summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/src
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/ca/src')
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAService.java44
-rw-r--r--pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java4
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java50
-rw-r--r--pki/base/ca/src/com/netscape/ca/CertificateAuthority.java24
4 files changed, 66 insertions, 56 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java
index d6f02a059..d086ee551 100644
--- a/pki/base/ca/src/com/netscape/ca/CAService.java
+++ b/pki/base/ca/src/com/netscape/ca/CAService.java
@@ -45,6 +45,7 @@ import netscape.security.x509.CertificateIssuerName;
import netscape.security.x509.CertificateSerialNumber;
import netscape.security.x509.CertificateSubjectName;
import netscape.security.x509.CertificateValidity;
+import netscape.security.x509.Extension;
import netscape.security.x509.LdapV3DNStrConverter;
import netscape.security.x509.PKIXExtensions;
import netscape.security.x509.RevocationReason;
@@ -104,11 +105,11 @@ public class CAService implements ICAService, IService {
protected static IConnector mCLAConnector = null;
private ICertificateAuthority mCA = null;
- private Hashtable mServants = new Hashtable();
+ private Hashtable<String, IServant> mServants = new Hashtable<String, IServant>();
private IConnector mKRAConnector = null;
private IConfigStore mConfig = null;
private boolean mArchivalRequired = true;
- private Hashtable mCRLIssuingPoints = new Hashtable();
+ private Hashtable<String, ICRLIssuingPoint> mCRLIssuingPoints = new Hashtable<String, ICRLIssuingPoint>();
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
@@ -289,7 +290,8 @@ public class CAService implements ICAService, IService {
if (timeout == 0)
connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config);
else
- connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout);
+ connector =
+ new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout);
// Change end
// log(ILogger.LL_INFO, "remote authority "+
@@ -370,8 +372,8 @@ public class CAService implements ICAService, IService {
// short cut profile-based request
if (isProfileRequest(request)) {
try {
- CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance="
- + request);
+ CMS.debug("CAServic: x0 requestStatus="
+ + request.getRequestStatus().toString() + " instance=" + request);
serviceProfileRequest(request);
request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
CMS.debug("CAServic: x1 requestStatus=" + request.getRequestStatus().toString());
@@ -530,7 +532,7 @@ public class CAService implements ICAService, IService {
/**
* get CRL Issuing Point
*/
- public Hashtable getCRLIssuingPoints() {
+ public Hashtable<String, ICRLIssuingPoint> getCRLIssuingPoints() {
return mCRLIssuingPoints;
}
@@ -683,7 +685,7 @@ public class CAService implements ICAService, IService {
exts = (CertificateExtensions)
certi.get(X509CertInfo.EXTENSIONS);
if (exts != null) {
- Enumeration e = exts.getElements();
+ Enumeration<Extension> e = exts.getAttributes();
while (e.hasMoreElements()) {
netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement();
@@ -918,7 +920,7 @@ public class CAService implements ICAService, IService {
} else {
if (Debug.ON) {
System.out.println("Old meta info");
- Enumeration n = oldMeta.getElements();
+ Enumeration<String> n = oldMeta.getElements();
while (n.hasMoreElements()) {
String name = (String) n.nextElement();
@@ -945,7 +947,7 @@ public class CAService implements ICAService, IService {
mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
MetaInfo meta = check.getMetaInfo();
- Enumeration n = oldMeta.getElements();
+ Enumeration<String> n = oldMeta.getElements();
while (n.hasMoreElements()) {
String name = (String) n.nextElement();
@@ -1012,7 +1014,7 @@ public class CAService implements ICAService, IService {
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED",
serialno.toString(16)));
// inform all CRLIssuingPoints about revoked certificate
- Enumeration eIPs = mCRLIssuingPoints.elements();
+ Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
@@ -1100,7 +1102,7 @@ public class CAService implements ICAService, IService {
certRec.getRevokedOn(), certRec.getRevokedBy());
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", serialNo.toString(16)));
// inform all CRLIssuingPoints about unrevoked certificate
- Enumeration eIPs = mCRLIssuingPoints.elements();
+ Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
@@ -1620,15 +1622,15 @@ class serviceCheckChallenge implements IServant {
String filter = "(&(x509cert.subject=" + subjectName + ")(certStatus=VALID))";
ICertRecordList list = certDB.findCertRecordsInList(filter, null, 10);
int size = list.getSize();
- Enumeration en = list.getCertRecords(0, size - 1);
+ Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
if (!en.hasMoreElements()) {
bigIntArray = new BigInteger[0];
} else {
- Vector idv = new Vector();
+ Vector<BigInteger> idv = new Vector<BigInteger>();
while (en.hasMoreElements()) {
- CertRecord record = (CertRecord) en.nextElement();
+ ICertRecord record = en.nextElement();
boolean samepwd = compareChallengePassword(record, pwd);
if (samepwd) {
@@ -1650,7 +1652,7 @@ class serviceCheckChallenge implements IServant {
return true;
}
- private boolean compareChallengePassword(CertRecord record, String pwd)
+ private boolean compareChallengePassword(ICertRecord record, String pwd)
throws EBaseException {
MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
@@ -1931,7 +1933,7 @@ class serviceGetRevocationInfo implements IServant {
public boolean service(IRequest request)
throws EBaseException {
- Enumeration enum1 = request.getExtDataKeys();
+ Enumeration<String> enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
@@ -1971,7 +1973,7 @@ class serviceGetCertificates implements IServant {
public boolean service(IRequest request)
throws EBaseException {
- Enumeration enum1 = request.getExtDataKeys();
+ Enumeration<String> enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
@@ -2040,8 +2042,8 @@ class serviceCert4Crl implements IServant {
// mService.revokeCert(crlentries[i]);
recordedCerts[i] = revokedCertRecs[i];
// inform all CRLIssuingPoints about revoked certificate
- Hashtable hips = mService.getCRLIssuingPoints();
- Enumeration eIPs = hips.elements();
+ Hashtable<String, ICRLIssuingPoint> hips = mService.getCRLIssuingPoints();
+ Enumeration<ICRLIssuingPoint> eIPs = hips.elements();
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
@@ -2102,8 +2104,8 @@ class serviceUnCert4Crl implements IServant {
try {
mCA.getCertificateRepository().deleteCertificateRecord(oldSerialNo[i]);
// inform all CRLIssuingPoints about unrevoked certificate
- Hashtable hips = mService.getCRLIssuingPoints();
- Enumeration eIPs = hips.elements();
+ Hashtable<String, ICRLIssuingPoint> hips = mService.getCRLIssuingPoints();
+ Enumeration<ICRLIssuingPoint> eIPs = hips.elements();
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
diff --git a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
index d9e14884a..0d98b9631 100644
--- a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
+++ b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
@@ -623,8 +623,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip.getCRLExtensions();
if (cmsCRLExtensions != null) {
- issuingDistPointExtEnabled = cmsCRLExtensions
- .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
+ issuingDistPointExtEnabled =
+ cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
}
CMS.debug("issuingDistPointExtEnabled = " + issuingDistPointExtEnabled);
diff --git a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
index 96f1468f1..46ddb544d 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
@@ -736,9 +736,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mCMSCRLExtensions = new CMSCRLExtensions(this, config);
- mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ?
- config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true)
- :
+ mExtendedNextUpdate =
+ ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ?
+ config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) :
false;
// Get serial number ranges if any.
@@ -1166,7 +1166,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
IConfigStore crlSubStore = crlsSubStore.getSubStore(mId);
IConfigStore crlExtsSubStore =
crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
- crlExtsSubStore = crlExtsSubStore.getSubStore(IssuingDistributionPointExtension.NAME);
+ crlExtsSubStore =
+ crlExtsSubStore
+ .getSubStore(IssuingDistributionPointExtension.NAME);
if (crlExtsSubStore != null) {
String val = "";
@@ -1599,8 +1601,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
if (t - mMinUpdateInterval > last) {
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList))
- && (!delta) &&
+ if (mExtendedNextUpdate
+ && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) && (!delta) &&
isDeltaEnabled && mUpdateSchema > 1) {
i += mUpdateSchema - ((i + m) % mUpdateSchema);
}
@@ -1686,8 +1688,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
next = nextUpdate;
}
- CMS.debug("findNextUpdate: " + ((new Date(next)).toString())
- + ((fromLastUpdate) ? " delay: " + (next - now) : ""));
+ CMS.debug("findNextUpdate: "
+ + ((new Date(next)).toString()) + ((fromLastUpdate) ? " delay: " + (next - now) : ""));
return (fromLastUpdate) ? next - now : next;
}
@@ -2231,7 +2233,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
public boolean isDeltaCRLEnabled() {
return (mAllowExtensions && mEnableCRLCache &&
mCMSCRLExtensions.isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME) &&
- mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) &&
+ mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) &&
mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.NAME));
}
@@ -2339,8 +2341,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Boolean.toString(isCRLCacheEnabled()),
Boolean.toString(mEnableCacheRecovery),
Boolean.toString(mCRLCacheIsCleared),
- "" + mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size() + ","
- + mExpiredCerts.size() + ""
+ mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size()
+ + "," + mExpiredCerts.size() + ""
}
);
mUpdatingCRL = CRL_UPDATE_STARTED;
@@ -2395,14 +2397,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[0] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts =
+ (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts.clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts =
+ (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts.clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts =
+ (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts.clone();
mSplits[0] += System.currentTimeMillis();
@@ -2441,8 +2443,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (isDeltaCRLEnabled()) {
mSplits[1] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts
- .clone();
+ Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts =
+ (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts.clone();
deltaCRLCerts.putAll(clonedUnrevokedCerts);
if (mIncludeExpiredCertsOneExtraTime) {
@@ -2716,8 +2718,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
- splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + ","
- + Long.toString(totalTime) + ")";
+ splitTimes +=
+ ","
+ + Long.toString(deltaTime) + "," + Long.toString(crlTime) + ","
+ + Long.toString(totalTime) + ")";
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
AuditFormat.LEVEL,
CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"),
@@ -2817,7 +2821,6 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* Suppress the warnings generated by adding to the session context
*
*/
- @SuppressWarnings("unchecked")
protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
throws EBaseException {
SessionContext sc = SessionContext.getContext();
@@ -3014,7 +3017,8 @@ class CertRecProcessor implements IElementProcessor {
return result;
}
boolean isIssuingDistPointExtEnabled = false;
- isIssuingDistPointExtEnabled = exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
+ isIssuingDistPointExtEnabled =
+ exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
if (isIssuingDistPointExtEnabled == false) {
mIssuingDistPointEnabled = false;
return false;
diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 0ae915d2f..dab9c069d 100644
--- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -1561,12 +1561,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
if (nc != null && nc.size() > 0) {
// Initialize Certificate Issued notification listener
- String certificateIssuedListenerClassName = nc.getString("certificateIssuedListenerClassName",
- "com.netscape.cms.listeners.CertificateIssuedListener");
+ String certificateIssuedListenerClassName =
+ nc.getString("certificateIssuedListenerClassName",
+ "com.netscape.cms.listeners.CertificateIssuedListener");
try {
- mCertIssuedListener = (IRequestListener) Class.forName(certificateIssuedListenerClassName)
- .newInstance();
+ mCertIssuedListener =
+ (IRequestListener) Class.forName(certificateIssuedListenerClassName).newInstance();
mCertIssuedListener.init(this, nc);
} catch (Exception e1) {
log(ILogger.LL_FAILURE,
@@ -1575,12 +1576,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// Initialize Revoke Request notification listener
- String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName",
- "com.netscape.cms.listeners.CertificateRevokedListener");
+ String certificateRevokedListenerClassName =
+ nc.getString("certificateIssuedListenerClassName",
+ "com.netscape.cms.listeners.CertificateRevokedListener");
try {
- mCertRevokedListener = (IRequestListener) Class.forName(certificateRevokedListenerClassName)
- .newInstance();
+ mCertRevokedListener =
+ (IRequestListener) Class.forName(certificateRevokedListenerClassName).newInstance();
mCertRevokedListener.init(this, nc);
} catch (Exception e1) {
log(ILogger.LL_FAILURE,
@@ -1590,8 +1592,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// Initialize Request In Queue notification listener
IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE);
- String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName",
- "com.netscape.cms.listeners.RequestInQListener");
+ String requestInQListenerClassName =
+ nc.getString("certificateIssuedListenerClassName",
+ "com.netscape.cms.listeners.RequestInQListener");
try {
mReqInQListener = (IRequestListener) Class.forName(requestInQListenerClassName).newInstance();
@@ -1701,6 +1704,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
"initializing crl issue point " + issuePointId);
IConfigStore issuePointConfig = null;
String issuePointClassName = null;
+ @SuppressWarnings("unchecked")
Class<CRLIssuingPoint> issuePointClass = null;
CRLIssuingPoint issuePoint = null;
generated by cgit (git 2.34.1) at 2024-07-07 05:38:53 +0000