summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java592
1 files changed, 289 insertions, 303 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index d29f795b8..ce074a051 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
+
import java.io.IOException;
import java.io.OutputStream;
import java.util.Date;
@@ -62,9 +63,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
* Revoke a Certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class DoRevokeTPS extends CMSServlet {
@@ -87,17 +89,20 @@ public class DoRevokeTPS extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+ "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
public DoRevokeTPS() {
super();
}
/**
- * initialize the servlet. This servlet uses the template file
- * "revocationResult.template" to render the result
- *
+ * initialize the servlet. This servlet uses the template
+ * file "revocationResult.template" to render the result
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -105,12 +110,10 @@ public class DoRevokeTPS extends CMSServlet {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority)
- .getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority)
- .getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
@@ -128,20 +131,16 @@ public class DoRevokeTPS extends CMSServlet {
}
/**
- * Serves HTTP request. The http parameters used by this request are as
- * follows:
- *
+ * Serves HTTP request. The http parameters used by this request are as follows:
* <pre>
* serialNumber Serial number of certificate to revoke (in HEX)
* revocationReason Revocation reason (Described below)
* totalRecordCount [number]
* verifiedRecordCount [number]
* invalidityDate [number of seconds in Jan 1,1970]
- *
+ *
* </pre>
- *
* revocationReason can be one of these values:
- *
* <pre>
* 0 = Unspecified (default)
* 1 = Key compromised
@@ -172,15 +171,11 @@ public class DoRevokeTPS extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
- e.toString()));
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
} catch (Exception e) {
- CMS.debug("DoRevokeTPS getTemplate failed");
- throw new EBaseException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ CMS.debug("DoRevokeTPS getTemplate failed");
+ throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
CMS.debug("DoRevokeTPS after getTemplate");
@@ -190,14 +185,16 @@ public class DoRevokeTPS extends CMSServlet {
try {
if (req.getParameter("revocationReason") != null) {
- reason = Integer.parseInt(req.getParameter("revocationReason"));
+ reason = Integer.parseInt(req.getParameter(
+ "revocationReason"));
}
if (req.getParameter("totalRecordCount") != null) {
- totalRecordCount = Integer.parseInt(req
- .getParameter("totalRecordCount"));
+ totalRecordCount = Integer.parseInt(req.getParameter(
+ "totalRecordCount"));
}
if (req.getParameter("invalidityDate") != null) {
- long l = Long.parseLong(req.getParameter("invalidityDate"));
+ long l = Long.parseLong(req.getParameter(
+ "invalidityDate"));
if (l > 0) {
invalidityDate = new Date(l);
@@ -206,7 +203,7 @@ public class DoRevokeTPS extends CMSServlet {
revokeAll = req.getParameter("revokeAll");
String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
- // for audit log.
+ //for audit log.
String initiative = null;
String authMgr = AuditFormat.NOAUTH;
@@ -215,31 +212,27 @@ public class DoRevokeTPS extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "revoke");
+ mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
- if (mAuthMgr != null
- && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+
+ if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
if (authToken != null) {
- authMgr = authToken
- .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
String agentID = authToken.getInString("userid");
- initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
- + " authenticated by " + authMgr;
+ initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
+ " authenticated by " + authMgr;
}
} else {
CMS.debug("DoRevokeTPS: Missing authentication manager");
@@ -248,15 +241,13 @@ public class DoRevokeTPS extends CMSServlet {
}
if (authorized) {
- process(argSet, header, reason, invalidityDate, initiative,
- req, resp, revokeAll, totalRecordCount, comments,
- locale[0]);
+ process(argSet, header, reason, invalidityDate, initiative, req,
+ resp, revokeAll, totalRecordCount, comments, locale[0]);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -269,10 +260,10 @@ public class DoRevokeTPS extends CMSServlet {
errorString = "error=unauthorized";
} else if (error != null) {
o_status = "status=3";
- errorString = "error=" + error.toString();
+ errorString = "error="+error.toString();
}
- String pp = o_status + "\n" + errorString;
+ String pp = o_status+"\n"+errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -280,57 +271,59 @@ public class DoRevokeTPS extends CMSServlet {
os.write(b);
os.flush();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
- e.toString()));
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
/**
* Process cert status change request
* <P>
- *
- * (Certificate Request - either an "agent" cert status change request, or
- * an "EE" cert status change request)
+ *
+ * (Certificate Request - either an "agent" cert status change request,
+ * or an "EE" cert status change request)
* <P>
- *
- * (Certificate Request Processed - either an "agent" cert status change
- * request, or an "EE" cert status change request)
+ *
+ * (Certificate Request Processed - either an "agent" cert status change
+ * request, or an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
- * when a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
+ * a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit
- * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
- * certificate status is changed (revoked, expired, on-hold, off-hold)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
+ * used when a certificate status is changed (revoked, expired, on-hold,
+ * off-hold)
* </ul>
- *
* @param argSet CMS template parameters
* @param header argument block
- * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
- * - CA key compromised; should not be used, 3 - Affiliation
- * changed, 4 - Certificate superceded, 5 - Cessation of
- * operation, or 6 - Certificate is on hold)
+ * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
+ * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
+ * 4 - Certificate superceded, 5 - Cessation of operation, or
+ * 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
- * @param revokeAll string containing information on all of the certificates
- * to be revoked
+ * @param revokeAll string containing information on all of the
+ * certificates to be revoked
* @param totalRecordCount total number of records (verified and unverified)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate, String initiative,
- HttpServletRequest req, HttpServletResponse resp, String revokeAll,
- int totalRecordCount, String comments, Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate,
+ String initiative,
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ String revokeAll,
+ int totalRecordCount,
+ String comments,
+ Locale locale)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -340,20 +333,21 @@ public class DoRevokeTPS extends CMSServlet {
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(reason);
+
if (revokeAll != null) {
- CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
+ CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
- String serial = "";
+ String serial = "";
String[] tokens;
tokens = revokeAll.split("=");
if (tokens.length == 2) {
serial = tokens[1];
- // remove the trailing paren
+ //remove the trailing paren
if (serial.endsWith(")")) {
- serial = serial.substring(0, serial.length() - 1);
+ serial = serial.substring(0,serial.length() -1);
}
- auditSerialNumber = serial;
+ auditSerialNumber = serial;
}
}
@@ -399,36 +393,30 @@ public class DoRevokeTPS extends CMSServlet {
}
X509CertImpl xcert = rec.getCertificate();
IArgBlock rarg = CMS.createArgBlock();
-
+
// we do not want to revoke the CA certificate accidentially
- if (xcert != null
- && isSystemCertificate(xcert.getSerialNumber())) {
- CMS.debug("DoRevokeTPS: skipped revocation request for system certificate "
- + xcert.getSerialNumber());
+ if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
+ CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber());
badCertsRequested = true;
continue;
}
if (xcert != null) {
- rarg.addStringValue("serialNumber", xcert.getSerialNumber()
- .toString(16));
+ rarg.addStringValue("serialNumber",
+ xcert.getSerialNumber().toString(16));
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
alreadyRevokedCertFound = true;
- CMS.debug("Certificate 0x"
- + xcert.getSerialNumber().toString(16)
- + " has been revoked.");
+ CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked.");
} else {
oldCertsV.addElement(xcert);
- RevokedCertImpl revCertImpl = new RevokedCertImpl(
- xcert.getSerialNumber(), CMS.getCurrentDate(),
- entryExtn);
+ RevokedCertImpl revCertImpl =
+ new RevokedCertImpl(xcert.getSerialNumber(),
+ CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
- CMS.debug("Certificate 0x"
- + xcert.getSerialNumber().toString(16)
- + " is going to be revoked.");
+ CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked.");
count++;
}
} else {
@@ -436,37 +424,40 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- if (count == 0) {
+ if (count == 0) {
// Situation where no certs were reoked here, but some certs
// requested happened to be already revoked. Don't return error.
- if (alreadyRevokedCertFound == true
- && badCertsRequested == false) {
- CMS.debug("Only have previously revoked certs in the list.");
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID, ILogger.SUCCESS, auditRequesterID,
- auditSerialNumber, auditRequestType);
-
- audit(auditMessage);
- return;
+ if (alreadyRevokedCertFound == true && badCertsRequested == false) {
+ CMS.debug("Only have previously revoked certs in the list.");
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
+
+ audit(auditMessage);
+ return;
}
-
+
errorString = "error=No certificates are revoked.";
o_status = "status=2";
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
- auditSerialNumber, auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
}
X509CertImpl[] oldCerts = new X509CertImpl[count];
@@ -477,30 +468,33 @@ public class DoRevokeTPS extends CMSServlet {
revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i);
}
- IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequest revReq =
+ mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID, ILogger.SUCCESS, auditRequesterID,
- auditSerialNumber, auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
- if (initiative.equals(AuditFormat.FROMUSER)) {
- revReq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_EE);
+ if(initiative.equals(AuditFormat.FROMUSER)) {
+ revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
} else {
- revReq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_AGENT);
+ revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
}
revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
if (comments != null) {
revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
}
- revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason));
+ revReq.setExtData(IRequest.REVOKED_REASON,
+ Integer.valueOf(reason));
// change audit processing from "REQUEST" to "REQUEST_PROCESSED"
// to distinguish which type of signed audit log message to save
@@ -518,44 +512,38 @@ public class DoRevokeTPS extends CMSServlet {
// The SVC_PENDING check has been added for the Cloned CA request
// that is meant for the Master CA. From Clone's point of view
// the request is complete
- if ((stat == RequestStatus.COMPLETE)
- || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
- // audit log the error
+ if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
+ // audit log the error
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors = revReq
- .getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors =
+ revReq.getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- // cmsReq.setErrorDescription(err);
+ //cmsReq.setErrorDescription(err);
for (int j = 0; j < count; j++) {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
if (oldCerts[j] != null) {
- mLogger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: "
- + err,
- cert.getSubjectDN(),
- cert.getSerialNumber()
- .toString(
- 16),
- RevocationReason
- .fromInt(
- reason)
- .toString() });
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: " +
+ err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString()}
+ );
}
}
}
@@ -566,24 +554,26 @@ public class DoRevokeTPS extends CMSServlet {
// store a message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus
- .equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditSerialNumber,
- auditRequestType, auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(
+ RequestStatus.COMPLETE_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
- return;
+ return;
}
long endTime = CMS.getCurrentDate().getTime();
@@ -594,103 +584,93 @@ public class DoRevokeTPS extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason)
- .toString()
- + " time: "
- + (endTime - startTime) });
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
+ );
}
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult = revReq
- .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult =
+ revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
o_status = "status=3";
- if (revReq
- .getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) {
+ if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) {
errorString = "error=Update CRL Error.";
// 3 means miscellaneous
}
}
// let known crl publishing status too.
- Integer publishCRLResult = revReq
- .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult =
+ revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
- String publError = revReq
- .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError =
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
o_status = "status=3";
if (publError != null) {
- errorString = "error=" + publError;
+ errorString = "error="+publError;
}
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
- // let known update and publish status of all crls.
- Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
- .getCRLIssuingPoints();
+ // let known update and publish status of all crls.
+ Enumeration otherCRLs =
+ ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
- .nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint)
+ otherCRLs.nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = revReq
- .getExtDataInInteger(updateStatusStr);
+ Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (!updateResult.equals(IRequest.RES_SUCCESS)) {
- String updateErrorStr = crl
- .getCrlUpdateErrorStr();
+ String updateErrorStr = crl.getCrlUpdateErrorStr();
- CMS.debug("DoRevoke: "
- + CMS.getLogMessage(
- "ADMIN_SRVLT_ADDING_HEADER_NO",
- updateStatusStr));
- String error = revReq
- .getExtDataInString(updateErrorStr);
+ CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
+ updateStatusStr));
+ String error =
+ revReq.getExtDataInString(updateErrorStr);
o_status = "status=3";
- if (error != null) {
- errorString = "error=" + error;
+ if (error != null) {
+ errorString = "error="+error;
}
}
- String publishStatusStr = crl
- .getCrlPublishStatusStr();
- Integer publishResult = revReq
- .getExtDataInInteger(publishStatusStr);
+ String publishStatusStr = crl.getCrlPublishStatusStr();
+ Integer publishResult =
+ revReq.getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (!publishResult.equals(IRequest.RES_SUCCESS)) {
- String publishErrorStr = crl
- .getCrlPublishErrorStr();
+ String publishErrorStr =
+ crl.getCrlPublishErrorStr();
- String error = revReq
- .getExtDataInString(publishErrorStr);
+ String error =
+ revReq.getExtDataInString(publishErrorStr);
o_status = "status=3";
if (error != null) {
@@ -701,11 +681,10 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- if (mPublisherProcessor != null
- && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus = revReq
- .getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus =
+ revReq.getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -718,30 +697,27 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- // add crl publishing status.
- String publError = revReq
- .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ // add crl publishing status.
+ String publError =
+ revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- errorString = "error=" + publError;
+ errorString = "error="+publError;
o_status = "status=3";
}
- } else if (mPublisherProcessor == null
- && mPublisherProcessor.ldapEnabled()) {
+ } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) {
errorString = "error=LDAP publishing not enabled.";
o_status = "status=3";
}
} else {
- if (stat == RequestStatus.PENDING
- || stat == RequestStatus.REJECTED) {
+ if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
o_status = "status=2";
- errorString = "error=" + stat.toString();
+ errorString = "error="+stat.toString();
} else {
o_status = "status=2";
errorString = "error=Undefined request status";
}
- Vector errors = revReq
- .getExtDataInStringVector(IRequest.ERRORS);
+ Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
if (errors != null) {
StringBuffer errInfo = new StringBuffer();
@@ -766,19 +742,17 @@ public class DoRevokeTPS extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(
- ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason)
- .toString() });
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString()}
+ );
}
}
}
@@ -788,17 +762,18 @@ public class DoRevokeTPS extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID, ILogger.SUCCESS,
- auditRequesterID, auditSerialNumber,
- auditRequestType, auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
+ ) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -809,9 +784,12 @@ public class DoRevokeTPS extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
- auditSerialNumber, auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
} else {
@@ -819,18 +797,21 @@ public class DoRevokeTPS extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditSerialNumber,
- auditRequestType, auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(
+ RequestStatus.COMPLETE_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -838,17 +819,19 @@ public class DoRevokeTPS extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID, ILogger.FAILURE, auditRequesterID,
- auditSerialNumber, auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
} else {
@@ -856,25 +839,27 @@ public class DoRevokeTPS extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus
- .equals(RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS
- .getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID, ILogger.FAILURE,
- auditRequesterID, auditSerialNumber,
- auditRequestType, auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(
+ RequestStatus.COMPLETE_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.REJECTED_STRING)) ||
+ (auditApprovalStatus.equals(
+ RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber,
+ auditRequestType,
+ auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
}
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
}
return;
@@ -882,11 +867,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for a signed audit log
- * message.
+ *
+ * This method is called to obtain the "RequesterID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -912,11 +897,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -934,8 +919,8 @@ public class DoRevokeTPS extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
- + Integer.toHexString(Integer.valueOf(serialNumber)
- .intValue());
+ + Integer.toHexString(
+ Integer.valueOf(serialNumber).intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -945,11 +930,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Request Type
- *
- * This method is called to obtain the "Request Type" for a signed audit log
- * message.
+ *
+ * This method is called to obtain the "Request Type" for
+ * a signed audit log message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -971,3 +956,4 @@ public class DoRevokeTPS extends CMSServlet {
return requestType;
}
}
+
generated by cgit (git 2.34.1) at 2024-07-07 08:35:13 +0000