summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java10
-rw-r--r--base/server/cms/src/com/netscape/cms/ocsp/DefStore.java27
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java7
3 files changed, 32 insertions, 12 deletions
diff --git a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java
index 09b85b4d1..14dd33813 100644
--- a/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java
+++ b/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java
@@ -415,6 +415,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem,
*/
public BasicOCSPResponse sign(ResponseData rd)
throws EBaseException {
+
try (DerOutputStream out = new DerOutputStream()) {
DerOutputStream tmp = new DerOutputStream();
@@ -424,9 +425,11 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem,
if (rd_data != null) {
mTotalData += rd_data.length;
}
+
rd.encode(tmp);
AlgorithmId.get(algname).encode(tmp);
- CMS.debug("adding signature");
+
+ CMS.debug("OCSPAuthority: adding signature");
byte[] signature = mSigningUnit.sign(rd_data, algname);
tmp.putBitString(signature);
@@ -440,6 +443,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem,
for (int i = 0; i < chains.length; i++) {
tmpChain.putDerValue(new DerValue(chains[i].getEncoded()));
}
+
tmp1.write(DerValue.tag_Sequence, tmpChain);
tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0),
tmp1);
@@ -449,9 +453,9 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem,
BasicOCSPResponse response = new BasicOCSPResponse(out.toByteArray());
return response;
+
} catch (Exception e) {
- e.printStackTrace();
- // error e
+ CMS.debug(e);
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGN_RESPONSE", e.toString()));
return null;
}
diff --git a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java
index 676257bb7..ea095ba3f 100644
--- a/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java
+++ b/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java
@@ -409,8 +409,9 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
long endTime = CMS.getCurrentDate().getTime();
mOCSPAuthority.incTotalTime(endTime - startTime);
return response;
+
} catch (Exception e) {
- CMS.debug("DefStore: validation failed " + e.toString());
+ CMS.debug(e);
log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
return null;
}
@@ -449,6 +450,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString()));
return null;
}
+
MessageDigest md = MessageDigest.getInstance(cid.getDigestName());
X509Key key = (X509Key) cert.getPublicKey();
byte digest[] = md.digest(key.getKey());
@@ -474,6 +476,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
break;
}
}
+
} else {
theCert = matched.getX509CertImpl();
theRec = matched.getCRLIssuingPointRecord();
@@ -490,16 +493,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16));
CMS.debug("DefStore: process request 0x" + serialNo.toString(16));
- CertStatus certStatus = null;
- GeneralizedTime thisUpdate = null;
+
+ GeneralizedTime thisUpdate;
if (theRec == null) {
thisUpdate = new GeneralizedTime(CMS.getCurrentDate());
} else {
- thisUpdate = new GeneralizedTime(
- theRec.getThisUpdate());
+ Date d = theRec.getThisUpdate();
+ CMS.debug("DefStore: CRL record this update: " + d);
+ thisUpdate = new GeneralizedTime(d);
}
+ CMS.debug("DefStore: this update: " + thisUpdate.toDate());
+
// this is an optional field
GeneralizedTime nextUpdate;
@@ -510,9 +516,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
nextUpdate = new GeneralizedTime(CMS.getCurrentDate());
} else {
- nextUpdate = new GeneralizedTime(theRec.getNextUpdate());
+ Date d = theRec.getNextUpdate();
+ CMS.debug("DefStore: CRL record next update: " + d);
+ nextUpdate = new GeneralizedTime(d);
}
+ CMS.debug("DefStore: next update: " + (nextUpdate == null ? null : nextUpdate.toDate()));
+
+ CertStatus certStatus;
+
if (theCRL == null) {
certStatus = new UnknownInfo();
@@ -551,10 +563,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
} else {
certStatus = new UnknownInfo();
}
+
} else {
certStatus = new RevokedInfo(new GeneralizedTime(
crlentry.getRevocationDate()));
-
}
return new SingleResponse(cid, certStatus, thisUpdate,
@@ -564,6 +576,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
// error log
CMS.debug("DefStore: failed processing request e=" + e);
}
+
return null;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
index 940bf657c..5fde89dfe 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
@@ -198,16 +198,19 @@ public class OCSPServlet extends CMSServlet {
throw new Exception("OCSPServlet: OCSP request is "
+ "empty or malformed");
}
+
ocspReq = (OCSPRequest) reqTemplate.decode(is);
+
if ((ocspReq == null) ||
(ocspReq.toString().equals(""))) {
throw new Exception("OCSPServlet: Decoded OCSP request "
+ "is empty or malformed");
}
+
response = ((IOCSPService) mAuthority).validate(ocspReq);
+
} catch (Exception e) {
- ;
- CMS.debug("OCSPServlet: " + e.toString());
+ CMS.debug(e);
}
if (response != null) {
generated by cgit (git 2.34.1) at 2024-09-27 12:13:14 +0000