diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/ocsp/DefStore.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/ocsp/DefStore.java | 318 |
1 files changed, 161 insertions, 157 deletions
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java index cfa6ff577..328725e2f 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.ocsp; - import java.math.BigInteger; import java.security.MessageDigest; import java.security.cert.X509CRL; @@ -75,11 +74,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** * This is the default OCSP store that stores revocation information * as certificate record (CMS internal data structure). - * + * * @version $Revision$, $Date$ */ public class DefStore implements IDefStore, IExtendedPluginInfo { @@ -90,18 +88,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { private static final String PROP_USE_CACHE = "useCache"; private static final String PROP_REFRESH_IN_SEC = "refreshInSec"; - private static final int DEF_REFRESH_IN_SEC = 0; + private static final int DEF_REFRESH_IN_SEC = 0; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - private final static String PROP_BY_NAME = - "byName"; - private final static String PROP_WAIT_ON_CRL_UPDATE = - "waitOnCRLUpdate"; + private final static String PROP_BY_NAME = + "byName"; + private final static String PROP_WAIT_ON_CRL_UPDATE = + "waitOnCRLUpdate"; private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood"; private final static String PROP_INCLUDE_NEXT_UPDATE = - "includeNextUpdate"; + "includeNextUpdate"; protected Hashtable mReqCounts = new Hashtable(); protected boolean mNotFoundGood = true; @@ -123,19 +121,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { public DefStore() { } - public String[] getExtendedPluginInfo(Locale locale) { - Vector v = new Vector(); + public String[] getExtendedPluginInfo(Locale locale) { + Vector v = new Vector(); v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mOCSPAuthority = (IOCSPAuthority) owner; mConfig = config; @@ -170,8 +168,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { initWebGateway(); /** - DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); - t.start(); + * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); + * t.start(); **/ // deleteOldCRLs(); } @@ -180,7 +178,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * init web gateway - just gets the ee gateway for this CA. */ private void initWebGateway() - throws EBaseException { + throws EBaseException { } public IRepositoryRecord createRepositoryRecord() { @@ -222,20 +220,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } /** - * This store will not delete the old CRL until the + * This store will not delete the old CRL until the * new one is totally committed. */ public void deleteOldCRLs() throws EBaseException { Enumeration recs = searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), 100); X509CertImpl theCert = null; ICRLIssuingPointRecord theRec = null; while (recs.hasMoreElements()) { ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) - recs.nextElement(); + recs.nextElement(); deleteOldCRLsInCA(rec.getId()); } @@ -246,7 +244,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { try { ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord) - readCRLIssuingPoint(caName); + readCRLIssuingPoint(caName); if (cp == null) return; // nothing to do @@ -257,35 +255,36 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { Enumeration e = searchRepository( caName, "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + - thisUpdate + ")"); + thisUpdate + ")"); while (e != null && e.hasMoreElements()) { IRepositoryRecord r = (IRepositoryRecord) - e.nextElement(); - Enumeration recs = - searchCertRecord(caName, - r.getSerialNumber().toString(), - ICertRecord.ATTR_ID + "=*"); - - log(ILogger.LL_INFO, "remove CRL 0x" + - r.getSerialNumber().toString(16) + - " of " + caName); - String rep_dn = "ou=" + - r.getSerialNumber().toString() + - ",cn=" + transformDN(caName) + "," + - getBaseDN(); + e.nextElement(); + Enumeration recs = + searchCertRecord(caName, + r.getSerialNumber().toString(), + ICertRecord.ATTR_ID + "=*"); + + log(ILogger.LL_INFO, "remove CRL 0x" + + r.getSerialNumber().toString(16) + + " of " + caName); + String rep_dn = "ou=" + + r.getSerialNumber().toString() + + ",cn=" + transformDN(caName) + "," + + getBaseDN(); while (recs != null && recs.hasMoreElements()) { ICertRecord rec = (ICertRecord) recs.nextElement(); - String cert_dn = "cn=" + - rec.getSerialNumber().toString() + "," + rep_dn; + String cert_dn = "cn=" + + rec.getSerialNumber().toString() + "," + rep_dn; s.delete(cert_dn); } s.delete(rep_dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -298,12 +297,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void startup() throws EBaseException { - int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, - DEF_REFRESH_IN_SEC); + int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, + DEF_REFRESH_IN_SEC); if (refresh > 0) { - DefStoreCRLUpdater updater = - new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); - updater.start(); + DefStoreCRLUpdater updater = + new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh); + updater.start(); } } @@ -325,10 +324,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { /** * Validate an OCSP request. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) + throws EBaseException { - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); mOCSPAuthority.incNumOCSPRequest(1); long startTime = CMS.getCurrentDate().getTime(); @@ -340,13 +339,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { // certificate's status Vector singleResponses = new Vector(); if (statsSub != null) { - statsSub.startTiming("lookup"); + statsSub.startTiming("lookup"); } long lookupStartTime = CMS.getCurrentDate().getTime(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { com.netscape.cmsutil.ocsp.Request req = - tbsReq.getRequestAt(i); + tbsReq.getRequestAt(i); CertID cid = req.getCertID(); SingleResponse sr = processRequest(cid); @@ -354,17 +353,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } long lookupEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("lookup"); + statsSub.endTiming("lookup"); } mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime); - if (singleResponses.size() <= 0) { + if (singleResponses.size() <= 0) { CMS.debug("DefStore: No Request Found"); log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found")); return null; } if (statsSub != null) { - statsSub.startTiming("build_response"); + statsSub.startTiming("build_response"); } SingleResponse res[] = new SingleResponse[singleResponses.size()]; @@ -392,24 +391,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { ResponseData rd = new ResponseData(rid, new GeneralizedTime(CMS.getCurrentDate()), res, nonce); if (statsSub != null) { - statsSub.endTiming("build_response"); + statsSub.endTiming("build_response"); } if (statsSub != null) { - statsSub.startTiming("signing"); + statsSub.startTiming("signing"); } long signStartTime = CMS.getCurrentDate().getTime(); BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd); long signEndTime = CMS.getCurrentDate().getTime(); if (statsSub != null) { - statsSub.endTiming("signing"); + statsSub.endTiming("signing"); } mOCSPAuthority.incSignTime(signEndTime - signStartTime); OCSPResponse response = new OCSPResponse( OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); + new OCTET_STRING(ASN1Util.encode(basicRes)))); log(ILogger.LL_INFO, "done OCSP request"); long endTime = CMS.getCurrentDate().getTime(); @@ -436,17 +435,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { ICRLIssuingPointRecord theRec = null; byte keyhsh[] = cid.getIssuerKeyHash().toByteArray(); CRLIPContainer matched = (CRLIPContainer) - mCacheCRLIssuingPoints.get(new String(keyhsh)); + mCacheCRLIssuingPoints.get(new String(keyhsh)); if (matched == null) { Enumeration recs = searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), 100); while (recs.hasMoreElements()) { ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) - recs.nextElement(); + recs.nextElement(); byte certdata[] = rec.getCACert(); X509CertImpl cert = null; @@ -469,15 +468,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { byte crldata[] = rec.getCRL(); if (rec.getCRLCache() == null) { - CMS.debug("DefStore: start building x509 crl impl"); - try { - theCRL = new X509CRLImpl(crldata); - } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); - } - CMS.debug("DefStore: done building x509 crl impl"); + CMS.debug("DefStore: start building x509 crl impl"); + try { + theCRL = new X509CRLImpl(crldata); + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString())); + } + CMS.debug("DefStore: done building x509 crl impl"); } else { - CMS.debug("DefStore: using crl cache"); + CMS.debug("DefStore: using crl cache"); } mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL)); break; @@ -525,25 +524,25 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: evaluating crl cache"); Hashtable cache = theRec.getCRLCacheNoClone(); if (cache != null) { - RevokedCertificate rc = (RevokedCertificate) - cache.get(new BigInteger(serialNo.toString())); - if (rc == null) { - if (isNotFoundGood()) { - certStatus = new GoodInfo(); - } else { - certStatus = new UnknownInfo(); + RevokedCertificate rc = (RevokedCertificate) + cache.get(new BigInteger(serialNo.toString())); + if (rc == null) { + if (isNotFoundGood()) { + certStatus = new GoodInfo(); + } else { + certStatus = new UnknownInfo(); } - } else { - + } else { + certStatus = new RevokedInfo( - new GeneralizedTime( - rc.getRevocationDate())); - } + new GeneralizedTime( + rc.getRevocationDate())); + } } } - + } else { - CMS.debug("DefStore: evaluating x509 crl impl"); + CMS.debug("DefStore: evaluating x509 crl impl"); X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString())); if (crlentry == null) { @@ -556,7 +555,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } else { certStatus = new RevokedInfo(new GeneralizedTime( crlentry.getRevocationDate())); - + } } return new SingleResponse(cid, certStatus, thisUpdate, @@ -582,16 +581,16 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public Enumeration searchAllCRLIssuingPointRecord(int maxSize) - throws EBaseException { + throws EBaseException { return searchCRLIssuingPointRecord( "objectclass=" + - CMS.getCRLIssuingPointRecordName(), + CMS.getCRLIssuingPointRecordName(), maxSize); } public Enumeration searchCRLIssuingPointRecord(String filter, - int maxSize) - throws EBaseException { + int maxSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -605,20 +604,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public synchronized void modifyCRLIssuingPointRecord(String name, - ModificationSet mods) throws EBaseException { + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.modify(dn, mods); } catch (EBaseException e) { - CMS.debug("modifyCRLIssuingPointRecord: error=" + e); - CMS.debug(e); - throw e; + CMS.debug("modifyCRLIssuingPointRecord: error=" + e); + CMS.debug(e); + throw e; } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -626,42 +626,45 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Returns an issuing point. */ public ICRLIssuingPointRecord readCRLIssuingPoint(String name) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); ICRLIssuingPointRecord rec = null; try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICRLIssuingPointRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } public ICRLIssuingPointRecord createCRLIssuingPointRecord( - String name, BigInteger crlNumber, - Long crlSize, Date thisUpdate, Date nextUpdate) { + String name, BigInteger crlNumber, + Long crlSize, Date thisUpdate, Date nextUpdate) { return CMS.createCRLIssuingPointRecord( name, crlNumber, crlSize, thisUpdate, nextUpdate); } - public void deleteCRLIssuingPointRecord(String id) - throws EBaseException { + public void deleteCRLIssuingPointRecord(String id) + throws EBaseException { IDBSSession s = null; try { s = mDBService.createSession(); - String name = "cn=" + transformDN(id) + "," + getBaseDN(); + String name = "cn=" + transformDN(id) + "," + getBaseDN(); CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name); - if (s != null) s.delete(name); + if (s != null) + s.delete(name); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } @@ -669,12 +672,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.add(dn, (ICRLIssuingPointRecord) rec); } finally { @@ -684,7 +687,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public Enumeration searchRepository(String name, String filter) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -702,13 +705,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addRepository(String name, String thisUpdate, - IRepositoryRecord rec) - throws EBaseException { + IRepositoryRecord rec) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "ou=" + thisUpdate + ",cn=" + - transformDN(name) + "," + getBaseDN(); + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -718,22 +721,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public void modifyCertRecord(String name, String thisUpdate, - String sno, - ModificationSet mods) throws EBaseException { + String sno, + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); - if (s != null) s.modify(dn, mods); + if (s != null) + s.modify(dn, mods); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } } public Enumeration searchCertRecord(String name, String thisUpdate, - String filter) throws EBaseException { + String filter) throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -749,20 +754,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } public ICertRecord readCertRecord(String name, String thisUpdate, - String sno) - throws EBaseException { + String sno) + throws EBaseException { IDBSSession s = mDBService.createSession(); ICertRecord rec = null; try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); if (s != null) { rec = (ICertRecord) s.read(dn); } } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return rec; } @@ -771,13 +777,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { * Creates a new issuing point in OCSP. */ public void addCertRecord(String name, String thisUpdate, - String sno, ICertRecord rec) - throws EBaseException { + String sno, ICertRecord rec) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { String dn = "cn=" + sno + ",ou=" + thisUpdate + - ",cn=" + transformDN(name) + "," + getBaseDN(); + ",cn=" + transformDN(name) + "," + getBaseDN(); s.add(dn, rec); } finally { @@ -786,26 +792,26 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } } - public NameValuePairs getConfigParameters() { + public NameValuePairs getConfigParameters() { try { - NameValuePairs params = new NameValuePairs(); + NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_OCSPSTORE_IMPL_NAME, - mConfig.getString("class")); - params.add(PROP_NOT_FOUND_GOOD, - mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); - params.add(PROP_BY_NAME, - mConfig.getString(PROP_BY_NAME, "true")); - params.add(PROP_INCLUDE_NEXT_UPDATE, - mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); - return params; + mConfig.getString("class")); + params.add(PROP_NOT_FOUND_GOOD, + mConfig.getString(PROP_NOT_FOUND_GOOD, "true")); + params.add(PROP_BY_NAME, + mConfig.getString(PROP_BY_NAME, "true")); + params.add(PROP_INCLUDE_NEXT_UPDATE, + mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false")); + return params; } catch (Exception e) { return null; } } - public void setConfigParameters(NameValuePairs pairs) - throws EBaseException { + public void setConfigParameters(NameValuePairs pairs) + throws EBaseException { Enumeration k = pairs.getNames(); while (k.hasMoreElements()) { @@ -822,8 +828,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { CMS.debug("DefStore: Ready to update Issuer"); try { - if (!((X509CRLImpl)crl).areEntriesIncluded()) - crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded()); + if (!((X509CRLImpl) crl).areEntriesIncluded()) + crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded()); } catch (Exception e) { CMS.debug(e); } @@ -833,51 +839,51 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { if (crl.getThisUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, - Modification.MOD_REPLACE, crl.getThisUpdate()); + Modification.MOD_REPLACE, crl.getThisUpdate()); if (crl.getNextUpdate() != null) mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, - Modification.MOD_REPLACE, crl.getNextUpdate()); + Modification.MOD_REPLACE, crl.getNextUpdate()); if (mUseCache) { - if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) { - mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, - Modification.MOD_REPLACE, - ((X509CRLImpl)crl).getListOfRevokedCertificates()); - } + if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) { + mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE, + Modification.MOD_REPLACE, + ((X509CRLImpl) crl).getListOfRevokedCertificates()); + } } if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(0)); + Modification.MOD_REPLACE, Long.valueOf(0)); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, - Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); + Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates())); } - BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber(); + BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber(); if (crlNumber == null) { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, new BigInteger("-1")); + Modification.MOD_REPLACE, new BigInteger("-1")); } else { mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, - Modification.MOD_REPLACE, crlNumber); + Modification.MOD_REPLACE, crlNumber); } try { mods.add(ICRLIssuingPointRecord.ATTR_CRL, - Modification.MOD_REPLACE, crl.getEncoded()); + Modification.MOD_REPLACE, crl.getEncoded()); } catch (Exception e) { // ignore } - CMS.debug("DefStore: ready to CRL update " + - crl.getIssuerDN().getName()); + CMS.debug("DefStore: ready to CRL update " + + crl.getIssuerDN().getName()); modifyCRLIssuingPointRecord( - crl.getIssuerDN().getName(), mods); - CMS.debug("DefStore: done CRL update " + - crl.getIssuerDN().getName()); + crl.getIssuerDN().getName(), mods); + CMS.debug("DefStore: done CRL update " + + crl.getIssuerDN().getName()); // update cache mCacheCRLIssuingPoints.clear(); - log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + - " thisUpdate=" + crl.getThisUpdate() + - " nextUpdate=" + crl.getNextUpdate()); + log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + + " thisUpdate=" + crl.getThisUpdate() + + " nextUpdate=" + crl.getNextUpdate()); } finally { mStateCount--; @@ -890,7 +896,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { } - class DeleteOldCRLsThread extends Thread { private DefStore mDefStore = null; @@ -906,7 +911,6 @@ class DeleteOldCRLsThread extends Thread { } } - class CRLIPContainer { private ICRLIssuingPointRecord mRec = null; private X509CertImpl mCert = null; |