diff options
3 files changed, 32 insertions, 12 deletions
diff --git a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java index 09b85b4d1..14dd33813 100644 --- a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java +++ b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java @@ -415,6 +415,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, */ public BasicOCSPResponse sign(ResponseData rd) throws EBaseException { + try (DerOutputStream out = new DerOutputStream()) { DerOutputStream tmp = new DerOutputStream(); @@ -424,9 +425,11 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, if (rd_data != null) { mTotalData += rd_data.length; } + rd.encode(tmp); AlgorithmId.get(algname).encode(tmp); - CMS.debug("adding signature"); + + CMS.debug("OCSPAuthority: adding signature"); byte[] signature = mSigningUnit.sign(rd_data, algname); tmp.putBitString(signature); @@ -440,6 +443,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, for (int i = 0; i < chains.length; i++) { tmpChain.putDerValue(new DerValue(chains[i].getEncoded())); } + tmp1.write(DerValue.tag_Sequence, tmpChain); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), tmp1); @@ -449,9 +453,9 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, BasicOCSPResponse response = new BasicOCSPResponse(out.toByteArray()); return response; + } catch (Exception e) { - e.printStackTrace(); - // error e + CMS.debug(e); log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGN_RESPONSE", e.toString())); return null; } diff --git a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java index 676257bb7..ea095ba3f 100644 --- a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java +++ b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java @@ -409,8 +409,9 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { long endTime = CMS.getCurrentDate().getTime(); mOCSPAuthority.incTotalTime(endTime - startTime); return response; + } catch (Exception e) { - CMS.debug("DefStore: validation failed " + e.toString()); + CMS.debug(e); log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString())); return null; } @@ -449,6 +450,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString())); return null; } + MessageDigest md = MessageDigest.getInstance(cid.getDigestName()); X509Key key = (X509Key) cert.getPublicKey(); byte digest[] = md.digest(key.getKey()); @@ -474,6 +476,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { break; } } + } else { theCert = matched.getX509CertImpl(); theRec = matched.getCRLIssuingPointRecord(); @@ -490,16 +493,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16)); CMS.debug("DefStore: process request 0x" + serialNo.toString(16)); - CertStatus certStatus = null; - GeneralizedTime thisUpdate = null; + + GeneralizedTime thisUpdate; if (theRec == null) { thisUpdate = new GeneralizedTime(CMS.getCurrentDate()); } else { - thisUpdate = new GeneralizedTime( - theRec.getThisUpdate()); + Date d = theRec.getThisUpdate(); + CMS.debug("DefStore: CRL record this update: " + d); + thisUpdate = new GeneralizedTime(d); } + CMS.debug("DefStore: this update: " + thisUpdate.toDate()); + // this is an optional field GeneralizedTime nextUpdate; @@ -510,9 +516,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { nextUpdate = new GeneralizedTime(CMS.getCurrentDate()); } else { - nextUpdate = new GeneralizedTime(theRec.getNextUpdate()); + Date d = theRec.getNextUpdate(); + CMS.debug("DefStore: CRL record next update: " + d); + nextUpdate = new GeneralizedTime(d); } + CMS.debug("DefStore: next update: " + (nextUpdate == null ? null : nextUpdate.toDate())); + + CertStatus certStatus; + if (theCRL == null) { certStatus = new UnknownInfo(); @@ -551,10 +563,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } else { certStatus = new UnknownInfo(); } + } else { certStatus = new RevokedInfo(new GeneralizedTime( crlentry.getRevocationDate())); - } return new SingleResponse(cid, certStatus, thisUpdate, @@ -564,6 +576,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { // error log CMS.debug("DefStore: failed processing request e=" + e); } + return null; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java index 940bf657c..5fde89dfe 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java @@ -198,16 +198,19 @@ public class OCSPServlet extends CMSServlet { throw new Exception("OCSPServlet: OCSP request is " + "empty or malformed"); } + ocspReq = (OCSPRequest) reqTemplate.decode(is); + if ((ocspReq == null) || (ocspReq.toString().equals(""))) { throw new Exception("OCSPServlet: Decoded OCSP request " + "is empty or malformed"); } + response = ((IOCSPService) mAuthority).validate(ocspReq); + } catch (Exception e) { - ; - CMS.debug("OCSPServlet: " + e.toString()); + CMS.debug(e); } if (response != null) { |