diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java | 809 |
1 files changed, 398 insertions, 411 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index dbca061ae..b333c7870 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -70,9 +71,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevoke extends CMSServlet { @@ -96,17 +98,20 @@ public class DoRevoke extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevoke() { super(); } /** - * initialize the servlet. This servlet uses the template file - * "revocationResult.template" to render the result - * + * initialize the servlet. This servlet uses the template + * file "revocationResult.template" to render the result * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -117,15 +122,13 @@ public class DoRevoke extends CMSServlet { mUL = mUG.getCertUserLocator(); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (((ICertificateAuthority) mAuthority).noncesEnabled()) { mNonces = ((ICertificateAuthority) mAuthority).getNonces(); } } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -142,20 +145,16 @@ public class DoRevoke extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as - * follows: - * + * Serves HTTP request. The http parameters used by this request are as follows: * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> - * * revocationReason can be one of these values: - * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -185,11 +184,8 @@ public class DoRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } IArgBlock header = CMS.createArgBlock(); @@ -198,18 +194,21 @@ public class DoRevoke extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter("revocationReason")); + reason = Integer.parseInt(req.getParameter( + "revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req - .getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req.getParameter( + "totalRecordCount")); } if (req.getParameter("verifiedRecordCount") != null) { - verifiedRecordCount = Integer.parseInt(req - .getParameter("verifiedRecordCount")); + verifiedRecordCount = Integer.parseInt( + req.getParameter( + "verifiedRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter("invalidityDate")); + long l = Long.parseLong(req.getParameter( + "invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -227,11 +226,10 @@ public class DoRevoke extends CMSServlet { certChain[0] = cert2; IUser user = null; try { - user = (IUser) mUL.locateUser(new Certificates( - certChain)); + user = (IUser) mUL.locateUser(new Certificates(certChain)); } catch (Exception e) { - CMS.debug("DoRevoke: Failed to map certificate '" - + cert2.getSubjectDN().getName() + "' to user."); + CMS.debug("DoRevoke: Failed to map certificate '"+ + cert2.getSubjectDN().getName()+"' to user."); } if (mUG.isMemberOf(user, "Subsystem Group")) { skipNonceVerification = true; @@ -244,17 +242,15 @@ public class DoRevoke extends CMSServlet { X509Certificate cert1 = mNonces.getCertificate(nonce); if (cert1 == null) { CMS.debug("DoRevoke: Unknown nonce"); - } else if (cert1 != null && cert2 != null - && cert1.equals(cert2)) { + } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("DoRevoke: Missing nonce"); } - CMS.debug("DoRevoke: nonceVerified=" + nonceVerified); - CMS.debug("DoRevoke: skipNonceVerification=" - + skipNonceVerification); + CMS.debug("DoRevoke: nonceVerified="+nonceVerified); + CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification); if ((!nonceVerified) && (!skipNonceVerification)) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; @@ -265,7 +261,7 @@ public class DoRevoke extends CMSServlet { String eeSubjectDN = null; String eeSerialNumber = null; - // for audit log. + //for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -276,51 +272,46 @@ public class DoRevoke extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber != null) { + if (serialNumber != null) { eeSerialNumber = serialNumber; } - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { // request is fromUser. initiative = AuditFormat.FROMUSER; - + String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber == null - || sslCert == null - || !(serialNumber.equals(sslCert.getSerialNumber() - .toString(16)))) { + if (serialNumber == null || sslCert == null || + !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { authorized = false; } else { eeSubjectDN = sslCert.getSubjectDN().toString(); @@ -331,25 +322,29 @@ public class DoRevoke extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, eeSerialNumber, eeSubjectDN, - comments, locale[0]); + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, eeSerialNumber, eeSubjectDN, + comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException( - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } /* - * catch (Exception e) { noError = false; - * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( - * errorlocale[0], BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + catch (Exception e) { + noError = false; + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + errorlocale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ try { @@ -358,11 +353,11 @@ public class DoRevoke extends CMSServlet { if (error == null && authorized) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else if (!authorized) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); @@ -371,63 +366,67 @@ public class DoRevoke extends CMSServlet { cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, or - * an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, + * or an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (revoked, expired, on-hold, off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (revoked, expired, on-hold, + * off-hold) * </ul> - * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 - * - CA key compromised; should not be used, 3 - Affiliation - * changed, 4 - Certificate superceded, 5 - Cessation of - * operation, or 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the certificates - * to be revoked + * @param revokeAll string containing information on all of the + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) - * @param eeSerialNumber string containing the end-entity certificate serial - * number + * @param eeSerialNumber string containing the end-entity certificate + * serial number * @param eeSubjectDN string containing the end-entity certificate subject - * distinguished name (DN) + * distinguished name (DN) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, String initiative, - HttpServletRequest req, HttpServletResponse resp, - int verifiedRecordCount, String revokeAll, int totalRecordCount, - String eeSerialNumber, String eeSubjectDN, String comments, - Locale locale) throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String eeSerialNumber, + String eeSubjectDN, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -437,8 +436,7 @@ public class DoRevoke extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber - + " auditSerialNumber: " + auditSerialNumber); + CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); long startTime = CMS.getCurrentDate().getTime(); try { @@ -481,54 +479,47 @@ public class DoRevoke extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); // we do not want to revoke the CA certificate accidentially - if (xcert != null - && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevoke: skipped revocation request for system certificate " - + xcert.getSerialNumber()); + if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); continue; } - + if (xcert != null) { - rarg.addStringValue("serialNumber", xcert - .getSerialNumber().toString(16)); - - if (eeSerialNumber != null - && (eeSerialNumber.equals(xcert - .getSerialNumber().toString())) - && rec.getStatus().equals( - ICertRecord.STATUS_REVOKED)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CA_CERTIFICATE_ALREADY_REVOKED_1", xcert - .getSerialNumber().toString(16))); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); + + if (eeSerialNumber != null && + (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && + rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, auditRequestType); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNAUTHORIZED")); - } else if (rec.getStatus().equals( - ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " is already revoked."); - } else if (eeSubjectDN != null - && (!eeSubjectDN.equals(xcert.getSubjectDN() - .toString()))) { - rarg.addStringValue("error", "Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " belongs to different subject."); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); + } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + rarg.addStringValue("error", "Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " is already revoked."); + } else if (eeSubjectDN != null && + (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { + rarg.addStringValue("error", "Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " belongs to different subject."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - xcert.getSerialNumber(), + RevokedCertImpl revCertImpl = + new RevokedCertImpl(xcert.getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -544,67 +535,57 @@ public class DoRevoke extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() - && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); + i < revokeAll.length() && i > -1; + i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() - && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { i++; } // xxxx decimal serial number? String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() - && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, - j)); + serialNumbers.addElement(revokeAll.substring(i, j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 - && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId( - reqIdStr)); - X509CertImpl[] certs = certReq - .getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); + X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); boolean authorized = false; for (int i = 0; i < certs.length; i++) { boolean addToList = false; - for (int j = 0; j < serialNumbers.size(); j++) { - // xxxxx serial number in decimal? - if (certs[i] - .getSerialNumber() - .toString() - .equals((String) serialNumbers.elementAt(j)) - && eeSubjectDN != null - && eeSubjectDN.equals(certs[i] - .getSubjectDN().toString())) { + for (int j = 0; j < serialNumbers.size(); + j++) { + //xxxxx serial number in decimal? + if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) && + eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { addToList = true; break; } } - if (eeSerialNumber != null - && eeSerialNumber.equals(certs[i] - .getSerialNumber().toString())) { + if (eeSerialNumber != null && + eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { authorized = true; } if (addToList) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", certs[i] - .getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", + certs[i].getSerialNumber().toString(16)); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = + new RevokedCertImpl(certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -615,38 +596,38 @@ public class DoRevoke extends CMSServlet { } if (!authorized) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); + CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNAUTHORIZED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); } } else { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - // BASE64Decoder decoder = new BASE64Decoder(); - // byte[] certBytes = decoder.decodeBuffer(b64eCert); + // BASE64Decoder decoder = new BASE64Decoder(); + // byte[] certBytes = decoder.decodeBuffer(b64eCert); byte[] certBytes = CMS.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", cert - .getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", + cert.getSerialNumber().toString(16)); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - cert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -655,26 +636,27 @@ public class DoRevoke extends CMSServlet { } } } - if (count == 0) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + if (count == 0) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND")); } header.addIntegerValue("totalRecordCount", count); X509CertImpl[] oldCerts = new X509CertImpl[count]; - // Certificate[] oldCerts = new Certificate[count]; + //Certificate[] oldCerts = new Certificate[count]; RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count]; for (int i = 0; i < count; i++) { @@ -682,29 +664,32 @@ public class DoRevoke extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if (initiative.equals(AuditFormat.FROMUSER)) - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_EE); + if(initiative.equals(AuditFormat.FROMUSER)) + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); else - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, + Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -722,44 +707,38 @@ public class DoRevoke extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) - || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = revReq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // cmsReq.setErrorDescription(err); + //cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " - + err, - cert.getSubjectDN(), - cert.getSerialNumber() - .toString( - 16), - RevocationReason - .fromInt( - reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -770,24 +749,26 @@ public class DoRevoke extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus - .equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -798,29 +779,25 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() - + " time: " - + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -828,99 +805,92 @@ public class DoRevoke extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = revReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoRevoke: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl - .getCrlUpdateErrorStr(); + String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = revReq - .getExtDataInString(updateErrorStr); + String error = + revReq.getExtDataInString(updateErrorStr); - if (error != null) - header.addStringValue(updateErrorStr, error); + if (error != null) + header.addStringValue(updateErrorStr, + error); } - String publishStatusStr = crl - .getCrlPublishStatusStr(); - Integer publishResult = revReq - .getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl.getCrlPublishStatusStr(); + Integer publishResult = + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = revReq - .getExtDataInString(publishErrorStr); + String error = + revReq.getExtDataInString(publishErrorStr); - if (error != null) - header.addStringValue(publishErrorStr, - error); + if (error != null) + header.addStringValue( + publishErrorStr, error); } } } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = revReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -935,12 +905,13 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("certsUpdated", certsUpdated); header.addIntegerValue("certsToUpdate", certsToUpdate); - // add crl publishing status. - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", publError); + header.addStringValue("crlPublishError", + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -948,14 +919,12 @@ public class DoRevoke extends CMSServlet { header.addStringValue("error", null); } else { - if (stat == RequestStatus.PENDING - || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { header.addStringValue("revoked", stat.toString()); } else { header.addStringValue("revoked", "no"); } - Vector errors = revReq - .getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); for (int i = 0; i < errors.size(); i++) { @@ -976,19 +945,17 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -998,17 +965,18 @@ public class DoRevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) + ) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1018,9 +986,12 @@ public class DoRevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1028,18 +999,21 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1053,9 +1027,12 @@ public class DoRevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1063,18 +1040,21 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1082,17 +1062,19 @@ public class DoRevoke extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1100,25 +1082,27 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -1126,11 +1110,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1156,11 +1140,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1179,28 +1163,30 @@ public class DoRevoke extends CMSServlet { // find out if the value is hex or decimal int value = -1; - - // try int - try { - value = Integer.parseInt(serialNumber, 10); + + //try int + try { + value = Integer.parseInt(serialNumber,10); } catch (NumberFormatException e) { } - - // try hex - if (value == -1) { + + //try hex + if( value == -1) { try { - value = Integer.parseInt(serialNumber, 16); + value = Integer.parseInt(serialNumber,16); } catch (NumberFormatException e) { } } // give up if it isn't hex or dec - if (value == -1) { + if ( value == -1) { throw new NumberFormatException(); } // convert it to hexadecimal - serialNumber = "0x" + Integer.toHexString(value); + serialNumber = "0x" + + Integer.toHexString( + value); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1210,11 +1196,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for a signed audit log - * message. + * + * This method is called to obtain the "Request Type" for + * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1236,3 +1222,4 @@ public class DoRevoke extends CMSServlet { return requestType; } } + |