diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java | 592 |
1 files changed, 289 insertions, 303 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index d29f795b8..ce074a051 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -62,9 +63,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -87,17 +89,20 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); } /** - * initialize the servlet. This servlet uses the template file - * "revocationResult.template" to render the result - * + * initialize the servlet. This servlet uses the template + * file "revocationResult.template" to render the result * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,12 +110,10 @@ public class DoRevokeTPS extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -128,20 +131,16 @@ public class DoRevokeTPS extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as - * follows: - * + * Serves HTTP request. The http parameters used by this request are as follows: * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> - * * revocationReason can be one of these values: - * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -172,15 +171,11 @@ public class DoRevokeTPS extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); - throw new EBaseException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.debug("DoRevokeTPS getTemplate failed"); + throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } CMS.debug("DoRevokeTPS after getTemplate"); @@ -190,14 +185,16 @@ public class DoRevokeTPS extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter("revocationReason")); + reason = Integer.parseInt(req.getParameter( + "revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req - .getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req.getParameter( + "totalRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter("invalidityDate")); + long l = Long.parseLong(req.getParameter( + "invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -206,7 +203,7 @@ public class DoRevokeTPS extends CMSServlet { revokeAll = req.getParameter("revokeAll"); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); - // for audit log. + //for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -215,31 +212,27 @@ public class DoRevokeTPS extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { CMS.debug("DoRevokeTPS: Missing authentication manager"); @@ -248,15 +241,13 @@ public class DoRevokeTPS extends CMSServlet { } if (authorized) { - process(argSet, header, reason, invalidityDate, initiative, - req, resp, revokeAll, totalRecordCount, comments, - locale[0]); + process(argSet, header, reason, invalidityDate, initiative, req, + resp, revokeAll, totalRecordCount, comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException( - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -269,10 +260,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error=" + error.toString(); + errorString = "error="+error.toString(); } - String pp = o_status + "\n" + errorString; + String pp = o_status+"\n"+errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -280,57 +271,59 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, or - * an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, + * or an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (revoked, expired, on-hold, off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (revoked, expired, on-hold, + * off-hold) * </ul> - * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 - * - CA key compromised; should not be used, 3 - Affiliation - * changed, 4 - Certificate superceded, 5 - Cessation of - * operation, or 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response - * @param revokeAll string containing information on all of the certificates - * to be revoked + * @param revokeAll string containing information on all of the + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, String initiative, - HttpServletRequest req, HttpServletResponse resp, String revokeAll, - int totalRecordCount, String comments, Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -340,20 +333,21 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); + if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); if (tokens.length == 2) { serial = tokens[1]; - // remove the trailing paren + //remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0, serial.length() - 1); + serial = serial.substring(0,serial.length() -1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -399,36 +393,30 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially - if (xcert != null - && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " - + xcert.getSerialNumber()); + if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); badCertsRequested = true; continue; } if (xcert != null) { - rarg.addStringValue("serialNumber", xcert.getSerialNumber() - .toString(16)); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " has been revoked."); + CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - xcert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " is going to be revoked."); + CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); count++; } } else { @@ -436,37 +424,40 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. - if (alreadyRevokedCertFound == true - && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); - - audit(auditMessage); - return; + if (alreadyRevokedCertFound == true && badCertsRequested == false) { + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); + + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } X509CertImpl[] oldCerts = new X509CertImpl[count]; @@ -477,30 +468,33 @@ public class DoRevokeTPS extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if (initiative.equals(AuditFormat.FROMUSER)) { - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_EE); + if(initiative.equals(AuditFormat.FROMUSER)) { + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); } else { - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); } revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, + Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -518,44 +512,38 @@ public class DoRevokeTPS extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) - || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = revReq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // cmsReq.setErrorDescription(err); + //cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " - + err, - cert.getSubjectDN(), - cert.getSerialNumber() - .toString( - 16), - RevocationReason - .fromInt( - reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -566,24 +554,26 @@ public class DoRevokeTPS extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus - .equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -594,103 +584,93 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() - + " time: " - + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { o_status = "status=3"; - if (revReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { + if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { errorString = "error=Update CRL Error."; // 3 means miscellaneous } } // let known crl publishing status too. - Integer publishCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error=" + publError; + errorString = "error="+publError; } } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (!updateResult.equals(IRequest.RES_SUCCESS)) { - String updateErrorStr = crl - .getCrlUpdateErrorStr(); + String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); - String error = revReq - .getExtDataInString(updateErrorStr); + CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); + String error = + revReq.getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error=" + error; + if (error != null) { + errorString = "error="+error; } } - String publishStatusStr = crl - .getCrlPublishStatusStr(); - Integer publishResult = revReq - .getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl.getCrlPublishStatusStr(); + Integer publishResult = + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); - String error = revReq - .getExtDataInString(publishErrorStr); + String error = + revReq.getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -701,11 +681,10 @@ public class DoRevokeTPS extends CMSServlet { } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = revReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -718,30 +697,27 @@ public class DoRevokeTPS extends CMSServlet { } } - // add crl publishing status. - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error=" + publError; + errorString = "error="+publError; o_status = "status=3"; } - } else if (mPublisherProcessor == null - && mPublisherProcessor.ldapEnabled()) { + } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { errorString = "error=LDAP publishing not enabled."; o_status = "status=3"; } } else { - if (stat == RequestStatus.PENDING - || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error=" + stat.toString(); + errorString = "error="+stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; } - Vector errors = revReq - .getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); @@ -766,19 +742,17 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -788,17 +762,18 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) + ) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -809,9 +784,12 @@ public class DoRevokeTPS extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -819,18 +797,21 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -838,17 +819,19 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -856,25 +839,27 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -882,11 +867,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -912,11 +897,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -934,8 +919,8 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString(Integer.valueOf(serialNumber) - .intValue()); + + Integer.toHexString( + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -945,11 +930,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for a signed audit log - * message. + * + * This method is called to obtain the "Request Type" for + * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -971,3 +956,4 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } + |