Fixed bugzilla bug #531137.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1753 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-01-20 00:12:24 +0000
committer: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-01-20 00:12:24 +0000
commit: 6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06 (patch)
tree: 35aa4d4ef87701718b4e6b5a46dc557d2a8832a6 /pki/base/ca/src/com/netscape/ca
parent: 7e0e69b19ac1458b7643fc773fcf0ac891ac9221 (diff)
download: pki-6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06.tar.gz
pki-6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06.tar.xz
pki-6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06.zip
1 files changed, 15 insertions, 4 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
index f361c0af2..49e88a5bb 100644
--- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -649,7 +649,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             c.putBoolean("enable", enable);
             c.putString("enableCRLCache", "true");
             c.putString("enableCRLUpdates", "true");
-            c.putString("enableCacheRecovery", "false");
+            c.putString("enableCacheTesting", "false");
+            c.putString("enableCacheRecovery", "true");
             c.putString("enableDailyUpdates", "false");
             c.putString("enableUpdateInterval", "true");
             c.putString("extendedNextUpdate", "true");
@@ -657,6 +658,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             c.putString("minUpdateInterval", "0");
             c.putString("nextUpdateGracePeriod", "0");
             c.putString("publishOnStart", "false");
+            c.putString("saveMemory", "false");
             c.putString("signingAlgorithm", "SHA256withRSA");
             c.putString("updateSchema", "1");
 
@@ -896,10 +898,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
 
             byte[] signature = mCRLSigningUnit.sign(tbsCertList, algname);
 
-            tmp.putBitString(signature);
-            out.write(DerValue.tag_Sequence, tmp);
+            if (crl.setSignature(signature)) {
+                tmp.putBitString(signature);
+                out.write(DerValue.tag_Sequence, tmp);
 
-            signedcrl = new X509CRLImpl(out.toByteArray());
+                if (crl.setSignedCRL(out.toByteArray())) {
+                    signedcrl = crl;
+                    // signedcrl = new X509CRLImpl(out.toByteArray());
+                } else {
+                    CMS.debug("Failed to add signed-CRL to CRL object.");
+                }
+            } else {
+                CMS.debug("Failed to add signature to CRL object.");
+            }
         } catch (CRLException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
             throw new ECAException(
author	awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-01-20 00:12:24 +0000
committer	awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-01-20 00:12:24 +0000
commit	6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06 (patch)
tree	35aa4d4ef87701718b4e6b5a46dc557d2a8832a6 /pki/base/ca/src/com/netscape/ca
parent	7e0e69b19ac1458b7643fc773fcf0ac891ac9221 (diff)
download	pki-6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06.tar.gz pki-6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06.tar.xz pki-6169ee60eade7c6b7dee3cd4d7b71dfdb7e85c06.zip