summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java')
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java32
1 files changed, 21 insertions, 11 deletions
diff --git a/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
index 5b9cd7741..75e732676 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
@@ -18,8 +18,10 @@
package com.netscape.cms.servlet.cert;
import java.io.IOException;
+import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Locale;
+import java.util.Map;
import java.util.Random;
import javax.servlet.ServletConfig;
@@ -30,13 +32,14 @@ import javax.servlet.http.HttpServletResponse;
import netscape.security.x509.X509CertImpl;
+import org.apache.commons.lang.StringUtils;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.authorization.AuthzToken;
import com.netscape.certsrv.authorization.EAuthzAccessDenied;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-import com.netscape.certsrv.base.Nonces;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.dbs.certdb.ICertRecord;
import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
@@ -65,7 +68,6 @@ public class ReasonToRevoke extends CMSServlet {
private String mFormPath = null;
private ICertificateAuthority mCA = null;
private Random mRandom = null;
- private Nonces mNonces = null;
private int mTimeLimits = 30; /* in seconds */
public ReasonToRevoke() {
@@ -88,7 +90,6 @@ public class ReasonToRevoke extends CMSServlet {
if (mCA != null && mCA.noncesEnabled()) {
mRandom = new Random();
- mNonces = mCA.getNonces();
}
mTemplates.remove(CMSRequest.SUCCESS);
@@ -222,14 +223,6 @@ public class ReasonToRevoke extends CMSServlet {
header.addStringValue("revokeAll", revokeAll);
header.addIntegerValue("totalRecordCount", totalRecordCount);
- if (mNonces != null) {
- long n = mRandom.nextLong();
- long m = mNonces.addNonce(n, getSSLClientCertificate(req));
- if ((n + m) != 0) {
- header.addStringValue("nonce", Long.toString(m));
- }
- }
-
try {
if (mCA != null) {
X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
@@ -248,6 +241,7 @@ public class ReasonToRevoke extends CMSServlet {
Enumeration<ICertRecord> e = mCertDB.searchCertificates(revokeAll,
totalRecordCount, mTimeLimits);
+ ArrayList<String> noncesList = new ArrayList<String>();
int count = 0;
while (e != null && e.hasMoreElements()) {
@@ -258,6 +252,17 @@ public class ReasonToRevoke extends CMSServlet {
X509CertImpl xcert = rec.getCertificate();
if (xcert != null)
+
+ if (mCA != null && mCA.noncesEnabled()) {
+ // generate nonce
+ long n = mRandom.nextLong();
+ // store nonce in session
+ Map<Object, Long> nonces = mCA.getNonces(req, "cert-revoke");
+ nonces.put(xcert.getSerialNumber(), n);
+ // store serial number and nonce
+ noncesList.add(xcert.getSerialNumber()+":"+n);
+ }
+
if (!(rec.getStatus().equals(ICertRecord.STATUS_REVOKED))) {
count++;
IArgBlock rarg = CMS.createArgBlock();
@@ -278,6 +283,11 @@ public class ReasonToRevoke extends CMSServlet {
header.addIntegerValue("verifiedRecordCount", count);
+ if (mCA != null && mCA.noncesEnabled()) {
+ // return serial numbers and nonces to client
+ header.addStringValue("nonce", StringUtils.join(noncesList.toArray(), ","));
+ }
+
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, "Error " + e);
throw e;