summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java809
1 files changed, 411 insertions, 398 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index b333c7870..dbca061ae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a Certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class DoRevoke extends CMSServlet {
@@ -98,20 +96,17 @@ public class DoRevoke extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
public DoRevoke() {
super();
}
/**
- * initialize the servlet. This servlet uses the template
- * file "revocationResult.template" to render the result
+ * initialize the servlet. This servlet uses the template file
+ * "revocationResult.template" to render the result
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -122,13 +117,15 @@ public class DoRevoke extends CMSServlet {
mUL = mUG.getCertUserLocator();
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
if (((ICertificateAuthority) mAuthority).noncesEnabled()) {
mNonces = ((ICertificateAuthority) mAuthority).getNonces();
}
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
@@ -145,16 +142,20 @@ public class DoRevoke extends CMSServlet {
}
/**
- * Serves HTTP request. The http parameters used by this request are as follows:
+ * Serves HTTP request. The http parameters used by this request are as
+ * follows:
+ *
* <pre>
* serialNumber Serial number of certificate to revoke (in HEX)
* revocationReason Revocation reason (Described below)
* totalRecordCount [number]
* verifiedRecordCount [number]
* invalidityDate [number of seconds in Jan 1,1970]
- *
+ *
* </pre>
+ *
* revocationReason can be one of these values:
+ *
* <pre>
* 0 = Unspecified (default)
* 1 = Key compromised
@@ -184,8 +185,11 @@ public class DoRevoke extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
IArgBlock header = CMS.createArgBlock();
@@ -194,21 +198,18 @@ public class DoRevoke extends CMSServlet {
try {
if (req.getParameter("revocationReason") != null) {
- reason = Integer.parseInt(req.getParameter(
- "revocationReason"));
+ reason = Integer.parseInt(req.getParameter("revocationReason"));
}
if (req.getParameter("totalRecordCount") != null) {
- totalRecordCount = Integer.parseInt(req.getParameter(
- "totalRecordCount"));
+ totalRecordCount = Integer.parseInt(req
+ .getParameter("totalRecordCount"));
}
if (req.getParameter("verifiedRecordCount") != null) {
- verifiedRecordCount = Integer.parseInt(
- req.getParameter(
- "verifiedRecordCount"));
+ verifiedRecordCount = Integer.parseInt(req
+ .getParameter("verifiedRecordCount"));
}
if (req.getParameter("invalidityDate") != null) {
- long l = Long.parseLong(req.getParameter(
- "invalidityDate"));
+ long l = Long.parseLong(req.getParameter("invalidityDate"));
if (l > 0) {
invalidityDate = new Date(l);
@@ -226,10 +227,11 @@ public class DoRevoke extends CMSServlet {
certChain[0] = cert2;
IUser user = null;
try {
- user = (IUser) mUL.locateUser(new Certificates(certChain));
+ user = (IUser) mUL.locateUser(new Certificates(
+ certChain));
} catch (Exception e) {
- CMS.debug("DoRevoke: Failed to map certificate '"+
- cert2.getSubjectDN().getName()+"' to user.");
+ CMS.debug("DoRevoke: Failed to map certificate '"
+ + cert2.getSubjectDN().getName() + "' to user.");
}
if (mUG.isMemberOf(user, "Subsystem Group")) {
skipNonceVerification = true;
@@ -242,15 +244,17 @@ public class DoRevoke extends CMSServlet {
X509Certificate cert1 = mNonces.getCertificate(nonce);
if (cert1 == null) {
CMS.debug("DoRevoke: Unknown nonce");
- } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) {
+ } else if (cert1 != null && cert2 != null
+ && cert1.equals(cert2)) {
nonceVerified = true;
mNonces.removeNonce(nonce);
}
} else {
CMS.debug("DoRevoke: Missing nonce");
}
- CMS.debug("DoRevoke: nonceVerified="+nonceVerified);
- CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification);
+ CMS.debug("DoRevoke: nonceVerified=" + nonceVerified);
+ CMS.debug("DoRevoke: skipNonceVerification="
+ + skipNonceVerification);
if ((!nonceVerified) && (!skipNonceVerification)) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
@@ -261,7 +265,7 @@ public class DoRevoke extends CMSServlet {
String eeSubjectDN = null;
String eeSerialNumber = null;
- //for audit log.
+ // for audit log.
String initiative = null;
String authMgr = AuditFormat.NOAUTH;
@@ -272,46 +276,51 @@ public class DoRevoke extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "revoke");
+ mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
-
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
if (authToken != null) {
String serialNumber = req.getParameter("serialNumber");
X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
- if (serialNumber != null) {
+ if (serialNumber != null) {
eeSerialNumber = serialNumber;
}
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
String agentID = authToken.getInString("userid");
- initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
- " authenticated by " + authMgr;
+ initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
+ + " authenticated by " + authMgr;
}
} else {
// request is fromUser.
initiative = AuditFormat.FROMUSER;
-
+
String serialNumber = req.getParameter("serialNumber");
X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
- if (serialNumber == null || sslCert == null ||
- !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
+ if (serialNumber == null
+ || sslCert == null
+ || !(serialNumber.equals(sslCert.getSerialNumber()
+ .toString(16)))) {
authorized = false;
} else {
eeSubjectDN = sslCert.getSubjectDN().toString();
@@ -322,29 +331,25 @@ public class DoRevoke extends CMSServlet {
if (authorized) {
process(argSet, header, reason, invalidityDate, initiative,
- req, resp, verifiedRecordCount, revokeAll,
- totalRecordCount, eeSerialNumber, eeSubjectDN,
- comments, locale[0]);
+ req, resp, verifiedRecordCount, revokeAll,
+ totalRecordCount, eeSerialNumber, eeSubjectDN,
+ comments, locale[0]);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
/*
- catch (Exception e) {
- noError = false;
- header.addStringValue(OUT_ERROR,
- MessageFormatter.getLocalizedString(
- errorlocale[0],
- BaseResources.class.getName(),
- BaseResources.INTERNAL_ERROR_1,
- e.toString()));
- }
+ * catch (Exception e) { noError = false;
+ * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+ * errorlocale[0], BaseResources.class.getName(),
+ * BaseResources.INTERNAL_ERROR_1, e.toString())); }
*/
try {
@@ -353,11 +358,11 @@ public class DoRevoke extends CMSServlet {
if (error == null && authorized) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else if (!authorized) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
@@ -366,67 +371,63 @@ public class DoRevoke extends CMSServlet {
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
/**
* Process cert status change request
* <P>
- *
- * (Certificate Request - either an "agent" cert status change request,
- * or an "EE" cert status change request)
+ *
+ * (Certificate Request - either an "agent" cert status change request, or
+ * an "EE" cert status change request)
* <P>
- *
- * (Certificate Request Processed - either an "agent" cert status change
- * request, or an "EE" cert status change request)
+ *
+ * (Certificate Request Processed - either an "agent" cert status change
+ * request, or an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+ * when a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+ * certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
- * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+ * - CA key compromised; should not be used, 3 - Affiliation
+ * changed, 4 - Certificate superceded, 5 - Cessation of
+ * operation, or 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param verifiedRecordCount number of verified records
- * @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * @param revokeAll string containing information on all of the certificates
+ * to be revoked
* @param totalRecordCount total number of records (verified and unverified)
- * @param eeSerialNumber string containing the end-entity certificate
- * serial number
+ * @param eeSerialNumber string containing the end-entity certificate serial
+ * number
* @param eeSubjectDN string containing the end-entity certificate subject
- * distinguished name (DN)
+ * distinguished name (DN)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String eeSerialNumber,
- String eeSubjectDN,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate, String initiative,
+ HttpServletRequest req, HttpServletResponse resp,
+ int verifiedRecordCount, String revokeAll, int totalRecordCount,
+ String eeSerialNumber, String eeSubjectDN, String comments,
+ Locale locale) throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -436,7 +437,8 @@ public class DoRevoke extends CMSServlet {
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(reason);
- CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
+ CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber
+ + " auditSerialNumber: " + auditSerialNumber);
long startTime = CMS.getCurrentDate().getTime();
try {
@@ -479,47 +481,54 @@ public class DoRevoke extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
// we do not want to revoke the CA certificate accidentially
- if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
- CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber());
+ if (xcert != null
+ && isSystemCertificate(xcert.getSerialNumber())) {
+ CMS.debug("DoRevoke: skipped revocation request for system certificate "
+ + xcert.getSerialNumber());
continue;
}
-
- if (xcert != null) {
- rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
- if (eeSerialNumber != null &&
- (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
- rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
+ if (xcert != null) {
+ rarg.addStringValue("serialNumber", xcert
+ .getSerialNumber().toString(16));
+
+ if (eeSerialNumber != null
+ && (eeSerialNumber.equals(xcert
+ .getSerialNumber().toString()))
+ && rec.getStatus().equals(
+ ICertRecord.STATUS_REVOKED)) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_CERTIFICATE_ALREADY_REVOKED_1", xcert
+ .getSerialNumber().toString(16)));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
- } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
- rarg.addStringValue("error", "Certificate 0x" +
- xcert.getSerialNumber().toString(16) +
- " is already revoked.");
- } else if (eeSubjectDN != null &&
- (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
- rarg.addStringValue("error", "Certificate 0x" +
- xcert.getSerialNumber().toString(16) +
- " belongs to different subject.");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
+ } else if (rec.getStatus().equals(
+ ICertRecord.STATUS_REVOKED)) {
+ rarg.addStringValue("error", "Certificate 0x"
+ + xcert.getSerialNumber().toString(16)
+ + " is already revoked.");
+ } else if (eeSubjectDN != null
+ && (!eeSubjectDN.equals(xcert.getSubjectDN()
+ .toString()))) {
+ rarg.addStringValue("error", "Certificate 0x"
+ + xcert.getSerialNumber().toString(16)
+ + " belongs to different subject.");
} else {
oldCertsV.addElement(xcert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(xcert.getSerialNumber(),
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ xcert.getSerialNumber(),
CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
@@ -535,57 +544,67 @@ public class DoRevoke extends CMSServlet {
Vector serialNumbers = new Vector();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length()
+ && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
- while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
+ while (i < revokeAll.length()
+ && revokeAll.charAt(i) == ' ') {
i++;
}
// xxxx decimal serial number?
String legalDigits = "0123456789";
int j = i;
- while (j < revokeAll.length() && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+ while (j < revokeAll.length()
+ && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
j++;
}
if (j > i) {
- serialNumbers.addElement(revokeAll.substring(i, j));
+ serialNumbers.addElement(revokeAll.substring(i,
+ j));
}
}
}
}
- if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) {
- IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
- X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ if (reqIdStr != null && reqIdStr.length() > 0
+ && serialNumbers.size() > 0) {
+ IRequest certReq = mRequestQueue.findRequest(new RequestId(
+ reqIdStr));
+ X509CertImpl[] certs = certReq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
boolean authorized = false;
for (int i = 0; i < certs.length; i++) {
boolean addToList = false;
- for (int j = 0; j < serialNumbers.size();
- j++) {
- //xxxxx serial number in decimal?
- if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) &&
- eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
+ for (int j = 0; j < serialNumbers.size(); j++) {
+ // xxxxx serial number in decimal?
+ if (certs[i]
+ .getSerialNumber()
+ .toString()
+ .equals((String) serialNumbers.elementAt(j))
+ && eeSubjectDN != null
+ && eeSubjectDN.equals(certs[i]
+ .getSubjectDN().toString())) {
addToList = true;
break;
}
}
- if (eeSerialNumber != null &&
- eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
+ if (eeSerialNumber != null
+ && eeSerialNumber.equals(certs[i]
+ .getSerialNumber().toString())) {
authorized = true;
}
if (addToList) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- certs[i].getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumber", certs[i]
+ .getSerialNumber().toString(16));
oldCertsV.addElement(certs[i]);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ certs[i].getSerialNumber(),
CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
@@ -596,38 +615,38 @@ public class DoRevoke extends CMSServlet {
}
if (!authorized) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
+ CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
}
} else {
String b64eCert = req.getParameter("b64eCertificate");
if (b64eCert != null) {
- // BASE64Decoder decoder = new BASE64Decoder();
- // byte[] certBytes = decoder.decodeBuffer(b64eCert);
+ // BASE64Decoder decoder = new BASE64Decoder();
+ // byte[] certBytes = decoder.decodeBuffer(b64eCert);
byte[] certBytes = CMS.AtoB(b64eCert);
X509CertImpl cert = new X509CertImpl(certBytes);
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- cert.getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumber", cert
+ .getSerialNumber().toString(16));
oldCertsV.addElement(cert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ cert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -636,27 +655,26 @@ public class DoRevoke extends CMSServlet {
}
}
}
- if (count == 0) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
+ if (count == 0) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND"));
}
header.addIntegerValue("totalRecordCount", count);
X509CertImpl[] oldCerts = new X509CertImpl[count];
- //Certificate[] oldCerts = new Certificate[count];
+ // Certificate[] oldCerts = new Certificate[count];
RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count];
for (int i = 0; i < count; i++) {
@@ -664,32 +682,29 @@ public class DoRevoke extends CMSServlet {
revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i);
}
- IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
- if(initiative.equals(AuditFormat.FROMUSER))
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
+ if (initiative.equals(AuditFormat.FROMUSER))
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_EE);
else
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_AGENT);
revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
if (comments != null) {
revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
}
- revReq.setExtData(IRequest.REVOKED_REASON,
- Integer.valueOf(reason));
+ revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason));
// change audit processing from "REQUEST" to "REQUEST_PROCESSED"
// to distinguish which type of signed audit log message to save
@@ -707,38 +722,44 @@ public class DoRevoke extends CMSServlet {
// The SVC_PENDING check has been added for the Cloned CA request
// that is meant for the Master CA. From Clone's point of view
// the request is complete
- if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
- // audit log the error
+ if ((stat == RequestStatus.COMPLETE)
+ || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
+ // audit log the error
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = revReq
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //cmsReq.setErrorDescription(err);
+ // cmsReq.setErrorDescription(err);
for (int j = 0; j < count; j++) {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: "
+ + err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber()
+ .toString(
+ 16),
+ RevocationReason
+ .fromInt(
+ reason)
+ .toString() });
}
}
}
@@ -749,26 +770,24 @@ public class DoRevoke extends CMSServlet {
// store a message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus
+ .equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
- return;
+ return;
}
long endTime = CMS.getCurrentDate().getTime();
@@ -779,25 +798,29 @@ public class DoRevoke extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason)
+ .toString()
+ + " time: "
+ + (endTime - startTime) });
}
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -805,92 +828,99 @@ public class DoRevoke extends CMSServlet {
header.addStringValue("updateCRLSuccess", "yes");
} else {
header.addStringValue("updateCRLSuccess", "no");
- String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ String crlError = revReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR);
- if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ if (crlError != null)
+ header.addStringValue("updateCRLError", crlError);
}
// let known crl publishing status too.
- Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue("publishCRLSuccess", "yes");
} else {
header.addStringValue("publishCRLSuccess", "no");
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
- if (publError != null)
- header.addStringValue("publishCRLError",
- publError);
+ if (publError != null)
+ header.addStringValue("publishCRLError",
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
- // let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ // let known update and publish status of all crls.
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = revReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr));
+ CMS.debug("DoRevoke: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "yes");
} else {
- String updateErrorStr = crl.getCrlUpdateErrorStr();
+ String updateErrorStr = crl
+ .getCrlUpdateErrorStr();
- CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
- updateStatusStr));
+ CMS.debug("DoRevoke: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER_NO",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "no");
- String error =
- revReq.getExtDataInString(updateErrorStr);
+ String error = revReq
+ .getExtDataInString(updateErrorStr);
- if (error != null)
- header.addStringValue(updateErrorStr,
- error);
+ if (error != null)
+ header.addStringValue(updateErrorStr, error);
}
- String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ String publishStatusStr = crl
+ .getCrlPublishStatusStr();
+ Integer publishResult = revReq
+ .getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
- String error =
- revReq.getExtDataInString(publishErrorStr);
+ String error = revReq
+ .getExtDataInString(publishErrorStr);
- if (error != null)
- header.addStringValue(
- publishErrorStr, error);
+ if (error != null)
+ header.addStringValue(publishErrorStr,
+ error);
}
}
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = revReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -905,13 +935,12 @@ public class DoRevoke extends CMSServlet {
header.addIntegerValue("certsUpdated", certsUpdated);
header.addIntegerValue("certsToUpdate", certsToUpdate);
- // add crl publishing status.
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ // add crl publishing status.
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- header.addStringValue("crlPublishError",
- publError);
+ header.addStringValue("crlPublishError", publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -919,12 +948,14 @@ public class DoRevoke extends CMSServlet {
header.addStringValue("error", null);
} else {
- if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
+ if (stat == RequestStatus.PENDING
+ || stat == RequestStatus.REJECTED) {
header.addStringValue("revoked", stat.toString());
} else {
header.addStringValue("revoked", "no");
}
- Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
+ Vector errors = revReq
+ .getExtDataInStringVector(IRequest.ERRORS);
if (errors != null) {
StringBuffer errInfo = new StringBuffer();
for (int i = 0; i < errors.size(); i++) {
@@ -945,17 +976,19 @@ public class DoRevoke extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
}
@@ -965,18 +998,17 @@ public class DoRevoke extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -986,12 +1018,9 @@ public class DoRevoke extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -999,21 +1028,18 @@ public class DoRevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -1027,12 +1053,9 @@ public class DoRevoke extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -1040,21 +1063,18 @@ public class DoRevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -1062,19 +1082,17 @@ public class DoRevoke extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1",
+ e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -1082,27 +1100,25 @@ public class DoRevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
}
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
}
return;
@@ -1110,11 +1126,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1140,11 +1156,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -1163,30 +1179,28 @@ public class DoRevoke extends CMSServlet {
// find out if the value is hex or decimal
int value = -1;
-
- //try int
- try {
- value = Integer.parseInt(serialNumber,10);
+
+ // try int
+ try {
+ value = Integer.parseInt(serialNumber, 10);
} catch (NumberFormatException e) {
}
-
- //try hex
- if( value == -1) {
+
+ // try hex
+ if (value == -1) {
try {
- value = Integer.parseInt(serialNumber,16);
+ value = Integer.parseInt(serialNumber, 16);
} catch (NumberFormatException e) {
}
}
// give up if it isn't hex or dec
- if ( value == -1) {
+ if (value == -1) {
throw new NumberFormatException();
}
// convert it to hexadecimal
- serialNumber = "0x"
- + Integer.toHexString(
- value);
+ serialNumber = "0x" + Integer.toHexString(value);
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1196,11 +1210,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Request Type
- *
- * This method is called to obtain the "Request Type" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "Request Type" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -1222,4 +1236,3 @@ public class DoRevoke extends CMSServlet {
return requestType;
}
}
-
generated by cgit (git 2.34.1) at 2024-07-02 20:13:06 +0000