrors[i] = new ECAException(CMS.getUserMessage(
- "CMS_CA_CANT_FIND_CERT_SERIAL",
- serial.toString())).toString();
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", serial.toString()));
+ svcerrors[i] = new ECAException(
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ serial.toString())).toString();
continue;
}
// Check renewed certificate already REVOKED or EXPIRED
String status = cRecord.getStatus();
- if (status.equals(ICertRecord.STATUS_REVOKED)
- || status
- .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ if (status.equals(ICertRecord.STATUS_REVOKED) ||
+ status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
Debug.trace("It is already revoked or Expired !!!");
- } // it is still new ... So just return this certificate
- // to user
- else {
+ } // it is still new ... So just return this certificate to user
+ else {
Debug.trace("It is still new !!!");
issuedCerts[i] = cert;
continue;
- }
+ }
}
}
// issue the cert.
- issuedCerts[i] = mService.issueX509Cert(rid, certinfos[i],
- true, oldSerialNo);
+ issuedCerts[i] =
+ mService.issueX509Cert(rid, certinfos[i], true, oldSerialNo);
mService.storeX509Cert(rid, issuedCerts[i], true, oldSerialNo);
} catch (ECAException e) {
svcerrors[i] = e.toString();
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request
- .getRequestId().toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request.getRequestId().toString()));
}
}
-
+
// always set issued certs regardless of error.
request.setExtData(IRequest.ISSUED_CERTS, issuedCerts);
// set and throw error if any.
int l;
- for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--)
- ;
+ for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--);
if (l >= 0) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_NO_RENEW", request.getRequestId().toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_RENEW", request.getRequestId().toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_RENEW_FAILED"));
}
return true;
}
}
+
class getCertsForChallenge implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1569,20 +1499,21 @@ class getCertsForChallenge implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
- BigInteger[] serialNoArray = request
- .getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY);
- X509CertImpl[] certs = new X509CertImpl[serialNoArray.length];
+ public boolean service(IRequest request)
+ throws EBaseException {
+ BigInteger[] serialNoArray =
+ request.getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY);
+ X509CertImpl[] certs = new X509CertImpl[serialNoArray.length];
for (int i = 0; i < serialNoArray.length; i++) {
- certs[i] = mCA.getCertificateRepository().getX509Certificate(
- serialNoArray[i]);
+ certs[i] = mCA.getCertificateRepository().getX509Certificate(serialNoArray[i]);
}
request.setExtData(IRequest.OLD_CERTS, certs);
return true;
}
}
+
class getCertStatus implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1595,8 +1526,8 @@ class getCertStatus implements IServant {
public boolean service(IRequest request) throws EBaseException {
BigInteger serialno = request.getExtDataInBigInteger("serialNumber");
String issuerDN = request.getExtDataInString("issuerDN");
- CertificateRepository certDB = (CertificateRepository) mCA
- .getCertificateRepository();
+ CertificateRepository certDB = (CertificateRepository)
+ mCA.getCertificateRepository();
String status = null;
@@ -1621,12 +1552,13 @@ class getCertStatus implements IServant {
}
}
}
-
+
request.setExtData(IRequest.CERT_STATUS, status);
return true;
}
}
+
class serviceCheckChallenge implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1638,18 +1570,18 @@ class serviceCheckChallenge implements IServant {
try {
mSHADigest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
}
- public boolean service(IRequest request) throws EBaseException {
- // note: some request attributes used below are set in
- // authentication/ChallengePhraseAuthentication.java :(
+ public boolean service(IRequest request)
+ throws EBaseException {
+ // note: some request attributes used below are set in
+ // authentication/ChallengePhraseAuthentication.java :(
BigInteger serialno = request.getExtDataInBigInteger("serialNumber");
- String pwd = request.getExtDataInString(CAService.CHALLENGE_PHRASE);
- CertificateRepository certDB = (CertificateRepository) mCA
- .getCertificateRepository();
+ String pwd = request.getExtDataInString(
+ CAService.CHALLENGE_PHRASE);
+ CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
BigInteger[] bigIntArray = null;
if (serialno != null) {
@@ -1673,16 +1605,14 @@ class serviceCheckChallenge implements IServant {
} else {
bigIntArray = new BigInteger[0];
}
- } else
+ } else
bigIntArray = new BigInteger[0];
} else {
String subjectName = request.getExtDataInString("subjectName");
if (subjectName != null) {
- String filter = "(&(x509cert.subject=" + subjectName
- + ")(certStatus=VALID))";
- ICertRecordList list = certDB.findCertRecordsInList(filter,
- null, 10);
+ String filter = "(&(x509cert.subject=" + subjectName + ")(certStatus=VALID))";
+ ICertRecordList list = certDB.findCertRecordsInList(filter, null, 10);
int size = list.getSize();
Enumeration en = list.getCertRecords(0, size - 1);
@@ -1707,7 +1637,7 @@ class serviceCheckChallenge implements IServant {
}
}
- if (bigIntArray == null)
+ if (bigIntArray == null)
bigIntArray = new BigInteger[0];
request.setExtData(CAService.SERIALNO_ARRAY, bigIntArray);
@@ -1715,19 +1645,18 @@ class serviceCheckChallenge implements IServant {
}
private boolean compareChallengePassword(CertRecord record, String pwd)
- throws EBaseException {
+ throws EBaseException {
MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
if (metaInfo == null) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_ATTRIBUTE", "metaInfo"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "metaInfo"));
}
String hashpwd = hashPassword(pwd);
// got metaInfo
- String challengeString = (String) metaInfo
- .get(CertRecord.META_CHALLENGE_PHRASE);
+ String challengeString =
+ (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
if (!challengeString.equals(hashpwd)) {
return false;
@@ -1744,6 +1673,7 @@ class serviceCheckChallenge implements IServant {
}
}
+
class serviceRevoke implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1753,35 +1683,32 @@ class serviceRevoke implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
boolean sendStatus = true;
// XXX Need to think passing as array.
- // XXX every implemented according to servlet.
- RevokedCertImpl crlentries[] = request
- .getExtDataInRevokedCertArray(IRequest.CERT_INFO);
-
- if (crlentries == null || crlentries.length == 0
- || crlentries[0] == null) {
- // XXX should this be an error ?
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId()
- .toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ"));
+ // XXX every implemented according to servlet.
+ RevokedCertImpl crlentries[] =
+ request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+
+ if (crlentries == null ||
+ crlentries.length == 0 ||
+ crlentries[0] == null) {
+ // XXX should this be an error ?
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId().toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ"));
}
- RevokedCertImpl revokedCerts[] = new RevokedCertImpl[crlentries.length];
+ RevokedCertImpl revokedCerts[] =
+ new RevokedCertImpl[crlentries.length];
String svcerrors[] = null;
for (int i = 0; i < crlentries.length; i++) {
try {
- mService.revokeCert(crlentries[i], request.getRequestId()
- .toString());
+ mService.revokeCert(crlentries[i], request.getRequestId().toString());
revokedCerts[i] = crlentries[i];
} catch (ECAException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i),
- request.getRequestId().toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i), request.getRequestId().toString(), e.toString()));
revokedCerts[i] = null;
if (svcerrors == null) {
svcerrors = new String[revokedCerts.length];
@@ -1796,7 +1723,8 @@ class serviceRevoke implements IServant {
// if clone ca, send revoked cert records to CLA
if (CAService.mCLAConnector != null) {
CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED"));
- BigInteger revokedCertIds[] = new BigInteger[revokedCerts.length];
+ BigInteger revokedCertIds[] =
+ new BigInteger[revokedCerts.length];
for (int i = 0; i < revokedCerts.length; i++) {
revokedCertIds[i] = revokedCerts[i].getSerialNumber();
@@ -1804,18 +1732,16 @@ class serviceRevoke implements IServant {
request.deleteExtData(IRequest.CERT_INFO);
request.deleteExtData(IRequest.OLD_CERTS);
request.setExtData(IRequest.REVOKED_CERT_RECORDS, revokedCertIds);
-
- CMS.debug(CMS
- .getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR"));
+
+ CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR"));
request.setRequestType(IRequest.CLA_CERT4CRL_REQUEST);
sendStatus = CAService.mCLAConnector.send(request);
if (sendStatus == false) {
- request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
- request.setExtData(
- IRequest.ERROR,
- new ECAException(CMS
- .getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
+ request.setExtData(IRequest.RESULT,
+ IRequest.RES_ERROR);
+ request.setExtData(IRequest.ERROR,
+ new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
return sendStatus;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
@@ -1841,6 +1767,7 @@ class serviceRevoke implements IServant {
}
}
+
class serviceUnrevoke implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1850,22 +1777,21 @@ class serviceUnrevoke implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
boolean sendStatus = true;
- BigInteger oldSerialNo[] = request
- .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ BigInteger oldSerialNo[] =
+ request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo == null || oldSerialNo.length < 1) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER"));
}
String svcerrors[] = null;
boolean needOldCerts = false;
- X509CertImpl oldCerts[] = request
- .getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl oldCerts[] = request.getExtDataInCertArray(IRequest.OLD_CERTS);
if (oldCerts == null || oldCerts.length < 1) {
needOldCerts = true;
@@ -1875,25 +1801,19 @@ class serviceUnrevoke implements IServant {
for (int i = 0; i < oldSerialNo.length; i++) {
try {
if (oldSerialNo[i].compareTo(new BigInteger("0")) < 0) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER"));
}
if (needOldCerts) {
- CertRecord certRec = (CertRecord) mCA
- .getCertificateRepository().readCertificateRecord(
- oldSerialNo[i]);
+ CertRecord certRec = (CertRecord)
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo[i]);
oldCerts[i] = certRec.getCertificate();
}
- mService.unrevokeCert(oldSerialNo[i], request.getRequestId()
- .toString());
+ mService.unrevokeCert(oldSerialNo[i], request.getRequestId().toString());
} catch (ECAException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_UNREVOKE_FAILED",
- oldSerialNo[i].toString(), request.getRequestId()
- .toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_FAILED", oldSerialNo[i].toString(), request.getRequestId().toString()));
if (svcerrors == null) {
svcerrors = new String[oldSerialNo.length];
}
@@ -1906,11 +1826,10 @@ class serviceUnrevoke implements IServant {
request.setRequestType(IRequest.CLA_UNCERT4CRL_REQUEST);
sendStatus = CAService.mCLAConnector.send(request);
if (sendStatus == false) {
- request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
- request.setExtData(
- IRequest.ERROR,
- new ECAException(CMS
- .getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
+ request.setExtData(IRequest.RESULT,
+ IRequest.RES_ERROR);
+ request.setExtData(IRequest.ERROR,
+ new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
return sendStatus;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
@@ -1934,6 +1853,7 @@ class serviceUnrevoke implements IServant {
}
}
+
class serviceGetCAChain implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1957,6 +1877,7 @@ class serviceGetCAChain implements IServant {
}
}
+
class serviceGetCRL implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1966,37 +1887,33 @@ class serviceGetCRL implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
try {
- ICRLIssuingPointRecord crlRec = (ICRLIssuingPointRecord) mCA
- .getCRLRepository().readCRLIssuingPointRecord(
- ICertificateAuthority.PROP_MASTER_CRL);
+ ICRLIssuingPointRecord crlRec =
+ (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(ICertificateAuthority.PROP_MASTER_CRL);
X509CRLImpl crl = new X509CRLImpl(crlRec.getCRL());
request.setExtData(IRequest.CRL, crl.getEncoded());
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_GETCRL_FIND_CRL"));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_FIND_CRL"));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString()));
} catch (CRLException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_GETCRL_INST_CRL",
- ICertificateAuthority.PROP_MASTER_CRL));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CRL_ISSUEPT_NOGOOD",
- ICertificateAuthority.PROP_MASTER_CRL));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_INST_CRL", ICertificateAuthority.PROP_MASTER_CRL));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOGOOD", ICertificateAuthority.PROP_MASTER_CRL));
} catch (X509ExtensionException e) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC"));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CRL_ISSUEPT_EXT_NOGOOD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC"));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_EXT_NOGOOD",
ICertificateAuthority.PROP_MASTER_CRL));
}
return true;
}
}
+
class serviceGetRevocationInfo implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -2006,20 +1923,20 @@ class serviceGetRevocationInfo implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
Enumeration enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
if (name.equals(IRequest.ISSUED_CERTS)) {
- X509CertImpl certsToCheck[] = request
- .getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl certsToCheck[] =
+ request.getExtDataInCertArray(IRequest.ISSUED_CERTS);
- CertificateRepository certDB = (CertificateRepository) mCA
- .getCertificateRepository();
- RevocationInfo info = certDB
- .isCertificateRevoked(certsToCheck[0]);
+ CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
+ RevocationInfo info =
+ certDB.isCertificateRevoked(certsToCheck[0]);
if (info != null) {
RevokedCertImpl revokedCerts[] = new RevokedCertImpl[1];
@@ -2037,6 +1954,7 @@ class serviceGetRevocationInfo implements IServant {
}
}
+
class serviceGetCertificates implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -2046,18 +1964,17 @@ class serviceGetCertificates implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
Enumeration enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
if (name.equals(IRequest.CERT_FILTER)) {
- String filter = request
- .getExtDataInString(IRequest.CERT_FILTER);
+ String filter = request.getExtDataInString(IRequest.CERT_FILTER);
- CertificateRepository certDB = (CertificateRepository) mCA
- .getCertificateRepository();
+ CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
X509CertImpl[] certs = certDB.getX509Certificates(filter);
if (certs != null) {
@@ -2069,6 +1986,7 @@ class serviceGetCertificates implements IServant {
}
}
+
class serviceCert4Crl implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -2078,44 +1996,42 @@ class serviceCert4Crl implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
// XXX Need to think passing as array.
- // XXX every implemented according to servlet.
- BigInteger revokedCertIds[] = request
- .getExtDataInBigIntegerArray(IRequest.REVOKED_CERT_RECORDS);
- if (revokedCertIds == null || revokedCertIds.length == 0) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId()
- .toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
+ // XXX every implemented according to servlet.
+ BigInteger revokedCertIds[] = request.getExtDataInBigIntegerArray(
+ IRequest.REVOKED_CERT_RECORDS);
+ if (revokedCertIds == null ||
+ revokedCertIds.length == 0) {
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
}
CertRecord revokedCertRecs[] = new CertRecord[revokedCertIds.length];
for (int i = 0; i < revokedCertIds.length; i++) {
- revokedCertRecs[i] = (CertRecord) mCA.getCertificateRepository()
- .readCertificateRecord(revokedCertIds[i]);
+ revokedCertRecs[i] = (CertRecord)
+ mCA.getCertificateRepository().readCertificateRecord(
+ revokedCertIds[i]);
}
- if (revokedCertRecs == null || revokedCertRecs.length == 0
- || revokedCertRecs[0] == null) {
- // XXX should this be an error ?
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId()
- .toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
+ if (revokedCertRecs == null ||
+ revokedCertRecs.length == 0 ||
+ revokedCertRecs[0] == null) {
+ // XXX should this be an error ?
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
}
- CertRecord recordedCerts[] = new CertRecord[revokedCertRecs.length];
+ CertRecord recordedCerts[] =
+ new CertRecord[revokedCertRecs.length];
String svcerrors[] = null;
for (int i = 0; i < revokedCertRecs.length; i++) {
try {
// for CLA, record it into cert repost
- ((CertificateRepository) mCA.getCertificateRepository())
- .addRevokedCertRecord(revokedCertRecs[i]);
- // mService.revokeCert(crlentries[i]);
+ ((CertificateRepository) mCA.getCertificateRepository()).addRevokedCertRecord(revokedCertRecs[i]);
+ // mService.revokeCert(crlentries[i]);
recordedCerts[i] = revokedCertRecs[i];
// inform all CRLIssuingPoints about revoked certificate
Hashtable hips = mService.getCRLIssuingPoints();
@@ -2124,20 +2040,17 @@ class serviceCert4Crl implements IServant {
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
// form RevokedCertImpl
- RevokedCertImpl rci = new RevokedCertImpl(
- revokedCertRecs[i].getSerialNumber(),
+ RevokedCertImpl rci =
+ new RevokedCertImpl(revokedCertRecs[i].getSerialNumber(),
revokedCertRecs[i].getRevokedOn());
if (ip != null) {
- ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(),
- rci);
+ ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(), rci);
}
}
} catch (ECAException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i),
- request.getRequestId().toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i), request.getRequestId().toString(), e.toString()));
recordedCerts[i] = null;
if (svcerrors == null) {
svcerrors = new String[recordedCerts.length];
@@ -2145,8 +2058,8 @@ class serviceCert4Crl implements IServant {
svcerrors[i] = e.toString();
}
}
- // need to record which gets recorded and which failed...cfu
- // request.set(IRequest.REVOKED_CERTS, revokedCerts);
+ //need to record which gets recorded and which failed...cfu
+ // request.set(IRequest.REVOKED_CERTS, revokedCerts);
if (svcerrors != null) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
throw new ECAException(CMS.getUserMessage("CMS_CA_CERT4CRL_FAILED"));
@@ -2156,6 +2069,7 @@ class serviceCert4Crl implements IServant {
}
}
+
class serviceUnCert4Crl implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -2165,13 +2079,13 @@ class serviceUnCert4Crl implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request) throws EBaseException {
- BigInteger oldSerialNo[] = request
- .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ public boolean service(IRequest request)
+ throws EBaseException {
+ BigInteger oldSerialNo[] =
+ request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo == null || oldSerialNo.length < 1) {
- mCA.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER"));
}
@@ -2180,8 +2094,7 @@ class serviceUnCert4Crl implements IServant {
for (int i = 0; i < oldSerialNo.length; i++) {
try {
- mCA.getCertificateRepository().deleteCertificateRecord(
- oldSerialNo[i]);
+ mCA.getCertificateRepository().deleteCertificateRecord(oldSerialNo[i]);
// inform all CRLIssuingPoints about unrevoked certificate
Hashtable hips = mService.getCRLIssuingPoints();
Enumeration eIPs = hips.elements();
@@ -2194,9 +2107,7 @@ class serviceUnCert4Crl implements IServant {
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_DELETE_CERT_ERROR",
- oldSerialNo[i].toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", oldSerialNo[i].toString(), e.toString()));
if (svcerrors == null) {
svcerrors = new String[oldSerialNo.length];
}
@@ -2207,10 +2118,10 @@ class serviceUnCert4Crl implements IServant {
if (svcerrors != null) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_UNCERT4CRL_FAILED"));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_UNCERT4CRL_FAILED"));
}
return true;
}
}
+
diff --git a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
index 8b06486ff..51d034179 100644
--- a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
+++ b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -55,6 +56,7 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.crl.CMSIssuingDistributionPointExtension;
import com.netscape.cmscore.base.SubsystemRegistry;
+
public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_ENABLE = "enable";
public static final String PROP_EXTENSION = "extension";
@@ -63,7 +65,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_CRITICAL = "critical";
public static final String PROP_CRL_EXT = "CRLExtension";
public static final String PROP_CRL_ENTRY_EXT = "CRLEntryExtension";
-
+
private ICRLIssuingPoint mCRLIssuingPoint = null;
private IConfigStore mConfig = null;
@@ -88,110 +90,101 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
static {
/* Default CRL Extensions */
- mDefaultCRLExtensionNames
- .addElement(AuthorityKeyIdentifierExtension.NAME);
- mDefaultCRLExtensionNames
- .addElement(IssuerAlternativeNameExtension.NAME);
+ mDefaultCRLExtensionNames.addElement(AuthorityKeyIdentifierExtension.NAME);
+ mDefaultCRLExtensionNames.addElement(IssuerAlternativeNameExtension.NAME);
mDefaultCRLExtensionNames.addElement(CRLNumberExtension.NAME);
mDefaultCRLExtensionNames.addElement(DeltaCRLIndicatorExtension.NAME);
- mDefaultCRLExtensionNames
- .addElement(IssuingDistributionPointExtension.NAME);
+ mDefaultCRLExtensionNames.addElement(IssuingDistributionPointExtension.NAME);
mDefaultCRLExtensionNames.addElement(FreshestCRLExtension.NAME);
mDefaultCRLExtensionNames.addElement(AuthInfoAccessExtension.NAME2);
/* Default CRL Entry Extensions */
mDefaultCRLEntryExtensionNames.addElement(CRLReasonExtension.NAME);
- // mDefaultCRLEntryExtensionNames.addElement(HoldInstructionExtension.NAME);
+ //mDefaultCRLEntryExtensionNames.addElement(HoldInstructionExtension.NAME);
mDefaultCRLEntryExtensionNames.addElement(InvalidityDateExtension.NAME);
- // mDefaultCRLEntryExtensionNames.addElement(CertificateIssuerExtension.NAME);
+ //mDefaultCRLEntryExtensionNames.addElement(CertificateIssuerExtension.NAME);
/* Default Enabled CRL Extensions */
mDefaultEnabledCRLExtensions.addElement(CRLNumberExtension.NAME);
- // mDefaultEnabledCRLExtensions.addElement(DeltaCRLIndicatorExtension.NAME);
+ //mDefaultEnabledCRLExtensions.addElement(DeltaCRLIndicatorExtension.NAME);
mDefaultEnabledCRLExtensions.addElement(CRLReasonExtension.NAME);
mDefaultEnabledCRLExtensions.addElement(InvalidityDateExtension.NAME);
/* Default Critical CRL Extensions */
- mDefaultCriticalCRLExtensions
- .addElement(DeltaCRLIndicatorExtension.NAME);
- mDefaultCriticalCRLExtensions
- .addElement(IssuingDistributionPointExtension.NAME);
- // mDefaultCriticalCRLExtensions.addElement(CertificateIssuerExtension.NAME);
+ mDefaultCriticalCRLExtensions.addElement(DeltaCRLIndicatorExtension.NAME);
+ mDefaultCriticalCRLExtensions.addElement(IssuingDistributionPointExtension.NAME);
+ //mDefaultCriticalCRLExtensions.addElement(CertificateIssuerExtension.NAME);
/* CRL extension IDs */
mDefaultCRLExtensionIDs.put(PKIXExtensions.AuthorityKey_Id.toString(),
- AuthorityKeyIdentifierExtension.NAME);
- mDefaultCRLExtensionIDs.put(
- PKIXExtensions.IssuerAlternativeName_Id.toString(),
- IssuerAlternativeNameExtension.NAME);
+ AuthorityKeyIdentifierExtension.NAME);
+ mDefaultCRLExtensionIDs.put(PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ IssuerAlternativeNameExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.CRLNumber_Id.toString(),
- CRLNumberExtension.NAME);
- mDefaultCRLExtensionIDs.put(
- PKIXExtensions.DeltaCRLIndicator_Id.toString(),
- DeltaCRLIndicatorExtension.NAME);
- mDefaultCRLExtensionIDs.put(
- PKIXExtensions.IssuingDistributionPoint_Id.toString(),
- IssuingDistributionPointExtension.NAME);
+ CRLNumberExtension.NAME);
+ mDefaultCRLExtensionIDs.put(PKIXExtensions.DeltaCRLIndicator_Id.toString(),
+ DeltaCRLIndicatorExtension.NAME);
+ mDefaultCRLExtensionIDs.put(PKIXExtensions.IssuingDistributionPoint_Id.toString(),
+ IssuingDistributionPointExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.ReasonCode_Id.toString(),
- CRLReasonExtension.NAME);
- mDefaultCRLExtensionIDs.put(
- PKIXExtensions.HoldInstructionCode_Id.toString(),
- HoldInstructionExtension.NAME);
- mDefaultCRLExtensionIDs.put(
- PKIXExtensions.InvalidityDate_Id.toString(),
- InvalidityDateExtension.NAME);
- // mDefaultCRLExtensionIDs.put(PKIXExtensions.CertificateIssuer_Id.toString(),
- // CertificateIssuerExtension.NAME);
+ CRLReasonExtension.NAME);
+ mDefaultCRLExtensionIDs.put(PKIXExtensions.HoldInstructionCode_Id.toString(),
+ HoldInstructionExtension.NAME);
+ mDefaultCRLExtensionIDs.put(PKIXExtensions.InvalidityDate_Id.toString(),
+ InvalidityDateExtension.NAME);
+ //mDefaultCRLExtensionIDs.put(PKIXExtensions.CertificateIssuer_Id.toString(),
+ // CertificateIssuerExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.FreshestCRL_Id.toString(),
- FreshestCRLExtension.NAME);
+ FreshestCRLExtension.NAME);
mDefaultCRLExtensionIDs.put(AuthInfoAccessExtension.ID.toString(),
- AuthInfoAccessExtension.NAME2);
+ AuthInfoAccessExtension.NAME2);
/* Class names */
- mDefaultCRLExtensionClassNames.put(
- AuthorityKeyIdentifierExtension.NAME,
- "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+ mDefaultCRLExtensionClassNames.put(AuthorityKeyIdentifierExtension.NAME,
+ "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
mDefaultCRLExtensionClassNames.put(IssuerAlternativeNameExtension.NAME,
- "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+ "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
mDefaultCRLExtensionClassNames.put(CRLNumberExtension.NAME,
- "com.netscape.cms.crl.CMSCRLNumberExtension");
+ "com.netscape.cms.crl.CMSCRLNumberExtension");
mDefaultCRLExtensionClassNames.put(DeltaCRLIndicatorExtension.NAME,
- "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
- mDefaultCRLExtensionClassNames.put(
- IssuingDistributionPointExtension.NAME,
- "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+ "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+ mDefaultCRLExtensionClassNames.put(IssuingDistributionPointExtension.NAME,
+ "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
mDefaultCRLExtensionClassNames.put(CRLReasonExtension.NAME,
- "com.netscape.cms.crl.CMSCRLReasonExtension");
+ "com.netscape.cms.crl.CMSCRLReasonExtension");
mDefaultCRLExtensionClassNames.put(HoldInstructionExtension.NAME,
- "com.netscape.cms.crl.CMSHoldInstructionExtension");
+ "com.netscape.cms.crl.CMSHoldInstructionExtension");
mDefaultCRLExtensionClassNames.put(InvalidityDateExtension.NAME,
- "com.netscape.cms.crl.CMSInvalidityDateExtension");
- // mDefaultCRLExtensionClassNames.put(CertificateIssuerExtension.NAME,
- // "com.netscape.cms.crl.CMSCertificateIssuerExtension");
+ "com.netscape.cms.crl.CMSInvalidityDateExtension");
+ //mDefaultCRLExtensionClassNames.put(CertificateIssuerExtension.NAME,
+ // "com.netscape.cms.crl.CMSCertificateIssuerExtension");
mDefaultCRLExtensionClassNames.put(FreshestCRLExtension.NAME,
- "com.netscape.cms.crl.CMSFreshestCRLExtension");
+ "com.netscape.cms.crl.CMSFreshestCRLExtension");
mDefaultCRLExtensionClassNames.put(AuthInfoAccessExtension.NAME2,
- "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
+ "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
try {
OIDMap.addAttribute(DeltaCRLIndicatorExtension.class.getName(),
- DeltaCRLIndicatorExtension.OID,
- DeltaCRLIndicatorExtension.NAME);
+ DeltaCRLIndicatorExtension.OID,
+ DeltaCRLIndicatorExtension.NAME);
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(HoldInstructionExtension.class.getName(),
- HoldInstructionExtension.OID, HoldInstructionExtension.NAME);
+ HoldInstructionExtension.OID,
+ HoldInstructionExtension.NAME);
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(InvalidityDateExtension.class.getName(),
- InvalidityDateExtension.OID, InvalidityDateExtension.NAME);
+ InvalidityDateExtension.OID,
+ InvalidityDateExtension.NAME);
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(FreshestCRLExtension.class.getName(),
- FreshestCRLExtension.OID, FreshestCRLExtension.NAME);
+ FreshestCRLExtension.OID,
+ FreshestCRLExtension.NAME);
} catch (CertificateException e) {
}
}
@@ -199,16 +192,15 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
/**
* Constructs a CRL extensions for CRL issuing point.
*/
- public CMSCRLExtensions(ICRLIssuingPoint crlIssuingPoint,
- IConfigStore config) {
+ public CMSCRLExtensions(ICRLIssuingPoint crlIssuingPoint, IConfigStore config) {
boolean modifiedConfig = false;
- mConfig = config;
+ mConfig = config;
mCRLExtConfig = config.getSubStore(PROP_EXTENSION);
mCRLIssuingPoint = crlIssuingPoint;
- IConfigStore mFileConfig = SubsystemRegistry.getInstance().get("MAIN")
- .getConfigStore();
+ IConfigStore mFileConfig =
+ SubsystemRegistry.getInstance().get("MAIN").getConfigStore();
IConfigStore crlExtConfig = (IConfigStore) mFileConfig;
StringTokenizer st = new StringTokenizer(mCRLExtConfig.getName(), ".");
@@ -220,13 +212,13 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
if (newConfig != null) {
crlExtConfig = newConfig;
}
- }
+ }
if (crlExtConfig != null) {
Enumeration<String> enumExts = crlExtConfig.getSubStoreNames();
while (enumExts.hasMoreElements()) {
- String extName = enumExts.nextElement();
+ String extName = enumExts.nextElement();
IConfigStore extConfig = crlExtConfig.getSubStore(extName);
if (extConfig != null) {
@@ -241,9 +233,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
try {
mFileConfig.commit(true);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
}
}
}
@@ -257,38 +247,26 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mEnabledCRLExtensions.addElement(extName);
}
} catch (EPropertyNotFound e) {
- extConfig.putBoolean(PROP_ENABLE,
- mDefaultEnabledCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultEnabledCRLExtensions.contains(extName)) {
mEnabledCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_NO_ENABLE", extName,
- mDefaultEnabledCRLExtensions.contains(extName) ? "true"
- : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
} catch (EPropertyNotDefined e) {
- extConfig.putBoolean(PROP_ENABLE,
- mDefaultEnabledCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultEnabledCRLExtensions.contains(extName)) {
mEnabledCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_UNDEFINE_ENABLE", extName,
- mDefaultEnabledCRLExtensions.contains(extName) ? "true"
- : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
} catch (EBaseException e) {
- extConfig.putBoolean(PROP_ENABLE,
- mDefaultEnabledCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultEnabledCRLExtensions.contains(extName)) {
mEnabledCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INVALID_ENABLE", extName,
- mDefaultEnabledCRLExtensions.contains(extName) ? "true"
- : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
}
return modifiedConfig;
}
@@ -301,38 +279,26 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mCriticalCRLExtensions.addElement(extName);
}
} catch (EPropertyNotFound e) {
- extConfig.putBoolean(PROP_CRITICAL,
- mDefaultCriticalCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultCriticalCRLExtensions.contains(extName)) {
mCriticalCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_NO_CRITICAL", extName,
- mDefaultEnabledCRLExtensions.contains(extName) ? "true"
- : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
} catch (EPropertyNotDefined e) {
- extConfig.putBoolean(PROP_CRITICAL,
- mDefaultCriticalCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultCriticalCRLExtensions.contains(extName)) {
mCriticalCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_UNDEFINE_CRITICAL", extName,
- mDefaultEnabledCRLExtensions.contains(extName) ? "true"
- : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
} catch (EBaseException e) {
- extConfig.putBoolean(PROP_CRITICAL,
- mDefaultCriticalCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultCriticalCRLExtensions.contains(extName)) {
mCriticalCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INVALID_CRITICAL", extName,
- mDefaultEnabledCRLExtensions.contains(extName) ? "true"
- : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
}
return modifiedConfig;
}
@@ -353,24 +319,18 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
extConfig.putString(PROP_TYPE, PROP_CRL_ENTRY_EXT);
modifiedConfig = true;
mCRLEntryExtensionNames.addElement(extName);
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName,
- PROP_CRL_ENTRY_EXT));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_ENTRY_EXT));
} else if (mDefaultCRLExtensionNames.contains(extName)) {
extConfig.putString(PROP_TYPE, PROP_CRL_EXT);
modifiedConfig = true;
mCRLExtensionNames.addElement(extName);
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName,
- PROP_CRL_EXT));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_EXT));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
}
}
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_UNDEFINE_EXT", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_EXT", extName));
}
} catch (EPropertyNotFound e) {
if (mDefaultCRLEntryExtensionNames.contains(extName)) {
@@ -380,11 +340,9 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
extConfig.putString(PROP_TYPE, PROP_CRL_EXT);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_MISSING_EXT", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_MISSING_EXT", extName));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
}
return modifiedConfig;
}
@@ -399,14 +357,13 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mCRLExtensionClassNames.put(extName, extClass);
try {
- Class<ICMSCRLExtension> crlExtClass = (Class<ICMSCRLExtension>) Class
- .forName(extClass);
+ Class<ICMSCRLExtension> crlExtClass = (Class<ICMSCRLExtension>) Class.forName(extClass);
if (crlExtClass != null) {
- ICMSCRLExtension cmsCRLExt = crlExtClass.newInstance();
+ ICMSCRLExtension cmsCRLExt = crlExtClass.newInstance();
if (cmsCRLExt != null) {
- String id = cmsCRLExt.getCRLExtOID();
+ String id = cmsCRLExt.getCRLExtOID();
if (id != null) {
mCRLExtensionIDs.put(id, extName);
@@ -414,48 +371,37 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
}
} catch (ClassCastException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", extClass,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", extClass, e.toString()));
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", extClass,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", extClass, e.toString()));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", extClass,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", extClass, e.toString()));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", extClass,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", extClass, e.toString()));
}
} else {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mCRLExtensionClassNames.get(extName);
+ extClass = mCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_DEFINED", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_DEFINED", extName));
}
} catch (EPropertyNotFound e) {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mDefaultCRLExtensionClassNames.get(extName);
+ extClass = mDefaultCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_MISSING", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_MISSING", extName));
} catch (EBaseException e) {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mDefaultCRLExtensionClassNames.get(extName);
+ extClass = mDefaultCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_INVALID", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_INVALID", extName));
}
return modifiedConfig;
}
@@ -469,8 +415,9 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public boolean isCRLExtensionEnabled(String extName) {
- return ((mCRLExtensionNames.contains(extName) || mCRLEntryExtensionNames
- .contains(extName)) && mEnabledCRLExtensions.contains(extName));
+ return ((mCRLExtensionNames.contains(extName) ||
+ mCRLEntryExtensionNames.contains(extName)) &&
+ mEnabledCRLExtensions.contains(extName));
}
public boolean isCRLExtensionCritical(String extName) {
@@ -481,7 +428,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
String name = null;
if (mCRLExtensionIDs.containsKey(id)) {
- name = mCRLExtensionIDs.get(id);
+ name = mCRLExtensionIDs.get(id);
}
return name;
}
@@ -491,34 +438,29 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public Vector<String> getCRLEntryExtensionNames() {
- return new Vector<String>(mCRLEntryExtensionNames);
+ return new Vector<String>( mCRLEntryExtensionNames);
}
- public void addToCRLExtensions(CRLExtensions crlExts, String extName,
- Extension ext) {
+ public void addToCRLExtensions(CRLExtensions crlExts, String extName, Extension ext) {
if (mCRLExtensionClassNames.containsKey(extName)) {
- String name = mCRLExtensionClassNames.get(extName);
+ String name = mCRLExtensionClassNames.get(extName);
try {
- Class<ICMSCRLExtension> extClass = (Class<ICMSCRLExtension>) Class
- .forName(name);
+ Class<ICMSCRLExtension > extClass = (Class<ICMSCRLExtension>) Class.forName(name);
if (extClass != null) {
ICMSCRLExtension cmsCRLExt = extClass.newInstance();
if (cmsCRLExt != null) {
if (ext != null) {
- if (isCRLExtensionCritical(extName)
- ^ ext.isCritical()) {
- ext = (Extension) cmsCRLExt
- .setCRLExtensionCriticality(ext,
- isCRLExtensionCritical(extName));
+ if (isCRLExtensionCritical(extName) ^ ext.isCritical()) {
+ ext = (Extension) cmsCRLExt.setCRLExtensionCriticality(
+ ext, isCRLExtensionCritical(extName));
}
} else {
- ext = (Extension) cmsCRLExt.getCRLExtension(
- mCRLExtConfig.getSubStore(extName),
- mCRLIssuingPoint,
- isCRLExtensionCritical(extName));
+ ext = (Extension) cmsCRLExt.getCRLExtension(mCRLExtConfig.getSubStore(extName),
+ mCRLIssuingPoint,
+ isCRLExtensionCritical(extName));
}
if (crlExts != null && ext != null) {
@@ -527,24 +469,15 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
}
} catch (ClassCastException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", name,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", name, e.toString()));
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name, e.toString()));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST",
- name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name, e.toString()));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name, e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_ADD", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_ADD", name, e.toString()));
}
}
}
@@ -552,18 +485,22 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
public NameValuePairs getConfigParams(String id) {
NameValuePairs nvp = null;
- if (mCRLEntryExtensionNames.contains(id)
- || mCRLExtensionNames.contains(id)) {
+ if (mCRLEntryExtensionNames.contains(id) ||
+ mCRLExtensionNames.contains(id)) {
nvp = new NameValuePairs();
/*
- * if (mCRLEntryExtensionNames.contains(id)) {
- * nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLEntryExtension"); }
- * else { nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLExtension"); }
- *
- * if (mCRLEntryExtensionNames.contains(id)) { nvp.add(PROP_TYPE,
- * "CRLEntryExtension"); } else { nvp.add(PROP_TYPE,
- * "CRLExtension"); }
+ if (mCRLEntryExtensionNames.contains(id)) {
+ nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLEntryExtension");
+ } else {
+ nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLExtension");
+ }
+
+ if (mCRLEntryExtensionNames.contains(id)) {
+ nvp.add(PROP_TYPE, "CRLEntryExtension");
+ } else {
+ nvp.add(PROP_TYPE, "CRLExtension");
+ }
*/
if (mEnabledCRLExtensions.contains(id)) {
@@ -578,7 +515,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
if (mCRLExtensionClassNames.containsKey(id)) {
- String name = mCRLExtensionClassNames.get(id);
+ String name = mCRLExtensionClassNames.get(id);
if (name != null) {
@@ -586,26 +523,18 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
Class<?> extClass = Class.forName(name);
if (extClass != null) {
- ICMSCRLExtension cmsCRLExt = (ICMSCRLExtension) extClass
- .newInstance();
+ ICMSCRLExtension cmsCRLExt = (ICMSCRLExtension) extClass.newInstance();
if (cmsCRLExt != null) {
- cmsCRLExt.getConfigParams(
- mCRLExtConfig.getSubStore(id), nvp);
+ cmsCRLExt.getConfigParams(mCRLExtConfig.getSubStore(id), nvp);
}
}
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name, e.toString()));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name, e.toString()));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name, e.toString()));
}
int i = name.lastIndexOf('.');
@@ -623,15 +552,13 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
return nvp;
}
- public void setConfigParams(String id, NameValuePairs nvp,
- IConfigStore config) {
- ICertificateAuthority ca = (ICertificateAuthority) CMS
- .getSubsystem(CMS.SUBSYSTEM_CA);
+ public void setConfigParams(String id, NameValuePairs nvp, IConfigStore config) {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
String ipId = nvp.getValue("id");
- ICRLIssuingPoint ip = null;
- if (ipId != null && ca != null) {
- ip = ca.getCRLIssuingPoint(ipId);
+ ICRLIssuingPoint ip = null;
+ if(ipId != null && ca != null) {
+ ip = ca.getCRLIssuingPoint(ipId);
}
for (int i = 0; i < nvp.size(); i++) {
@@ -640,8 +567,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
String value = p.getValue();
if (name.equals(PROP_ENABLE)) {
- if (!(value.equals(Constants.TRUE) || value
- .equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) ||
+ value.equals(Constants.FALSE))) {
continue;
}
if (value.equals(Constants.TRUE)) {
@@ -655,8 +582,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
if (name.equals(PROP_CRITICAL)) {
- if (!(value.equals(Constants.TRUE) || value
- .equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) ||
+ value.equals(Constants.FALSE))) {
continue;
}
if (value.equals(Constants.TRUE)) {
@@ -668,82 +595,68 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mCriticalCRLExtensions.remove(id);
}
}
- // Sync the onlyContainsCACerts with similar property in
- // CRLIssuingPoint
- // called caCertsOnly.
- if (name.equals(CMSIssuingDistributionPointExtension.PROP_CACERTS)) {
+ //Sync the onlyContainsCACerts with similar property in CRLIssuingPoint
+ //called caCertsOnly.
+ if(name.equals(CMSIssuingDistributionPointExtension.PROP_CACERTS)) {
NameValuePairs crlIssuingPointPairs = null;
boolean crlCACertsOnly = false;
boolean issuingDistPointExtEnabled = false;
- CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip
- .getCRLExtensions();
- if (cmsCRLExtensions != null) {
- issuingDistPointExtEnabled = cmsCRLExtensions
- .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
+ CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip.getCRLExtensions();
+ if(cmsCRLExtensions != null) {
+ issuingDistPointExtEnabled = cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
}
- CMS.debug("issuingDistPointExtEnabled = "
- + issuingDistPointExtEnabled);
+ CMS.debug("issuingDistPointExtEnabled = " + issuingDistPointExtEnabled);
- if (!(value.equals(Constants.TRUE) || value
- .equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) ||
+ value.equals(Constants.FALSE))) {
continue;
}
- // Get value of caCertsOnly from CRLIssuingPoint
- if ((ip != null) && (issuingDistPointExtEnabled == true)) {
+ //Get value of caCertsOnly from CRLIssuingPoint
+ if((ip != null) && (issuingDistPointExtEnabled == true)) {
crlCACertsOnly = ip.isCACertsOnly();
CMS.debug("CRLCACertsOnly is: " + crlCACertsOnly);
crlIssuingPointPairs = new NameValuePairs();
-
+
}
String newValue = "";
boolean modifiedCRLConfig = false;
- // If the CRLCACertsOnly prop is false change it to true to
- // sync.
- if (value.equals(Constants.TRUE)
- && (issuingDistPointExtEnabled == true)) {
- if (crlCACertsOnly == false) {
+ //If the CRLCACertsOnly prop is false change it to true to sync.
+ if(value.equals(Constants.TRUE) && (issuingDistPointExtEnabled == true)) {
+ if(crlCACertsOnly == false) {
CMS.debug(" value = true and CRLCACertsOnly is already false.");
- crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY,
- Constants.TRUE);
+ crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY, Constants.TRUE);
newValue = Constants.TRUE;
ip.updateConfig(crlIssuingPointPairs);
modifiedCRLConfig = true;
}
}
- // If the CRLCACertsOnly prop is true change it to false to
- // sync.
- if (value.equals(Constants.FALSE)
- && (issuingDistPointExtEnabled == true)) {
- crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY,
- Constants.FALSE);
- if (ip != null) {
+ //If the CRLCACertsOnly prop is true change it to false to sync.
+ if(value.equals(Constants.FALSE) && (issuingDistPointExtEnabled == true)) {
+ crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY, Constants.FALSE);
+ if(ip != null) {
ip.updateConfig(crlIssuingPointPairs);
newValue = Constants.FALSE;
modifiedCRLConfig = true;
}
}
-
- if (modifiedCRLConfig == true) {
- // Commit to this CRL IssuingPoint's config store
- ICertificateAuthority CA = (ICertificateAuthority) CMS
- .getSubsystem(CMS.SUBSYSTEM_CA);
+
+ if(modifiedCRLConfig == true) {
+ //Commit to this CRL IssuingPoint's config store
+ ICertificateAuthority CA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
IConfigStore crlsSubStore = CA.getConfigStore();
- crlsSubStore = crlsSubStore
- .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ crlsSubStore = crlsSubStore.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
crlsSubStore = crlsSubStore.getSubStore(ipId);
try {
- crlsSubStore.putString(Constants.PR_CA_CERTS_ONLY,
- newValue);
+ crlsSubStore.putString(Constants.PR_CA_CERTS_ONLY,newValue);
crlsSubStore.commit(true);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
}
}
}
@@ -778,6 +691,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSCRLExtension - " + msg);
+ "CMSCRLExtension - " + msg);
}
}
+
diff --git a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
index 064832fe4..bc859910b 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
@@ -85,17 +86,18 @@ import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.util.Debug;
/**
- * This class encapsulates CRL issuing mechanism. CertificateAuthority contains
- * a map of CRLIssuingPoint indexed by string ids. Each issuing point contains
- * information about CRL issuing and publishing parameters as well as state
- * information which includes last issued CRL, next CRL serial number, time of
- * the next update etc. If autoUpdateInterval is set to non-zero value then
- * worker thread is created that will perform CRL update at scheduled intervals.
- * Update can also be triggered by invoking updateCRL method directly. Another
- * parameter minUpdateInterval can be used to prevent CRL from being updated too
- * often
+ * This class encapsulates CRL issuing mechanism. CertificateAuthority
+ * contains a map of CRLIssuingPoint indexed by string ids. Each issuing
+ * point contains information about CRL issuing and publishing parameters
+ * as well as state information which includes last issued CRL, next CRL
+ * serial number, time of the next update etc.
+ * If autoUpdateInterval is set to non-zero value then worker thread
+ * is created that will perform CRL update at scheduled intervals. Update
+ * can also be triggered by invoking updateCRL method directly. Another
+ * parameter minUpdateInterval can be used to prevent CRL
+ * from being updated too often
* <P>
- *
+ *
* @author awnuk
* @author lhsiao
* @author galperin
@@ -132,8 +134,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
protected String mId = null;
/**
- * Reference to the CertificateAuthority instance which owns this issuing
- * point.
+ * Reference to the CertificateAuthority instance which owns this
+ * issuing point.
*/
protected ICertificateAuthority mCA = null;
@@ -160,16 +162,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* CRL cache
*/
- private Hashtable<BigInteger, RevokedCertificate> mCRLCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger, RevokedCertificate> mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger, RevokedCertificate> mUnrevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger, RevokedCertificate> mExpiredCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger,RevokedCertificate> mCRLCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger,RevokedCertificate> mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger,RevokedCertificate> mUnrevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger,RevokedCertificate> mExpiredCerts = new Hashtable<BigInteger, RevokedCertificate>();
private boolean mIncludeExpiredCerts = false;
private boolean mIncludeExpiredCertsOneExtraTime = false;
private boolean mCACertsOnly = false;
private boolean mProfileCertsOnly = false;
- private Vector<String> mProfileList = null;
+ private Vector<String> mProfileList = null;
/**
* Enable CRL cache.
@@ -177,7 +179,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mEnableCRLCache = true;
private boolean mCRLCacheIsCleared = true;
private boolean mEnableCacheRecovery = false;
- private String mFirstUnsaved = null;
+ private String mFirstUnsaved = null;
private boolean mEnableCacheTesting = false;
/**
@@ -186,8 +188,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private long mLastCacheUpdate = 0;
/**
- * Time interval in milliseconds between consequential CRL cache updates
- * performed automatically.
+ * Time interval in milliseconds between consequential CRL cache
+ * updates performed automatically.
*/
private long mCacheUpdateInterval;
@@ -206,7 +208,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* Enable CRL daily updates at listed times.
*/
private boolean mEnableDailyUpdates = false;
- private Vector<Vector<Integer>> mDailyUpdates = null;
+ private Vector<Vector<Integer>> mDailyUpdates = null;
private int mCurrentDay = 0;
private int mLastDay = 0;
private int mTimeListSize = 0;
@@ -218,14 +220,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mEnableUpdateFreq = false;
/**
- * Time interval in milliseconds between consequential CRL Enable CRL daily
- * update at updates performed automatically.
+ * Time interval in milliseconds between consequential CRL Enable CRL daily update at updates
+ * performed automatically.
*/
private long mAutoUpdateInterval;
/**
- * Minimum time interval in milliseconds between consequential CRL updates
- * (manual or automatic).
+ * Minimum time interval in milliseconds between consequential
+ * CRL updates (manual or automatic).
*/
private long mMinUpdateInterval;
@@ -237,16 +239,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* next update grace period
*/
- private long mNextUpdateGracePeriod;
+ private long mNextUpdateGracePeriod;
/**
- * Boolean flag controlling whether CRLv2 extensions are to be used in CRL.
+ * Boolean flag controlling whether CRLv2 extensions are to be
+ * used in CRL.
*/
private boolean mAllowExtensions = false;
/**
- * DN of the directory entry where CRLs from this issuing point are
- * published.
+ * DN of the directory entry where CRLs from this issuing point
+ * are published.
*/
private String mPublishDN = null;
@@ -259,7 +262,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Cached value of the CRL extensions to be placed in CRL
*/
- // protected CRLExtensions mCrlExtensions;
+ //protected CRLExtensions mCrlExtensions;
/**
* CRL number
@@ -294,7 +297,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private Thread mUpdateThread = null;
/**
- * for going one more round when auto-interval is set to 0 (turned off)
+ * for going one more round when auto-interval is set to 0 (turned off)
*/
private boolean mDoLastAutoUpdate = false;
@@ -310,15 +313,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private long mDeltaCRLSize = -1;
/**
- * update status, publishing status Strings to store in requests to display
- * result.
+ * update status, publishing status Strings to store in requests to
+ * display result.
*/
private String mCrlUpdateStatus;
private String mCrlUpdateError;
private String mCrlPublishStatus;
private String mCrlPublishError;
- /**
+ /**
* begin, end serial number range of revoked certs if any.
*/
protected BigInteger mBeginSerial = null;
@@ -327,7 +330,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private int mUpdatingCRL = CRL_UPDATE_DONE;
private boolean mDoManualUpdate = false;
- private String mSignatureAlgorithmForManualUpdate = null;
+ private String mSignatureAlgorithmForManualUpdate = null;
private boolean mPublishOnStart = false;
private long[] mSplits = new long[10];
@@ -335,8 +338,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mSaveMemory = false;
/**
- * Constructs a CRL issuing point from instantiating from class name. CRL
- * Issuing point must be followed by method call init(CA, id, config);
+ * Constructs a CRL issuing point from instantiating from class name.
+ * CRL Issuing point must be followed by method call init(CA, id, config);
*/
public CRLIssuingPoint() {
}
@@ -395,41 +398,39 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public boolean isProfileCertsOnly() {
- return (mProfileCertsOnly && mProfileList != null && mProfileList
- .size() > 0);
+ return (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0);
}
public boolean checkCurrentProfile(String id) {
boolean b = false;
- if (mProfileCertsOnly && mProfileList != null
- && mProfileList.size() > 0) {
+ if (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0) {
for (int k = 0; k < mProfileList.size(); k++) {
String profileId = mProfileList.elementAt(k);
- if (id != null && profileId != null
- && profileId.equalsIgnoreCase(id)) {
+ if (id != null && profileId != null && profileId.equalsIgnoreCase(id)) {
b = true;
break;
}
}
}
-
+
return b;
}
+
/**
* Initializes a CRL issuing point config.
* <P>
- *
- * @param ca reference to CertificateAuthority instance which owns this
- * issuing point.
+ *
+ * @param ca reference to CertificateAuthority instance which
+ * owns this issuing point.
* @param id string id of this CRL issuing point.
* @param config configuration of this CRL issuing point.
* @exception EBaseException if initialization failed
* @exception IOException
*/
- public void init(ISubsystem ca, String id, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem ca, String id, IConfigStore config)
+ throws EBaseException {
mCA = (ICertificateAuthority) ca;
mId = id;
@@ -447,19 +448,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mConfigStore = config;
- IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(
- ICertificateAuthority.PROP_CRL_SUBSTORE);
- mPageSize = crlSubStore.getInteger(
- ICertificateAuthority.PROP_CRL_PAGE_SIZE, CRL_PAGE_SIZE);
- CMS.debug("CRL Page Size: " + mPageSize);
+ IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ mPageSize = crlSubStore.getInteger(ICertificateAuthority.PROP_CRL_PAGE_SIZE, CRL_PAGE_SIZE);
+ CMS.debug("CRL Page Size: "+ mPageSize);
- mCountMod = config.getInteger("countMod", 0);
+ mCountMod = config.getInteger("countMod",0);
mCRLRepository = mCA.getCRLRepository();
mCertRepository = mCA.getCertificateRepository();
((CertificateRepository) mCertRepository).addCRLIssuingPoint(mId, this);
mPublisherProcessor = mCA.getPublisherProcessor();
- // mCRLPublisher = mCA.getCRLPublisher();
+ //mCRLPublisher = mCA.getCRLPublisher();
((CAService) mCA.getCAService()).addCRLIssuingPoint(mId, this);
// read in config parameters.
@@ -470,8 +469,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
String crlListName = lname + "_" + mId;
if (mCA.getRequestListener(crlListName) == null) {
- mCA.registerRequestListener(crlListName,
- new RevocationRequestListener());
+ mCA.registerRequestListener(
+ crlListName, new RevocationRequestListener());
}
for (int i = 0; i < mSplits.length; i++) {
@@ -482,62 +481,52 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
setAutoUpdates();
}
+
private int checkTime(String time) {
String digits = "0123456789";
int len = time.length();
- if (len < 3 || len > 5)
- return -1;
+ if (len < 3 || len > 5) return -1;
int s = time.indexOf(':');
- if (s < 0 || s > 2 || (len - s) != 3)
- return -1;
+ if (s < 0 || s > 2 || (len - s) != 3) return -1;
int h = 0;
for (int i = 0; i < s; i++) {
h *= 10;
int k = digits.indexOf(time.charAt(i));
- if (k < 0)
- return -1;
+ if (k < 0) return -1;
h += k;
}
- if (h > 23)
- return -1;
+ if (h > 23) return -1;
int m = 0;
- for (int i = s + 1; i < len; i++) {
+ for (int i = s+1; i < len; i++) {
m *= 10;
int k = digits.indexOf(time.charAt(i));
- if (k < 0)
- return -1;
+ if (k < 0) return -1;
m += k;
}
- if (m > 59)
- return -1;
+ if (m > 59) return -1;
return ((h * 60) + m);
}
- private boolean areTimeListsIdentical(Vector<Vector<Integer>> list1,
- Vector<Vector<Integer>> list2) {
+ private boolean areTimeListsIdentical(Vector<Vector<Integer>> list1, Vector<Vector<Integer>> list2) {
boolean identical = true;
- if (list1 == null || list2 == null)
- identical = false;
- if (identical && list1.size() != list2.size())
- identical = false;
+ if (list1 == null || list2 == null) identical = false;
+ if (identical && list1.size() != list2.size()) identical = false;
for (int i = 0; identical && i < list1.size(); i++) {
Vector<Integer> times1 = list1.elementAt(i);
Vector<Integer> times2 = list2.elementAt(i);
- if (times1.size() != times2.size())
- identical = false;
+ if (times1.size() != times2.size()) identical = false;
for (int j = 0; identical && j < times1.size(); j++) {
- if ((((times1.elementAt(j))).intValue()) != (((times2
- .elementAt(j))).intValue())) {
+ if ((((times1.elementAt(j))).intValue()) != (((times2.elementAt(j))).intValue())) {
identical = false;
}
}
}
- CMS.debug("areTimeListsIdentical: identical: " + identical);
+ CMS.debug("areTimeListsIdentical: identical: "+identical);
return identical;
}
@@ -546,25 +535,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
int listSize = 0;
for (int i = 0; listedDays != null && i < listedDays.size(); i++) {
Vector<Integer> listedTimes = listedDays.elementAt(i);
- listSize += ((listedTimes != null) ? listedTimes.size() : 0);
+ listSize += ((listedTimes != null)? listedTimes.size(): 0);
}
- CMS.debug("getTimeListSize: ListSize=" + listSize);
+ CMS.debug("getTimeListSize: ListSize="+listSize);
return listSize;
}
private boolean isTimeListExtended(String list) {
- boolean extendedTimeList = true;
- if (list == null || list.indexOf('*') == -1)
- extendedTimeList = false;
- return extendedTimeList;
+ boolean extendedTimeList = true;
+ if (list == null || list.indexOf('*') == -1)
+ extendedTimeList = false;
+ return extendedTimeList;
}
private Vector<Vector<Integer>> getTimeList(String list) {
boolean timeListPresent = false;
- if (list == null || list.length() == 0)
- return null;
- if (list.charAt(0) == ',' || list.charAt(list.length() - 1) == ',')
- return null;
+ if (list == null || list.length() == 0) return null;
+ if (list.charAt(0) == ',' || list.charAt(list.length()-1) == ',') return null;
Vector<Vector<Integer>> listedDays = new Vector<Vector<Integer>>();
@@ -572,8 +559,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Vector<Integer> listedTimes = null;
while (days.hasMoreTokens()) {
String dayList = days.nextToken().trim();
- if (dayList == null)
- continue;
+ if (dayList == null) continue;
if (dayList.equals(";")) {
if (timeListPresent) {
@@ -602,7 +588,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
return null;
} else {
if (t > t0) {
- listedTimes.addElement(new Integer(k * t));
+ listedTimes.addElement(new Integer(k*t));
t0 = t;
} else {
return null;
@@ -612,7 +598,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (!timeListPresent) {
listedTimes = new Vector<Integer>();
- listedDays.addElement(listedTimes);
+ listedDays.addElement(listedTimes);
}
return listedDays;
@@ -621,7 +607,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private String checkProfile(String id, Enumeration<String> e) {
if (e != null) {
while (e.hasMoreElements()) {
- String profileId = e.nextElement();
+ String profileId = e.nextElement();
if (profileId != null && profileId.equalsIgnoreCase(id))
return id;
}
@@ -632,12 +618,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private Vector<String> getProfileList(String list) {
Enumeration<String> e = null;
IConfigStore pc = CMS.getConfigStore().getSubStore("profile");
- if (pc != null)
- e = pc.getSubStoreNames();
- if (list == null)
- return null;
- if (list.length() > 0 && list.charAt(list.length() - 1) == ',')
- return null;
+ if (pc != null) e = pc.getSubStoreNames();
+ if (list == null) return null;
+ if (list.length() > 0 && list.charAt(list.length()-1) == ',') return null;
Vector<String> listedProfiles = new Vector<String>();
@@ -646,10 +629,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
int n = 0;
while (elements.hasMoreTokens()) {
String element = elements.nextToken().trim();
- if (element == null || element.length() == 0)
- return null;
- if (element.equals(",") && n % 2 == 0)
- return null;
+ if (element == null || element.length() == 0) return null;
+ if (element.equals(",") && n % 2 == 0) return null;
if (n % 2 == 0) {
String id = checkProfile(element, e);
if (id != null) {
@@ -658,28 +639,26 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
n++;
}
- if (n % 2 == 0)
- return null;
+ if (n % 2 == 0) return null;
return listedProfiles;
}
+
/**
* get CRL config store info
*/
- protected void initConfig(IConfigStore config) throws EBaseException {
+ protected void initConfig(IConfigStore config)
+ throws EBaseException {
mEnable = config.getBoolean(Constants.PR_ENABLE, true);
mDescription = config.getString(Constants.PR_DESCRIPTION);
// Get CRL cache config.
mEnableCRLCache = config.getBoolean(Constants.PR_ENABLE_CACHE, true);
- mCacheUpdateInterval = MINUTE
- * config.getInteger(Constants.PR_CACHE_FREQ, 0);
- mEnableCacheRecovery = config.getBoolean(Constants.PR_CACHE_RECOVERY,
- false);
- mEnableCacheTesting = config.getBoolean(Constants.PR_CACHE_TESTING,
- false);
+ mCacheUpdateInterval = MINUTE * config.getInteger(Constants.PR_CACHE_FREQ, 0);
+ mEnableCacheRecovery = config.getBoolean(Constants.PR_CACHE_RECOVERY, false);
+ mEnableCacheTesting = config.getBoolean(Constants.PR_CACHE_TESTING, false);
// check if CRL generation is enabled
mEnableCRLUpdates = config.getBoolean(Constants.PR_ENABLE_CRL, true);
@@ -692,43 +671,34 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mAlwaysUpdate = config.getBoolean(Constants.PR_UPDATE_ALWAYS, false);
// Get list of daily updates.
- mEnableDailyUpdates = config.getBoolean(Constants.PR_ENABLE_DAILY,
- false);
+ mEnableDailyUpdates = config.getBoolean(Constants.PR_ENABLE_DAILY, false);
String daily = config.getString(Constants.PR_DAILY_UPDATES, null);
mDailyUpdates = getTimeList(daily);
mExtendedTimeList = isTimeListExtended(daily);
mTimeListSize = getTimeListSize(mDailyUpdates);
- if (mDailyUpdates == null || mDailyUpdates.isEmpty()
- || mTimeListSize == 0) {
+ if (mDailyUpdates == null || mDailyUpdates.isEmpty() || mTimeListSize == 0) {
mEnableDailyUpdates = false;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
}
// Get auto update interval in minutes.
mEnableUpdateFreq = config.getBoolean(Constants.PR_ENABLE_FREQ, true);
- mAutoUpdateInterval = MINUTE
- * config.getInteger(Constants.PR_UPDATE_FREQ, 0);
- mMinUpdateInterval = MINUTE
- * config.getInteger(PROP_MIN_UPDATE_INTERVAL, 0);
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0
- && mAutoUpdateInterval < mMinUpdateInterval)
+ mAutoUpdateInterval = MINUTE * config.getInteger(Constants.PR_UPDATE_FREQ, 0);
+ mMinUpdateInterval = MINUTE * config.getInteger(PROP_MIN_UPDATE_INTERVAL, 0);
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
+ mAutoUpdateInterval < mMinUpdateInterval)
mAutoUpdateInterval = mMinUpdateInterval;
- // get next update grace period
- mNextUpdateGracePeriod = MINUTE
- * config.getInteger(Constants.PR_GRACE_PERIOD, 0);
+ // get next update grace period
+ mNextUpdateGracePeriod = MINUTE * config.getInteger(Constants.PR_GRACE_PERIOD, 0);
- // Get V2 or V1 CRL
+ // Get V2 or V1 CRL
mAllowExtensions = config.getBoolean(Constants.PR_EXTENSIONS, false);
- mIncludeExpiredCerts = config.getBoolean(
- Constants.PR_INCLUDE_EXPIREDCERTS, false);
- mIncludeExpiredCertsOneExtraTime = config.getBoolean(
- Constants.PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME, false);
+ mIncludeExpiredCerts = config.getBoolean(Constants.PR_INCLUDE_EXPIREDCERTS, false);
+ mIncludeExpiredCertsOneExtraTime = config.getBoolean(Constants.PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME, false);
mCACertsOnly = config.getBoolean(Constants.PR_CA_CERTS_ONLY, false);
- mProfileCertsOnly = config.getBoolean(Constants.PR_PROFILE_CERTS_ONLY,
- false);
+ mProfileCertsOnly = config.getBoolean(Constants.PR_PROFILE_CERTS_ONLY, false);
if (mProfileCertsOnly) {
String profiles = config.getString(Constants.PR_PROFILE_LIST, null);
mProfileList = getProfileList(profiles);
@@ -737,17 +707,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// Get default signing algorithm.
// check if algorithm is supported.
mSigningAlgorithm = mCA.getCRLSigningUnit().getDefaultAlgorithm();
- String algorithm = config.getString(Constants.PR_SIGNING_ALGORITHM,
- null);
+ String algorithm = config.getString(Constants.PR_SIGNING_ALGORITHM, null);
if (algorithm != null) {
- // make sure this algorithm is acceptable to CA.
+ // make sure this algorithm is acceptable to CA.
mCA.getCRLSigningUnit().checkSigningAlgorithmFromName(algorithm);
mSigningAlgorithm = algorithm;
}
mPublishOnStart = config.getBoolean(PROP_PUBLISH_ON_START, false);
- // if publish dn is null then certificate will be published to
+ // if publish dn is null then certificate will be published to
// CA's entry in the directory.
mPublishDN = config.getString(PROP_PUBLISH_DN, null);
@@ -755,28 +724,30 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mCMSCRLExtensions = new CMSCRLExtensions(this, config);
- mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ? config
- .getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) : false;
+ mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled())?
+ config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true):
+ false;
// Get serial number ranges if any.
mBeginSerial = config.getBigInteger(PROP_BEGIN_SERIAL, null);
if (mBeginSerial != null && mBeginSerial.compareTo(BigInteger.ZERO) < 0) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_PROPERTY_1", PROP_BEGIN_SERIAL,
- "BigInteger", "positive number"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
+ PROP_BEGIN_SERIAL, "BigInteger", "positive number"));
}
mEndSerial = config.getBigInteger(PROP_END_SERIAL, null);
if (mEndSerial != null && mEndSerial.compareTo(BigInteger.ZERO) < 0) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_PROPERTY_1", PROP_END_SERIAL,
- "BigInteger", "positive number"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
+ PROP_END_SERIAL, "BigInteger", "positive number"));
}
}
/**
- * Reads CRL issuing point, if missing, it creates one. Initializes CRL
- * cache and republishes CRL if requested Called from auto update thread
- * (run()). Do not call it from init(), because it will block CMS on start.
+ * Reads CRL issuing point, if missing, it creates one.
+ * Initializes CRL cache and republishes CRL if requested
+ * Called from auto update thread (run()).
+ * Do not call it from init(), because it will block CMS on start.
*/
private void initCRL() {
ICRLIssuingPointRecord crlRecord = null;
@@ -786,14 +757,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
crlRecord = mCRLRepository.readCRLIssuingPointRecord(mId);
} catch (EDBNotAvailException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_INST_CRL",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_INST_CRL", e.toString()));
mInitialized = CRL_IP_INITIALIZATION_FAILED;
return;
} catch (EBaseException e) {
// CRL was never set.
- // fall to the following..
+ // fall to the following..
}
if (crlRecord != null) {
@@ -833,19 +802,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mNextUpdate = crlRecord.getNextUpdate();
if (isDeltaCRLEnabled()) {
- mNextDeltaUpdate = (mNextUpdate != null) ? new Date(
- mNextUpdate.getTime()) : null;
+ mNextDeltaUpdate = (mNextUpdate != null)? new Date(mNextUpdate.getTime()): null;
}
mFirstUnsaved = crlRecord.getFirstUnsaved();
if (Debug.on()) {
- Debug.trace("initCRL CRLNumber=" + mCRLNumber.toString()
- + " CRLSize=" + mCRLSize + " FirstUnsaved="
- + mFirstUnsaved);
+ Debug.trace("initCRL CRLNumber="+mCRLNumber.toString()+" CRLSize="+mCRLSize+
+ " FirstUnsaved="+mFirstUnsaved);
}
- if (mFirstUnsaved == null
- || (mFirstUnsaved != null && mFirstUnsaved
- .equals(ICRLIssuingPointRecord.NEW_CACHE))) {
+ if (mFirstUnsaved == null ||
+ (mFirstUnsaved != null && mFirstUnsaved.equals(ICRLIssuingPointRecord.NEW_CACHE))) {
clearCRLCache();
updateCRLCacheRepository();
} else {
@@ -859,14 +825,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
x509crl = new X509CRLImpl(crl);
} catch (Exception e) {
clearCRLCache();
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_DECODE_CRL",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_DECODE_CRL", e.toString()));
} catch (OutOfMemoryError e) {
clearCRLCache();
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_DECODE_CRL",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_DECODE_CRL", e.toString()));
mInitialized = CRL_IP_INITIALIZATION_FAILED;
return;
}
@@ -874,8 +836,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (x509crl != null) {
mLastFullUpdate = x509crl.getThisUpdate();
if (mEnableCRLCache) {
- if (mCRLCacheIsCleared
- && mUpdatingCRL == CRL_UPDATE_DONE) {
+ if (mCRLCacheIsCleared && mUpdatingCRL == CRL_UPDATE_DONE) {
mRevokedCerts = crlRecord.getRevokedCerts();
if (mRevokedCerts == null) {
mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
@@ -891,12 +852,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (isDeltaCRLEnabled()) {
mNextUpdate = x509crl.getNextUpdate();
}
- mCRLCerts = x509crl
- .getListOfRevokedCertificates();
+ mCRLCerts = x509crl.getListOfRevokedCertificates();
}
- if (mFirstUnsaved != null
- && !mFirstUnsaved
- .equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
+ if (mFirstUnsaved != null && !mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
recoverCRLCache();
} else {
mCRLCacheIsCleared = false;
@@ -909,14 +867,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
x509crl = null;
} catch (EBaseException e) {
x509crl = null;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_PUBLISH_CRL",
- mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
x509crl = null;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_PUBLISH_CRL",
- mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
}
}
}
@@ -925,33 +879,30 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (crlRecord == null) {
- // no crl was ever created, or crl in db is corrupted.
+ // no crl was ever created, or crl in db is corrupted.
// create new one.
try {
- crlRecord = new CRLIssuingPointRecord(mId, BigInteger.ZERO,
- Long.valueOf(-1), null, null, BigInteger.ZERO,
- Long.valueOf(-1), mRevokedCerts, mUnrevokedCerts,
- mExpiredCerts);
+ crlRecord = new CRLIssuingPointRecord(mId, BigInteger.ZERO, Long.valueOf(-1),
+ null, null, BigInteger.ZERO, Long.valueOf(-1),
+ mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mCRLRepository.addCRLIssuingPointRecord(crlRecord);
- mCRLNumber = BigInteger.ZERO; // BIG_ZERO;
- mNextCRLNumber = BigInteger.ONE; // BIG_ONE;
+ mCRLNumber = BigInteger.ZERO; //BIG_ZERO;
+ mNextCRLNumber = BigInteger.ONE; //BIG_ONE;
mLastCRLNumber = mCRLNumber;
mDeltaCRLNumber = mCRLNumber;
mNextDeltaCRLNumber = mNextCRLNumber;
mLastUpdate = new Date(0L);
if (crlRecord != null) {
- // This will trigger updateCRLNow, which will also publish
- // CRL.
- if ((mDoManualUpdate == false)
- && (mEnableCRLCache || mAlwaysUpdate || (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
+ // This will trigger updateCRLNow, which will also publish CRL.
+ if ((mDoManualUpdate == false) &&
+ (mEnableCRLCache || mAlwaysUpdate ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
mInitialized = CRL_IP_INITIALIZED;
setManualUpdate(null);
}
}
} catch (EBaseException ex) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_CREATE_CRL",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_CREATE_CRL", ex.toString()));
mInitialized = CRL_IP_INITIALIZATION_FAILED;
return;
}
@@ -970,14 +921,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
NameValuePair p = params.elementAt(i);
String name = p.getName();
String value = p.getValue();
-
+
// -- Update Schema --
if (name.equals(Constants.PR_ENABLE_CRL)) {
if (value.equals(Constants.FALSE) && mEnableCRLUpdates) {
mEnableCRLUpdates = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE)
- && (!mEnableCRLUpdates)) {
+ } else if (value.equals(Constants.TRUE) && (!mEnableCRLUpdates)) {
mEnableCRLUpdates = true;
modifiedSchedule = true;
}
@@ -1001,8 +951,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_EXTENDED_NEXT_UPDATE)) {
if (value.equals(Constants.FALSE) && mExtendedNextUpdate) {
mExtendedNextUpdate = false;
- } else if (value.equals(Constants.TRUE)
- && (!mExtendedNextUpdate)) {
+ } else if (value.equals(Constants.TRUE) && (!mExtendedNextUpdate)) {
mExtendedNextUpdate = true;
}
}
@@ -1020,8 +969,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (value.equals(Constants.FALSE) && mEnableDailyUpdates) {
mEnableDailyUpdates = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE)
- && (!mEnableDailyUpdates)) {
+ } else if (value.equals(Constants.TRUE) && (!mEnableDailyUpdates)) {
mEnableDailyUpdates = true;
modifiedSchedule = true;
}
@@ -1041,11 +989,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mTimeListSize = getTimeListSize(mDailyUpdates);
modifiedSchedule = true;
}
- if (mDailyUpdates == null || mDailyUpdates.isEmpty()
- || mTimeListSize == 0) {
+ if (mDailyUpdates == null || mDailyUpdates.isEmpty() || mTimeListSize == 0) {
mEnableDailyUpdates = false;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
}
}
@@ -1053,8 +999,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (value.equals(Constants.FALSE) && mEnableUpdateFreq) {
mEnableUpdateFreq = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE)
- && (!mEnableUpdateFreq)) {
+ } else if (value.equals(Constants.TRUE) && (!mEnableUpdateFreq)) {
mEnableUpdateFreq = true;
modifiedSchedule = true;
}
@@ -1082,8 +1027,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_GRACE_PERIOD)) {
try {
if (value != null && value.length() > 0) {
- mNextUpdateGracePeriod = MINUTE
- * Long.parseLong(value.trim());
+ mNextUpdateGracePeriod = MINUTE * Long.parseLong(value.trim());
}
} catch (NumberFormatException e) {
noRestart = false;
@@ -1097,8 +1041,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLCacheRepository();
mEnableCRLCache = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE)
- && (!mEnableCRLCache)) {
+ } else if (value.equals(Constants.TRUE) && (!mEnableCRLCache)) {
clearCRLCache();
updateCRLCacheRepository();
mEnableCRLCache = true;
@@ -1123,8 +1066,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_CACHE_RECOVERY)) {
if (value.equals(Constants.FALSE) && mEnableCacheRecovery) {
mEnableCacheRecovery = false;
- } else if (value.equals(Constants.TRUE)
- && (!mEnableCacheRecovery)) {
+ } else if (value.equals(Constants.TRUE) && (!mEnableCacheRecovery)) {
mEnableCacheRecovery = true;
}
}
@@ -1135,16 +1077,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLCacheRepository();
mEnableCacheTesting = false;
setManualUpdate(null);
- } else if (value.equals(Constants.TRUE)
- && (!mEnableCacheTesting)) {
+ } else if (value.equals(Constants.TRUE) && (!mEnableCacheTesting)) {
mEnableCacheTesting = true;
}
}
// -- CRL Format --
if (name.equals(Constants.PR_SIGNING_ALGORITHM)) {
- if (value != null)
- value = value.trim();
+ if (value != null) value = value.trim();
if (!mSigningAlgorithm.equals(value)) {
mSigningAlgorithm = value;
}
@@ -1155,8 +1095,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clearCRLCache();
updateCRLCacheRepository();
mAllowExtensions = false;
- } else if (value.equals(Constants.TRUE)
- && (!mAllowExtensions)) {
+ } else if (value.equals(Constants.TRUE) && (!mAllowExtensions)) {
clearCRLCache();
updateCRLCacheRepository();
mAllowExtensions = true;
@@ -1168,8 +1107,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clearCRLCache();
updateCRLCacheRepository();
mIncludeExpiredCerts = false;
- } else if (value.equals(Constants.TRUE)
- && (!mIncludeExpiredCerts)) {
+ } else if (value.equals(Constants.TRUE) && (!mIncludeExpiredCerts)) {
clearCRLCache();
updateCRLCacheRepository();
mIncludeExpiredCerts = true;
@@ -1177,11 +1115,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (name.equals(Constants.PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME)) {
- if (value.equals(Constants.FALSE)
- && mIncludeExpiredCertsOneExtraTime) {
+ if (value.equals(Constants.FALSE) && mIncludeExpiredCertsOneExtraTime) {
mIncludeExpiredCertsOneExtraTime = false;
- } else if (value.equals(Constants.TRUE)
- && (!mIncludeExpiredCertsOneExtraTime)) {
+ } else if (value.equals(Constants.TRUE) && (!mIncludeExpiredCertsOneExtraTime)) {
mIncludeExpiredCertsOneExtraTime = true;
}
}
@@ -1189,10 +1125,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_CA_CERTS_ONLY)) {
Extension distExt = getCRLExtension(IssuingDistributionPointExtension.NAME);
IssuingDistributionPointExtension iExt = (IssuingDistributionPointExtension) distExt;
- IssuingDistributionPoint issuingDistributionPoint = null;
- if (iExt != null)
- issuingDistributionPoint = iExt
- .getIssuingDistributionPoint();
+ IssuingDistributionPoint issuingDistributionPoint = null;
+ if(iExt != null)
+ issuingDistributionPoint = iExt.getIssuingDistributionPoint();
if (value.equals(Constants.FALSE) && mCACertsOnly) {
clearCRLCache();
updateCRLCacheRepository();
@@ -1202,31 +1137,27 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLCacheRepository();
mCACertsOnly = true;
}
- // attempt to sync the IssuingDistributionPoint Extension
- // value of
- // onlyContainsCACerts
- if (issuingDistributionPoint != null && params.size() > 1) {
- boolean onlyContainsCACerts = issuingDistributionPoint
- .getOnlyContainsCACerts();
- if (onlyContainsCACerts != mCACertsOnly) {
+ //attempt to sync the IssuingDistributionPoint Extension value of
+ //onlyContainsCACerts
+ if(issuingDistributionPoint != null && params.size() > 1) {
+ boolean onlyContainsCACerts = issuingDistributionPoint.getOnlyContainsCACerts();
+ if(onlyContainsCACerts != mCACertsOnly) {
IConfigStore config = mCA.getConfigStore();
- IConfigStore crlsSubStore = config
- .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
- IConfigStore crlSubStore = crlsSubStore
- .getSubStore(mId);
- IConfigStore crlExtsSubStore = crlSubStore
- .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
- crlExtsSubStore = crlExtsSubStore
- .getSubStore(IssuingDistributionPointExtension.NAME);
-
- if (crlExtsSubStore != null) {
+ IConfigStore crlsSubStore =
+ config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = crlsSubStore.getSubStore(mId);
+ IConfigStore crlExtsSubStore =
+ crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+ crlExtsSubStore = crlExtsSubStore.getSubStore(IssuingDistributionPointExtension.NAME);
+
+ if(crlExtsSubStore != null) {
String val = "";
- if (mCACertsOnly == true) {
+ if(mCACertsOnly == true) {
val = Constants.TRUE;
} else {
val = Constants.FALSE;
}
- crlExtsSubStore.putString(PROP_CACERTS, val);
+ crlExtsSubStore.putString(PROP_CACERTS,val);
try {
crlExtsSubStore.commit(true);
} catch (Exception e) {
@@ -1241,8 +1172,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clearCRLCache();
updateCRLCacheRepository();
mProfileCertsOnly = false;
- } else if (value.equals(Constants.TRUE)
- && (!mProfileCertsOnly)) {
+ } else if (value.equals(Constants.TRUE) && (!mProfileCertsOnly)) {
clearCRLCache();
updateCRLCacheRepository();
mProfileCertsOnly = true;
@@ -1251,13 +1181,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_PROFILE_LIST)) {
Vector<String> profileList = getProfileList(value);
- if (((profileList != null) ^ (mProfileList != null))
- || (profileList != null && mProfileList != null && (!mProfileList
- .equals(profileList)))) {
+ if (((profileList != null) ^ (mProfileList != null)) ||
+ (profileList != null && mProfileList != null &&
+ (!mProfileList.equals(profileList)))) {
if (profileList != null) {
@SuppressWarnings("unchecked")
- Vector<String> newProfileList = (Vector<String>) profileList
- .clone();
+ Vector<String> newProfileList = (Vector<String>) profileList.clone();
mProfileList = newProfileList;
} else {
mProfileList = null;
@@ -1267,14 +1196,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (mProfileList == null || mProfileList.isEmpty()) {
mProfileCertsOnly = false;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_INVALID_PROFILE_LIST"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_PROFILE_LIST"));
}
}
}
- if (modifiedSchedule)
- setAutoUpdates();
+ if (modifiedSchedule) setAutoUpdates();
return noRestart;
}
@@ -1293,15 +1220,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
setAutoUpdates();
/*
- * if (mUpdateThread != null) { try { mUpdateThread.interrupt(); } catch
- * (Exception e) { } }
- */
+ if (mUpdateThread != null) {
+ try {
+ mUpdateThread.interrupt();
+ }
+ catch (Exception e) {
+ }
+ }
+ */
}
/**
* Returns internal id of this CRL issuing point.
* <P>
- *
+ *
* @return internal id of this CRL issuing point
*/
public String getId() {
@@ -1311,7 +1243,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns internal description of this CRL issuing point.
* <P>
- *
+ *
* @return internal description of this CRL issuing point
*/
public String getDescription() {
@@ -1320,7 +1252,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Sets internal description of this CRL issuing point.
- *
+ *
* @param description description for this CRL issuing point.
*/
public void setDescription(String description) {
@@ -1328,10 +1260,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Returns DN of the directory entry where CRLs.from this issuing point are
- * published.
+ * Returns DN of the directory entry where CRLs.from this issuing point
+ * are published.
* <P>
- *
+ *
* @return DN of the directory entry where CRLs are published.
*/
public String getPublishDN() {
@@ -1341,7 +1273,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns signing algorithm.
* <P>
- *
+ *
* @return SigningAlgorithm.
*/
public String getSigningAlgorithm() {
@@ -1355,7 +1287,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current CRL generation schema for this CRL issuing point.
* <P>
- *
+ *
* @return current CRL generation schema for this CRL issuing point
*/
public int getCRLSchema() {
@@ -1365,7 +1297,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return current CRL number of this CRL issuing point
*/
public BigInteger getCRLNumber() {
@@ -1375,18 +1307,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current delta CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return current delta CRL number of this CRL issuing point
*/
public BigInteger getDeltaCRLNumber() {
- return (isDeltaCRLEnabled() && mDeltaCRLSize > -1) ? mDeltaCRLNumber
- : BigInteger.ZERO;
+ return (isDeltaCRLEnabled() && mDeltaCRLSize > -1)? mDeltaCRLNumber: BigInteger.ZERO;
}
/**
* Returns next CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return next CRL number of this CRL issuing point
*/
public BigInteger getNextCRLNumber() {
@@ -1396,18 +1327,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns number of entries in the CRL
* <P>
- *
+ *
* @return number of entries in the CRL
*/
public long getCRLSize() {
- return (mCRLCerts.size() > 0 && mCRLSize == 0) ? mCRLCerts.size()
- : mCRLSize;
+ return (mCRLCerts.size() > 0 && mCRLSize == 0)? mCRLCerts.size(): mCRLSize;
}
/**
* Returns number of entries in delta CRL
* <P>
- *
+ *
* @return number of entries in delta CRL
*/
public long getDeltaCRLSize() {
@@ -1417,7 +1347,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns last update time
* <P>
- *
+ *
* @return last CRL update time
*/
public Date getLastUpdate() {
@@ -1427,7 +1357,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns next update time
* <P>
- *
+ *
* @return next CRL update time
*/
public Date getNextUpdate() {
@@ -1437,7 +1367,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns next update time
* <P>
- *
+ *
* @return next CRL update time
*/
public Date getNextDeltaUpdate() {
@@ -1447,15 +1377,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns all the revoked certificates from the CRL cache.
* <P>
- *
+ *
* @return set of all the revoked certificates or null if there are none.
*/
public Set<RevokedCertificate> getRevokedCertificates(int start, int end) {
if (mCRLCacheIsCleared || mCRLCerts == null || mCRLCerts.isEmpty()) {
return null;
} else {
- Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>(
- mCRLCerts.values());
+ Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>(mCRLCerts.values());
return certSet;
}
}
@@ -1463,7 +1392,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns certificate authority.
* <P>
- *
+ *
* @return certificate authority
*/
public ISubsystem getCertificateAuthority() {
@@ -1475,27 +1404,29 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
*/
private synchronized void setAutoUpdates() {
- if ((mEnable && mUpdateThread == null)
- && ((mEnableCRLCache && mCacheUpdateInterval > 0) || (mEnableCRLUpdates && ((mEnableDailyUpdates
- && mDailyUpdates != null && mTimeListSize > 0)
- || (mEnableUpdateFreq && mAutoUpdateInterval > 0)
- || (mInitialized == CRL_IP_NOT_INITIALIZED)
- || mDoLastAutoUpdate || mDoManualUpdate)))) {
+ if ((mEnable && mUpdateThread == null) &&
+ ((mEnableCRLCache && mCacheUpdateInterval > 0) ||
+ (mEnableCRLUpdates &&
+ ((mEnableDailyUpdates && mDailyUpdates != null &&
+ mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
+ (mInitialized == CRL_IP_NOT_INITIALIZED) ||
+ mDoLastAutoUpdate || mDoManualUpdate)))) {
mUpdateThread = new Thread(this, "CRLIssuingPoint-" + mId);
- log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_START_CRL", mId));
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_ISSUING_START_CRL", mId));
mUpdateThread.setDaemon(true);
mUpdateThread.start();
}
- if ((mInitialized == CRL_IP_INITIALIZED)
- && (((mNextUpdate != null) ^ ((mEnableDailyUpdates
- && mDailyUpdates != null && mTimeListSize > 0) || (mEnableUpdateFreq && mAutoUpdateInterval > 0))) || (!mEnableCRLUpdates && mNextUpdate != null))) {
- mDoLastAutoUpdate = true;
+ if ((mInitialized == CRL_IP_INITIALIZED) && (((mNextUpdate != null) ^
+ ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0))) ||
+ (!mEnableCRLUpdates && mNextUpdate != null))) {
+ mDoLastAutoUpdate = true;
}
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0
- && mAutoUpdateInterval < mMinUpdateInterval) {
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
+ mAutoUpdateInterval < mMinUpdateInterval) {
mAutoUpdateInterval = mMinUpdateInterval;
}
@@ -1503,14 +1434,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Sets CRL manual-update Starts or stops worker thread as necessary.
+ * Sets CRL manual-update
+ * Starts or stops worker thread as necessary.
*/
public synchronized void setManualUpdate(String signatureAlgorithm) {
if (!mDoManualUpdate) {
mDoManualUpdate = true;
mSignatureAlgorithmForManualUpdate = signatureAlgorithm;
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0
- && mUpdateThread != null) {
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0 && mUpdateThread != null) {
notifyAll();
} else {
setAutoUpdates();
@@ -1522,13 +1453,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* @return auto update interval in milliseconds.
*/
public long getAutoUpdateInterval() {
- return (mEnableUpdateFreq) ? mAutoUpdateInterval : 0;
+ return (mEnableUpdateFreq)? mAutoUpdateInterval: 0;
}
/**
- * @return always update the CRL
+ * @return always update the CRL
*/
- public boolean getAlwaysUpdate() {
+ public boolean getAlwaysUpdate() {
return mAlwaysUpdate;
}
@@ -1542,11 +1473,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Finds next update time expressed as delay or time of the next update.
- *
- * @param fromLastUpdate if true, function returns delay to the next update
- * time otherwise returns the next update time.
- * @param delta if true, function returns the next update time for delta
- * CRL, otherwise returns the next update time for CRL.
+ *
+ * @param fromLastUpdate if true, function returns delay to the next update time
+ * otherwise returns the next update time.
+ * @param delta if true, function returns the next update time for delta CRL,
+ * otherwise returns the next update time for CRL.
* @return delay to the next update time or the next update time itself
*/
private long findNextUpdate(boolean fromLastUpdate, boolean delta) {
@@ -1554,61 +1485,52 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
TimeZone tz = TimeZone.getDefault();
int offset = tz.getOffset(now);
long oneDay = 1440L * MINUTE;
- long nowToday = (now + (long) offset) % oneDay;
+ long nowToday = (now + (long)offset) % oneDay;
long startOfToday = now - nowToday;
- long lastUpdated = (mLastUpdate != null) ? mLastUpdate.getTime() : now;
- long lastUpdateDay = lastUpdated
- - ((lastUpdated + (long) offset) % oneDay);
+ long lastUpdated = (mLastUpdate != null)? mLastUpdate.getTime(): now;
+ long lastUpdateDay = lastUpdated - ((lastUpdated + (long)offset) % oneDay);
- long lastUpdate = (mLastUpdate != null && fromLastUpdate) ? mLastUpdate
- .getTime() : now;
- long last = (lastUpdate + (long) offset) % oneDay;
+ long lastUpdate = (mLastUpdate != null && fromLastUpdate)? mLastUpdate.getTime(): now;
+ long last = (lastUpdate + (long)offset) % oneDay;
long lastDay = lastUpdate - last;
boolean isDeltaEnabled = isDeltaCRLEnabled();
long next = 0L;
long nextUpdate = 0L;
- CMS.debug("findNextUpdate: fromLastUpdate: " + fromLastUpdate
- + " delta: " + delta);
+ CMS.debug("findNextUpdate: fromLastUpdate: "+fromLastUpdate+" delta: "+delta);
- int numberOfDays = (int) ((startOfToday - lastUpdateDay) / oneDay);
- if (numberOfDays > 0
- && mDailyUpdates.size() > 1
- && ((mCurrentDay == mLastDay) || (mCurrentDay != ((mLastDay + numberOfDays) % mDailyUpdates
- .size())))) {
+ int numberOfDays = (int)((startOfToday - lastUpdateDay) / oneDay);
+ if (numberOfDays > 0 && mDailyUpdates.size() > 1 &&
+ ((mCurrentDay == mLastDay) ||
+ (mCurrentDay != ((mLastDay + numberOfDays) % mDailyUpdates.size())))) {
mCurrentDay = (mLastDay + numberOfDays) % mDailyUpdates.size();
}
- if ((delta || fromLastUpdate)
- && isDeltaEnabled
- && (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList))
- && mNextDeltaUpdate != null) {
+ if ((delta || fromLastUpdate) && isDeltaEnabled &&
+ (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) &&
+ mNextDeltaUpdate != null) {
nextUpdate = mNextDeltaUpdate.getTime();
} else if (mNextUpdate != null) {
nextUpdate = mNextUpdate.getTime();
}
- if (mEnableDailyUpdates && mDailyUpdates != null
- && mDailyUpdates.size() > 0) {
+ if (mEnableDailyUpdates &&
+ mDailyUpdates != null && mDailyUpdates.size() > 0) {
int n = 0;
- if (mDailyUpdates.size() == 1
- && mDailyUpdates.elementAt(0).size() == 1
- && mEnableUpdateFreq && mAutoUpdateInterval > 0) {
+ if (mDailyUpdates.size() == 1 && mDailyUpdates.elementAt(0).size() == 1 &&
+ mEnableUpdateFreq && mAutoUpdateInterval > 0) {
// Interval updates with starting time
- long firstTime = MINUTE
- * ((Integer) mDailyUpdates.elementAt(0).elementAt(0))
- .longValue();
+ long firstTime = MINUTE * ((Integer)mDailyUpdates.elementAt(0).elementAt(0)).longValue();
long t = firstTime;
long interval = mAutoUpdateInterval;
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta)
- && isDeltaEnabled && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) &&
+ isDeltaEnabled && mUpdateSchema > 1) {
interval *= mUpdateSchema;
}
- while (t < oneDay) {
- if (t - mMinUpdateInterval > last)
- break;
+ while (t < oneDay) {
+ if (t - mMinUpdateInterval > last) break;
t += interval;
n++;
}
@@ -1620,8 +1542,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (t == firstTime) {
mSchemaCounter = 0;
} else if (n != mSchemaCounter) {
- if (mSchemaCounter != 0
- && (mSchemaCounter < n || n == 0)) {
+ if (mSchemaCounter != 0 && (mSchemaCounter < n || n == 0)) {
mSchemaCounter = n;
}
}
@@ -1643,12 +1564,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
// search the current day
for (i = 0; i < mDailyUpdates.elementAt(mCurrentDay).size(); i++) {
- long t = MINUTE
- * ((Integer) mDailyUpdates.elementAt(mCurrentDay)
- .elementAt(i)).longValue();
+ long t = MINUTE * ((Integer)mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue();
if (mEnableDailyUpdates && mExtendedTimeList) {
- if (mExtendedNextUpdate && (!fromLastUpdate)
- && (!delta) && isDeltaEnabled) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled) {
if (t < 0) {
t *= -1;
} else {
@@ -1661,11 +1579,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
if (t - mMinUpdateInterval > last) {
- if (mExtendedNextUpdate
- && (!fromLastUpdate)
- && (!(mEnableDailyUpdates && mExtendedTimeList))
- && (!delta) && isDeltaEnabled
- && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) && (!delta) &&
+ isDeltaEnabled && mUpdateSchema > 1) {
i += mUpdateSchema - ((i + m) % mUpdateSchema);
}
break;
@@ -1675,26 +1590,21 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (i < mDailyUpdates.elementAt(mCurrentDay).size()) {
// found inside the current day
- next = (MINUTE * ((Integer) mDailyUpdates.elementAt(
- mCurrentDay).elementAt(i)).longValue());
+ next = (MINUTE * ((Integer)mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue());
if (mEnableDailyUpdates && mExtendedTimeList && next < 0) {
next *= -1;
if (fromLastUpdate) {
mSchemaCounter = 0;
}
}
- next += ((lastDay < lastUpdateDay) ? lastDay
- : lastUpdateDay)
- + (oneDay * (mCurrentDay - mLastDay));
+ next += ((lastDay < lastUpdateDay)? lastDay: lastUpdateDay) + (oneDay * (mCurrentDay - mLastDay));
- if (fromLastUpdate
- && (!(mEnableDailyUpdates && mExtendedTimeList))) {
+ if (fromLastUpdate && (!(mEnableDailyUpdates && mExtendedTimeList))) {
n = n % mUpdateSchema;
if (i == 0 && mCurrentDay == 0) {
mSchemaCounter = 0;
} else if (n != mSchemaCounter) {
- if (mSchemaCounter != 0
- && ((n == 0 && mCurrentDay == 0) || mSchemaCounter < n)) {
+ if (mSchemaCounter != 0 && ((n == 0 && mCurrentDay == 0) || mSchemaCounter < n)) {
mSchemaCounter = n;
}
}
@@ -1706,20 +1616,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
long t = 0;
if (mDailyUpdates.size() > 1) {
while (nDays <= mDailyUpdates.size()) {
- int nextDay = (mCurrentDay + nDays)
- % mDailyUpdates.size();
+ int nextDay = (mCurrentDay + nDays) % mDailyUpdates.size();
if (j < mDailyUpdates.elementAt(nextDay).size()) {
- if (nextDay == 0
- && (!(mEnableDailyUpdates && mExtendedTimeList)))
- j = 0;
- t = MINUTE
- * ((Integer) mDailyUpdates.elementAt(
- nextDay).elementAt(j))
- .longValue();
+ if (nextDay == 0 && (!(mEnableDailyUpdates && mExtendedTimeList))) j = 0;
+ t = MINUTE * ((Integer)mDailyUpdates.elementAt(nextDay).elementAt(j)).longValue();
if (mEnableDailyUpdates && mExtendedTimeList) {
- if (mExtendedNextUpdate
- && (!fromLastUpdate) && (!delta)
- && isDeltaEnabled) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled) {
if (t < 0) {
t *= -1;
} else {
@@ -1742,8 +1644,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
nDays++;
}
}
- next = ((lastDay < lastUpdateDay) ? lastDay : lastUpdateDay)
- + (oneDay * nDays) + t;
+ next = ((lastDay < lastUpdateDay)? lastDay: lastUpdateDay) + (oneDay * nDays) + t;
if (fromLastUpdate && mDailyUpdates.size() < 2) {
mSchemaCounter = 0;
@@ -1752,49 +1653,49 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
} else if (mEnableUpdateFreq && mAutoUpdateInterval > 0) {
// Interval updates without starting time
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta)
- && isDeltaEnabled && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled && mUpdateSchema > 1) {
next = lastUpdate + (mUpdateSchema * mAutoUpdateInterval);
} else {
next = lastUpdate + mAutoUpdateInterval;
}
}
- if (fromLastUpdate && nextUpdate > 0
- && (nextUpdate < next || nextUpdate >= now)) {
+ if (fromLastUpdate && nextUpdate > 0 && (nextUpdate < next || nextUpdate >= now)) {
next = nextUpdate;
}
- CMS.debug("findNextUpdate: " + ((new Date(next)).toString())
- + ((fromLastUpdate) ? " delay: " + (next - now) : ""));
+ CMS.debug("findNextUpdate: "+((new Date(next)).toString())+((fromLastUpdate)? " delay: "+(next-now): ""));
- return (fromLastUpdate) ? next - now : next;
+ return (fromLastUpdate)? next-now: next;
}
+
/**
- * Implements Runnable interface. Defines auto-update logic used by worker
- * thread.
+ * Implements Runnable interface. Defines auto-update
+ * logic used by worker thread.
* <P>
*/
public void run() {
- while (mEnable
- && ((mEnableCRLCache && mCacheUpdateInterval > 0)
- || (mInitialized == CRL_IP_NOT_INITIALIZED)
- || mDoLastAutoUpdate || (mEnableCRLUpdates && ((mEnableDailyUpdates
- && mDailyUpdates != null && mTimeListSize > 0)
- || (mEnableUpdateFreq && mAutoUpdateInterval > 0) || mDoManualUpdate)))) {
+ while (mEnable && ((mEnableCRLCache && mCacheUpdateInterval > 0) ||
+ (mInitialized == CRL_IP_NOT_INITIALIZED) ||
+ mDoLastAutoUpdate || (mEnableCRLUpdates &&
+ ((mEnableDailyUpdates && mDailyUpdates != null &&
+ mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
+ mDoManualUpdate)))) {
synchronized (this) {
long delay = 0;
long delay2 = 0;
boolean doCacheUpdate = false;
- boolean scheduledUpdates = mEnableCRLUpdates
- && ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) || (mEnableUpdateFreq && mAutoUpdateInterval > 0));
+ boolean scheduledUpdates = mEnableCRLUpdates &&
+ ((mEnableDailyUpdates && mDailyUpdates != null &&
+ mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0));
if (mInitialized == CRL_IP_NOT_INITIALIZED)
initCRL();
- if (mInitialized == CRL_IP_INITIALIZED && (!mEnable))
- break;
+ if (mInitialized == CRL_IP_INITIALIZED && (!mEnable)) break;
if ((mEnableCRLUpdates && mDoManualUpdate) || mDoLastAutoUpdate) {
delay = 0;
@@ -1803,10 +1704,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (mEnableCRLCache && mCacheUpdateInterval > 0) {
- delay2 = mLastCacheUpdate + mCacheUpdateInterval
- - System.currentTimeMillis();
- if (delay2 < delay
- || (!(scheduledUpdates || mDoLastAutoUpdate || (mEnableCRLUpdates && mDoManualUpdate)))) {
+ delay2 = mLastCacheUpdate + mCacheUpdateInterval -
+ System.currentTimeMillis();
+ if (delay2 < delay ||
+ (!(scheduledUpdates || mDoLastAutoUpdate ||
+ (mEnableCRLUpdates && mDoManualUpdate)))) {
delay = delay2;
if (delay <= 0) {
doCacheUpdate = true;
@@ -1816,7 +1718,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (delay > 0) {
- try {
+ try {
wait(delay);
} catch (InterruptedException e) {
}
@@ -1824,22 +1726,18 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
if (doCacheUpdate) {
updateCRLCacheRepository();
- } else if (mAutoUpdateInterval > 0 || mDoLastAutoUpdate
- || mDoManualUpdate) {
+ } else if (mAutoUpdateInterval > 0 || mDoLastAutoUpdate || mDoManualUpdate) {
updateCRL();
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_CRL",
- (doCacheUpdate) ? "update CRL cache"
- : "update CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_CRL",
+ (doCacheUpdate)?"update CRL cache":"update CRL", e.toString()));
if (Debug.on()) {
- Debug.trace((doCacheUpdate) ? "update CRL cache"
- : "update CRL" + " error " + e);
+ Debug.trace((doCacheUpdate)?"update CRL cache":"update CRL" + " error " + e);
Debug.printStackTrace(e);
}
}
- // put this here to prevent continuous loop if internal
+ // put this here to prevent continuous loop if internal
// db is down.
if (mDoLastAutoUpdate)
mDoLastAutoUpdate = false;
@@ -1853,23 +1751,28 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mUpdateThread = null;
}
+
/**
- * Updates CRL and publishes it. If time elapsed since last CRL update is
- * less than minUpdateInterval silently returns. Otherwise determines
- * nextUpdate by adding autoUpdateInterval or minUpdateInterval to the
- * current time. If neither of the intervals are defined nextUpdate will be
- * null. Then using specified configuration parameters it formulates new
- * CRL, signs it, updates CRLIssuingPointRecord in the database and
- * publishes CRL in the directory.
+ * Updates CRL and publishes it.
+ * If time elapsed since last CRL update is less than
+ * minUpdateInterval silently returns.
+ * Otherwise determines nextUpdate by adding autoUpdateInterval or
+ * minUpdateInterval to the current time. If neither of the
+ * intervals are defined nextUpdate will be null.
+ * Then using specified configuration parameters it formulates new
+ * CRL, signs it, updates CRLIssuingPointRecord in the database
+ * and publishes CRL in the directory.
* <P>
*/
private void updateCRL() throws EBaseException {
/*
- * if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
- * (System.currentTimeMillis() - mLastUpdate.getTime() <
- * mMinUpdateInterval)) { // log or alternatively throw an Exception
- * return; }
- */
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
+ (System.currentTimeMillis() - mLastUpdate.getTime() <
+ mMinUpdateInterval)) {
+ // log or alternatively throw an Exception
+ return;
+ }
+ */
if (mDoManualUpdate && mSignatureAlgorithmForManualUpdate != null) {
updateCRLNow(mSignatureAlgorithmForManualUpdate);
} else {
@@ -1888,25 +1791,21 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mIncludeExpiredCerts)
filter += "(|";
- filter += "(" + CertRecord.ATTR_CERT_STATUS + "="
- + CertRecord.STATUS_REVOKED + ")";
+ filter += "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")";
if (mIncludeExpiredCerts)
- filter += "(" + CertRecord.ATTR_CERT_STATUS + "="
- + CertRecord.STATUS_REVOKED_EXPIRED + "))";
+ filter += "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))";
if (mCACertsOnly) {
filter += "(x509cert.BasicConstraints.isCA=on)";
}
- if (mProfileCertsOnly && mProfileList != null
- && mProfileList.size() > 0) {
+ if (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0) {
if (mProfileList.size() > 1) {
filter += "(|";
}
for (int k = 0; k < mProfileList.size(); k++) {
String id = mProfileList.elementAt(k);
- filter += "(" + CertRecord.ATTR_META_INFO + "=profileId:" + id
- + ")";
+ filter += "(" + CertRecord.ATTR_META_INFO + "=profileId:" + id + ")";
}
if (mProfileList.size() > 1) {
filter += ")";
@@ -1915,20 +1814,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// check if any ranges specified.
if (mBeginSerial != null) {
- filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString()
- + ")";
+ filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString() + ")";
}
if (mEndSerial != null) {
- filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString()
- + ")";
+ filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString() + ")";
}
// get all revoked non-expired certs.
- if (mEndSerial != null
- || mBeginSerial != null
- || mCACertsOnly
- || (mProfileCertsOnly && mProfileList != null && mProfileList
- .size() > 0)) {
+ if (mEndSerial != null || mBeginSerial != null || mCACertsOnly ||
+ (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0)) {
filter = "(&" + filter + ")";
}
@@ -1936,28 +1830,29 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Gets a enumeration of revoked certs to put into CRL. This does not
- * include expired certs. <i>Override this method to make a CRL other than
- * the full/complete CRL.</i>
- *
- * @return Enumeration of CertRecords to put into CRL.
+ * Gets a enumeration of revoked certs to put into CRL.
+ * This does not include expired certs.
+ * <i>Override this method to make a CRL other than the
+ * full/complete CRL.</i>
+ * @return Enumeration of CertRecords to put into CRL.
* @exception EBaseException if an error occured in the database.
*/
- public void processRevokedCerts(IElementProcessor p) throws EBaseException {
+ public void processRevokedCerts(IElementProcessor p)
+ throws EBaseException {
CertRecProcessor cp = (CertRecProcessor) p;
String filter = getFilter();
- // NOTE: dangerous cast.
+ // NOTE: dangerous cast.
// correct way would be to modify interface and add
// accessor but we don't want to touch the interface
- CertificateRepository cr = (CertificateRepository) mCertRepository;
+ CertificateRepository cr = (CertificateRepository)mCertRepository;
synchronized (cr.mCertStatusUpdateThread) {
CMS.debug("Starting processRevokedCerts (entered lock)");
- ICertRecordList list = mCertRepository.findCertRecordsInList(
- filter, new String[] { ICertRecord.ATTR_ID,
- ICertRecord.ATTR_REVO_INFO, "objectclass" },
- "serialno", mPageSize);
+ ICertRecordList list = mCertRepository.findCertRecordsInList(filter,
+ new String[] {ICertRecord.ATTR_ID, ICertRecord.ATTR_REVO_INFO, "objectclass" },
+ "serialno",
+ mPageSize);
int totalSize = list.getSize();
@@ -1995,24 +1890,21 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mEnableCacheRecovery) {
// 553815 - original filter was not aligned with any VLV index
// String filter = "(&(requeststate=complete)"+
- // "(|(requestType=" + IRequest.REVOCATION_REQUEST + ")"+
- // "(requestType=" + IRequest.UNREVOCATION_REQUEST + ")))";
+ // "(|(requestType=" + IRequest.REVOCATION_REQUEST + ")"+
+ // "(requestType=" + IRequest.UNREVOCATION_REQUEST + ")))";
String filter = "(requeststate=complete)";
if (Debug.on()) {
- Debug.trace("recoverCRLCache mFirstUnsaved=" + mFirstUnsaved
- + " filter=" + filter);
+ Debug.trace("recoverCRLCache mFirstUnsaved="+mFirstUnsaved+" filter="+filter);
}
IRequestQueue mQueue = mCA.getRequestQueue();
IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
- new RequestId(mFirstUnsaved), filter, 500, "requestId");
+ new RequestId(mFirstUnsaved), filter, 500, "requestId");
if (Debug.on()) {
- Debug.trace("recoverCRLCache size=" + list.getSize()
- + " index=" + list.getCurrentIndex());
+ Debug.trace("recoverCRLCache size="+list.getSize()+" index="+list.getCurrentIndex());
}
- CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this,
- mLogger, mAllowExtensions);
+ CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
boolean includeCert = true;
int s = list.getSize() - list.getCurrentIndex();
@@ -2027,44 +1919,29 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
continue;
}
if (Debug.on()) {
- Debug.trace("recoverCRLCache request="
- + request.getRequestId().toString() + " type="
- + request.getRequestType());
- }
- if (IRequest.REVOCATION_REQUEST
- .equals(request.getRequestType())) {
- RevokedCertImpl revokedCert[] = request
- .getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+ Debug.trace("recoverCRLCache request="+request.getRequestId().toString()+
+ " type="+request.getRequestType());
+ }
+ if (IRequest.REVOCATION_REQUEST.equals(request.getRequestType())) {
+ RevokedCertImpl revokedCert[] =
+ request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
for (int j = 0; j < revokedCert.length; j++) {
if (Debug.on()) {
- Debug.trace("recoverCRLCache R j="
- + j
- + " length="
- + revokedCert.length
- + " SerialNumber=0x"
- + revokedCert[j].getSerialNumber()
- .toString(16));
+ Debug.trace("recoverCRLCache R j="+j+" length="+revokedCert.length+
+ " SerialNumber=0x"+revokedCert[j].getSerialNumber().toString(16));
}
- if (cp != null)
- includeCert = cp
- .checkRevokedCertExtensions(revokedCert[j]
- .getExtensions());
- if (includeCert) {
- updateRevokedCert(REVOKED_CERT,
- revokedCert[j].getSerialNumber(),
- revokedCert[j]);
+ if(cp != null)
+ includeCert = cp.checkRevokedCertExtensions(revokedCert[j].getExtensions());
+ if(includeCert) {
+ updateRevokedCert(REVOKED_CERT, revokedCert[j].getSerialNumber(), revokedCert[j]);
}
}
- } else if (IRequest.UNREVOCATION_REQUEST.equals(request
- .getRequestType())) {
- BigInteger serialNo[] = request
- .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ } else if (IRequest.UNREVOCATION_REQUEST.equals(request.getRequestType())) {
+ BigInteger serialNo[] = request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
for (int j = 0; j < serialNo.length; j++) {
if (Debug.on()) {
- Debug.trace("recoverCRLCache U j=" + j
- + " length=" + serialNo.length
- + " SerialNumber=0x"
- + serialNo[j].toString(16));
+ Debug.trace("recoverCRLCache U j="+j+" length="+serialNo.length+
+ " SerialNumber=0x"+serialNo[j].toString(16));
}
updateRevokedCert(UNREVOKED_CERT, serialNo[j], null);
}
@@ -2072,13 +1949,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
try {
- mCRLRepository.updateRevokedCerts(mId, mRevokedCerts,
- mUnrevokedCerts);
+ mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
mCRLCacheIsCleared = false;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
}
} else {
clearCRLCache();
@@ -2099,33 +1974,32 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
private Extension getCRLExtension(String extName) {
- if (mAllowExtensions == false) {
+ if(mAllowExtensions == false) {
return null;
}
- if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) == false) {
+ if(mCMSCRLExtensions.isCRLExtensionEnabled(extName) == false) {
return null;
}
CMSCRLExtensions exts = (CMSCRLExtensions) this.getCRLExtensions();
CRLExtensions ext = new CRLExtensions();
-
+
Vector<String> extNames = exts.getCRLExtensionNames();
- for (int i = 0; i < extNames.size(); i++) {
- String curName = extNames.elementAt(i);
- if (curName.equals(extName)) {
- exts.addToCRLExtensions(ext, extName, null);
+ for (int i = 0; i < extNames.size(); i++) {
+ String curName = extNames.elementAt(i);
+ if (curName.equals(extName)) {
+ exts.addToCRLExtensions(ext, extName, null);
+ }
+ }
+ Extension theExt = null;
+ try {
+ theExt = ext.get(extName);
+ } catch (Exception e) {
}
- }
- Extension theExt = null;
- try {
- theExt = ext.get(extName);
- } catch (Exception e) {
- }
- CMS.debug("CRLIssuingPoint.getCRLExtension extension: " + theExt);
- return theExt;
+ CMS.debug("CRLIssuingPoint.getCRLExtension extension: " + theExt);
+ return theExt;
}
-
/**
* get required crl entry extensions
*/
@@ -2134,8 +2008,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mAllowExtensions && exts != null && exts.size() > 0) {
entryExt = new CRLExtensions();
- Vector<String> extNames = mCMSCRLExtensions
- .getCRLEntryExtensionNames();
+ Vector<String> extNames = mCMSCRLExtensions.getCRLEntryExtensionNames();
for (int i = 0; i < extNames.size(); i++) {
String extName = extNames.elementAt(i);
@@ -2145,23 +2018,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
for (k = 0; k < exts.size(); k++) {
Extension ext = (Extension) exts.elementAt(k);
- String name = mCMSCRLExtensions.getCRLExtensionName(ext
- .getExtensionId().toString());
+ String name = mCMSCRLExtensions.getCRLExtensionName(
+ ext.getExtensionId().toString());
if (extName.equals(name)) {
- if (!(ext instanceof CRLReasonExtension)
- || (((CRLReasonExtension) ext).getReason()
- .toInt() > RevocationReason.UNSPECIFIED
- .toInt())) {
- mCMSCRLExtensions.addToCRLExtensions(entryExt,
- extName, ext);
+ if (!(ext instanceof CRLReasonExtension) ||
+ (((CRLReasonExtension) ext).getReason().toInt() >
+ RevocationReason.UNSPECIFIED.toInt())) {
+ mCMSCRLExtensions.addToCRLExtensions(entryExt, extName, ext);
}
break;
}
}
if (k == exts.size()) {
- mCMSCRLExtensions.addToCRLExtensions(entryExt, extName,
- null);
+ mCMSCRLExtensions.addToCRLExtensions(entryExt, extName, null);
}
}
}
@@ -2177,22 +2047,24 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* update CRL cache with new revoked-unrevoked certificate info
*/
- private void updateRevokedCert(int certType, BigInteger serialNumber,
- RevokedCertImpl revokedCert) {
+ private void updateRevokedCert(int certType,
+ BigInteger serialNumber,
+ RevokedCertImpl revokedCert) {
updateRevokedCert(certType, serialNumber, revokedCert, null);
}
- private void updateRevokedCert(int certType, BigInteger serialNumber,
- RevokedCertImpl revokedCert, String requestId) {
+ private void updateRevokedCert(int certType,
+ BigInteger serialNumber,
+ RevokedCertImpl revokedCert,
+ String requestId) {
synchronized (cacheMonitor) {
- if (requestId != null && mFirstUnsaved != null
- && mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
+ if (requestId != null && mFirstUnsaved != null &&
+ mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
mFirstUnsaved = requestId;
try {
mCRLRepository.updateFirstUnsaved(mId, mFirstUnsaved);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
}
}
if (certType == REVOKED_CERT) {
@@ -2200,22 +2072,19 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mUnrevokedCerts.remove(serialNumber);
if (mCRLCerts.containsKey(serialNumber)) {
Date revocationDate = revokedCert.getRevocationDate();
- CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert
- .getExtensions());
- RevokedCertImpl newRevokedCert = new RevokedCertImpl(
- serialNumber, revocationDate, entryExt);
+ CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert.getExtensions());
+ RevokedCertImpl newRevokedCert =
+ new RevokedCertImpl(serialNumber, revocationDate, entryExt);
mCRLCerts.put(serialNumber, newRevokedCert);
}
} else {
Date revocationDate = revokedCert.getRevocationDate();
- CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert
- .getExtensions());
- RevokedCertImpl newRevokedCert = new RevokedCertImpl(
- serialNumber, revocationDate, entryExt);
+ CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert.getExtensions());
+ RevokedCertImpl newRevokedCert =
+ new RevokedCertImpl(serialNumber, revocationDate, entryExt);
- mRevokedCerts.put(serialNumber,
- (RevokedCertificate) newRevokedCert);
+ mRevokedCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
}
} else if (certType == UNREVOKED_CERT) {
if (mRevokedCerts.containsKey(serialNumber)) {
@@ -2224,16 +2093,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
CRLExtensions entryExt = new CRLExtensions();
try {
- entryExt.set(
- CRLReasonExtension.REMOVE_FROM_CRL.getName(),
- CRLReasonExtension.REMOVE_FROM_CRL);
+ entryExt.set(CRLReasonExtension.REMOVE_FROM_CRL.getName(),
+ CRLReasonExtension.REMOVE_FROM_CRL);
} catch (IOException e) {
}
- RevokedCertImpl newRevokedCert = new RevokedCertImpl(
- serialNumber, CMS.getCurrentDate(), entryExt);
+ RevokedCertImpl newRevokedCert = new RevokedCertImpl(serialNumber,
+ CMS.getCurrentDate(), entryExt);
- mUnrevokedCerts.put(serialNumber,
- (RevokedCertificate) newRevokedCert);
+ mUnrevokedCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
}
}
}
@@ -2242,34 +2109,27 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* registers revoked certificates
*/
- public void addRevokedCert(BigInteger serialNumber,
- RevokedCertImpl revokedCert) {
+ public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert) {
addRevokedCert(serialNumber, revokedCert, null);
}
- public void addRevokedCert(BigInteger serialNumber,
- RevokedCertImpl revokedCert, String requestId) {
+ public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert,
+ String requestId) {
- CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger,
- mAllowExtensions);
+ CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
boolean includeCert = true;
- if (cp != null)
- includeCert = cp.checkRevokedCertExtensions(revokedCert
- .getExtensions());
+ if(cp != null)
+ includeCert = cp.checkRevokedCertExtensions(revokedCert.getExtensions());
if (mEnable && mEnableCRLCache && includeCert == true) {
- updateRevokedCert(REVOKED_CERT, serialNumber, revokedCert,
- requestId);
+ updateRevokedCert(REVOKED_CERT, serialNumber, revokedCert, requestId);
if (mCacheUpdateInterval == 0) {
try {
- mCRLRepository.updateRevokedCerts(mId, mRevokedCerts,
- mUnrevokedCerts);
+ mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_STORE_REVOKED_CERT", mId,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_REVOKED_CERT", mId, e.toString()));
}
}
}
@@ -2288,13 +2148,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mCacheUpdateInterval == 0) {
try {
- mCRLRepository.updateRevokedCerts(mId, mRevokedCerts,
- mUnrevokedCerts);
+ mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_STORE_UNREVOKED_CERT", mId,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_UNREVOKED_CERT", mId, e.toString()));
}
}
}
@@ -2311,23 +2168,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
entryExt.set(CRLReasonExtension.REMOVE_FROM_CRL.getName(),
- CRLReasonExtension.REMOVE_FROM_CRL);
+ CRLReasonExtension.REMOVE_FROM_CRL);
} catch (IOException e) {
}
- RevokedCertImpl newRevokedCert = new RevokedCertImpl(
- serialNumber, CMS.getCurrentDate(), entryExt);
+ RevokedCertImpl newRevokedCert = new RevokedCertImpl(serialNumber,
+ CMS.getCurrentDate(), entryExt);
- mExpiredCerts.put(serialNumber,
- (RevokedCertificate) newRevokedCert);
+ mExpiredCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
}
if (mCacheUpdateInterval == 0) {
try {
mCRLRepository.updateExpiredCerts(mId, mExpiredCerts);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_STORE_EXPIRED_CERT", mId,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_EXPIRED_CERT", mId, e.toString()));
}
}
}
@@ -2339,23 +2193,19 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
synchronized (repositoryMonitor) {
try {
mCRLRepository.updateCRLCache(mId, Long.valueOf(mCRLSize),
- mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
+ mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
}
}
}
public boolean isDeltaCRLEnabled() {
- return (mAllowExtensions
- && mEnableCRLCache
- && mCMSCRLExtensions
- .isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME)
- && mCMSCRLExtensions
- .isCRLExtensionEnabled(CRLNumberExtension.NAME) && mCMSCRLExtensions
- .isCRLExtensionEnabled(CRLReasonExtension.NAME));
+ return (mAllowExtensions && mEnableCRLCache &&
+ mCMSCRLExtensions.isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME) &&
+ mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) &&
+ mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.NAME));
}
public boolean isThisCurrentDeltaCRL(X509CRLImpl deltaCRL) {
@@ -2369,19 +2219,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = (Extension) crlExtensions.elementAt(k);
- if (DeltaCRLIndicatorExtension.OID.equals(ext
- .getExtensionId().toString())) {
+ if (DeltaCRLIndicatorExtension.OID.equals(ext.getExtensionId().toString())) {
DeltaCRLIndicatorExtension dExt = (DeltaCRLIndicatorExtension) ext;
BigInteger crlNumber = null;
try {
- crlNumber = (BigInteger) dExt
- .get(DeltaCRLIndicatorExtension.NUMBER);
+ crlNumber = (BigInteger) dExt.get(DeltaCRLIndicatorExtension.NUMBER);
} catch (IOException e) {
}
- if (crlNumber != null
- && (crlNumber.equals(mLastCRLNumber) || mLastCRLNumber
- .equals(BigInteger.ZERO))) {
+ if (crlNumber != null && (crlNumber.equals(mLastCRLNumber) ||
+ mLastCRLNumber.equals(BigInteger.ZERO))) {
result = true;
}
}
@@ -2397,7 +2244,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public boolean isCRLCacheEmpty() {
- return ((mCRLCerts != null) ? mCRLCerts.isEmpty() : true);
+ return ((mCRLCerts != null)? mCRLCerts.isEmpty(): true);
}
public boolean isCRLCacheTestingEnabled() {
@@ -2405,7 +2252,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public Date getRevocationDateFromCache(BigInteger serialNumber,
- boolean checkDeltaCache, boolean includeExpiredCerts) {
+ boolean checkDeltaCache,
+ boolean includeExpiredCerts) {
Date revocationDate = null;
if (mCRLCerts.containsKey(serialNumber)) {
@@ -2417,8 +2265,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
revocationDate = null;
}
if (mRevokedCerts.containsKey(serialNumber)) {
- revocationDate = mRevokedCerts.get(serialNumber)
- .getRevocationDate();
+ revocationDate = mRevokedCerts.get(serialNumber).getRevocationDate();
}
if (!includeExpiredCerts && mExpiredCerts.containsKey(serialNumber)) {
revocationDate = null;
@@ -2444,32 +2291,29 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* updates CRL and publishes it now
*/
- public void updateCRLNow() throws EBaseException {
+ public void updateCRLNow()
+ throws EBaseException {
updateCRLNow(null);
}
public synchronized void updateCRLNow(String signingAlgorithm)
- throws EBaseException {
+ throws EBaseException {
- if ((!mEnable) || (!mEnableCRLUpdates && !mDoLastAutoUpdate))
- return;
+ if ((!mEnable) || (!mEnableCRLUpdates && !mDoLastAutoUpdate)) return;
CMS.debug("Updating CRL");
- mLogger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATE_STARTED"),
- new Object[] {
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
+ CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATE_STARTED"),
+ new Object[] {
getId(),
getNextCRLNumber(),
Boolean.toString(isDeltaCRLEnabled()),
Boolean.toString(isCRLCacheEnabled()),
Boolean.toString(mEnableCacheRecovery),
Boolean.toString(mCRLCacheIsCleared),
- "" + mCRLCerts.size() + "," + mRevokedCerts.size()
- + "," + mUnrevokedCerts.size() + ","
- + mExpiredCerts.size() + "" });
+ ""+mCRLCerts.size()+","+mRevokedCerts.size()+","+mUnrevokedCerts.size()+","+mExpiredCerts.size()+""
+ }
+ );
mUpdatingCRL = CRL_UPDATE_STARTED;
if (signingAlgorithm == null || signingAlgorithm.length() == 0)
signingAlgorithm = mSigningAlgorithm;
@@ -2478,23 +2322,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Date nextUpdate = null;
Date nextDeltaUpdate = null;
- if (mEnableCRLUpdates
- && ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) || (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
+ if (mEnableCRLUpdates && ((mEnableDailyUpdates &&
+ mDailyUpdates != null && mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
- if ((!isDeltaCRLEnabled()) || mSchemaCounter == 0
- || mUpdateSchema == 1) {
+ if ((!isDeltaCRLEnabled()) || mSchemaCounter == 0 || mUpdateSchema == 1) {
nextUpdate = new Date(findNextUpdate(false, false));
mNextUpdate = new Date(nextUpdate.getTime());
}
if (isDeltaCRLEnabled()) {
- if (mUpdateSchema > 1
- || (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1)) {
+ if (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1)) {
nextDeltaUpdate = new Date(findNextUpdate(false, true));
- if (mExtendedNextUpdate && mSchemaCounter > 0
- && mNextUpdate != null
- && mNextUpdate.equals(nextDeltaUpdate)) {
- if (mEnableDailyUpdates && mExtendedTimeList
- && mTimeListSize > 1) {
+ if (mExtendedNextUpdate && mSchemaCounter > 0 &&
+ mNextUpdate != null && mNextUpdate.equals(nextDeltaUpdate)) {
+ if (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1) {
mSchemaCounter = mTimeListSize - 1;
} else {
mSchemaCounter = mUpdateSchema - 1;
@@ -2515,41 +2356,33 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mLastUpdate = thisUpdate;
// mNextUpdate = nextUpdate;
- mNextDeltaUpdate = (nextDeltaUpdate != null) ? new Date(
- nextDeltaUpdate.getTime()) : null;
+ mNextDeltaUpdate = (nextDeltaUpdate != null)? new Date(nextDeltaUpdate.getTime()): null;
if (nextUpdate != null) {
- nextUpdate.setTime((nextUpdate.getTime()) + mNextUpdateGracePeriod);
+ nextUpdate.setTime((nextUpdate.getTime())+mNextUpdateGracePeriod);
}
if (nextDeltaUpdate != null) {
- nextDeltaUpdate.setTime((nextDeltaUpdate.getTime())
- + mNextUpdateGracePeriod);
+ nextDeltaUpdate.setTime((nextDeltaUpdate.getTime())+mNextUpdateGracePeriod);
}
mSplits[0] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>)mRevokedCerts.clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>)mUnrevokedCerts.clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate> )mExpiredCerts.clone();
mSplits[0] += System.currentTimeMillis();
// starting from the beginning
- if ((!mEnableCRLCache)
- || ((mCRLCacheIsCleared && mCRLCerts.isEmpty()
- && clonedRevokedCerts.isEmpty()
- && clonedUnrevokedCerts.isEmpty() && clonedExpiredCerts
- .isEmpty())
- || (mCRLCerts.isEmpty() && (!clonedUnrevokedCerts
- .isEmpty()))
- || (mCRLCerts.size() < clonedUnrevokedCerts.size())
- || (mCRLCerts.isEmpty() && (mCRLSize > 0)) || (mCRLCerts
- .size() > 0 && mCRLSize == 0))) {
+ if ((!mEnableCRLCache) ||
+ ((mCRLCacheIsCleared && mCRLCerts.isEmpty() && clonedRevokedCerts.isEmpty() &&
+ clonedUnrevokedCerts.isEmpty() && clonedExpiredCerts.isEmpty()) ||
+ (mCRLCerts.isEmpty() && (!clonedUnrevokedCerts.isEmpty())) ||
+ (mCRLCerts.size() < clonedUnrevokedCerts.size()) ||
+ (mCRLCerts.isEmpty() && (mCRLSize > 0)) ||
+ (mCRLCerts.size() > 0 && mCRLSize == 0))) {
mSplits[5] -= System.currentTimeMillis();
mDeltaCRLSize = -1;
@@ -2559,17 +2392,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clonedExpiredCerts.clear();
mSchemaCounter = 0;
- IStatsSubsystem statsSub = (IStatsSubsystem) CMS
- .getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("generation");
+ statsSub.startTiming("generation");
}
- CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this,
- mLogger, mAllowExtensions);
+ CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
processRevokedCerts(cp);
if (statsSub != null) {
- statsSub.endTiming("generation");
+ statsSub.endTiming("generation");
}
mCRLCacheIsCleared = false;
@@ -2578,21 +2409,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (isDeltaCRLEnabled()) {
mSplits[1] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate> )clonedRevokedCerts.clone();
deltaCRLCerts.putAll(clonedUnrevokedCerts);
if (mIncludeExpiredCertsOneExtraTime) {
if (!clonedExpiredCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedExpiredCerts
- .keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedExpiredCerts.keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
- if ((mLastFullUpdate != null && mLastFullUpdate
- .after((mExpiredCerts.get(serialNumber))
- .getRevocationDate()))
- || mLastFullUpdate == null) {
- deltaCRLCerts.put(serialNumber,
- clonedExpiredCerts.get(serialNumber));
+ if ((mLastFullUpdate != null &&
+ mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
+ mLastFullUpdate == null) {
+ deltaCRLCerts.put(serialNumber, clonedExpiredCerts.get(serialNumber));
}
}
}
@@ -2603,16 +2430,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mLastCRLNumber = mCRLNumber;
CRLExtensions ext = new CRLExtensions();
- Vector<String> extNames = mCMSCRLExtensions
- .getCRLExtensionNames();
+ Vector<String> extNames = mCMSCRLExtensions.getCRLExtensionNames();
for (int i = 0; i < extNames.size(); i++) {
String extName = extNames.elementAt(i);
- if (mCMSCRLExtensions.isCRLExtensionEnabled(extName)
- && (!extName.equals(FreshestCRLExtension.NAME))) {
- mCMSCRLExtensions
- .addToCRLExtensions(ext, extName, null);
+ if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) &&
+ (!extName.equals(FreshestCRLExtension.NAME))) {
+ mCMSCRLExtensions.addToCRLExtensions(ext, extName, null);
}
}
mSplits[1] += System.currentTimeMillis();
@@ -2624,17 +2449,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
byte[] newDeltaCRL;
// #56123 - dont generate CRL if no revoked certificates
- if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+ if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
if (deltaCRLCerts.size() == 0) {
CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated");
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR",
- "No Revoked Certificates"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
}
}
X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
- AlgorithmId.get(signingAlgorithm), thisUpdate,
- nextDeltaUpdate, deltaCRLCerts, ext);
+ AlgorithmId.get(signingAlgorithm),
+ thisUpdate, nextDeltaUpdate, deltaCRLCerts, ext);
newX509DeltaCRL = mCA.sign(crl, signingAlgorithm);
newDeltaCRL = newX509DeltaCRL.getEncoded();
@@ -2642,51 +2465,47 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[3] -= System.currentTimeMillis();
mCRLRepository.updateDeltaCRL(mId, mNextDeltaCRLNumber,
- Long.valueOf(deltaCRLCerts.size()),
- mNextDeltaUpdate, newDeltaCRL);
+ Long.valueOf(deltaCRLCerts.size()), mNextDeltaUpdate, newDeltaCRL);
mSplits[3] += System.currentTimeMillis();
mDeltaCRLSize = deltaCRLCerts.size();
+
long totalTime = 0;
String splitTimes = " (";
for (int i = 1; i < mSplits.length && i < 5; i++) {
totalTime += mSplits[i];
- if (i > 1)
- splitTimes += ",";
+ if (i > 1) splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
splitTimes += ")";
- mLogger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
- new Object[] { getId(), getNextCRLNumber(),
- getCRLNumber(), getLastUpdate(),
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
+ new Object[] {
+ getId(),
+ getNextCRLNumber(),
+ getCRLNumber(),
+ getLastUpdate(),
getNextDeltaUpdate(),
- Long.toString(mDeltaCRLSize),
- Long.toString(totalTime) + splitTimes });
+ Long.toString(mDeltaCRLSize),
+ Long.toString(totalTime)+splitTimes
+ }
+ );
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (CRLException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (X509ExtensionException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (OutOfMemoryError e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
}
@@ -2696,16 +2515,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[4] += System.currentTimeMillis();
} catch (EBaseException e) {
newX509DeltaCRL = null;
- if (Debug.on())
+ if (Debug.on())
Debug.printStackTrace(e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_PUBLISH_DELTA",
- mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
newX509DeltaCRL = null;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_PUBLISH_DELTA",
- mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString()));
}
} else {
mDeltaCRLSize = -1;
@@ -2714,15 +2529,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[5] -= System.currentTimeMillis();
if (mSchemaCounter == 0) {
- if (((!mCRLCerts.isEmpty()) && ((!clonedRevokedCerts.isEmpty())
- || (!clonedUnrevokedCerts.isEmpty()) || (!clonedExpiredCerts
- .isEmpty())))
- || (mCRLCerts.isEmpty() && (mCRLSize == 0) && (!clonedRevokedCerts
- .isEmpty()))) {
+ if (((!mCRLCerts.isEmpty()) && ((!clonedRevokedCerts.isEmpty()) ||
+ (!clonedUnrevokedCerts.isEmpty()) || (!clonedExpiredCerts.isEmpty()))) ||
+ (mCRLCerts.isEmpty() && (mCRLSize == 0) && (!clonedRevokedCerts.isEmpty()))) {
if (!clonedUnrevokedCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedUnrevokedCerts
- .keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedUnrevokedCerts.keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
if (mCRLCerts.containsKey(serialNumber)) {
@@ -2733,27 +2545,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (!clonedRevokedCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedRevokedCerts
- .keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedRevokedCerts.keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
- mCRLCerts.put(serialNumber,
- mRevokedCerts.get(serialNumber));
+ mCRLCerts.put(serialNumber, mRevokedCerts.get(serialNumber));
mRevokedCerts.remove(serialNumber);
}
}
if (!clonedExpiredCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedExpiredCerts
- .keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedExpiredCerts.keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
- if ((!mIncludeExpiredCertsOneExtraTime)
- || (mLastFullUpdate != null && mLastFullUpdate
- .after((mExpiredCerts
- .get(serialNumber))
- .getRevocationDate()))
- || mLastFullUpdate == null) {
+ if ((!mIncludeExpiredCertsOneExtraTime) ||
+ (mLastFullUpdate != null &&
+ mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
+ mLastFullUpdate == null) {
if (mCRLCerts.containsKey(serialNumber)) {
mCRLCerts.remove(serialNumber);
}
@@ -2784,17 +2591,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mAllowExtensions) {
ext = new CRLExtensions();
- Vector<String> extNames = mCMSCRLExtensions
- .getCRLExtensionNames();
+ Vector<String> extNames = mCMSCRLExtensions.getCRLExtensionNames();
for (int i = 0; i < extNames.size(); i++) {
String extName = extNames.elementAt(i);
- if (mCMSCRLExtensions.isCRLExtensionEnabled(extName)
- && (!extName
- .equals(DeltaCRLIndicatorExtension.NAME))) {
- mCMSCRLExtensions
- .addToCRLExtensions(ext, extName, null);
+ if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) &&
+ (!extName.equals(DeltaCRLIndicatorExtension.NAME))) {
+ mCMSCRLExtensions.addToCRLExtensions(ext, extName, null);
}
}
}
@@ -2806,24 +2610,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
byte[] newCRL;
- CMS.debug("Making CRL with algorithm " + signingAlgorithm + " "
- + AlgorithmId.get(signingAlgorithm));
+ CMS.debug("Making CRL with algorithm " +
+ signingAlgorithm + " " + AlgorithmId.get(signingAlgorithm));
mSplits[7] -= System.currentTimeMillis();
// #56123 - dont generate CRL if no revoked certificates
- if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
- if (mCRLCerts.size() == 0) {
- CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated");
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR",
- "No Revoked Certificates"));
- }
+ if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+ if (mCRLCerts.size() == 0) {
+ CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated");
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
+ }
}
CMS.debug("before new X509CRLImpl");
X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
- AlgorithmId.get(signingAlgorithm), thisUpdate,
- nextUpdate, mCRLCerts, ext);
+ AlgorithmId.get(signingAlgorithm),
+ thisUpdate, nextUpdate, mCRLCerts, ext);
CMS.debug("before sign");
newX509CRL = mCA.sign(crl, signingAlgorithm);
@@ -2836,21 +2638,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[8] -= System.currentTimeMillis();
Date nextUpdateDate = mNextUpdate;
- if (isDeltaCRLEnabled()
- && (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList))
- && mNextDeltaUpdate != null) {
+ if (isDeltaCRLEnabled() && (mUpdateSchema > 1 ||
+ (mEnableDailyUpdates && mExtendedTimeList)) && mNextDeltaUpdate != null) {
nextUpdateDate = mNextDeltaUpdate;
}
if (mSaveMemory) {
- mCRLRepository.updateCRLIssuingPointRecord(mId, newCRL,
- thisUpdate, nextUpdateDate, mNextCRLNumber,
- Long.valueOf(mCRLCerts.size()));
+ mCRLRepository.updateCRLIssuingPointRecord(
+ mId, newCRL, thisUpdate, nextUpdateDate,
+ mNextCRLNumber, Long.valueOf(mCRLCerts.size()));
updateCRLCacheRepository();
} else {
- mCRLRepository.updateCRLIssuingPointRecord(mId, newCRL,
- thisUpdate, nextUpdateDate, mNextCRLNumber,
- Long.valueOf(mCRLCerts.size()), mRevokedCerts,
- mUnrevokedCerts, mExpiredCerts);
+ mCRLRepository.updateCRLIssuingPointRecord(
+ mId, newCRL, thisUpdate, nextUpdateDate,
+ mNextCRLNumber, Long.valueOf(mCRLCerts.size()),
+ mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
}
@@ -2862,10 +2663,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mNextCRLNumber = mCRLNumber.add(BigInteger.ONE);
mNextDeltaCRLNumber = mNextCRLNumber;
+
CMS.debug("Logging CRL Update to transaction log");
- long totalTime = 0;
- long crlTime = 0;
- long deltaTime = 0;
+ long totalTime = 0;
+ long crlTime = 0;
+ long deltaTime = 0;
String splitTimes = " (";
for (int i = 0; i < mSplits.length; i++) {
totalTime += mSplits[i];
@@ -2874,67 +2676,53 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} else {
crlTime += mSplits[i];
}
- if (i > 0)
- splitTimes += ",";
+ if (i > 0) splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
- splitTimes += "," + Long.toString(deltaTime) + ","
- + Long.toString(crlTime) + ","
- + Long.toString(totalTime) + ")";
- mLogger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"),
- new Object[] { getId(), getCRLNumber(),
- getLastUpdate(), getNextUpdate(),
+ splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," + Long.toString(totalTime) + ")";
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"),
+ new Object[] {
+ getId(),
+ getCRLNumber(),
+ getLastUpdate(),
+ getNextUpdate(),
Long.toString(mCRLSize),
Long.toString(totalTime),
Long.toString(crlTime),
- Long.toString(deltaTime) + splitTimes });
+ Long.toString(deltaTime)+splitTimes
+ }
+ );
CMS.debug("Finished Logging CRL Update to transaction log");
} catch (EBaseException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- if (Debug.on())
+ if (Debug.on())
Debug.printStackTrace(e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_SIGN_OR_STORE_CRL", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_CRL", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (NoSuchAlgorithmException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (CRLException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (X509ExtensionException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (OutOfMemoryError e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
}
try {
@@ -2946,15 +2734,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} catch (EBaseException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_PUBLISH_CRL",
- mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_PUBLISH_CRL",
- mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
}
}
@@ -2962,13 +2746,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mDeltaCRLNumber = mNextDeltaCRLNumber;
mNextDeltaCRLNumber = mDeltaCRLNumber.add(BigInteger.ONE);
}
-
- if ((!(mEnableDailyUpdates && mExtendedTimeList))
- || mSchemaCounter == 0)
- mSchemaCounter++;
- if ((mEnableDailyUpdates && mExtendedTimeList && mSchemaCounter >= mTimeListSize)
- || (mUpdateSchema > 1 && mSchemaCounter >= mUpdateSchema))
- mSchemaCounter = 0;
+
+ if ((!(mEnableDailyUpdates && mExtendedTimeList)) || mSchemaCounter == 0) mSchemaCounter++;
+ if ((mEnableDailyUpdates && mExtendedTimeList && mSchemaCounter >= mTimeListSize) ||
+ (mUpdateSchema > 1 && mSchemaCounter >= mUpdateSchema)) mSchemaCounter = 0;
mLastDay = mCurrentDay;
mUpdatingCRL = CRL_UPDATE_DONE;
@@ -2979,32 +2760,35 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* publish CRL. called from updateCRLNow() and init().
*/
- public void publishCRL() throws EBaseException {
+ public void publishCRL()
+ throws EBaseException {
publishCRL(null);
}
- protected void publishCRL(X509CRLImpl x509crl) throws EBaseException {
+ protected void publishCRL(X509CRLImpl x509crl)
+ throws EBaseException {
publishCRL(x509crl, false);
}
-
+
/*
- * The Session Context is a Hashtable, but without type information.
- * Suppress the warnings generated by adding to the session context
+ * The Session Context is a Hashtable, but without type information.
+ * Suppress the warnings generated by adding to the session context
+ *
*/
@SuppressWarnings("unchecked")
- protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
- throws EBaseException {
+ protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
+ throws EBaseException {
SessionContext sc = SessionContext.getContext();
- IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("crl_publishing");
+ statsSub.startTiming("crl_publishing");
}
if (mCountMod == 0) {
- sc.put(SC_CRL_COUNT, Integer.toString(mCount));
+ sc.put(SC_CRL_COUNT, Integer.toString(mCount));
} else {
- sc.put(SC_CRL_COUNT, Integer.toString(mCount % mCountMod));
+ sc.put(SC_CRL_COUNT, Integer.toString(mCount%mCountMod));
}
mCount++;
sc.put(SC_ISSUING_POINT_ID, mId);
@@ -3021,18 +2805,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (x509crl == null) {
crlRecord = mCRLRepository.readCRLIssuingPointRecord(mId);
if (crlRecord != null) {
- byte[] crl = (isDeltaCRL) ? crlRecord.getDeltaCRL()
- : crlRecord.getCRL();
+ byte[] crl = (isDeltaCRL) ? crlRecord.getDeltaCRL() : crlRecord.getCRL();
if (crl != null) {
x509crl = new X509CRLImpl(crl);
}
}
}
- if (x509crl != null && mPublisherProcessor != null
- && mPublisherProcessor.enabled()) {
- Enumeration<ILdapRule> rules = mPublisherProcessor
- .getRules(IPublisherProcessor.PROP_LOCAL_CRL);
+ if (x509crl != null &&
+ mPublisherProcessor != null && mPublisherProcessor.enabled()) {
+ Enumeration<ILdapRule> rules = mPublisherProcessor.getRules(IPublisherProcessor.PROP_LOCAL_CRL);
if (rules == null || !rules.hasMoreElements()) {
CMS.debug("CRL publishing is not enabled.");
} else {
@@ -3040,7 +2822,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mPublisherProcessor.publishCRL(mPublishDN, x509crl);
CMS.debug("CRL published to " + mPublishDN);
} else {
- mPublisherProcessor.publishCRL(x509crl, getId());
+ mPublisherProcessor.publishCRL(x509crl,getId());
CMS.debug("CRL published.");
}
}
@@ -3048,18 +2830,18 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} catch (Exception e) {
CMS.debug("Could not publish CRL. Error " + e);
CMS.debug("Could not publish CRL. ID " + mId);
- throw new EErrorPublishCRL(CMS.getUserMessage(
- "CMS_CA_ERROR_PUBLISH_CRL", mId, e.toString()));
+ throw new EErrorPublishCRL(
+ CMS.getUserMessage("CMS_CA_ERROR_PUBLISH_CRL", mId, e.toString()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("crl_publishing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("crl_publishing");
+ }
}
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CRLIssuingPoint " + mId + " - " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
+ "CRLIssuingPoint " + mId + " - " + msg);
}
void setConfigParam(String name, String value) {
@@ -3069,7 +2851,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
class RevocationRequestListener implements IRequestListener {
public void init(ISubsystem sys, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
}
public void set(String name, String val) {
@@ -3078,37 +2860,38 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
public void accept(IRequest r) {
String requestType = r.getRequestType();
- if (requestType.equals(IRequest.REVOCATION_REQUEST)
- || requestType.equals(IRequest.UNREVOCATION_REQUEST)
- || requestType.equals(IRequest.CLA_CERT4CRL_REQUEST)
- || requestType.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
+ if (requestType.equals(IRequest.REVOCATION_REQUEST) ||
+ requestType.equals(IRequest.UNREVOCATION_REQUEST) ||
+ requestType.equals(IRequest.CLA_CERT4CRL_REQUEST) ||
+ requestType.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
CMS.debug("Revocation listener called.");
// check if serial number is in begin/end range if set.
if (mBeginSerial != null || mEndSerial != null) {
- CMS.debug("Checking if serial number is between "
- + mBeginSerial + " and " + mEndSerial);
- BigInteger[] serialNos = r
- .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ CMS.debug(
+ "Checking if serial number is between " +
+ mBeginSerial + " and " + mEndSerial);
+ BigInteger[] serialNos =
+ r.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (serialNos == null || serialNos.length == 0) {
- X509CertImpl oldCerts[] = r
- .getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl oldCerts[] =
+ r.getExtDataInCertArray(IRequest.OLD_CERTS);
- if (oldCerts == null || oldCerts.length == 0)
+ if (oldCerts == null || oldCerts.length == 0)
return;
serialNos = new BigInteger[oldCerts.length];
for (int i = 0; i < oldCerts.length; i++) {
serialNos[i] = oldCerts[i].getSerialNumber();
}
}
-
+
boolean inRange = false;
for (int i = 0; i < serialNos.length; i++) {
- if ((mBeginSerial == null || serialNos[i]
- .compareTo(mBeginSerial) >= 0)
- && (mEndSerial == null || serialNos[i]
- .compareTo(mEndSerial) <= 0)) {
+ if ((mBeginSerial == null ||
+ serialNos[i].compareTo(mBeginSerial) >= 0) &&
+ (mEndSerial == null ||
+ serialNos[i].compareTo(mEndSerial) <= 0)) {
inRange = true;
}
}
@@ -3122,8 +2905,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLNow();
r.setExtData(mCrlUpdateStatus, IRequest.RES_SUCCESS);
if (mPublisherProcessor != null) {
- r.setExtData(mCrlPublishStatus,
- IRequest.RES_SUCCESS);
+ r.setExtData(mCrlPublishStatus, IRequest.RES_SUCCESS);
}
} catch (EErrorPublishCRL e) {
// error already logged in updateCRLNow();
@@ -3133,22 +2915,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
r.setExtData(mCrlPublishError, e);
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
r.setExtData(mCrlUpdateStatus, IRequest.RES_ERROR);
r.setExtData(mCrlUpdateError, e);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
if (Debug.on())
Debug.printStackTrace(e);
r.setExtData(mCrlUpdateStatus, IRequest.RES_ERROR);
- r.setExtData(
- mCrlUpdateError,
- new EBaseException(
- CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR",
- e.toString())));
+ r.setExtData(mCrlUpdateError,
+ new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())));
}
}
}
@@ -3156,6 +2933,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
+
class CertRecProcessor implements IElementProcessor {
private Hashtable<BigInteger, RevokedCertificate> mCRLCerts = null;
private boolean mAllowExtensions = false;
@@ -3166,109 +2944,107 @@ class CertRecProcessor implements IElementProcessor {
private boolean mIssuingDistPointEnabled = false;
private BitArray mOnlySomeReasons = null;
- public CertRecProcessor(Hashtable<BigInteger, RevokedCertificate> crlCerts,
- CRLIssuingPoint ip, ILogger logger, boolean allowExtensions) {
+ public CertRecProcessor(Hashtable<BigInteger, RevokedCertificate> crlCerts, CRLIssuingPoint ip, ILogger logger, boolean allowExtensions) {
mCRLCerts = crlCerts;
mLogger = logger;
mIP = ip;
mAllowExtensions = allowExtensions;
mIssuingDistPointAttempted = false;
- mIssuingDistPointEnabled = false;
+ mIssuingDistPointEnabled = false;
mOnlySomeReasons = null;
}
private boolean initCRLIssuingDistPointExtension() {
- boolean result = false;
- CMSCRLExtensions exts = null;
-
- if (mIssuingDistPointAttempted == true) {
- if ((mIssuingDistPointEnabled == true)
- && (mOnlySomeReasons != null)) {
- return true;
- } else {
- return false;
- }
- }
-
- mIssuingDistPointAttempted = true;
- exts = (CMSCRLExtensions) mIP.getCRLExtensions();
- if (exts == null) {
- return result;
- }
- boolean isIssuingDistPointExtEnabled = false;
- isIssuingDistPointExtEnabled = exts
- .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
- if (isIssuingDistPointExtEnabled == false) {
+ boolean result = false;
+ CMSCRLExtensions exts = null;
+
+ if(mIssuingDistPointAttempted == true) {
+ if((mIssuingDistPointEnabled == true) && (mOnlySomeReasons != null )) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ mIssuingDistPointAttempted = true;
+ exts = (CMSCRLExtensions) mIP.getCRLExtensions();
+ if(exts == null) {
+ return result;
+ }
+ boolean isIssuingDistPointExtEnabled = false;
+ isIssuingDistPointExtEnabled = exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
+ if(isIssuingDistPointExtEnabled == false) {
mIssuingDistPointEnabled = false;
return false;
}
mIssuingDistPointEnabled = true;
- // Get info out of the IssuingDistPointExtension
+ //Get info out of the IssuingDistPointExtension
CRLExtensions ext = new CRLExtensions();
Vector<String> extNames = exts.getCRLExtensionNames();
- for (int i = 0; i < extNames.size(); i++) {
- String extName = extNames.elementAt(i);
- if (extName.equals(IssuingDistributionPointExtension.NAME)) {
- exts.addToCRLExtensions(ext, extName, null);
+ for (int i = 0; i < extNames.size(); i++) {
+ String extName = extNames.elementAt(i);
+ if (extName.equals(IssuingDistributionPointExtension.NAME)) {
+ exts.addToCRLExtensions(ext, extName, null);
+ }
+ }
+ Extension issuingDistExt = null;
+ try {
+ issuingDistExt = ext.get(IssuingDistributionPointExtension.NAME);
+ } catch (Exception e) {
}
- }
- Extension issuingDistExt = null;
- try {
- issuingDistExt = ext.get(IssuingDistributionPointExtension.NAME);
- } catch (Exception e) {
- }
- IssuingDistributionPointExtension iExt = null;
- if (issuingDistExt != null)
- iExt = (IssuingDistributionPointExtension) issuingDistExt;
- IssuingDistributionPoint issuingDistributionPoint = null;
- if (iExt != null)
- issuingDistributionPoint = iExt.getIssuingDistributionPoint();
+ IssuingDistributionPointExtension iExt = null;
+ if(issuingDistExt != null)
+ iExt = (IssuingDistributionPointExtension) issuingDistExt;
+ IssuingDistributionPoint issuingDistributionPoint = null;
+ if(iExt != null)
+ issuingDistributionPoint = iExt.getIssuingDistributionPoint();
- BitArray onlySomeReasons = null;
+ BitArray onlySomeReasons = null;
- if (issuingDistributionPoint != null)
- onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
+ if(issuingDistributionPoint != null)
+ onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
- boolean applyReasonMatch = false;
- boolean reasonMatch = true;
+ boolean applyReasonMatch = false;
+ boolean reasonMatch = true;
- if (onlySomeReasons != null) {
- applyReasonMatch = !onlySomeReasons.toString().equals("0000000");
- CMS.debug("applyReasonMatch " + applyReasonMatch);
- if (applyReasonMatch == true) {
- mOnlySomeReasons = onlySomeReasons;
- result = true;
+ if(onlySomeReasons != null) {
+ applyReasonMatch = !onlySomeReasons.toString().equals("0000000");
+ CMS.debug("applyReasonMatch " + applyReasonMatch);
+ if(applyReasonMatch == true) {
+ mOnlySomeReasons = onlySomeReasons;
+ result = true;
+ }
}
- }
- return result;
+ return result;
}
- private boolean checkOnlySomeReasonsExtension(CRLExtensions entryExts) {
+ private boolean checkOnlySomeReasonsExtension(CRLExtensions entryExts)
+ {
boolean includeCert = true;
- // This is exactly how the Pretty Print code obtains the reason code
- // through the extensions
- if (entryExts == null) {
+ //This is exactly how the Pretty Print code obtains the reason code
+ //through the extensions
+ if(entryExts == null) {
return includeCert;
}
Extension crlReasonExt = null;
try {
- crlReasonExt = entryExts.get(CRLReasonExtension.NAME);
+ crlReasonExt = entryExts.get(CRLReasonExtension.NAME);
} catch (Exception e) {
return includeCert;
}
RevocationReason reason = null;
int reasonIndex = 0;
- if (crlReasonExt != null) {
+ if(crlReasonExt != null) {
try {
- CRLReasonExtension theReason = (CRLReasonExtension) crlReasonExt;
- reason = (RevocationReason) theReason.get("value");
- reasonIndex = reason.toInt();
- CMS.debug("revoked reason " + reason);
+ CRLReasonExtension theReason = (CRLReasonExtension) crlReasonExt;
+ reason = (RevocationReason) theReason.get("value");
+ reasonIndex = reason.toInt();
+ CMS.debug("revoked reason " + reason);
} catch (Exception e) {
return includeCert;
}
@@ -3276,37 +3052,37 @@ class CertRecProcessor implements IElementProcessor {
return includeCert;
}
boolean reasonMatch = false;
- if (reason != null) {
- if (mOnlySomeReasons != null) {
+ if(reason != null) {
+ if(mOnlySomeReasons != null) {
reasonMatch = mOnlySomeReasons.get(reasonIndex);
- if (reasonMatch != true) {
+ if(reasonMatch != true) {
includeCert = false;
} else {
CMS.debug("onlySomeReasons match! reason: " + reason);
}
}
}
-
+
return includeCert;
}
- public boolean checkRevokedCertExtensions(CRLExtensions crlExtensions) {
- // For now just check the onlySomeReason CRL IssuingDistributionPoint
- // extension
+ public boolean checkRevokedCertExtensions(CRLExtensions crlExtensions)
+ {
+ //For now just check the onlySomeReason CRL IssuingDistributionPoint extension
- boolean includeCert = true;
- if ((crlExtensions == null) || (mAllowExtensions == false)) {
+ boolean includeCert = true;
+ if((crlExtensions == null) || (mAllowExtensions == false)) {
return includeCert;
}
boolean inited = initCRLIssuingDistPointExtension();
- // If the CRLIssuingDistPointExtension is not available or
+ //If the CRLIssuingDistPointExtension is not available or
// if onlySomeReasons does not apply, bail.
- if (inited == false) {
+ if(inited == false) {
return includeCert;
- }
+ }
- // Check the onlySomeReasonsExtension
+ //Check the onlySomeReasonsExtension
includeCert = checkOnlySomeReasonsExtension(crlExtensions);
return includeCert;
@@ -3325,24 +3101,23 @@ class CertRecProcessor implements IElementProcessor {
crlExts = revInfo.getCRLEntryExtensions();
entryExt = mIP.getRequiredEntryExtensions(crlExts);
}
- RevokedCertificate newRevokedCert = new RevokedCertImpl(
- serialNumber, revocationDate, entryExt);
+ RevokedCertificate newRevokedCert =
+ new RevokedCertImpl(serialNumber, revocationDate, entryExt);
boolean includeCert = checkRevokedCertExtensions(crlExts);
if (includeCert == true) {
- mCRLCerts
- .put(serialNumber, (RevokedCertificate) newRevokedCert);
+ mCRLCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
if (serialNumber != null) {
- CMS.debug("Putting certificate serial: 0x"
- + serialNumber.toString(16) + " into CRL hashtable");
+ CMS.debug("Putting certificate serial: 0x"+serialNumber.toString(16)+" into CRL hashtable");
}
}
} catch (EBaseException e) {
- CMS.debug("CA failed constructing CRL entry: "
- + (mCRLCerts.size() + 1) + " " + e);
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ CMS.debug(
+ "CA failed constructing CRL entry: " +
+ (mCRLCerts.size() + 1) + " " + e);
+ throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
}
}
}
+
diff --git a/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java b/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
index f4e3a80ba..bb2043860 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
@@ -17,43 +17,44 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import java.math.BigInteger;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cmscore.dbs.CertRecord;
+
/**
- * A CRL Issuing point that contains revoked certs, include onces that have
- * expired.
+ * A CRL Issuing point that contains revoked certs, include onces that
+ * have expired.
*/
public class CRLWithExpiredCerts extends CRLIssuingPoint {
/**
- * overrides getRevokedCerts in CRLIssuingPoint to include all revoked
- * certs, including once that have expired.
- *
+ * overrides getRevokedCerts in CRLIssuingPoint to include
+ * all revoked certs, including once that have expired.
+ *
* @param thisUpdate parameter is ignored.
- *
+ *
* @exception EBaseException if an exception occured getting revoked
- * certificates from the database.
+ * certificates from the database.
*/
public String getFilter() {
// PLEASE DONT CHANGE THE FILTER. It is indexed.
// Changing it will degrade performance. See
// also com.netscape.certsetup.LDAPUtil.java
- String filter = "(|(" + CertRecord.ATTR_CERT_STATUS + "="
- + CertRecord.STATUS_REVOKED + ")" + "("
- + CertRecord.ATTR_CERT_STATUS + "="
- + CertRecord.STATUS_REVOKED_EXPIRED + "))";
+ String filter =
+ "(|(" + CertRecord.ATTR_CERT_STATUS + "=" +
+ CertRecord.STATUS_REVOKED + ")" +
+ "(" + CertRecord.ATTR_CERT_STATUS + "=" +
+ CertRecord.STATUS_REVOKED_EXPIRED + "))";
// check if any ranges specified.
- if (mBeginSerial != null)
- filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString()
- + ")";
+ if (mBeginSerial != null)
+ filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString() + ")";
if (mEndSerial != null)
- filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString()
- + ")";
- // get all revoked non-expired certs.
+ filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString() + ")";
+ // get all revoked non-expired certs.
if (mEndSerial != null || mBeginSerial != null) {
filter = "(&" + filter + ")";
}
diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
index cec5b2f2a..a81ae362a 100644
--- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -116,26 +117,25 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
import com.netscape.cmsutil.ocsp.UnknownInfo;
+
/**
- * A class represents a Certificate Authority that is responsible for
- * certificate specific operations.
+ * A class represents a Certificate Authority that is
+ * responsible for certificate specific operations.
* <P>
- *
+ *
* @author lhsiao
* @version $Revision$, $Date$
*/
-public class CertificateAuthority implements ICertificateAuthority,
- ICertAuthority, IOCSPService {
+public class CertificateAuthority implements ICertificateAuthority, ICertAuthority, IOCSPService {
public static final String OFFICIAL_NAME = "Certificate Manager";
- public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER(
- "1.3.6.1.5.5.7.48.1.2");
+ public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2");
protected ISubsystem mOwner = null;
protected IConfigStore mConfig = null;
protected ILogger mLogger = CMS.getLogger();
- protected Hashtable<String, CRLIssuingPoint> mCRLIssuePoints = new Hashtable<String, CRLIssuingPoint>();
- protected CRLIssuingPoint mMasterCRLIssuePoint = null; // the complete crl.
+ protected Hashtable<String, CRLIssuingPoint> mCRLIssuePoints = new Hashtable<String, CRLIssuingPoint>();
+ protected CRLIssuingPoint mMasterCRLIssuePoint = null; // the complete crl.
protected SigningUnit mSigningUnit;
protected SigningUnit mOCSPSigningUnit;
protected SigningUnit mCRLSigningUnit;
@@ -143,8 +143,8 @@ public class CertificateAuthority implements ICertificateAuthority,
protected X500Name mName = null;
protected X500Name mCRLName = null;
protected X500Name mOCSPName = null;
- protected String mNickname = null; // nickname of CA signing cert.
- protected String mOCSPNickname = null; // nickname of OCSP signing cert.
+ protected String mNickname = null; // nickname of CA signing cert.
+ protected String mOCSPNickname = null; // nickname of OCSP signing cert.
protected long mCertSerialNumberCounter = System.currentTimeMillis();
protected long mRequestID = System.currentTimeMillis();
@@ -185,7 +185,7 @@ public class CertificateAuthority implements ICertificateAuthority,
protected boolean mEnableOCSP;
protected int mFastSigning = FASTSIGNING_DISABLED;
- protected static final long SECOND = 1000; // 1000 milliseconds
+ protected static final long SECOND = 1000; // 1000 milliseconds
protected static final long MINUTE = 60 * SECOND;
protected static final long HOUR = 60 * MINUTE;
protected static final long DAY = 24 * HOUR;
@@ -197,7 +197,7 @@ public class CertificateAuthority implements ICertificateAuthority,
// for the notification listeners
- /**
+ /**
* Package constants
*/
@@ -261,12 +261,12 @@ public class CertificateAuthority implements ICertificateAuthority,
}
}
+
public void publishCRLNow() throws EBaseException {
if (mMasterCRLIssuePoint != null) {
mMasterCRLIssuePoint.publishCRL();
}
}
-
public ICRLPublisher getCRLPublisher() {
return mCRLPublisher;
}
@@ -286,108 +286,105 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Initializes this CA subsystem.
* <P>
- *
+ *
* @param owner owner of this subsystem
* @param config configuration of this subsystem
* @exception EBaseException failed to initialize this CA
*/
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config) throws
+ EBaseException {
- try {
- CMS.debug("CertificateAuthority init ");
- mOwner = owner;
- mConfig = config;
+ try {
+ CMS.debug("CertificateAuthority init ");
+ mOwner = owner;
+ mConfig = config;
- // init cert & crl database.
- initCaDatabases();
+ // init cert & crl database.
+ initCaDatabases();
- // init signing unit & CA cert.
- try {
- initSigUnit();
- // init default CA attributes like cert version, validity.
- initDefCaAttrs();
- } catch (EBaseException e) {
- if (CMS.isPreOpMode())
- ;
- else
- throw e;
- }
-
- // init web gateway.
- initWebGateway();
+ // init signing unit & CA cert.
+ try {
+ initSigUnit();
+ // init default CA attributes like cert version, validity.
+ initDefCaAttrs();
+ } catch (EBaseException e) {
+ if (CMS.isPreOpMode())
+ ;
+ else
+ throw e;
+ }
- mUseNonces = mConfig.getBoolean("enableNonces", true);
- mMaxNonces = mConfig.getInteger("maxNumberOfNonces", 100);
- if (mUseNonces) {
- mNonces = new Nonces(mMaxNonces);
- CMS.debug("CertificateAuthority init: Nonces enabled. ("
- + mNonces.size() + ")");
- }
+ // init web gateway.
+ initWebGateway();
- // init request queue and related modules.
- CMS.debug("CertificateAuthority init: initRequestQueue");
- initRequestQueue();
- if (CMS.isPreOpMode())
- return;
+ mUseNonces = mConfig.getBoolean("enableNonces", true);
+ mMaxNonces = mConfig.getInteger("maxNumberOfNonces", 100);
+ if (mUseNonces) {
+ mNonces = new Nonces(mMaxNonces);
+ CMS.debug("CertificateAuthority init: Nonces enabled. ("+mNonces.size()+")");
+ }
- // set certificate status to 10 minutes
- mCertRepot.setCertStatusUpdateInterval(
- mRequestQueue.getRequestRepository(),
- mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
- mConfig.getBoolean("listenToCloneModifications", false));
- mCertRepot.setConsistencyCheck(mConfig.getBoolean(
- "ConsistencyCheck", false));
- mCertRepot.setSkipIfInConsistent(mConfig.getBoolean(
- "SkipIfInConsistent", false));
+ // init request queue and related modules.
+ CMS.debug("CertificateAuthority init: initRequestQueue");
+ initRequestQueue();
+ if (CMS.isPreOpMode())
+ return;
- mService.init(config.getSubStore("connector"));
+ // set certificate status to 10 minutes
+ mCertRepot.setCertStatusUpdateInterval(
+ mRequestQueue.getRequestRepository(),
+ mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
+ mConfig.getBoolean("listenToCloneModifications", false));
+ mCertRepot.setConsistencyCheck(
+ mConfig.getBoolean("ConsistencyCheck", false));
+ mCertRepot.setSkipIfInConsistent(
+ mConfig.getBoolean("SkipIfInConsistent", false));
+
+ mService.init(config.getSubStore("connector"));
- initMiscellaneousListeners();
+ initMiscellaneousListeners();
- // instantiate CRL publisher
- IConfigStore cpStore = null;
+ // instantiate CRL publisher
+ IConfigStore cpStore = null;
- mByName = config.getBoolean("byName", true);
+ mByName = config.getBoolean("byName", true);
- cpStore = config.getSubStore("crlPublisher");
- if (cpStore != null && cpStore.size() > 0) {
- String publisherClass = cpStore.getString("class");
+ cpStore = config.getSubStore("crlPublisher");
+ if (cpStore != null && cpStore.size() > 0) {
+ String publisherClass = cpStore.getString("class");
- if (publisherClass != null) {
- try {
- Class pc = Class.forName(publisherClass);
-
- mCRLPublisher = (ICRLPublisher) pc.newInstance();
- mCRLPublisher.init(this, cpStore);
- } catch (ClassNotFoundException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- } catch (IllegalAccessException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- } catch (InstantiationException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- }
+ if (publisherClass != null) {
+ try {
+ Class pc = Class.forName(publisherClass);
+
+ mCRLPublisher = (ICRLPublisher)
+ pc.newInstance();
+ mCRLPublisher.init(this, cpStore);
+ } catch (ClassNotFoundException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ } catch (IllegalAccessException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ } catch (InstantiationException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
}
}
+ }
- // initialize publisher processor (publish remote admin
- // rely on this subsystem, so it has to be initialized)
- initPublish();
+ // initialize publisher processor (publish remote admin
+ // rely on this subsystem, so it has to be initialized)
+ initPublish();
- // Initialize CRL issuing points.
- // note CRL framework depends on DBS, CRYPTO and PUBLISHING
- // being functional.
- initCRL();
+ // Initialize CRL issuing points.
+ // note CRL framework depends on DBS, CRYPTO and PUBLISHING
+ // being functional.
+ initCRL();
- } catch (EBaseException e) {
- if (CMS.isPreOpMode())
- return;
- else
- throw e;
- }
+ } catch (EBaseException e) {
+ if (CMS.isPreOpMode())
+ return;
+ else
+ throw e;
+ }
}
/**
@@ -396,7 +393,7 @@ public class CertificateAuthority implements ICertificateAuthority,
public IRequestQueue getRequestQueue() {
return mRequestQueue;
}
-
+
/**
* registers listener
*/
@@ -509,7 +506,7 @@ public class CertificateAuthority implements ICertificateAuthority,
}
mService.startup();
mRequestQueue.recover();
-
+
// Note that this could be null.
// setup Admin operations
@@ -517,7 +514,7 @@ public class CertificateAuthority implements ICertificateAuthority,
initNotificationListeners();
startPublish();
- // startCRL();
+ // startCRL();
}
/**
@@ -527,7 +524,7 @@ public class CertificateAuthority implements ICertificateAuthority,
public void shutdown() {
Enumeration enums = mCRLIssuePoints.elements();
while (enums.hasMoreElements()) {
- CRLIssuingPoint point = (CRLIssuingPoint) enums.nextElement();
+ CRLIssuingPoint point = (CRLIssuingPoint)enums.nextElement();
point.shutdown();
}
@@ -580,7 +577,7 @@ public class CertificateAuthority implements ICertificateAuthority,
return mDefaultValidity;
}
- public SignatureAlgorithm getDefaultSignatureAlgorithm() {
+ public SignatureAlgorithm getDefaultSignatureAlgorithm() {
return mSigningUnit.getDefaultSignatureAlgorithm();
}
@@ -594,7 +591,8 @@ public class CertificateAuthority implements ICertificateAuthority,
public String getStartSerial() {
try {
- BigInteger serial = ((Repository) mCertRepot).getTheSerialNumber();
+ BigInteger serial =
+ ((Repository) mCertRepot).getTheSerialNumber();
if (serial == null)
return "";
@@ -602,7 +600,7 @@ public class CertificateAuthority implements ICertificateAuthority,
return serial.toString(16);
} catch (EBaseException e) {
// shouldn't get here.
- return "";
+ return "";
}
}
@@ -626,23 +624,24 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Retrieves certificate repository.
* <P>
- *
+ *
* @return certificate repository
*/
public ICertificateRepository getCertificateRepository() {
return mCertRepot;
}
-
+
/**
* Retrieves replica repository.
* <P>
- *
+ *
* @return replica repository
*/
public IReplicaIDRepository getReplicaRepository() {
return mReplicaRepot;
}
+
/**
* Retrieves CRL repository.
*/
@@ -657,7 +656,6 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Retrieves the CRL issuing point by id.
* <P>
- *
* @param id string id of the CRL issuing point
* @return CRL issuing point
*/
@@ -668,7 +666,6 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Enumerates CRL issuing points
* <P>
- *
* @return security service
*/
public Enumeration getCRLIssuingPoints() {
@@ -683,7 +680,7 @@ public class CertificateAuthority implements ICertificateAuthority,
* Adds CRL issuing point with the given identifier and description.
*/
public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id,
- boolean enable, String description) {
+ boolean enable, String description) {
crlSubStore.makeSubStore(id);
IConfigStore c = crlSubStore.getSubStore(id);
@@ -715,34 +712,26 @@ public class CertificateAuthority implements ICertificateAuthority,
// crl extensions
// AuthorityInformationAccess
c.putString("extension.AuthorityInformationAccess.enable", "false");
- c.putString("extension.AuthorityInformationAccess.critical",
- "false");
- c.putString("extension.AuthorityInformationAccess.type",
- "CRLExtension");
+ c.putString("extension.AuthorityInformationAccess.critical", "false");
+ c.putString("extension.AuthorityInformationAccess.type", "CRLExtension");
c.putString("extension.AuthorityInformationAccess.class",
- "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
- c.putString(
- "extension.AuthorityInformationAccess.numberOfAccessDescriptions",
- "1");
- c.putString("extension.AuthorityInformationAccess.accessMethod0",
- "caIssuers");
- c.putString(
- "extension.AuthorityInformationAccess.accessLocationType0",
- "URI");
- c.putString("extension.AuthorityInformationAccess.accessLocation0",
- "");
+ "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
+ c.putString("extension.AuthorityInformationAccess.numberOfAccessDescriptions", "1");
+ c.putString("extension.AuthorityInformationAccess.accessMethod0", "caIssuers");
+ c.putString("extension.AuthorityInformationAccess.accessLocationType0", "URI");
+ c.putString("extension.AuthorityInformationAccess.accessLocation0", "");
// AuthorityKeyIdentifier
c.putString("extension.AuthorityKeyIdentifier.enable", "false");
c.putString("extension.AuthorityKeyIdentifier.critical", "false");
c.putString("extension.AuthorityKeyIdentifier.type", "CRLExtension");
c.putString("extension.AuthorityKeyIdentifier.class",
- "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+ "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
// IssuerAlternativeName
c.putString("extension.IssuerAlternativeName.enable", "false");
c.putString("extension.IssuerAlternativeName.critical", "false");
c.putString("extension.IssuerAlternativeName.type", "CRLExtension");
c.putString("extension.IssuerAlternativeName.class",
- "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+ "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
c.putString("extension.IssuerAlternativeName.numNames", "0");
c.putString("extension.IssuerAlternativeName.nameType0", "");
c.putString("extension.IssuerAlternativeName.name0", "");
@@ -751,71 +740,62 @@ public class CertificateAuthority implements ICertificateAuthority,
c.putString("extension.CRLNumber.critical", "false");
c.putString("extension.CRLNumber.type", "CRLExtension");
c.putString("extension.CRLNumber.class",
- "com.netscape.cms.crl.CMSCRLNumberExtension");
+ "com.netscape.cms.crl.CMSCRLNumberExtension");
// DeltaCRLIndicator
c.putString("extension.DeltaCRLIndicator.enable", "false");
c.putString("extension.DeltaCRLIndicator.critical", "true");
c.putString("extension.DeltaCRLIndicator.type", "CRLExtension");
c.putString("extension.DeltaCRLIndicator.class",
- "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+ "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
// IssuingDistributionPoint
c.putString("extension.IssuingDistributionPoint.enable", "false");
c.putString("extension.IssuingDistributionPoint.critical", "true");
- c.putString("extension.IssuingDistributionPoint.type",
- "CRLExtension");
+ c.putString("extension.IssuingDistributionPoint.type", "CRLExtension");
c.putString("extension.IssuingDistributionPoint.class",
- "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+ "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
c.putString("extension.IssuingDistributionPoint.pointType", "");
c.putString("extension.IssuingDistributionPoint.pointName", "");
- c.putString(
- "extension.IssuingDistributionPoint.onlyContainsUserCerts",
- "false");
- c.putString(
- "extension.IssuingDistributionPoint.onlyContainsCACerts",
- "false");
- c.putString("extension.IssuingDistributionPoint.onlySomeReasons",
- "");
- // "keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
- c.putString("extension.IssuingDistributionPoint.indirectCRL",
- "false");
+ c.putString("extension.IssuingDistributionPoint.onlyContainsUserCerts", "false");
+ c.putString("extension.IssuingDistributionPoint.onlyContainsCACerts", "false");
+ c.putString("extension.IssuingDistributionPoint.onlySomeReasons", "");
+ //"keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
+ c.putString("extension.IssuingDistributionPoint.indirectCRL", "false");
// CRLReason
c.putString("extension.CRLReason.enable", "true");
c.putString("extension.CRLReason.critical", "false");
c.putString("extension.CRLReason.type", "CRLEntryExtension");
c.putString("extension.CRLReason.class",
- "com.netscape.cms.crl.CMSCRLReasonExtension");
+ "com.netscape.cms.crl.CMSCRLReasonExtension");
// HoldInstruction - removed by RFC 5280
// c.putString("extension.HoldInstruction.enable", "false");
// c.putString("extension.HoldInstruction.critical", "false");
- // c.putString("extension.HoldInstruction.type",
- // "CRLEntryExtension");
+ // c.putString("extension.HoldInstruction.type", "CRLEntryExtension");
// c.putString("extension.HoldInstruction.class",
- // "com.netscape.cms.crl.CMSHoldInstructionExtension");
+ // "com.netscape.cms.crl.CMSHoldInstructionExtension");
// c.putString("extension.HoldInstruction.instruction", "none");
// InvalidityDate
c.putString("extension.InvalidityDate.enable", "true");
c.putString("extension.InvalidityDate.critical", "false");
c.putString("extension.InvalidityDate.type", "CRLEntryExtension");
c.putString("extension.InvalidityDate.class",
- "com.netscape.cms.crl.CMSInvalidityDateExtension");
+ "com.netscape.cms.crl.CMSInvalidityDateExtension");
// CertificateIssuer
/*
- * c.putString("extension.CertificateIssuer.enable", "false");
- * c.putString("extension.CertificateIssuer.critical", "true");
- * c.putString("extension.CertificateIssuer.type",
- * "CRLEntryExtension");
- * c.putString("extension.CertificateIssuer.class",
- * "com.netscape.cms.crl.CMSCertificateIssuerExtension");
- * c.putString("extension.CertificateIssuer.numNames", "0");
- * c.putString("extension.CertificateIssuer.nameType0", "");
- * c.putString("extension.CertificateIssuer.name0", "");
+ c.putString("extension.CertificateIssuer.enable", "false");
+ c.putString("extension.CertificateIssuer.critical", "true");
+ c.putString("extension.CertificateIssuer.type", "CRLEntryExtension");
+ c.putString("extension.CertificateIssuer.class",
+ "com.netscape.cms.crl.CMSCertificateIssuerExtension");
+ c.putString("extension.CertificateIssuer.numNames", "0");
+ c.putString("extension.CertificateIssuer.nameType0", "");
+ c.putString("extension.CertificateIssuer.name0", "");
*/
// FreshestCRL
c.putString("extension.FreshestCRL.enable", "false");
c.putString("extension.FreshestCRL.critical", "false");
c.putString("extension.FreshestCRL.type", "CRLExtension");
c.putString("extension.FreshestCRL.class",
- "com.netscape.cms.crl.CMSFreshestCRLExtension");
+ "com.netscape.cms.crl.CMSFreshestCRLExtension");
c.putString("extension.FreshestCRL.numPoints", "0");
c.putString("extension.FreshestCRL.pointType0", "");
c.putString("extension.FreshestCRL.pointName0", "");
@@ -827,8 +807,7 @@ public class CertificateAuthority implements ICertificateAuthority,
try {
issuingPointClassName = c.getString(PROP_CLASS);
issuingPointClass = Class.forName(issuingPointClassName);
- issuingPoint = (CRLIssuingPoint) issuingPointClass
- .newInstance();
+ issuingPoint = (CRLIssuingPoint) issuingPointClass.newInstance();
issuingPoint.init(this, id, c);
mCRLIssuePoints.put(id, issuingPoint);
} catch (EPropertyNotFound e) {
@@ -866,8 +845,7 @@ public class CertificateAuthority implements ICertificateAuthority,
mCRLRepot.deleteCRLIssuingPointRecord(id);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("FAILED_REMOVING_CRL_IP_2", id,
- e.toString()));
+ CMS.getLogMessage("FAILED_REMOVING_CRL_IP_2", id, e.toString()));
}
}
}
@@ -875,7 +853,7 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Returns X500 name of the Certificate Authority
* <P>
- *
+ *
* @return CA name
*/
public X500Name getX500Name() {
@@ -893,7 +871,6 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Returns nickname of CA's signing cert.
* <p>
- *
* @return CA signing cert nickname.
*/
public String getNickname() {
@@ -903,7 +880,6 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Returns nickname of OCSP's signing cert.
* <p>
- *
* @return OCSP signing cert nickname.
*/
public String getOCSPNickname() {
@@ -913,7 +889,7 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Returns default signing unit used by this CA
* <P>
- *
+ *
* @return request identifier
*/
public ISigningUnit getSigningUnit() {
@@ -929,29 +905,28 @@ public class CertificateAuthority implements ICertificateAuthority,
}
public void setBasicConstraintMaxLen(int num) {
- mConfig.putString("Policy.rule.BasicConstraintsExt.maxPathLen", ""
- + num);
+ mConfig.putString("Policy.rule.BasicConstraintsExt.maxPathLen", "" + num);
}
/**
- * Signs CRL using the specified signature algorithm. If no algorithm is
- * specified the CA's default signing algorithm is used.
+ * Signs CRL using the specified signature algorithm.
+ * If no algorithm is specified the CA's default signing algorithm
+ * is used.
* <P>
- *
* @param crl the CRL to be signed.
- * @param algname the algorithm name to use. This is a JCA name such as
- * MD5withRSA, etc. If set to null the default signing algorithm
- * is used.
- *
+ * @param algname the algorithm name to use. This is a JCA name such
+ * as MD5withRSA, etc. If set to null the default signing algorithm
+ * is used.
+ *
* @return the signed CRL
*/
public X509CRLImpl sign(X509CRLImpl crl, String algname)
- throws EBaseException {
+ throws EBaseException {
X509CRLImpl signedcrl = null;
- IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long startTime = CMS.getCurrentDate().getTime();
@@ -984,57 +959,48 @@ public class CertificateAuthority implements ICertificateAuthority,
CMS.debug("Failed to add signature to CRL object.");
}
} catch (CRLException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
- e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} catch (X509ExtensionException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
- e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
- e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
- e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("signing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("signing");
+ }
}
return signedcrl;
}
/**
- * Signs the given certificate info using specified signing algorithm If no
- * algorithm is specified the CA's default algorithm is used.
+ * Signs the given certificate info using specified signing algorithm
+ * If no algorithm is specified the CA's default algorithm is used.
* <P>
- *
* @param certInfo the certificate info to be signed.
- * @param algname the signing algorithm to use. These are names defined in
- * JCA, such as MD5withRSA, etc. If null the CA's default signing
- * algorithm will be used.
+ * @param algname the signing algorithm to use. These are names defined
+ * in JCA, such as MD5withRSA, etc. If null the CA's default
+ * signing algorithm will be used.
* @return signed certificate
*/
- public X509CertImpl sign(X509CertInfo certInfo, String algname)
- throws EBaseException {
+ public X509CertImpl sign(X509CertInfo certInfo, String algname)
+ throws EBaseException {
X509CertImpl signedcert = null;
- IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long startTime = CMS.getCurrentDate().getTime();
@@ -1043,8 +1009,7 @@ public class CertificateAuthority implements ICertificateAuthority,
DerOutputStream tmp = new DerOutputStream();
if (certInfo == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_NO_CERTINFO"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_CERTINFO"));
return null;
}
@@ -1059,20 +1024,20 @@ public class CertificateAuthority implements ICertificateAuthority,
CMS.debug("sign cert encoding cert");
certInfo.encode(tmp);
byte[] rawCert = tmp.toByteArray();
-
+
// encode algorithm identifier
CMS.debug("sign cert encoding algorithm");
alg.encode(tmp);
-
+
CMS.debug("CA cert signing: signing cert");
byte[] signature = mSigningUnit.sign(rawCert, algname);
-
+
tmp.putBitString(signature);
-
+
// Wrap the signed data in a SEQUENCE { data, algorithm, sig }
out.write(DerValue.tag_Sequence, tmp);
- // log(ILogger.LL_INFO, "CertificateAuthority: done signing");
-
+ //log(ILogger.LL_INFO, "CertificateAuthority: done signing");
+
switch (mFastSigning) {
case FASTSIGNING_DISABLED:
signedcert = new X509CertImpl(out.toByteArray());
@@ -1085,55 +1050,52 @@ public class CertificateAuthority implements ICertificateAuthority,
default:
break;
}
- } catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
+ }
+ catch (NoSuchAlgorithmException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("signing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("signing");
+ }
}
return signedcert;
}
/**
- * Sign a byte array using the specified algorithm. If algorithm is null the
- * CA's default algorithm is used.
+ * Sign a byte array using the specified algorithm.
+ * If algorithm is null the CA's default algorithm is used.
* <p>
- *
- * @param data the data to be signed in a byte array.
+ * @param data the data to be signed in a byte array.
* @param algname the algorithm to use.
* @return the signature in a byte array.
- */
- public byte[] sign(byte[] data, String algname) throws EBaseException {
+ */
+ public byte[] sign(byte[] data, String algname)
+ throws EBaseException {
return mSigningUnit.sign(data, algname);
}
/**
* logs a message in the CA area.
- *
* @param level the debug level.
* @param msg the message to debug.
*/
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_CA, level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_CA,
+ level, msg);
}
/**
* Retrieves certificate chains of this CA.
- *
* @return this CA's cert chain.
*/
public CertificateChain getCACertChain() {
@@ -1142,18 +1104,18 @@ public class CertificateAuthority implements ICertificateAuthority,
public X509CertImpl getCACert() {
if (mCaCert != null) {
- return mCaCert;
+ return mCaCert;
}
// during configuration
try {
- String cert = mConfig.getString("signing.cert", null);
- if (cert != null) {
- return new X509CertImpl(CMS.AtoB(cert));
- }
+ String cert = mConfig.getString("signing.cert", null);
+ if (cert != null) {
+ return new X509CertImpl(CMS.AtoB(cert));
+ }
} catch (EBaseException e) {
- CMS.debug(e);
+ CMS.debug(e);
} catch (CertificateException e) {
- CMS.debug(e);
+ CMS.debug(e);
}
return null;
}
@@ -1163,10 +1125,10 @@ public class CertificateAuthority implements ICertificateAuthority,
}
public String[] getCASigningAlgorithms() {
- if (mCASigningAlgorithms != null)
+ if (mCASigningAlgorithms != null)
return mCASigningAlgorithms;
- if (mCaCert == null)
+ if (mCaCert == null)
return null; // CA not inited yet.
X509Key caPubKey = null;
@@ -1174,48 +1136,49 @@ public class CertificateAuthority implements ICertificateAuthority,
caPubKey = (X509Key) mCaCert.get(X509CertImpl.PUBLIC_KEY);
} catch (CertificateParsingException e) {
}
- if (caPubKey == null)
- return null; // something seriously wrong.
+ if (caPubKey == null)
+ return null; // something seriously wrong.
AlgorithmId alg = caPubKey.getAlgorithmId();
- if (alg == null)
- return null; // something seriously wrong.
+ if (alg == null)
+ return null; // something seriously wrong.
mCASigningAlgorithms = AlgorithmId.getSigningAlgorithms(alg);
if (mCASigningAlgorithms == null) {
- CMS.debug("CA - no signing algorithms for " + alg.getName());
+ CMS.debug(
+ "CA - no signing algorithms for " + alg.getName());
} else {
- CMS.debug("CA First signing algorithm is "
- + mCASigningAlgorithms[0]);
+ CMS.debug(
+ "CA First signing algorithm is " + mCASigningAlgorithms[0]);
}
return mCASigningAlgorithms;
}
- // ////////
- // Initialization routines.
+ //////////
+ // Initialization routines.
//
+
/**
* init CA signing unit & cert chain.
*/
- private void initSigUnit() throws EBaseException {
+ private void initSigUnit()
+ throws EBaseException {
try {
// init signing unit
mSigningUnit = new SigningUnit();
- IConfigStore caSigningCfg = mConfig
- .getSubStore(PROP_SIGNING_SUBSTORE);
+ IConfigStore caSigningCfg =
+ mConfig.getSubStore(PROP_SIGNING_SUBSTORE);
mSigningUnit.init(this, caSigningCfg);
CMS.debug("CA signing unit inited");
// for identrus
- IConfigStore CrlStore = mConfig
- .getSubStore(PROP_CRL_SIGNING_SUBSTORE);
+ IConfigStore CrlStore = mConfig.getSubStore(PROP_CRL_SIGNING_SUBSTORE);
if (CrlStore != null && CrlStore.size() > 0) {
mCRLSigningUnit = new SigningUnit();
- mCRLSigningUnit.init(this,
- mConfig.getSubStore(PROP_CRL_SIGNING_SUBSTORE));
+ mCRLSigningUnit.init(this, mConfig.getSubStore(PROP_CRL_SIGNING_SUBSTORE));
} else {
mCRLSigningUnit = mSigningUnit;
}
@@ -1223,44 +1186,43 @@ public class CertificateAuthority implements ICertificateAuthority,
// init cert chain
CryptoManager manager = CryptoManager.getInstance();
- int caChainNum = caSigningCfg.getInteger(PROP_CA_CHAIN_NUM, 0);
+ int caChainNum =
+ caSigningCfg.getInteger(PROP_CA_CHAIN_NUM, 0);
CMS.debug("cachainNum= " + caChainNum);
if (caChainNum > 0) {
// custom build chain (for cross cert chain)
// audit here ***
- IConfigStore chainStore = caSigningCfg
- .getSubStore(PROP_CA_CHAIN);
+ IConfigStore chainStore =
+ caSigningCfg.getSubStore(PROP_CA_CHAIN);
if (chainStore == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_OCSP_CHAIN",
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN",
"ca cert chain config error"));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_BUILD_CA_CHAIN_FAILED",
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED",
"ca cert chain config error"));
}
- java.security.cert.X509Certificate[] implchain = new java.security.cert.X509Certificate[caChainNum];
+ java.security.cert.X509Certificate[] implchain =
+ new java.security.cert.X509Certificate[caChainNum];
for (int i = 0; i < caChainNum; i++) {
String subtreeName = PROP_CA_CERT + i;
// cert file name must be full path
- String certFileName = chainStore.getString(subtreeName,
- null);
+ String certFileName =
+ chainStore.getString(subtreeName, null);
if ((certFileName == null) || certFileName.equals("")) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_OCSP_CHAIN",
- "cert file config error"));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_BUILD_CA_CHAIN_FAILED",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", "cert file config error"));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED",
"cert file config error"));
}
byte[] b64Bytes = getCertFromFile(certFileName);
String b64String = new String(b64Bytes);
- byte[] certBytes = KeyCertUtil
- .convertB64EToByteArray(b64String);
+ byte[] certBytes = KeyCertUtil.convertB64EToByteArray(b64String);
implchain[i] = new X509CertImpl(certBytes);
} // for
@@ -1269,10 +1231,11 @@ public class CertificateAuthority implements ICertificateAuthority,
CMS.debug("in init - custom built CA cert chain.");
} else {
// build ca chain the traditional way
- org.mozilla.jss.crypto.X509Certificate[] chain = manager
- .buildCertificateChain(mSigningUnit.getCert());
+ org.mozilla.jss.crypto.X509Certificate[] chain =
+ manager.buildCertificateChain(mSigningUnit.getCert());
// do this in case other subsyss expect a X509CertImpl
- java.security.cert.X509Certificate[] implchain = new java.security.cert.X509Certificate[chain.length];
+ java.security.cert.X509Certificate[] implchain =
+ new java.security.cert.X509Certificate[chain.length];
for (int i = 0; i < chain.length; i++) {
implchain[i] = new X509CertImpl(chain[i].getEncoded());
@@ -1281,23 +1244,22 @@ public class CertificateAuthority implements ICertificateAuthority,
CMS.debug("in init - got CA chain from JSS.");
}
- IConfigStore OCSPStore = mConfig
- .getSubStore(PROP_OCSP_SIGNING_SUBSTORE);
+ IConfigStore OCSPStore = mConfig.getSubStore(PROP_OCSP_SIGNING_SUBSTORE);
if (OCSPStore != null && OCSPStore.size() > 0) {
mOCSPSigningUnit = new SigningUnit();
- mOCSPSigningUnit.init(this,
- mConfig.getSubStore(PROP_OCSP_SIGNING_SUBSTORE));
+ mOCSPSigningUnit.init(this, mConfig.getSubStore(PROP_OCSP_SIGNING_SUBSTORE));
CMS.debug("Separate OCSP signing unit inited");
} else {
mOCSPSigningUnit = mSigningUnit;
CMS.debug("Shared OCSP signing unit inited");
}
- org.mozilla.jss.crypto.X509Certificate[] ocspChain = manager
- .buildCertificateChain(mOCSPSigningUnit.getCert());
+ org.mozilla.jss.crypto.X509Certificate[] ocspChain =
+ manager.buildCertificateChain(mOCSPSigningUnit.getCert());
// do this in case other subsyss expect a X509CertImpl
- java.security.cert.X509Certificate[] ocspImplchain = new java.security.cert.X509Certificate[ocspChain.length];
+ java.security.cert.X509Certificate[] ocspImplchain =
+ new java.security.cert.X509Certificate[ocspChain.length];
for (int i = 0; i < ocspChain.length; i++) {
ocspImplchain[i] = new X509CertImpl(ocspChain[i].getEncoded());
@@ -1323,47 +1285,40 @@ public class CertificateAuthority implements ICertificateAuthority,
CMS.debug("in init - got CA name " + mName);
} catch (CryptoManager.NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGNING",
- e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGNING", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
} catch (CertificateException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
} catch (FileNotFoundException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
} catch (IOException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
} catch (TokenException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
}
}
/**
* read ca cert from path, converts and bytes
*/
- byte[] getCertFromFile(String path) throws FileNotFoundException,
- IOException {
+ byte[] getCertFromFile(String path)
+ throws FileNotFoundException, IOException {
File file = new File(path);
Long l = Long.valueOf(file.length());
@@ -1375,30 +1330,33 @@ public class CertificateAuthority implements ICertificateAuthority,
return b;
}
- /**
+ /**
* init default cert attributes.
*/
- private void initDefCaAttrs() throws EBaseException {
- int version = mConfig.getInteger(PROP_X509CERT_VERSION,
+ private void initDefCaAttrs()
+ throws EBaseException {
+ int version = mConfig.getInteger(PROP_X509CERT_VERSION,
CertificateVersion.V3);
- if (version != CertificateVersion.V1
- && version != CertificateVersion.V3) {
+ if (version != CertificateVersion.V1 &&
+ version != CertificateVersion.V3) {
throw new ECAException(
CMS.getUserMessage("CMS_CA_X509CERT_VERSION_NOT_SUPPORTED"));
}
try {
mDefaultCertVersion = new CertificateVersion(version - 1);
} catch (IOException e) {
- // should never occur.
+ // should never occur.
}
int validity_in_days = mConfig.getInteger(PROP_DEF_VALIDITY, 2 * 365);
mDefaultValidity = validity_in_days * DAY; // days in config file.
- mEnablePastCATime = mConfig.getBoolean(PROP_ENABLE_PAST_CATIME, false);
- mEnableOCSP = mConfig.getBoolean(PROP_ENABLE_OCSP, true);
+ mEnablePastCATime =
+ mConfig.getBoolean(PROP_ENABLE_PAST_CATIME, false);
+ mEnableOCSP =
+ mConfig.getBoolean(PROP_ENABLE_OCSP, true);
String fs = mConfig.getString(PROP_FAST_SIGNING, "");
@@ -1413,29 +1371,29 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* init cert & crl database
*/
- private void initCaDatabases() throws EBaseException {
+ private void initCaDatabases()
+ throws EBaseException {
int certdb_inc = mConfig.getInteger(PROP_CERTDB_INC, 5);
String certReposDN = mConfig.getString(PROP_CERT_REPOS_DN, null);
- if (certReposDN == null) {
- certReposDN = "ou=certificateRepository, ou=" + getId() + ", "
- + getDBSubsystem().getBaseDN();
+ if (certReposDN == null) {
+ certReposDN = "ou=certificateRepository, ou=" + getId() +
+ ", " + getDBSubsystem().getBaseDN();
}
String reposDN = mConfig.getString(PROP_REPOS_DN, null);
- if (reposDN == null) {
- reposDN = "ou=certificateRepository, ou=" + getId() + ", "
- + getDBSubsystem().getBaseDN();
+ if (reposDN == null) {
+ reposDN = "ou=certificateRepository, ou=" + getId() +
+ ", " + getDBSubsystem().getBaseDN();
}
- int transitMaxRecords = mConfig.getInteger(
- PROP_CERTDB_TRANS_MAXRECORDS, 1000000);
- int transitRecordPageSize = mConfig.getInteger(
- PROP_CERTDB_TRANS_PAGESIZE, 200);
+ int transitMaxRecords = mConfig.getInteger(PROP_CERTDB_TRANS_MAXRECORDS, 1000000);
+ int transitRecordPageSize = mConfig.getInteger(PROP_CERTDB_TRANS_PAGESIZE, 200);
- mCertRepot = new CertificateRepository(DBSubsystem.getInstance(),
- certReposDN, certdb_inc, reposDN);
+ mCertRepot = new CertificateRepository(
+ DBSubsystem.getInstance(),
+ certReposDN, certdb_inc, reposDN);
mCertRepot.setTransitMaxRecords(transitMaxRecords);
mCertRepot.setTransitRecordPageSize(transitRecordPageSize);
@@ -1446,17 +1404,19 @@ public class CertificateAuthority implements ICertificateAuthority,
int crldb_inc = mConfig.getInteger(PROP_CRLDB_INC, 5);
- mCRLRepot = new CRLRepository(DBSubsystem.getInstance(), crldb_inc,
- "ou=crlIssuingPoints, ou=" + getId() + ", "
- + getDBSubsystem().getBaseDN());
+ mCRLRepot = new CRLRepository(
+ DBSubsystem.getInstance(),
+ crldb_inc,
+ "ou=crlIssuingPoints, ou=" + getId() + ", " +
+ getDBSubsystem().getBaseDN());
CMS.debug("CRL Repot inited");
String replicaReposDN = mConfig.getString(PROP_REPLICAID_DN, null);
if (replicaReposDN == null) {
- replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
+ replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
}
- mReplicaRepot = new ReplicaIDRepository(DBSubsystem.getInstance(), 1,
- replicaReposDN);
+ mReplicaRepot = new ReplicaIDRepository(
+ DBSubsystem.getInstance(), 1, replicaReposDN);
CMS.debug("Replica Repot inited");
}
@@ -1464,11 +1424,13 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* init web gateway - just gets the ee gateway for this CA.
*/
- private void initWebGateway() throws EBaseException {
+ private void initWebGateway()
+ throws EBaseException {
}
- private void startPublish() throws EBaseException {
- // xxx Note that CMS411 only support ca cert publishing to ldap
+ private void startPublish()
+ throws EBaseException {
+ //xxx Note that CMS411 only support ca cert publishing to ldap
// if ldap publishing is not enabled while publishing isenabled
// there will be a lot of problem.
try {
@@ -1478,36 +1440,34 @@ public class CertificateAuthority implements ICertificateAuthority,
}
} catch (ELdapException e) {
// exception not thrown - not seen as a fatal error.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_PUBLISH", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_PUBLISH", e.toString()));
}
}
/**
* init publishing
*/
- private void initPublish() throws EBaseException {
+ private void initPublish()
+ throws EBaseException {
IConfigStore c = null;
try {
c = mConfig.getSubStore(PROP_PUBLISH_SUBSTORE);
if (c != null && c.size() > 0) {
- mPublisherProcessor = new PublisherProcessor(getId() + "pp");
+ mPublisherProcessor = new PublisherProcessor(
+ getId() + "pp");
mPublisherProcessor.init(this, c);
CMS.debug("Publishing inited");
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISH"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISH"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_INIT_PUBLISH_MODULE_FAILED"));
}
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_ERROR_PUBLISH_MODULE",
- e.toString()));
- // throw new ECAException(
- // CAResources.INIT_PUBLISH_MODULE_FAILED, e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_ERROR_PUBLISH_MODULE", e.toString()));
+ //throw new ECAException(
+ // CAResources.INIT_PUBLISH_MODULE_FAILED, e);
}
}
@@ -1528,7 +1488,7 @@ public class CertificateAuthority implements ICertificateAuthority,
while (names.hasMoreElements()) {
String id = (String) names.nextElement();
- if (Debug.ON)
+ if (Debug.ON)
Debug.trace("registering listener impl: " + id);
String cl = implc.getString(id + "." + PROP_CLASS);
@@ -1547,50 +1507,42 @@ public class CertificateAuthority implements ICertificateAuthority,
Debug.trace("registering listener instance: " + id);
IConfigStore iConfig = instc.getSubStore(id);
String implName = instc.getString(id + "." + PROP_PLUGIN);
- ListenerPlugin plugin = (ListenerPlugin) mListenerPlugins
- .get(implName);
+ ListenerPlugin plugin = (ListenerPlugin) mListenerPlugins.get(implName);
if (plugin == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_ERROR_LISTENER", implName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_ERROR_LISTENER", implName));
throw new Exception("Cannot initialize");
}
String className = plugin.getClassPath();
-
+
try {
IRequestListener listener = null;
- listener = (IRequestListener) Class.forName(className)
- .newInstance();
+ listener = (IRequestListener)
+ Class.forName(className).newInstance();
- // listener.init(id, implName, iConfig);
+ //listener.init(id, implName, iConfig);
listener.init(this, iConfig);
- // registerRequestListener(id, (IRequestListener)
- // listener);
- // log(ILogger.LL_INFO,
- // "Listener instance " + id + " added");
+ // registerRequestListener(id, (IRequestListener) listener);
+ //log(ILogger.LL_INFO,
+ // "Listener instance " + id + " added");
} catch (Exception e) {
if (Debug.ON) {
e.printStackTrace();
}
Debug.trace("failed to add listener instance");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage(
- "CMSCORE_CA_CA_INIT_LISTENER", id,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_INIT_LISTENER", id, e.toString()));
throw e;
}
}
-
+
}
-
+
} catch (Exception e) {
- log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_CA_CA_FAILED_LISTENER",
- e.toString()));
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CA_FAILED_LISTENER", e.toString()));
}
-
+
}
/**
@@ -1604,79 +1556,63 @@ public class CertificateAuthority implements ICertificateAuthority,
if (nc != null && nc.size() > 0) {
// Initialize Certificate Issued notification listener
- String certificateIssuedListenerClassName = nc.getString(
- "certificateIssuedListenerClassName",
- "com.netscape.cms.listeners.CertificateIssuedListener");
+ String certificateIssuedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateIssuedListener");
try {
- mCertIssuedListener = (IRequestListener) Class.forName(
- certificateIssuedListenerClassName).newInstance();
+ mCertIssuedListener = (IRequestListener) Class.forName(certificateIssuedListenerClassName).newInstance();
mCertIssuedListener.init(this, nc);
} catch (Exception e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_REGISTER_LISTENER",
- certificateIssuedListenerClassName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateIssuedListenerClassName));
}
// Initialize Revoke Request notification listener
-
- String certificateRevokedListenerClassName = nc
- .getString("certificateIssuedListenerClassName",
- "com.netscape.cms.listeners.CertificateRevokedListener");
+
+ String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateRevokedListener");
try {
- mCertRevokedListener = (IRequestListener) Class.forName(
- certificateRevokedListenerClassName).newInstance();
+ mCertRevokedListener = (IRequestListener) Class.forName(certificateRevokedListenerClassName).newInstance();
mCertRevokedListener.init(this, nc);
} catch (Exception e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_REGISTER_LISTENER",
- certificateRevokedListenerClassName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateRevokedListenerClassName));
}
// Initialize Request In Queue notification listener
IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE);
-
- String requestInQListenerClassName = nc.getString(
- "certificateIssuedListenerClassName",
- "com.netscape.cms.listeners.RequestInQListener");
+
+ String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.RequestInQListener");
try {
- mReqInQListener = (IRequestListener) Class.forName(
- requestInQListenerClassName).newInstance();
+ mReqInQListener = (IRequestListener) Class.forName(requestInQListenerClassName).newInstance();
mReqInQListener.init(this, nc);
} catch (Exception e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_CA_REGISTER_REQ_LISTENER",
- requestInQListenerClassName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_REQ_LISTENER", requestInQListenerClassName));
}
// Initialize extra listeners
IConfigStore mListenerConfig = null;
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_NONE"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_NONE"));
}
} catch (Exception e) {
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_FAILED"));
- // throw e;
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_FAILED"));
+ // throw e;
}
}
/**
* initialize request queue components
*/
- private void initRequestQueue() throws EBaseException {
+ private void initRequestQueue()
+ throws EBaseException {
mPolicy = new CAPolicy();
((CAPolicy) mPolicy).init(this, mConfig.getSubStore(PROP_POLICY));
CMS.debug("CA policy inited");
mService = new CAService(this);
CMS.debug("CA service inited");
- mNotify = new ARequestNotifier(this);
+ mNotify = new ARequestNotifier (this);
CMS.debug("CA notifier inited");
mPNotify = new ARequestNotifier();
CMS.debug("CA pending notifier inited");
@@ -1685,23 +1621,22 @@ public class CertificateAuthority implements ICertificateAuthority,
try {
int reqdb_inc = mConfig.getInteger("reqdbInc", 5);
- mRequestQueue = RequestSubsystem.getInstance().getRequestQueue(
- getId(), reqdb_inc, mPolicy, mService, mNotify, mPNotify);
+ mRequestQueue =
+ RequestSubsystem.getInstance().getRequestQueue(
+ getId(), reqdb_inc, mPolicy, mService, mNotify, mPNotify);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_QUEUE_FAILED",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_QUEUE_FAILED", e.toString()));
throw e;
}
// init request scheduler if configured
- String schedulerClass = mConfig
- .getString("requestSchedulerClass", null);
+ String schedulerClass =
+ mConfig.getString("requestSchedulerClass", null);
if (schedulerClass != null) {
- try {
- IRequestScheduler scheduler = (IRequestScheduler) Class
- .forName(schedulerClass).newInstance();
+ try {
+ IRequestScheduler scheduler = (IRequestScheduler)
+ Class.forName(schedulerClass).newInstance();
mRequestQueue.setRequestScheduler(scheduler);
} catch (Exception e) {
@@ -1711,30 +1646,35 @@ public class CertificateAuthority implements ICertificateAuthority,
}
/*
- * private void startCRL() throws EBaseException { Enumeration e =
- * mCRLIssuePoints.keys(); while (e.hasMoreElements()) { CRLIssuingPoint cp
- * = (CRLIssuingPoint) mCRLIssuePoints.get(e.nextElement()); cp.startup(); }
- * }
+ private void startCRL()
+ throws EBaseException
+ {
+ Enumeration e = mCRLIssuePoints.keys();
+ while (e.hasMoreElements()) {
+ CRLIssuingPoint cp = (CRLIssuingPoint)
+ mCRLIssuePoints.get(e.nextElement());
+ cp.startup();
+ }
+ }
*/
-
+
/**
- * initialize CRL
+ * initialize CRL
*/
- private void initCRL() throws EBaseException {
+ private void initCRL()
+ throws EBaseException {
IConfigStore crlConfig = mConfig.getSubStore(PROP_CRL_SUBSTORE);
if ((crlConfig == null) || (crlConfig.size() <= 0)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL"));
- // throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL"));
+ //throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
return;
}
Enumeration<String> issuePointIdEnum = crlConfig.getSubStoreNames();
if (issuePointIdEnum == null || !issuePointIdEnum.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL_SUBSTORE"));
- // throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL_SUBSTORE"));
+ //throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
return;
}
@@ -1743,7 +1683,8 @@ public class CertificateAuthority implements ICertificateAuthority,
while (issuePointIdEnum.hasMoreElements()) {
String issuePointId = (String) issuePointIdEnum.nextElement();
- CMS.debug("initializing crl issue point " + issuePointId);
+ CMS.debug(
+ "initializing crl issue point " + issuePointId);
IConfigStore issuePointConfig = null;
String issuePointClassName = null;
Class issuePointClass = null;
@@ -1756,28 +1697,29 @@ public class CertificateAuthority implements ICertificateAuthority,
issuePoint = (CRLIssuingPoint) issuePointClass.newInstance();
issuePoint.init(this, issuePointId, issuePointConfig);
mCRLIssuePoints.put(issuePointId, issuePoint);
- if (mMasterCRLIssuePoint == null
- && issuePointId.equals(PROP_MASTER_CRL))
+ if (mMasterCRLIssuePoint == null &&
+ issuePointId.equals(PROP_MASTER_CRL))
mMasterCRLIssuePoint = issuePoint;
} catch (ClassNotFoundException e) {
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CRL_ISSUING_POINT_INIT_FAILED", issuePointId,
- e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
+ issuePointId, e.toString()));
} catch (InstantiationException e) {
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CRL_ISSUING_POINT_INIT_FAILED", issuePointId,
- e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
+ issuePointId, e.toString()));
} catch (IllegalAccessException e) {
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_CRL_ISSUING_POINT_INIT_FAILED", issuePointId,
- e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
+ issuePointId, e.toString()));
}
}
/*
- * if (mMasterCRLIssuePoint == null) { log(ILogger.LL_FAILURE,
- * CMS.getLogMessage("CMSCORE_CA_CA_NO_FULL_CRL", PROP_MASTER_CRL));
- * throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL); }
+ if (mMasterCRLIssuePoint == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_FULL_CRL", PROP_MASTER_CRL));
+ throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
+ }
*/
log(ILogger.LL_INFO, "CRL Issuing Points inited");
}
@@ -1802,8 +1744,9 @@ public class CertificateAuthority implements ICertificateAuthority,
return mSignTime;
}
- public long getOCSPTotalLookupTime() {
- return mLookupTime;
+ public long getOCSPTotalLookupTime()
+ {
+ return mLookupTime;
}
public ResponderID getResponderIDByName() {
@@ -1811,9 +1754,8 @@ public class CertificateAuthority implements ICertificateAuthority,
X500Name name = getOCSPX500Name();
Name.Template nameTemplate = new Name.Template();
- return new NameID(
- (Name) nameTemplate.decode(new ByteArrayInputStream(name
- .getEncoded())));
+ return new NameID((Name) nameTemplate.decode(
+ new ByteArrayInputStream(name.getEncoded())));
} catch (IOException e) {
return null;
} catch (InvalidBERException e) {
@@ -1824,8 +1766,8 @@ public class CertificateAuthority implements ICertificateAuthority,
public ResponderID getResponderIDByHash() {
/*
- * KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- * --(excluding the tag and length fields)
+ KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ --(excluding the tag and length fields)
*/
PublicKey publicKey = getOCSPSigningUnit().getPublicKey();
MessageDigest md = null;
@@ -1844,7 +1786,8 @@ public class CertificateAuthority implements ICertificateAuthority,
/**
* Process OCSPRequest.
*/
- public OCSPResponse validate(OCSPRequest request) throws EBaseException {
+ public OCSPResponse validate(OCSPRequest request)
+ throws EBaseException {
if (!mEnableOCSP) {
CMS.debug("Local ocsp service is disable.");
@@ -1852,22 +1795,23 @@ public class CertificateAuthority implements ICertificateAuthority,
}
mNumOCSPRequest++;
- IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
long startTime = CMS.getCurrentDate().getTime();
try {
- // log(ILogger.LL_INFO, "start OCSP request");
+ //log(ILogger.LL_INFO, "start OCSP request");
TBSRequest tbsReq = request.getTBSRequest();
// (3) look into database to check the
- // certificate's status
+ // certificate's status
Vector singleResponses = new Vector();
if (statsSub != null) {
- statsSub.startTiming("lookup");
+ statsSub.startTiming("lookup");
}
long lookupStartTime = CMS.getCurrentDate().getTime();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
- com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
+ com.netscape.cmsutil.ocsp.Request req =
+ tbsReq.getRequestAt(i);
CertID cid = req.getCertID();
SingleResponse sr = processRequest(cid);
@@ -1875,12 +1819,12 @@ public class CertificateAuthority implements ICertificateAuthority,
}
long lookupEndTime = CMS.getCurrentDate().getTime();
if (statsSub != null) {
- statsSub.endTiming("lookup");
+ statsSub.endTiming("lookup");
}
mLookupTime += lookupEndTime - lookupStartTime;
if (statsSub != null) {
- statsSub.startTiming("build_response");
+ statsSub.startTiming("build_response");
}
SingleResponse res[] = new SingleResponse[singleResponses.size()];
@@ -1889,16 +1833,16 @@ public class CertificateAuthority implements ICertificateAuthority,
ResponderID rid = null;
if (mByName) {
if (mResponderIDByName == null) {
- mResponderIDByName = getResponderIDByName();
+ mResponderIDByName = getResponderIDByName();
}
rid = mResponderIDByName;
} else {
if (mResponderIDByHash == null) {
- mResponderIDByHash = getResponderIDByHash();
+ mResponderIDByHash = getResponderIDByHash();
}
rid = mResponderIDByHash;
}
-
+
Extension nonce[] = null;
for (int j = 0; j < tbsReq.getExtensionsCount(); j++) {
@@ -1909,36 +1853,34 @@ public class CertificateAuthority implements ICertificateAuthority,
nonce[0] = thisExt;
}
}
- ResponseData rd = new ResponseData(rid, new GeneralizedTime(
- CMS.getCurrentDate()), res, nonce);
+ ResponseData rd = new ResponseData(rid,
+ new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
if (statsSub != null) {
- statsSub.endTiming("build_response");
+ statsSub.endTiming("build_response");
}
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long signStartTime = CMS.getCurrentDate().getTime();
BasicOCSPResponse basicRes = sign(rd);
long signEndTime = CMS.getCurrentDate().getTime();
mSignTime += signEndTime - signStartTime;
if (statsSub != null) {
- statsSub.endTiming("signing");
+ statsSub.endTiming("signing");
}
OCSPResponse response = new OCSPResponse(
- OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(
- ResponseBytes.OCSP_BASIC, new OCTET_STRING(
- ASN1Util.encode(basicRes))));
+ OCSPResponseStatus.SUCCESSFUL,
+ new ResponseBytes(ResponseBytes.OCSP_BASIC,
+ new OCTET_STRING(ASN1Util.encode(basicRes))));
- // log(ILogger.LL_INFO, "done OCSP request");
+ //log(ILogger.LL_INFO, "done OCSP request");
long endTime = CMS.getCurrentDate().getTime();
mTotalTime += endTime - startTime;
return response;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_REQUEST",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_REQUEST", e.toString()));
return null;
}
}
@@ -1948,11 +1890,11 @@ public class CertificateAuthority implements ICertificateAuthority,
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
- String algname = mOCSPSigningUnit.getDefaultAlgorithm();
+ String algname = mOCSPSigningUnit.getDefaultAlgorithm();
byte rd_data[] = ASN1Util.encode(rd);
if (rd_data != null) {
- mTotalData += rd_data.length;
+ mTotalData += rd_data.length;
}
rd.encode(tmp);
AlgorithmId.get(algname).encode(tmp);
@@ -1965,27 +1907,25 @@ public class CertificateAuthority implements ICertificateAuthority,
DerOutputStream tmpChain = new DerOutputStream();
DerOutputStream tmp1 = new DerOutputStream();
DerOutputStream outChain = new DerOutputStream();
- java.security.cert.X509Certificate chains[] = mOCSPCertChain
- .getChain();
+ java.security.cert.X509Certificate chains[] =
+ mOCSPCertChain.getChain();
for (int i = 0; i < chains.length; i++) {
tmpChain.putDerValue(new DerValue(chains[i].getEncoded()));
}
tmp1.write(DerValue.tag_Sequence, tmpChain);
tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0),
- tmp1);
+ tmp1);
out.write(DerValue.tag_Sequence, tmp);
- BasicOCSPResponse response = new BasicOCSPResponse(
- out.toByteArray());
+ BasicOCSPResponse response = new BasicOCSPResponse(out.toByteArray());
return response;
} catch (Exception e) {
e.printStackTrace();
// error e
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGN", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGN", e.toString()));
return null;
}
}
@@ -2011,11 +1951,12 @@ public class CertificateAuthority implements ICertificateAuthority,
try {
issuingPointId = mConfig.getString(
- "ocspUseCacheIssuingPointId", PROP_MASTER_CRL);
+ "ocspUseCacheIssuingPointId", PROP_MASTER_CRL);
} catch (EBaseException e) {
}
- CRLIssuingPoint point = (CRLIssuingPoint) getCRLIssuingPoint(issuingPointId);
+ CRLIssuingPoint point = (CRLIssuingPoint)
+ getCRLIssuingPoint(issuingPointId);
if (point.isCRLCacheEnabled()) {
// only do this if cache is enabled
@@ -2024,29 +1965,26 @@ public class CertificateAuthority implements ICertificateAuthority,
boolean includeExpiredCerts = false;
try {
- checkDeltaCache = mConfig.getBoolean(
- "ocspUseCacheCheckDeltaCache", false);
+ checkDeltaCache = mConfig.getBoolean("ocspUseCacheCheckDeltaCache", false);
} catch (EBaseException e) {
}
try {
- includeExpiredCerts = mConfig.getBoolean(
- "ocspUseCacheIncludeExpiredCerts", false);
+ includeExpiredCerts = mConfig.getBoolean("ocspUseCacheIncludeExpiredCerts", false);
} catch (EBaseException e) {
}
- Date revokedOn = point.getRevocationDateFromCache(sno,
- checkDeltaCache, includeExpiredCerts);
+ Date revokedOn = point.getRevocationDateFromCache(
+ sno, checkDeltaCache, includeExpiredCerts);
if (revokedOn == null) {
certStatus = new GoodInfo();
} else {
certStatus = new RevokedInfo(new GeneralizedTime(revokedOn));
}
- return new SingleResponse(cid, certStatus, thisUpdate,
- nextUpdate);
+ return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
}
}
- try {
+ try {
ICertRecord rec = mCertRepot.readCertificateRecord(serialNo);
String status = rec.getStatus();
@@ -2058,13 +1996,11 @@ public class CertificateAuthority implements ICertificateAuthority,
// not yet valid
certStatus = new UnknownInfo();
} else if (status.equals(CertRecord.STATUS_REVOKED)) {
- certStatus = new RevokedInfo(new GeneralizedTime(
- rec.getRevokedOn()));
+ certStatus = new RevokedInfo(new GeneralizedTime(rec.getRevokedOn()));
} else if (status.equals(CertRecord.STATUS_EXPIRED)) {
certStatus = new UnknownInfo();
} else if (status.equals(CertRecord.STATUS_REVOKED_EXPIRED)) {
- certStatus = new RevokedInfo(new GeneralizedTime(
- rec.getRevokedOn()));
+ certStatus = new RevokedInfo(new GeneralizedTime(rec.getRevokedOn()));
} else {
certStatus = new UnknownInfo();
}
@@ -2076,3 +2012,4 @@ public class CertificateAuthority implements ICertificateAuthority,
return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
}
}
+
diff --git a/pki/base/ca/src/com/netscape/ca/SigningUnit.java b/pki/base/ca/src/com/netscape/ca/SigningUnit.java
index a0918af8f..6b0dfc649 100644
--- a/pki/base/ca/src/com/netscape/ca/SigningUnit.java
+++ b/pki/base/ca/src/com/netscape/ca/SigningUnit.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
+
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
@@ -49,9 +50,10 @@ import com.netscape.certsrv.security.ISigningUnit;
import com.netscape.cmscore.security.JssSubsystem;
import com.netscape.cmsutil.util.Cert;
+
/**
* CA signing unit based on JSS.
- *
+ *
* $Revision$ $Date$
*/
@@ -79,8 +81,8 @@ public final class SigningUnit implements ISigningUnit {
private ISubsystem mOwner = null;
- private String mDefSigningAlgname = null;
- private SignatureAlgorithm mDefSigningAlgorithm = null;
+ private String mDefSigningAlgname = null;
+ private SignatureAlgorithm mDefSigningAlgorithm = null;
public SigningUnit() {
}
@@ -112,7 +114,7 @@ public final class SigningUnit implements ISigningUnit {
public PrivateKey getPrivateKey() {
return mPrivk;
}
-
+
public void updateConfig(String nickname, String tokenname) {
mConfig.putString(PROP_CERT_NICKNAME, nickname);
mConfig.putString(PROP_TOKEN_NAME, tokenname);
@@ -131,8 +133,8 @@ public final class SigningUnit implements ISigningUnit {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
- mOwner = owner;
+ throws EBaseException {
+ mOwner = owner;
mConfig = config;
String tokenname = null;
@@ -142,25 +144,24 @@ public final class SigningUnit implements ISigningUnit {
mNickname = getNickName();
tokenname = config.getString(PROP_TOKEN_NAME);
- if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)
- || tokenname.equalsIgnoreCase("Internal Key Storage Token")) {
+ if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+ tokenname.equalsIgnoreCase("Internal Key Storage Token")) {
mToken = mManager.getInternalKeyStorageToken();
- setNewNickName(mNickname);
+ setNewNickName(mNickname);
} else {
mToken = mManager.getTokenByName(tokenname);
- mNickname = tokenname + ":" + mNickname;
- setNewNickName(mNickname);
- }
+ mNickname = tokenname + ":" + mNickname;
+ setNewNickName(mNickname);
+ }
CMS.debug(config.getName() + " Signing Unit nickname " + mNickname);
CMS.debug("Got token " + tokenname + " by name");
- PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
+ PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
mToken.login(cb); // ONE_TIME by default.
mCert = mManager.findCertByNickname(mNickname);
- CMS.debug("Found cert by nickname: '" + mNickname
- + "' with serial number: " + mCert.getSerialNumber());
+ CMS.debug("Found cert by nickname: '"+mNickname+"' with serial number: "+mCert.getSerialNumber());
mCertImpl = new X509CertImpl(mCert.getEncoded());
CMS.debug("converted to x509CertImpl");
@@ -173,52 +174,38 @@ public final class SigningUnit implements ISigningUnit {
// get def alg and check if def sign alg is valid for token.
mDefSigningAlgname = config.getString(PROP_DEFAULT_SIGNALG);
- mDefSigningAlgorithm = checkSigningAlgorithmFromName(mDefSigningAlgname);
- CMS.debug("got signing algorithm " + mDefSigningAlgorithm);
+ mDefSigningAlgorithm =
+ checkSigningAlgorithmFromName(mDefSigningAlgname);
+ CMS.debug(
+ "got signing algorithm " + mDefSigningAlgorithm);
mInited = true;
} catch (java.security.cert.CertificateException e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT",
- e.getMessage()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT", e.getMessage()));
+ throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (CryptoManager.NotInitializedException e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT",
- e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
} catch (IncorrectPasswordException e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD",
- e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"));
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"));
} catch (NoSuchTokenException e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_TOKEN_NOT_FOUND", tokenname,
- e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND",
- tokenname));
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_NOT_FOUND", tokenname, e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND", tokenname));
} catch (ObjectNotFoundException e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_SIGNING_CERT_NOT_FOUND",
- e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CERT_NOT_FOUND", e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
} catch (TokenException e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_ERROR"));
- } catch (Exception e) {
- CMS.debug("SigningUnit init: debug " + e.toString());
- }
+ } catch (Exception e){
+ CMS.debug("SigningUnit init: debug "+ e.toString());
+ }
}
/**
@@ -231,47 +218,41 @@ public final class SigningUnit implements ISigningUnit {
* @exception EBaseException if signing algorithm is not supported.
*/
public SignatureAlgorithm checkSigningAlgorithmFromName(String algname)
- throws EBaseException {
+ throws EBaseException {
try {
SignatureAlgorithm sigalg = null;
sigalg = mapAlgorithmToJss(algname);
if (sigalg == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
}
Signature signer = mToken.getSignatureContext(sigalg);
signer.initSign(mPrivk);
return sigalg;
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname,
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
} catch (TokenException e) {
// from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname,
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname,
- e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname));
}
}
/**
* @param algname is expected to be one of JCA's algorithm names.
*/
- public byte[] sign(byte[] data, String algname) throws EBaseException {
+ public byte[] sign(byte[] data, String algname)
+ throws EBaseException {
if (!mInited) {
throw new EBaseException("CASigningUnit not initialized!");
}
@@ -283,11 +264,11 @@ public final class SigningUnit implements ISigningUnit {
if (algname != null) {
signAlg = checkSigningAlgorithmFromName(algname);
}
-
- // XXX use a pool of signers based on alg ?
+
+ // XXX use a pool of signers based on alg ?
// XXX Map algor. name to id. hack: use hardcoded define for now.
- CMS.debug("Getting algorithm context for " + algname + " "
- + signAlg);
+ CMS.debug(
+ "Getting algorithm context for " + algname + " " + signAlg);
Signature signer = mToken.getSignatureContext(signAlg);
signer.initSign(mPrivk);
@@ -296,29 +277,26 @@ public final class SigningUnit implements ISigningUnit {
CMS.debug("Signing Certificate");
return signer.sign();
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
} catch (TokenException e) {
// from get signature context or from initSign
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (InvalidKeyException e) {
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (SignatureException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
}
}
-
+
public boolean verify(byte[] data, byte[] signature, String algname)
- throws EBaseException {
+ throws EBaseException {
if (!mInited) {
throw new EBaseException("CASigningUnit not initialized!");
}
@@ -326,10 +304,9 @@ public final class SigningUnit implements ISigningUnit {
SignatureAlgorithm signAlg = mapAlgorithmToJss(algname);
if (signAlg == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
- throw new ECAException(CMS.getUserMessage(
- "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
}
// XXX make this configurable. hack: use hardcoded for now.
Signature signer = mToken.getSignatureContext(signAlg);
@@ -338,24 +315,20 @@ public final class SigningUnit implements ISigningUnit {
signer.update(data);
return signer.verify(signature);
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (TokenException e) {
// from get signature context or from initSign
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (SignatureException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
}
@@ -364,8 +337,8 @@ public final class SigningUnit implements ISigningUnit {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CASigningUnit: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA,
+ level, "CASigningUnit: " + msg);
}
/**
@@ -383,14 +356,15 @@ public final class SigningUnit implements ISigningUnit {
}
public void setDefaultAlgorithm(String algorithm) throws EBaseException {
- mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm);
+ mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm);
mDefSigningAlgname = algorithm;
- log(ILogger.LL_INFO, "Default signing algorithm is set to " + algorithm);
+ log(ILogger.LL_INFO,
+ "Default signing algorithm is set to " + algorithm);
}
/**
* get all possible algorithms for the CA signing key type.
- */
+ */
public String[] getAllAlgorithms() throws EBaseException {
byte[] keybytes = mPubk.getEncoded();
X509Key key = new X509Key();
@@ -401,8 +375,7 @@ public final class SigningUnit implements ISigningUnit {
String msg = "Invalid encoding in CA signing key.";
log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", msg));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR", msg));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
}
if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) {
@@ -416,3 +389,4 @@ public final class SigningUnit implements ISigningUnit {
return Cert.mapAlgorithmToJss(algname);
}
}
+
generated by cgit (git 2.34.1) at 2024-06-13 11:15:03 +0000