diff options
Diffstat (limited to 'pki/base/ca/src')
4 files changed, 66 insertions, 56 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java index d6f02a059..d086ee551 100644 --- a/pki/base/ca/src/com/netscape/ca/CAService.java +++ b/pki/base/ca/src/com/netscape/ca/CAService.java @@ -45,6 +45,7 @@ import netscape.security.x509.CertificateIssuerName; import netscape.security.x509.CertificateSerialNumber; import netscape.security.x509.CertificateSubjectName; import netscape.security.x509.CertificateValidity; +import netscape.security.x509.Extension; import netscape.security.x509.LdapV3DNStrConverter; import netscape.security.x509.PKIXExtensions; import netscape.security.x509.RevocationReason; @@ -104,11 +105,11 @@ public class CAService implements ICAService, IService { protected static IConnector mCLAConnector = null; private ICertificateAuthority mCA = null; - private Hashtable mServants = new Hashtable(); + private Hashtable<String, IServant> mServants = new Hashtable<String, IServant>(); private IConnector mKRAConnector = null; private IConfigStore mConfig = null; private boolean mArchivalRequired = true; - private Hashtable mCRLIssuingPoints = new Hashtable(); + private Hashtable<String, ICRLIssuingPoint> mCRLIssuingPoints = new Hashtable<String, ICRLIssuingPoint>(); private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = @@ -289,7 +290,8 @@ public class CAService implements ICAService, IService { if (timeout == 0) connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config); else - connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout); + connector = + new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout); // Change end // log(ILogger.LL_INFO, "remote authority "+ @@ -370,8 +372,8 @@ public class CAService implements ICAService, IService { // short cut profile-based request if (isProfileRequest(request)) { try { - CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance=" - + request); + CMS.debug("CAServic: x0 requestStatus=" + + request.getRequestStatus().toString() + " instance=" + request); serviceProfileRequest(request); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); CMS.debug("CAServic: x1 requestStatus=" + request.getRequestStatus().toString()); @@ -530,7 +532,7 @@ public class CAService implements ICAService, IService { /** * get CRL Issuing Point */ - public Hashtable getCRLIssuingPoints() { + public Hashtable<String, ICRLIssuingPoint> getCRLIssuingPoints() { return mCRLIssuingPoints; } @@ -683,7 +685,7 @@ public class CAService implements ICAService, IService { exts = (CertificateExtensions) certi.get(X509CertInfo.EXTENSIONS); if (exts != null) { - Enumeration e = exts.getElements(); + Enumeration<Extension> e = exts.getAttributes(); while (e.hasMoreElements()) { netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement(); @@ -918,7 +920,7 @@ public class CAService implements ICAService, IService { } else { if (Debug.ON) { System.out.println("Old meta info"); - Enumeration n = oldMeta.getElements(); + Enumeration<String> n = oldMeta.getElements(); while (n.hasMoreElements()) { String name = (String) n.nextElement(); @@ -945,7 +947,7 @@ public class CAService implements ICAService, IService { mCA.getCertificateRepository().readCertificateRecord(oldSerialNo); MetaInfo meta = check.getMetaInfo(); - Enumeration n = oldMeta.getElements(); + Enumeration<String> n = oldMeta.getElements(); while (n.hasMoreElements()) { String name = (String) n.nextElement(); @@ -1012,7 +1014,7 @@ public class CAService implements ICAService, IService { mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED", serialno.toString(16))); // inform all CRLIssuingPoints about revoked certificate - Enumeration eIPs = mCRLIssuingPoints.elements(); + Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements(); while (eIPs.hasMoreElements()) { ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); @@ -1100,7 +1102,7 @@ public class CAService implements ICAService, IService { certRec.getRevokedOn(), certRec.getRevokedBy()); mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", serialNo.toString(16))); // inform all CRLIssuingPoints about unrevoked certificate - Enumeration eIPs = mCRLIssuingPoints.elements(); + Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements(); while (eIPs.hasMoreElements()) { ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); @@ -1620,15 +1622,15 @@ class serviceCheckChallenge implements IServant { String filter = "(&(x509cert.subject=" + subjectName + ")(certStatus=VALID))"; ICertRecordList list = certDB.findCertRecordsInList(filter, null, 10); int size = list.getSize(); - Enumeration en = list.getCertRecords(0, size - 1); + Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); if (!en.hasMoreElements()) { bigIntArray = new BigInteger[0]; } else { - Vector idv = new Vector(); + Vector<BigInteger> idv = new Vector<BigInteger>(); while (en.hasMoreElements()) { - CertRecord record = (CertRecord) en.nextElement(); + ICertRecord record = en.nextElement(); boolean samepwd = compareChallengePassword(record, pwd); if (samepwd) { @@ -1650,7 +1652,7 @@ class serviceCheckChallenge implements IServant { return true; } - private boolean compareChallengePassword(CertRecord record, String pwd) + private boolean compareChallengePassword(ICertRecord record, String pwd) throws EBaseException { MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO); @@ -1931,7 +1933,7 @@ class serviceGetRevocationInfo implements IServant { public boolean service(IRequest request) throws EBaseException { - Enumeration enum1 = request.getExtDataKeys(); + Enumeration<String> enum1 = request.getExtDataKeys(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); @@ -1971,7 +1973,7 @@ class serviceGetCertificates implements IServant { public boolean service(IRequest request) throws EBaseException { - Enumeration enum1 = request.getExtDataKeys(); + Enumeration<String> enum1 = request.getExtDataKeys(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); @@ -2040,8 +2042,8 @@ class serviceCert4Crl implements IServant { // mService.revokeCert(crlentries[i]); recordedCerts[i] = revokedCertRecs[i]; // inform all CRLIssuingPoints about revoked certificate - Hashtable hips = mService.getCRLIssuingPoints(); - Enumeration eIPs = hips.elements(); + Hashtable<String, ICRLIssuingPoint> hips = mService.getCRLIssuingPoints(); + Enumeration<ICRLIssuingPoint> eIPs = hips.elements(); while (eIPs.hasMoreElements()) { ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); @@ -2102,8 +2104,8 @@ class serviceUnCert4Crl implements IServant { try { mCA.getCertificateRepository().deleteCertificateRecord(oldSerialNo[i]); // inform all CRLIssuingPoints about unrevoked certificate - Hashtable hips = mService.getCRLIssuingPoints(); - Enumeration eIPs = hips.elements(); + Hashtable<String, ICRLIssuingPoint> hips = mService.getCRLIssuingPoints(); + Enumeration<ICRLIssuingPoint> eIPs = hips.elements(); while (eIPs.hasMoreElements()) { ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); diff --git a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java index d9e14884a..0d98b9631 100644 --- a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java +++ b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java @@ -623,8 +623,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions { CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip.getCRLExtensions(); if (cmsCRLExtensions != null) { - issuingDistPointExtEnabled = cmsCRLExtensions - .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME); + issuingDistPointExtEnabled = + cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME); } CMS.debug("issuingDistPointExtEnabled = " + issuingDistPointExtEnabled); diff --git a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java index 96f1468f1..46ddb544d 100644 --- a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java +++ b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java @@ -736,9 +736,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mCMSCRLExtensions = new CMSCRLExtensions(this, config); - mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ? - config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) - : + mExtendedNextUpdate = + ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ? + config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) : false; // Get serial number ranges if any. @@ -1166,7 +1166,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { IConfigStore crlSubStore = crlsSubStore.getSubStore(mId); IConfigStore crlExtsSubStore = crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); - crlExtsSubStore = crlExtsSubStore.getSubStore(IssuingDistributionPointExtension.NAME); + crlExtsSubStore = + crlExtsSubStore + .getSubStore(IssuingDistributionPointExtension.NAME); if (crlExtsSubStore != null) { String val = ""; @@ -1599,8 +1601,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { } } if (t - mMinUpdateInterval > last) { - if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) - && (!delta) && + if (mExtendedNextUpdate + && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) && (!delta) && isDeltaEnabled && mUpdateSchema > 1) { i += mUpdateSchema - ((i + m) % mUpdateSchema); } @@ -1686,8 +1688,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { next = nextUpdate; } - CMS.debug("findNextUpdate: " + ((new Date(next)).toString()) - + ((fromLastUpdate) ? " delay: " + (next - now) : "")); + CMS.debug("findNextUpdate: " + + ((new Date(next)).toString()) + ((fromLastUpdate) ? " delay: " + (next - now) : "")); return (fromLastUpdate) ? next - now : next; } @@ -2231,7 +2233,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { public boolean isDeltaCRLEnabled() { return (mAllowExtensions && mEnableCRLCache && mCMSCRLExtensions.isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME) && - mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) && + mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) && mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.NAME)); } @@ -2339,8 +2341,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { Boolean.toString(isCRLCacheEnabled()), Boolean.toString(mEnableCacheRecovery), Boolean.toString(mCRLCacheIsCleared), - "" + mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size() + "," - + mExpiredCerts.size() + "" + mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size() + + "," + mExpiredCerts.size() + "" } ); mUpdatingCRL = CRL_UPDATE_STARTED; @@ -2395,14 +2397,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { mSplits[0] -= System.currentTimeMillis(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts - .clone(); + Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = + (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts.clone(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts - .clone(); + Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = + (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts.clone(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts - .clone(); + Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = + (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts.clone(); mSplits[0] += System.currentTimeMillis(); @@ -2441,8 +2443,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { if (isDeltaCRLEnabled()) { mSplits[1] -= System.currentTimeMillis(); @SuppressWarnings("unchecked") - Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts - .clone(); + Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = + (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts.clone(); deltaCRLCerts.putAll(clonedUnrevokedCerts); if (mIncludeExpiredCertsOneExtraTime) { @@ -2716,8 +2718,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { splitTimes += ","; splitTimes += Long.toString(mSplits[i]); } - splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," - + Long.toString(totalTime) + ")"; + splitTimes += + "," + + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," + + Long.toString(totalTime) + ")"; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"), @@ -2817,7 +2821,6 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable { * Suppress the warnings generated by adding to the session context * */ - @SuppressWarnings("unchecked") protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL) throws EBaseException { SessionContext sc = SessionContext.getContext(); @@ -3014,7 +3017,8 @@ class CertRecProcessor implements IElementProcessor { return result; } boolean isIssuingDistPointExtEnabled = false; - isIssuingDistPointExtEnabled = exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME); + isIssuingDistPointExtEnabled = + exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME); if (isIssuingDistPointExtEnabled == false) { mIssuingDistPointEnabled = false; return false; diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java index 0ae915d2f..dab9c069d 100644 --- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -1561,12 +1561,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori if (nc != null && nc.size() > 0) { // Initialize Certificate Issued notification listener - String certificateIssuedListenerClassName = nc.getString("certificateIssuedListenerClassName", - "com.netscape.cms.listeners.CertificateIssuedListener"); + String certificateIssuedListenerClassName = + nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.CertificateIssuedListener"); try { - mCertIssuedListener = (IRequestListener) Class.forName(certificateIssuedListenerClassName) - .newInstance(); + mCertIssuedListener = + (IRequestListener) Class.forName(certificateIssuedListenerClassName).newInstance(); mCertIssuedListener.init(this, nc); } catch (Exception e1) { log(ILogger.LL_FAILURE, @@ -1575,12 +1576,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // Initialize Revoke Request notification listener - String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName", - "com.netscape.cms.listeners.CertificateRevokedListener"); + String certificateRevokedListenerClassName = + nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.CertificateRevokedListener"); try { - mCertRevokedListener = (IRequestListener) Class.forName(certificateRevokedListenerClassName) - .newInstance(); + mCertRevokedListener = + (IRequestListener) Class.forName(certificateRevokedListenerClassName).newInstance(); mCertRevokedListener.init(this, nc); } catch (Exception e1) { log(ILogger.LL_FAILURE, @@ -1590,8 +1592,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // Initialize Request In Queue notification listener IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE); - String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", - "com.netscape.cms.listeners.RequestInQListener"); + String requestInQListenerClassName = + nc.getString("certificateIssuedListenerClassName", + "com.netscape.cms.listeners.RequestInQListener"); try { mReqInQListener = (IRequestListener) Class.forName(requestInQListenerClassName).newInstance(); @@ -1701,6 +1704,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori "initializing crl issue point " + issuePointId); IConfigStore issuePointConfig = null; String issuePointClassName = null; + @SuppressWarnings("unchecked") Class<CRLIssuingPoint> issuePointClass = null; CRLIssuingPoint issuePoint = null; |