diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/ocsp | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/ocsp')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/ocsp/DefStore.java | 448 | ||||
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java | 257 |
2 files changed, 347 insertions, 358 deletions
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java index cfa6ff577..f57d33449 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -75,33 +74,29 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** - * This is the default OCSP store that stores revocation information - * as certificate record (CMS internal data structure). - * + * This is the default OCSP store that stores revocation information as + * certificate record (CMS internal data structure). + * * @version $Revision$, $Date$ */ public class DefStore implements IDefStore, IExtendedPluginInfo { // refreshInSec is useful in the master-clone situation. - // clone does not know that the CRL has been updated in + // clone does not know that the CRL has been updated in // the master (by default no refresh) private static final String PROP_USE_CACHE = "useCache"; private static final String PROP_REFRESH_IN_SEC = "refreshInSec"; - private static final int DEF_REFRESH_IN_SEC = 0; + private static final int DEF_REFRESH_IN_SEC = 0; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - private final static String PROP_BY_NAME = - "byName"; - private final static String PROP_WAIT_ON_CRL_UPDATE = - "waitOnCRLUpdate"; + private final static String PROP_BY_NAME = "byName"; + private final static String PROP_WAIT_ON_CRL_UPDATE = "waitOnCRLUpdate"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; - private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + private final static String PROP_INCLUDE_NEXT_UPDATE = "includeNextUpdate"; protected Hashtable mReqCounts = new Hashtable(); protected boolean mNotFoundGood = true; @@ -123,19 +118,28 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { public DefStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector v = new Vector(); - - v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); - v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); - v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); - v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); + public String[] getExtendedPluginInfo(Locale locale) { + Vector v = new Vector(); + + v.addElement(PROP_NOT_FOUND_GOOD + + ";boolean; " + + CMS.getUserMessage(locale, + "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); + v.addElement(PROP_BY_NAME + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); + v.addElement(PROP_INCLUDE_NEXT_UPDATE + + ";boolean; " + + CMS.getUserMessage(locale, + "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); + v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ocspstores-defstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; @@ -160,8 +164,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { // To include next update in the OCSP response. If included, // PSM (client) will check to see if the revoked information // is too old or not - mIncludeNextUpdate = mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, - false); + mIncludeNextUpdate = mConfig + .getBoolean(PROP_INCLUDE_NEXT_UPDATE, false); // should move this into DBSubsystem .... IDBRegistry reg = mDBService.getRegistry(); @@ -170,8 +174,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { initWebGateway(); /** - DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); - t.start(); + * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); t.start(); **/ // deleteOldCRLs(); } @@ -179,8 +182,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { /** * init web gateway - just gets the ee gateway for this CA. */ - private void initWebGateway() - throws EBaseException { + private void initWebGateway() throws EBaseException { } public IRepositoryRecord createRepositoryRecord() { @@ -222,20 +224,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } /** - * This store will not delete the old CRL until the - * new one is totally committed. + * This store will not delete the old CRL until the new one is totally + * committed. */ public void deleteOldCRLs() throws EBaseException { Enumeration recs = searchCRLIssuingPointRecord( - "objectclass=" + - CMS.getCRLIssuingPointRecordName(), - 100); + "objectclass=" + CMS.getCRLIssuingPointRecordName(), 100); X509CertImpl theCert = null; ICRLIssuingPointRecord theRec = null; while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) - recs.nextElement(); + ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs + .nextElement(); deleteOldCRLsInCA(rec.getId()); } @@ -245,47 +245,38 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { IDBSSession s = mDBService.createSession(); try { - ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord) - readCRLIssuingPoint(caName); + ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord) readCRLIssuingPoint(caName); if (cp == null) return; // nothing to do if (cp.getThisUpdate() == null) return; // nothing to do - String thisUpdate = Long.toString( - cp.getThisUpdate().getTime()); - Enumeration e = searchRepository( - caName, - "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + - thisUpdate + ")"); + String thisUpdate = Long.toString(cp.getThisUpdate().getTime()); + Enumeration e = searchRepository(caName, "(!" + + IRepositoryRecord.ATTR_SERIALNO + "=" + thisUpdate + ")"); while (e != null && e.hasMoreElements()) { - IRepositoryRecord r = (IRepositoryRecord) - e.nextElement(); - Enumeration recs = - searchCertRecord(caName, - r.getSerialNumber().toString(), - ICertRecord.ATTR_ID + "=*"); - - log(ILogger.LL_INFO, "remove CRL 0x" + - r.getSerialNumber().toString(16) + - " of " + caName); - String rep_dn = "ou=" + - r.getSerialNumber().toString() + - ",cn=" + transformDN(caName) + "," + - getBaseDN(); + IRepositoryRecord r = (IRepositoryRecord) e.nextElement(); + Enumeration recs = searchCertRecord(caName, r.getSerialNumber() + .toString(), ICertRecord.ATTR_ID + "=*"); + + log(ILogger.LL_INFO, "remove CRL 0x" + + r.getSerialNumber().toString(16) + " of " + caName); + String rep_dn = "ou=" + r.getSerialNumber().toString() + ",cn=" + + transformDN(caName) + "," + getBaseDN(); while (recs != null && recs.hasMoreElements()) { ICertRecord rec = (ICertRecord) recs.nextElement(); - String cert_dn = "cn=" + - rec.getSerialNumber().toString() + "," + rep_dn; + String cert_dn = "cn=" + rec.getSerialNumber().toString() + + "," + rep_dn; s.delete(cert_dn); } s.delete(rep_dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -298,12 +289,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void startup() throws EBaseException { - int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, - DEF_REFRESH_IN_SEC); + int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, + DEF_REFRESH_IN_SEC); if (refresh > 0) { - DefStoreCRLUpdater updater = - new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); - updater.start(); + DefStoreCRLUpdater updater = new DefStoreCRLUpdater( + mCacheCRLIssuingPoints, refresh); + updater.start(); } } @@ -325,10 +316,9 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -337,16 +327,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { TBSRequest tbsReq = request.getTBSRequest(); // (3) look into database to check the - // certificate's status + // certificate's status Vector singleResponses = new Vector(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -354,17 +343,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); - if (singleResponses.size() <= 0) { + if (singleResponses.size() <= 0) { CMS.debug("DefStore: No Request Found"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "OCSP_REQUEST_FAILURE", "No Request Found")); return null; } if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -389,27 +379,27 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } - ResponseData rd = new ResponseData(rid, - new GeneralizedTime(CMS.getCurrentDate()), res, nonce); + ResponseData rd = new ResponseData(rid, new GeneralizedTime( + CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd); long signEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } mOCSPAuthority.incSignTime(signEndTime - signStartTime); OCSPResponse response = new OCSPResponse( - OCSPResponseStatus.SUCCESSFUL, - new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + OCSPResponseStatus.SUCCESSFUL, new ResponseBytes( + ResponseBytes.OCSP_BASIC, new OCTET_STRING( + ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -417,7 +407,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { return response; } catch (Exception e) { CMS.debug("DefStore: validation failed " + e.toString()); - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString())); return null; } } @@ -435,18 +426,16 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { X509CRLImpl theCRL = null; ICRLIssuingPointRecord theRec = null; byte keyhsh[] = cid.getIssuerKeyHash().toByteArray(); - CRLIPContainer matched = (CRLIPContainer) - mCacheCRLIssuingPoints.get(new String(keyhsh)); + CRLIPContainer matched = (CRLIPContainer) mCacheCRLIssuingPoints + .get(new String(keyhsh)); if (matched == null) { - Enumeration recs = searchCRLIssuingPointRecord( - "objectclass=" + - CMS.getCRLIssuingPointRecordName(), - 100); + Enumeration recs = searchCRLIssuingPointRecord("objectclass=" + + CMS.getCRLIssuingPointRecordName(), 100); while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) - recs.nextElement(); + ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs + .nextElement(); byte certdata[] = rec.getCACert(); X509CertImpl cert = null; @@ -454,11 +443,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { cert = new X509CertImpl(certdata); } catch (Exception e) { // error - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_DECODE_CERT", + e.toString())); return null; } - MessageDigest md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + MessageDigest md = MessageDigest.getInstance(mOCSPAuthority + .getDigestName(cid.getHashAlgorithm())); X509Key key = (X509Key) cert.getPublicKey(); byte digest[] = md.digest(key.getKey()); @@ -469,17 +460,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { byte crldata[] = rec.getCRL(); if (rec.getCRLCache() == null) { - CMS.debug("DefStore: start building x509 crl impl"); - try { - theCRL = new X509CRLImpl(crldata); - } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); - } - CMS.debug("DefStore: done building x509 crl impl"); + CMS.debug("DefStore: start building x509 crl impl"); + try { + theCRL = new X509CRLImpl(crldata); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_DECODE_CRL", + e.toString())); + } + CMS.debug("DefStore: done building x509 crl impl"); } else { - CMS.debug("DefStore: using crl cache"); + CMS.debug("DefStore: using crl cache"); } - mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL)); + mCacheCRLIssuingPoints.put(new String(digest), + new CRLIPContainer(theRec, theCert, theCRL)); break; } } @@ -494,16 +488,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { if (theCert != null) { INTEGER serialNo = cid.getSerialNumber(); - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16)); - CMS.debug("DefStore: process request 0x" + serialNo.toString(16)); + log(ILogger.EV_AUDIT, + AuditFormat.LEVEL, + "Checked Status of certificate 0x" + + serialNo.toString(16)); + CMS.debug("DefStore: process request 0x" + + serialNo.toString(16)); CertStatus certStatus = null; GeneralizedTime thisUpdate = null; if (theRec == null) { thisUpdate = new GeneralizedTime(CMS.getCurrentDate()); } else { - thisUpdate = new GeneralizedTime( - theRec.getThisUpdate()); + thisUpdate = new GeneralizedTime(theRec.getThisUpdate()); } GeneralizedTime nextUpdate = null; @@ -512,8 +509,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { if (theRec == null) { nextUpdate = new GeneralizedTime(CMS.getCurrentDate()); } else { - nextUpdate = new GeneralizedTime( - theRec.getNextUpdate()); + nextUpdate = new GeneralizedTime(theRec.getNextUpdate()); } } @@ -525,26 +521,28 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: evaluating crl cache"); Hashtable cache = theRec.getCRLCacheNoClone(); if (cache != null) { - RevokedCertificate rc = (RevokedCertificate) - cache.get(new BigInteger(serialNo.toString())); - if (rc == null) { - if (isNotFoundGood()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + RevokedCertificate rc = (RevokedCertificate) cache + .get(new BigInteger(serialNo.toString())); + if (rc == null) { + if (isNotFoundGood()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } - } else { - + } else { + certStatus = new RevokedInfo( - new GeneralizedTime( - rc.getRevocationDate())); - } + new GeneralizedTime( + rc.getRevocationDate())); + } } } - + } else { - CMS.debug("DefStore: evaluating x509 crl impl"); - X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString())); + CMS.debug("DefStore: evaluating x509 crl impl"); + X509CRLEntry crlentry = theCRL + .getRevokedCertificate(new BigInteger(serialNo + .toString())); if (crlentry == null) { // good or unknown @@ -555,8 +553,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } else { certStatus = new RevokedInfo(new GeneralizedTime( - crlentry.getRevocationDate())); - + crlentry.getRevocationDate())); + } } return new SingleResponse(cid, certStatus, thisUpdate, @@ -582,16 +580,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public Enumeration searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + throws EBaseException { return searchCRLIssuingPointRecord( - "objectclass=" + - CMS.getCRLIssuingPointRecordName(), - maxSize); + "objectclass=" + CMS.getCRLIssuingPointRecordName(), maxSize); } - public Enumeration searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + public Enumeration searchCRLIssuingPointRecord(String filter, int maxSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -605,20 +600,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public synchronized void modifyCRLIssuingPointRecord(String name, - ModificationSet mods) throws EBaseException { + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + String dn = "cn=" + transformDN(name) + "," + getBaseDN(); s.modify(dn, mods); } catch (EBaseException e) { - CMS.debug("modifyCRLIssuingPointRecord: error=" + e); - CMS.debug(e); - throw e; + CMS.debug("modifyCRLIssuingPointRecord: error=" + e); + CMS.debug(e); + throw e; } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -626,42 +621,43 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Returns an issuing point. */ public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); ICRLIssuingPointRecord rec = null; try { - String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + String dn = "cn=" + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICRLIssuingPointRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } - public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { - return CMS.createCRLIssuingPointRecord( - name, crlNumber, crlSize, thisUpdate, nextUpdate); + public ICRLIssuingPointRecord createCRLIssuingPointRecord(String name, + BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) { + return CMS.createCRLIssuingPointRecord(name, crlNumber, crlSize, + thisUpdate, nextUpdate); } - public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { + public void deleteCRLIssuingPointRecord(String id) throws EBaseException { IDBSSession s = null; try { s = mDBService.createSession(); - String name = "cn=" + transformDN(id) + "," + getBaseDN(); - CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name); - if (s != null) s.delete(name); + String name = "cn=" + transformDN(id) + "," + getBaseDN(); + CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + + name); + if (s != null) + s.delete(name); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -669,12 +665,11 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + String dn = "cn=" + transformDN(name) + "," + getBaseDN(); s.add(dn, (ICRLIssuingPointRecord) rec); } finally { @@ -684,13 +679,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public Enumeration searchRepository(String name, String filter) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { - e = s.search("cn=" + transformDN(name) + "," + getBaseDN(), - filter); + e = s.search("cn=" + transformDN(name) + "," + getBaseDN(), filter); } finally { if (s != null) s.close(); @@ -702,13 +696,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String dn = "ou=" + thisUpdate + ",cn=" + - transformDN(name) + "," + getBaseDN(); + String dn = "ou=" + thisUpdate + ",cn=" + transformDN(name) + "," + + getBaseDN(); s.add(dn, rec); } finally { @@ -717,30 +710,30 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } - public void modifyCertRecord(String name, String thisUpdate, - String sno, - ModificationSet mods) throws EBaseException { + public void modifyCertRecord(String name, String thisUpdate, String sno, + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + String dn = "cn=" + sno + ",ou=" + thisUpdate + ",cn=" + + transformDN(name) + "," + getBaseDN(); - if (s != null) s.modify(dn, mods); + if (s != null) + s.modify(dn, mods); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } public Enumeration searchCertRecord(String name, String thisUpdate, - String filter) throws EBaseException { + String filter) throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { - e = s.search("ou=" + thisUpdate + ",cn=" + - transformDN(name) + "," + getBaseDN(), - filter); + e = s.search("ou=" + thisUpdate + ",cn=" + transformDN(name) + "," + + getBaseDN(), filter); } finally { if (s != null) s.close(); @@ -748,21 +741,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { return e; } - public ICertRecord readCertRecord(String name, String thisUpdate, - String sno) - throws EBaseException { + public ICertRecord readCertRecord(String name, String thisUpdate, String sno) + throws EBaseException { IDBSSession s = mDBService.createSession(); ICertRecord rec = null; try { - String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + String dn = "cn=" + sno + ",ou=" + thisUpdate + ",cn=" + + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICertRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } @@ -770,14 +763,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { /** * Creates a new issuing point in OCSP. */ - public void addCertRecord(String name, String thisUpdate, - String sno, ICertRecord rec) - throws EBaseException { + public void addCertRecord(String name, String thisUpdate, String sno, + ICertRecord rec) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + String dn = "cn=" + sno + ",ou=" + thisUpdate + ",cn=" + + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -786,26 +778,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); - params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); - return params; + mConfig.getString("class")); + params.add(PROP_NOT_FOUND_GOOD, + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + params.add(PROP_BY_NAME, mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_INCLUDE_NEXT_UPDATE, + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + return params; } catch (Exception e) { return null; } } - public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + public void setConfigParameters(NameValuePairs pairs) throws EBaseException { Enumeration k = pairs.getNames(); while (k.hasMoreElements()) { @@ -822,8 +812,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: Ready to update Issuer"); try { - if (!((X509CRLImpl)crl).areEntriesIncluded()) - crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded()); + if (!((X509CRLImpl) crl).areEntriesIncluded()) + crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded()); } catch (Exception e) { CMS.debug(e); } @@ -833,51 +823,52 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { if (crl.getThisUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, - Modification.MOD_REPLACE, crl.getThisUpdate()); + Modification.MOD_REPLACE, crl.getThisUpdate()); if (crl.getNextUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, - Modification.MOD_REPLACE, crl.getNextUpdate()); + Modification.MOD_REPLACE, crl.getNextUpdate()); if (mUseCache) { - if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) { - mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, - Modification.MOD_REPLACE, - ((X509CRLImpl)crl).getListOfRevokedCertificates()); - } + if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) { + mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, + Modification.MOD_REPLACE, + ((X509CRLImpl) crl).getListOfRevokedCertificates()); + } } if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(0)); + Modification.MOD_REPLACE, Long.valueOf(0)); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); + Modification.MOD_REPLACE, Long + .valueOf(((X509CRLImpl) crl) + .getNumberOfRevokedCertificates())); } - BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber(); + BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber(); if (crlNumber == null) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, new BigInteger("-1")); + Modification.MOD_REPLACE, new BigInteger("-1")); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, crlNumber); + Modification.MOD_REPLACE, crlNumber); } try { mods.add(ICRLIssuingPointRecord.ATTR_CRL, - Modification.MOD_REPLACE, crl.getEncoded()); + Modification.MOD_REPLACE, crl.getEncoded()); } catch (Exception e) { // ignore } - CMS.debug("DefStore: ready to CRL update " + - crl.getIssuerDN().getName()); - modifyCRLIssuingPointRecord( - crl.getIssuerDN().getName(), mods); - CMS.debug("DefStore: done CRL update " + - crl.getIssuerDN().getName()); + CMS.debug("DefStore: ready to CRL update " + + crl.getIssuerDN().getName()); + modifyCRLIssuingPointRecord(crl.getIssuerDN().getName(), mods); + CMS.debug("DefStore: done CRL update " + + crl.getIssuerDN().getName()); // update cache mCacheCRLIssuingPoints.clear(); - log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + - " thisUpdate=" + crl.getThisUpdate() + - " nextUpdate=" + crl.getNextUpdate()); + log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + + " thisUpdate=" + crl.getThisUpdate() + " nextUpdate=" + + crl.getNextUpdate()); } finally { mStateCount--; @@ -890,7 +881,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } - class DeleteOldCRLsThread extends Thread { private DefStore mDefStore = null; @@ -906,13 +896,13 @@ class DeleteOldCRLsThread extends Thread { } } - class CRLIPContainer { private ICRLIssuingPointRecord mRec = null; private X509CertImpl mCert = null; private X509CRLImpl mCRL = null; - public CRLIPContainer(ICRLIssuingPointRecord rec, X509CertImpl cert, X509CRLImpl crl) { + public CRLIPContainer(ICRLIssuingPointRecord rec, X509CertImpl cert, + X509CRLImpl crl) { mRec = rec; mCert = cert; mCRL = crl; diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java index 5e4e65661..88ac8c45e 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -71,11 +70,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** - * This is the LDAP OCSP store. It reads CA certificate and - * revocation list attributes from the CA entry. - * + * This is the LDAP OCSP store. It reads CA certificate and revocation list + * attributes from the CA entry. + * * @version $Revision$, $Date$ */ public class LDAPStore implements IDefStore, IExtendedPluginInfo { @@ -93,8 +91,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { private static final String PROP_PORT = "port"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; - private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + private final static String PROP_INCLUDE_NEXT_UPDATE = "includeNextUpdate"; private IOCSPAuthority mOCSPAuthority = null; private IConfigStore mConfig = null; @@ -111,44 +108,59 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public LDAPStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector v = new Vector(); - - v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); - v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); - v.addElement(PROP_NUM_CONNS + ";number; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS")); - v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME")); - v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR")); - v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); - v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); - return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + public String[] getExtendedPluginInfo(Locale locale) { + Vector v = new Vector(); + + v.addElement(PROP_NOT_FOUND_GOOD + + ";boolean; " + + CMS.getUserMessage(locale, + "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); + v.addElement(PROP_INCLUDE_NEXT_UPDATE + + ";boolean; " + + CMS.getUserMessage(locale, + "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); + v.addElement(PROP_NUM_CONNS + + ";number; " + + CMS.getUserMessage(locale, + "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS")); + v.addElement(PROP_BY_NAME + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME")); + v.addElement(PROP_CRL_ATTR + + ";string; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR")); + v.addElement(PROP_CA_CERT_ATTR + + ";string; " + + CMS.getUserMessage(locale, + "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); + v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC")); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ocspstores-ldapstore"); + return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } /** * Fetch CA certificate and CRL from LDAP server. */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR); - mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, - DEF_CA_CERT_ATTR); + mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR); mByName = mConfig.getBoolean(PROP_BY_NAME, true); - + } /** * Locates the CA certificate. */ - public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) - throws EBaseException { + public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) + throws EBaseException { try { - LDAPSearchResults results = conn.search(baseDN, - LDAPv2.SCOPE_SUB, mCACertAttr + "=*", - null, false); + LDAPSearchResults results = conn.search(baseDN, LDAPv2.SCOPE_SUB, + mCACertAttr + "=*", null, false); if (!results.hasMoreElements()) { throw new EBaseException("error - no entry"); @@ -166,8 +178,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return caCert; } catch (Exception e) { CMS.debug("LDAPStore: locateCACert " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OCSP_LOCATE_CA", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_LOCATE_CA", e.toString())); } return null; } @@ -175,12 +187,11 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { /** * Locates the CRL. */ - public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) - throws EBaseException { + public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) + throws EBaseException { try { - LDAPSearchResults results = conn.search(baseDN, - LDAPv2.SCOPE_SUB, mCRLAttr + "=*", - null, false); + LDAPSearchResults results = conn.search(baseDN, LDAPv2.SCOPE_SUB, + mCRLAttr + "=*", null, false); if (!results.hasMoreElements()) { throw new EBaseException("error - no entry"); @@ -198,25 +209,26 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return crl; } catch (Exception e) { CMS.debug("LDAPStore: locateCRL " + e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString())); } return null; } - public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) - throws EBaseException { + public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) + throws EBaseException { X509CRLImpl oldCRL = (X509CRLImpl) mCRLs.get(caCert); if (oldCRL != null) { - if (oldCRL.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime()) { - log(ILogger.LL_INFO, - "LDAPStore: no update, received CRL is older than current CRL"); + if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate() + .getTime()) { + log(ILogger.LL_INFO, + "LDAPStore: no update, received CRL is older than current CRL"); return; // no update } } - CMS.debug("Added '" + caCert.getSubjectDN().toString() + "' into CRL hash"); + CMS.debug("Added '" + caCert.getSubjectDN().toString() + + "' into CRL hash"); mCRLs.put(caCert, crl); } @@ -228,7 +240,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { int num = mConfig.getInteger(PROP_NUM_CONNS, 0); for (int i = 0; i < num; i++) { - String host = mConfig.getString(PROP_HOST + Integer.toString(i), null); + String host = mConfig.getString(PROP_HOST + Integer.toString(i), + null); int port = mConfig.getInteger(PROP_PORT + Integer.toString(i), 0); LDAPConnection c = new LDAPConnection(); @@ -237,11 +250,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } catch (LDAPException e) { throw new EBaseException("LDAP " + e); } - String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null); - CRLUpdater updater = new CRLUpdater( - this, c, baseDN, - mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), - DEF_REFRESH_IN_SEC)); + String baseDN = mConfig.getString( + PROP_BASE_DN + Integer.toString(i), null); + CRLUpdater updater = new CRLUpdater(this, c, baseDN, + mConfig.getInteger( + PROP_REFRESH_IN_SEC + Integer.toString(i), + DEF_REFRESH_IN_SEC)); updater.start(); } @@ -265,10 +279,9 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -279,13 +292,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { Vector singleResponses = new Vector(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -293,12 +305,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -323,14 +335,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } } - ResponseData rd = new ResponseData(rid, - new GeneralizedTime(CMS.getCurrentDate()), res, nonce); + ResponseData rd = new ResponseData(rid, new GeneralizedTime( + CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); @@ -338,13 +350,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { long signEndTime = CMS.getCurrentDate().getTime(); mOCSPAuthority.incSignTime(signEndTime - signStartTime); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } OCSPResponse response = new OCSPResponse( - OCSPResponseStatus.SUCCESSFUL, - new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + OCSPResponseStatus.SUCCESSFUL, new ResponseBytes( + ResponseBytes.OCSP_BASIC, new OCTET_STRING( + ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -352,7 +364,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return response; } catch (Exception e) { CMS.debug("LDAPStore: validation " + e.toString()); - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString())); return null; } } @@ -375,8 +388,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } @@ -389,12 +401,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } public Enumeration searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + throws EBaseException { Vector recs = new Vector(); Enumeration keys = mCRLs.keys(); @@ -407,26 +419,23 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return recs.elements(); } - public Enumeration searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + public Enumeration searchCRLIssuingPointRecord(String filter, int maxSize) + throws EBaseException { return null; } - public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { + public ICRLIssuingPointRecord createCRLIssuingPointRecord(String name, + BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) { return null; } public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { throw new EBaseException("NOT SUPPORTED"); } - public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { - throw new EBaseException("NOT SUPPORTED"); + public void deleteCRLIssuingPointRecord(String id) throws EBaseException { + throw new EBaseException("NOT SUPPORTED"); } public boolean isNotFoundGood() { @@ -439,7 +448,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public boolean includeNextUpdate() throws EBaseException { return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false); - } + } public boolean isNotFoundGood1() throws EBaseException { return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true); @@ -464,13 +473,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { MessageDigest md = null; try { - md = MessageDigest.getInstance( - mOCSPAuthority.getDigestName(cid.getHashAlgorithm())); + md = MessageDigest.getInstance(mOCSPAuthority.getDigestName(cid + .getHashAlgorithm())); } catch (Exception e) { } X509Key key = (X509Key) caCert.getPublicKey(); - if( key == null ) { + if (key == null) { System.out.println("LDAPStore::processRequest - key is null!"); return null; } @@ -494,77 +503,70 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { return null; } - GeneralizedTime thisUpdate = new GeneralizedTime( - theCRL.getThisUpdate()); + GeneralizedTime thisUpdate = new GeneralizedTime(theCRL.getThisUpdate()); GeneralizedTime nextUpdate = null; if (includeNextUpdate()) { - nextUpdate = new GeneralizedTime( - theCRL.getNextUpdate()); + nextUpdate = new GeneralizedTime(theCRL.getNextUpdate()); } CertStatus certStatus = null; - X509CRLEntry entry = theCRL.getRevokedCertificate( - cid.getSerialNumber()); + X509CRLEntry entry = theCRL + .getRevokedCertificate(cid.getSerialNumber()); if (entry == null) { - if (isNotFoundGood1()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + if (isNotFoundGood1()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } } else { certStatus = new RevokedInfo(new GeneralizedTime( - entry.getRevocationDate())); + entry.getRevocationDate())); } - + return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate); } /** * Provides configuration parameters. */ - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); + params.add(Constants.PR_OCSPSTORE_IMPL_NAME, + mConfig.getString("class")); int num = mConfig.getInteger(PROP_NUM_CONNS, 0); params.add(PROP_NUM_CONNS, Integer.toString(num)); for (int i = 0; i < num; i++) { - params.add(PROP_HOST + Integer.toString(i), - mConfig.getString(PROP_HOST + - Integer.toString(i), "")); - params.add(PROP_PORT + Integer.toString(i), - mConfig.getString(PROP_PORT + - Integer.toString(i), "389")); - params.add(PROP_BASE_DN + Integer.toString(i), - mConfig.getString(PROP_BASE_DN + - Integer.toString(i), "")); - params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), - mConfig.getString(PROP_REFRESH_IN_SEC + - Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC))); + params.add(PROP_HOST + Integer.toString(i), + mConfig.getString(PROP_HOST + Integer.toString(i), "")); + params.add(PROP_PORT + Integer.toString(i), mConfig.getString( + PROP_PORT + Integer.toString(i), "389")); + params.add(PROP_BASE_DN + Integer.toString(i), mConfig + .getString(PROP_BASE_DN + Integer.toString(i), "")); + params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), mConfig + .getString(PROP_REFRESH_IN_SEC + Integer.toString(i), + Integer.toString(DEF_REFRESH_IN_SEC))); } - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_CA_CERT_ATTR, - mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR)); + params.add(PROP_BY_NAME, mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_CA_CERT_ATTR, + mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR)); params.add(PROP_CRL_ATTR, - mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR)); + mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR)); params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); return params; } catch (Exception e) { return null; } } - public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + public void setConfigParameters(NameValuePairs pairs) throws EBaseException { Enumeration k = pairs.getNames(); while (k.hasMoreElements()) { @@ -575,15 +577,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { } } - class CRLUpdater extends Thread { private LDAPConnection mC = null; private String mBaseDN = null; private int mSec = 0; private LDAPStore mStore = null; - public CRLUpdater(LDAPStore store, LDAPConnection c, - String baseDN, int sec) { + public CRLUpdater(LDAPStore store, LDAPConnection c, String baseDN, int sec) { mC = c; mSec = sec; mBaseDN = baseDN; @@ -608,7 +608,6 @@ class CRLUpdater extends Thread { } } - class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { /** * @@ -739,7 +738,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { return null; } - public void set(String name, Object obj)throws EBaseException { + public void set(String name, Object obj) throws EBaseException { } public Object get(String name) throws EBaseException { @@ -747,7 +746,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord { } public void delete(String name) throws EBaseException { - + } public Enumeration getElements() { |