diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java | 1005 |
1 files changed, 516 insertions, 489 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java index 740948712..fa069245d 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.dbs; - import java.math.BigInteger; import java.security.cert.Certificate; import java.util.Arrays; @@ -55,18 +54,17 @@ import com.netscape.certsrv.dbs.certdb.IRevocationInfo; import com.netscape.certsrv.dbs.repository.IRepository; import com.netscape.certsrv.logging.ILogger; - /** - * A class represents a certificate repository. It - * stores all the issued certificate. + * A class represents a certificate repository. It stores all the issued + * certificate. * <P> - * + * * @author thomask * @author kanda * @version $Revision$, $Date$ */ -public class CertificateRepository extends Repository - implements ICertificateRepository { +public class CertificateRepository extends Repository implements + ICertificateRepository { public final String CERT_X509ATTRIBUTE = "x509signedcert"; @@ -85,11 +83,11 @@ public class CertificateRepository extends Repository /** * Constructs a certificate repository. */ - public CertificateRepository(IDBSubsystem dbService, String certRepoBaseDN, int increment, String baseDN) - throws EDBException { + public CertificateRepository(IDBSubsystem dbService, String certRepoBaseDN, + int increment, String baseDN) throws EDBException { super(dbService, increment, baseDN); mBaseDN = certRepoBaseDN; - + mDBService = dbService; // registers CMS database attributes @@ -98,17 +96,19 @@ public class CertificateRepository extends Repository IConfigStore cfg = mDBService.getConfigStore(); } - public ICertRecord createCertRecord(BigInteger id, Certificate cert, MetaInfo meta) { + public ICertRecord createCertRecord(BigInteger id, Certificate cert, + MetaInfo meta) { return new CertRecord(id, cert, meta); } - public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) - throws EBaseException { + public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, + BigInteger serial_upper_bound) throws EBaseException { - CMS.debug("CertificateRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); + CMS.debug("CertificateRepository: in getLastSerialNumberInRange: low " + + serial_low_bound + " high " + serial_upper_bound); - if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0 ) - { + if (serial_low_bound == null || serial_upper_bound == null + || serial_low_bound.compareTo(serial_upper_bound) >= 0) { return null; } @@ -117,26 +117,30 @@ public class CertificateRepository extends Repository String[] attrs = null; - ICertRecordList recList = findCertRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1); + ICertRecordList recList = findCertRecordsInList(ldapfilter, attrs, + serial_upper_bound.toString(10), "serialno", 5 * -1); int size = recList.getSize(); - CMS.debug("CertificateRepository:getLastSerialNumberInRange: recList size " + size); + CMS.debug("CertificateRepository:getLastSerialNumberInRange: recList size " + + size); if (size <= 0) { CMS.debug("CertificateRepository:getLastSerialNumberInRange: index may be empty"); BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); - CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret); + ret = ret.add(new BigInteger("-1")); + CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + + ret); return ret; } int ltSize = recList.getSizeBeforeJumpTo(); Vector cList = new Vector(ltSize); - CMS.debug("CertificateRepository:getLastSerialNumberInRange: ltSize " + ltSize); + CMS.debug("CertificateRepository:getLastSerialNumberInRange: ltSize " + + ltSize); CertRecord curRec = null; @@ -151,11 +155,13 @@ public class CertificateRepository extends Repository BigInteger serial = curRec.getSerialNumber(); - CMS.debug("CertificateRepository:getLastCertRecordSerialNo: serialno " + serial); + CMS.debug("CertificateRepository:getLastCertRecordSerialNo: serialno " + + serial); - if( ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) && - ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) )) - { + if (((serial.compareTo(serial_low_bound) == 0) || (serial + .compareTo(serial_low_bound) == 1)) + && ((serial.compareTo(serial_upper_bound) == 0) || (serial + .compareTo(serial_upper_bound) == -1))) { CMS.debug("getLastSerialNumberInRange returning: " + serial); return serial; } @@ -163,25 +169,25 @@ public class CertificateRepository extends Repository CMS.debug("getLastSerialNumberInRange:found null from getCertRecord"); } } - BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); + ret = ret.add(new BigInteger("-1")); - CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret); - return ret; + CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + + ret); + return ret; } /** * Removes all objects with this repository. */ - public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException - { + public void removeCertRecords(BigInteger beginS, BigInteger endS) + throws EBaseException { String filter = "(" + CertRecord.ATTR_CERT_STATUS + "=*" + ")"; - ICertRecordList list =findCertRecordsInList(filter, - null, "serialno", 10); + ICertRecordList list = findCertRecordsInList(filter, null, "serialno", + 10); int size = list.getSize(); Enumeration e = list.getCertRecords(0, size - 1); while (e.hasMoreElements()) { @@ -191,8 +197,8 @@ public class CertificateRepository extends Repository BigInteger min = cur; if (endS != null) min = cur.min(endS); - if (cur.equals(beginS) || cur.equals(endS) || - (cur.equals(max) && cur.equals(min))) + if (cur.equals(beginS) || cur.equals(endS) + || (cur.equals(max) && cur.equals(min))) deleteCertificateRecord(cur); } } @@ -222,14 +228,13 @@ public class CertificateRepository extends Repository } /** - * interval value: (in seconds) - * 0 - disable - * >0 - enable + * interval value: (in seconds) 0 - disable >0 - enable */ public CertStatusUpdateThread mCertStatusUpdateThread = null; public RetrieveModificationsThread mRetrieveModificationsThread = null; - public void setCertStatusUpdateInterval(IRepository requestRepo, int interval, boolean listenToCloneModifications) { + public void setCertStatusUpdateInterval(IRepository requestRepo, + int interval, boolean listenToCloneModifications) { CMS.debug("In setCertStatusUpdateInterval " + interval); if (interval == 0) { CMS.debug("In setCertStatusUpdateInterval interval = 0" + interval); @@ -242,11 +247,14 @@ public class CertificateRepository extends Repository return; } - CMS.debug("In setCertStatusUpdateInterval listenToCloneModifications="+listenToCloneModifications+ - " mRetrieveModificationsThread="+mRetrieveModificationsThread); + CMS.debug("In setCertStatusUpdateInterval listenToCloneModifications=" + + listenToCloneModifications + + " mRetrieveModificationsThread=" + + mRetrieveModificationsThread); if (listenToCloneModifications && mRetrieveModificationsThread == null) { CMS.debug("In setCertStatusUpdateInterval about to create RetrieveModificationsThread"); - mRetrieveModificationsThread = new RetrieveModificationsThread(this, "RetrieveModificationsThread"); + mRetrieveModificationsThread = new RetrieveModificationsThread( + this, "RetrieveModificationsThread"); LDAPSearchResults mResults = null; try { mResults = startSearchForModifiedCertificateRecords(); @@ -259,10 +267,12 @@ public class CertificateRepository extends Repository } } - CMS.debug("In setCertStatusUpdateInterval mCertStatusUpdateThread " + mCertStatusUpdateThread); + CMS.debug("In setCertStatusUpdateInterval mCertStatusUpdateThread " + + mCertStatusUpdateThread); if (mCertStatusUpdateThread == null) { CMS.debug("In setCertStatusUpdateInterval about to create CertStatusUpdateThread "); - mCertStatusUpdateThread = new CertStatusUpdateThread(this, requestRepo, "CertStatusUpdateThread"); + mCertStatusUpdateThread = new CertStatusUpdateThread(this, + requestRepo, "CertStatusUpdateThread"); mCertStatusUpdateThread.setInterval(interval); mCertStatusUpdateThread.start(); } else { @@ -272,7 +282,6 @@ public class CertificateRepository extends Repository } } - /** * Blocking method. */ @@ -280,21 +289,21 @@ public class CertificateRepository extends Repository CMS.debug("In updateCertStatus()"); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH")); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH")); transitInvalidCertificates(); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH")); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH")); transitValidCertificates(); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH")); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH")); transitRevokedExpiredCertificates(); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH")); } /** @@ -304,13 +313,14 @@ public class CertificateRepository extends Repository return mBaseDN; } - public void setRequestDN( String requestDN ) { + public void setRequestDN(String requestDN) { mRequestBaseDN = requestDN; } - public String getRequestDN() { + public String getRequestDN() { return mRequestBaseDN; } + /** * Retrieves backend database handle. */ @@ -319,22 +329,21 @@ public class CertificateRepository extends Repository } /** - * Adds a certificate record to the repository. Each certificate - * record contains four parts: certificate, meta-attributes, - * issue information and reovcation information. + * Adds a certificate record to the repository. Each certificate record + * contains four parts: certificate, meta-attributes, issue information and + * reovcation information. * <P> - * + * * @param cert X.509 certificate - * @exception EBaseException failed to add new certificate to - * the repository + * @exception EBaseException failed to add new certificate to the repository */ - public void addCertificateRecord(ICertRecord record) - throws EBaseException { + public void addCertificateRecord(ICertRecord record) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - ((CertRecord) record).getSerialNumber().toString() + "," + getDN(); + String name = "cn" + "=" + + ((CertRecord) record).getSerialNumber().toString() + "," + + getDN(); SessionContext ctx = SessionContext.getContext(); String uid = (String) ctx.get(SessionContext.USER_ID); @@ -343,30 +352,30 @@ public class CertificateRepository extends Repository record.set(CertRecord.ATTR_ISSUED_BY, "system"); /** - System.out.println("XXX servlet should set USER_ID"); - throw new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1, - "null"); + * System.out.println("XXX servlet should set USER_ID"); throw + * new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1, + * "null"); **/ } else { record.set(CertRecord.ATTR_ISSUED_BY, uid); } - // Check validity of this certificate. If it is not invalid, + // Check validity of this certificate. If it is not invalid, // mark it so. We will have a thread to transit the status // from INVALID to VALID. - X509CertImpl x509cert = (X509CertImpl) record.get( - CertRecord.ATTR_X509CERT); + X509CertImpl x509cert = (X509CertImpl) record + .get(CertRecord.ATTR_X509CERT); if (x509cert != null) { Date now = CMS.getCurrentDate(); if (x509cert.getNotBefore().after(now)) { // not yet valid - record.set(ICertRecord.ATTR_CERT_STATUS, - ICertRecord.STATUS_INVALID); + record.set(ICertRecord.ATTR_CERT_STATUS, + ICertRecord.STATUS_INVALID); } } - + s.add(name, record); } finally { if (s != null) @@ -375,21 +384,19 @@ public class CertificateRepository extends Repository } /** - * Used by the Clone Master (CLA) to add a revoked certificate - * record to the repository. + * Used by the Clone Master (CLA) to add a revoked certificate record to the + * repository. * <p> - * + * * @param record a CertRecord - * @exception EBaseException failed to add new certificate to - * the repository + * @exception EBaseException failed to add new certificate to the repository */ - public void addRevokedCertRecord(CertRecord record) - throws EBaseException { + public void addRevokedCertRecord(CertRecord record) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - record.getSerialNumber().toString() + "," + getDN(); + String name = "cn" + "=" + record.getSerialNumber().toString() + + "," + getDN(); s.add(name, record); } finally { @@ -399,13 +406,14 @@ public class CertificateRepository extends Repository } /** - * This transits a certificate status from VALID to EXPIRED - * if a certificate becomes expired. + * This transits a certificate status from VALID to EXPIRED if a certificate + * becomes expired. */ public void transitValidCertificates() throws EBaseException { Date now = CMS.getCurrentDate(); - ICertRecordList recList = getValidCertsByNotAfterDate(now, -1 * mTransitRecordPageSize); + ICertRecordList recList = getValidCertsByNotAfterDate(now, -1 + * mTransitRecordPageSize); int size = recList.getSize(); @@ -430,18 +438,21 @@ public class CertificateRepository extends Repository for (i = 0; i < ltSize; i++) { obj = recList.getCertRecord(i); - if (obj != null) { + if (obj != null) { curRec = (CertRecord) obj; Date notAfter = curRec.getNotAfter(); - //CMS.debug("notAfter " + notAfter.toString() + " now " + now.toString()); + // CMS.debug("notAfter " + notAfter.toString() + " now " + + // now.toString()); if (notAfter.after(now)) { - CMS.debug("Record does not qualify,notAfter " + notAfter.toString() + " date " + now.toString()); + CMS.debug("Record does not qualify,notAfter " + + notAfter.toString() + " date " + now.toString()); continue; } - CMS.debug("transitValid: curRec: " + i + " " + curRec.toString()); + CMS.debug("transitValid: curRec: " + i + " " + + curRec.toString()); if (mConsistencyCheck) { cList.add(curRec); @@ -460,13 +471,14 @@ public class CertificateRepository extends Repository } /** - * This transits a certificate status from REVOKED to REVOKED_EXPIRED - * if an revoked certificate becomes expired. + * This transits a certificate status from REVOKED to REVOKED_EXPIRED if an + * revoked certificate becomes expired. */ public void transitRevokedExpiredCertificates() throws EBaseException { Date now = CMS.getCurrentDate(); - ICertRecordList recList = getRevokedCertsByNotAfterDate(now, -1 * mTransitRecordPageSize); - + ICertRecordList recList = getRevokedCertsByNotAfterDate(now, -1 + * mTransitRecordPageSize); + int size = recList.getSize(); if (size <= 0) { @@ -490,13 +502,16 @@ public class CertificateRepository extends Repository obj = recList.getCertRecord(i); if (obj != null) { curRec = (CertRecord) obj; - CMS.debug("transitRevokedExpired: curRec: " + i + " " + curRec.toString()); + CMS.debug("transitRevokedExpired: curRec: " + i + " " + + curRec.toString()); Date notAfter = curRec.getNotAfter(); - // CMS.debug("notAfter " + notAfter.toString() + " now " + now.toString()); + // CMS.debug("notAfter " + notAfter.toString() + " now " + + // now.toString()); if (notAfter.after(now)) { - CMS.debug("Record does not qualify,notAfter " + notAfter.toString() + " date " + now.toString()); + CMS.debug("Record does not qualify,notAfter " + + notAfter.toString() + " date " + now.toString()); continue; } @@ -505,7 +520,7 @@ public class CertificateRepository extends Repository } else { cList.add(curRec.getSerialNumber()); } - } else { + } else { CMS.debug("found null record in getCertRecord"); } } @@ -515,14 +530,15 @@ public class CertificateRepository extends Repository } /** - * This transits a certificate status from INVALID to VALID - * if a certificate becomes valid. + * This transits a certificate status from INVALID to VALID if a certificate + * becomes valid. */ public void transitInvalidCertificates() throws EBaseException { Date now = CMS.getCurrentDate(); - ICertRecordList recList = getInvalidCertsByNotBeforeDate(now, -1 * mTransitRecordPageSize); + ICertRecordList recList = getInvalidCertsByNotBeforeDate(now, -1 + * mTransitRecordPageSize); int size = recList.getSize(); @@ -553,13 +569,16 @@ public class CertificateRepository extends Repository Date notBefore = curRec.getNotBefore(); - //CMS.debug("notBefore " + notBefore.toString() + " now " + now.toString()); + // CMS.debug("notBefore " + notBefore.toString() + " now " + + // now.toString()); if (notBefore.after(now)) { - CMS.debug("Record does not qualify,notBefore " + notBefore.toString() + " date " + now.toString()); + CMS.debug("Record does not qualify,notBefore " + + notBefore.toString() + " date " + now.toString()); continue; } - CMS.debug("transitInValid: curRec: " + i + " " + curRec.toString()); + CMS.debug("transitInValid: curRec: " + i + " " + + curRec.toString()); if (mConsistencyCheck) { cList.add(curRec); @@ -576,7 +595,8 @@ public class CertificateRepository extends Repository } - private void transitCertList(Vector cList, String newCertStatus) throws EBaseException { + private void transitCertList(Vector cList, String newCertStatus) + throws EBaseException { CertRecord cRec = null; BigInteger serial = null; @@ -599,8 +619,9 @@ public class CertificateRepository extends Repository updateStatus(serial, newCertStatus); if (newCertStatus.equals(CertRecord.STATUS_REVOKED_EXPIRED)) { - - // inform all CRLIssuingPoints about revoked and expired certificate + + // inform all CRLIssuingPoints about revoked and expired + // certificate Enumeration eIPs = mCRLIssuingPoints.elements(); @@ -624,7 +645,7 @@ public class CertificateRepository extends Repository * Reads the certificate identified by the given serial no. */ public X509CertImpl getX509Certificate(BigInteger serialNo) - throws EBaseException { + throws EBaseException { X509CertImpl cert = null; ICertRecord cr = readCertificateRecord(serialNo); @@ -635,16 +656,15 @@ public class CertificateRepository extends Repository * Deletes certificate record. */ public void deleteCertificateRecord(BigInteger serialNo) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + serialNo.toString() + "," + getDN(); s.delete(name); } finally { - if (s != null) + if (s != null) s.close(); } } @@ -653,35 +673,33 @@ public class CertificateRepository extends Repository * Reads certificate from repository. */ public ICertRecord readCertificateRecord(BigInteger serialNo) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); CertRecord rec = null; try { - String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + serialNo.toString() + "," + getDN(); rec = (CertRecord) s.read(name); } finally { - if (s != null) + if (s != null) s.close(); } return rec; } public synchronized void modifyCertificateRecord(BigInteger serialNo, - ModificationSet mods) throws EBaseException { + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + - serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + serialNo.toString() + "," + getDN(); mods.add(CertRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE, - CMS.getCurrentDate()); + CMS.getCurrentDate()); s.modify(name, mods); } finally { - if (s != null) + if (s != null) s.close(); } } @@ -690,7 +708,7 @@ public class CertificateRepository extends Repository * Checks if the specified certificate is in the repository. */ public boolean containsCertificate(BigInteger serialNo) - throws EBaseException { + throws EBaseException { try { ICertRecord cr = readCertificateRecord(serialNo); @@ -705,7 +723,7 @@ public class CertificateRepository extends Repository * Marks certificate as revoked. */ public void markAsRevoked(BigInteger id, IRevocationInfo info) - throws EBaseException { + throws EBaseException { ModificationSet mods = new ModificationSet(); mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_ADD, info); @@ -713,16 +731,14 @@ public class CertificateRepository extends Repository String uid = (String) ctx.get(SessionContext.USER_ID); if (uid == null) { - mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, - "system"); + mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, "system"); } else { - mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, - uid); + mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, uid); } mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_ADD, - CMS.getCurrentDate()); + CMS.getCurrentDate()); mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, - CertRecord.STATUS_REVOKED); + CertRecord.STATUS_REVOKED); modifyCertificateRecord(id, mods); } @@ -730,15 +746,14 @@ public class CertificateRepository extends Repository * Unmarks revoked certificate. */ public void unmarkRevoked(BigInteger id, IRevocationInfo info, - Date revokedOn, String revokedBy) - throws EBaseException { + Date revokedOn, String revokedBy) throws EBaseException { ModificationSet mods = new ModificationSet(); mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_DELETE, info); mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_DELETE, revokedBy); mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_DELETE, revokedOn); mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, - CertRecord.STATUS_VALID); + CertRecord.STATUS_VALID); modifyCertificateRecord(id, mods); } @@ -746,17 +761,16 @@ public class CertificateRepository extends Repository * Updates the certificiate record status to the specified. */ public void updateStatus(BigInteger id, String status) - throws EBaseException { + throws EBaseException { CMS.debug("updateStatus: " + id + " status " + status); ModificationSet mods = new ModificationSet(); - mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, - status); + mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, status); modifyCertificateRecord(id, mods); } public Enumeration searchCertificates(String filter, int maxSize) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -764,14 +778,14 @@ public class CertificateRepository extends Repository try { e = s.search(getDN(), filter, maxSize); } finally { - if (s != null) + if (s != null) s.close(); } return e; } - public Enumeration searchCertificates(String filter, int maxSize, int timeLimit) - throws EBaseException { + public Enumeration searchCertificates(String filter, int maxSize, + int timeLimit) throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -779,7 +793,7 @@ public class CertificateRepository extends Repository try { e = s.search(getDN(), filter, maxSize, timeLimit); } finally { - if (s != null) + if (s != null) s.close(); } return e; @@ -787,39 +801,39 @@ public class CertificateRepository extends Repository /** * Returns a list of X509CertImp that satisfies the filter. + * * @deprecated replaced by <code>findCertificatesInList</code> */ - public Enumeration findCertRecs(String filter) - throws EBaseException { + public Enumeration findCertRecs(String filter) throws EBaseException { CMS.debug("findCertRecs " + filter); IDBSSession s = mDBService.createSession(); Enumeration e = null; try { e = s.search(getDN(), filter); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return e; } public Enumeration findCertRecs(String filter, String[] attrs) - throws EBaseException { + throws EBaseException { - CMS.debug( "findCertRecs " + filter - + "attrs " + Arrays.toString( attrs ) ); + CMS.debug("findCertRecs " + filter + "attrs " + Arrays.toString(attrs)); IDBSSession s = mDBService.createSession(); Enumeration e = null; try { e = s.search(getDN(), filter, attrs); } finally { - if (s != null) s.close(); + if (s != null) + s.close(); } return e; } - public Enumeration findCertificates(String filter) - throws EBaseException { + public Enumeration findCertificates(String filter) throws EBaseException { Enumeration e = findCertRecords(filter); Vector v = new Vector(); @@ -832,18 +846,15 @@ public class CertificateRepository extends Repository } /** - * Finds a list of certificate records that satisifies - * the filter. - * If you are going to process everything in the list, - * use this. + * Finds a list of certificate records that satisifies the filter. If you + * are going to process everything in the list, use this. */ - public Enumeration findCertRecords(String filter) - throws EBaseException { + public Enumeration findCertRecords(String filter) throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { - //e = s.search(getDN(), filter); + // e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -851,15 +862,16 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Finds certificate records. Here is a list of filter - * attribute can be used: + * Finds certificate records. Here is a list of filter attribute can be + * used: + * * <pre> * certRecordId * certMetaInfo @@ -870,49 +882,48 @@ public class CertificateRepository extends Repository * x509Cert.notAfter * x509Cert.subject * </pre> - * The filter should follow RFC1558 LDAP filter syntax. - * For example, + * + * The filter should follow RFC1558 LDAP filter syntax. For example, + * * <pre> * (&(certRecordId=5)(x509Cert.notBefore=934398398)) * </pre> */ - public ICertRecordList findCertRecordsInList(String filter, - String attrs[], int pageSize) throws EBaseException { - return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID, + public ICertRecordList findCertRecordsInList(String filter, String attrs[], + int pageSize) throws EBaseException { + return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID, pageSize); } - public ICertRecordList findCertRecordsInList(String filter, - String attrs[], String sortKey, int pageSize) - throws EBaseException { + public ICertRecordList findCertRecordsInList(String filter, String attrs[], + String sortKey, int pageSize) throws EBaseException { IDBSSession s = mDBService.createSession(); CMS.debug("In findCertRecordsInList"); CertRecordList list = null; try { - DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), filter, attrs, - sortKey, pageSize); + DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), + filter, attrs, sortKey, pageSize); list = new CertRecordList(vlist); } finally { - if (s != null) + if (s != null) s.close(); } return list; } - public ICertRecordList findCertRecordsInList(String filter, - String attrs[], String jumpTo, String sortKey, int pageSize) - throws EBaseException { - return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, pageSize); + public ICertRecordList findCertRecordsInList(String filter, String attrs[], + String jumpTo, String sortKey, int pageSize) throws EBaseException { + return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, + pageSize); } - public ICertRecordList findCertRecordsInList(String filter, - String attrs[], String jumpTo, boolean hardJumpTo, - String sortKey, int pageSize) - throws EBaseException { + public ICertRecordList findCertRecordsInList(String filter, String attrs[], + String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); CertRecordList list = null; @@ -920,33 +931,33 @@ public class CertificateRepository extends Repository try { String jumpToVal = null; - if (hardJumpTo) { - CMS.debug("In findCertRecordsInList with hardJumpto "); - jumpToVal = "99"; - } else { - int len = jumpTo.length(); - - if (len > 9) { - jumpToVal = Integer.toString(len) + jumpTo; + if (hardJumpTo) { + CMS.debug("In findCertRecordsInList with hardJumpto "); + jumpToVal = "99"; } else { - jumpToVal = "0" + Integer.toString(len) + jumpTo; + int len = jumpTo.length(); + + if (len > 9) { + jumpToVal = Integer.toString(len) + jumpTo; + } else { + jumpToVal = "0" + Integer.toString(len) + jumpTo; + } } - } - DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), filter, - attrs, jumpToVal, sortKey, pageSize); + DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), + filter, attrs, jumpToVal, sortKey, pageSize); list = new CertRecordList(vlist); } finally { - if (s != null) + if (s != null) s.close(); } return list; } public ICertRecordList findCertRecordsInListRawJumpto(String filter, - String attrs[], String jumpTo, String sortKey, int pageSize) - throws EBaseException { + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); CertRecordList list = null; @@ -954,8 +965,8 @@ public class CertificateRepository extends Repository try { - DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), filter, - attrs, jumpTo, sortKey, pageSize); + DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), + filter, attrs, jumpTo, sortKey, pageSize); list = new CertRecordList(vlist); } finally { @@ -969,44 +980,42 @@ public class CertificateRepository extends Repository * Marks certificate as renewable. */ public void markCertificateAsRenewable(ICertRecord record) - throws EBaseException { - changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(), - CertRecord.AUTO_RENEWAL_ENABLED); + throws EBaseException { + changeRenewalAttribute(((CertRecord) record).getSerialNumber() + .toString(), CertRecord.AUTO_RENEWAL_ENABLED); } /** * Marks certificate as renewable. */ public void markCertificateAsNotRenewable(ICertRecord record) - throws EBaseException { - changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(), - CertRecord.AUTO_RENEWAL_DISABLED); + throws EBaseException { + changeRenewalAttribute(((CertRecord) record).getSerialNumber() + .toString(), CertRecord.AUTO_RENEWAL_DISABLED); } - public void markCertificateAsRenewed(String serialNo) - throws EBaseException { + public void markCertificateAsRenewed(String serialNo) throws EBaseException { changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_DONE); } public void markCertificateAsRenewalNotified(String serialNo) - throws EBaseException { + throws EBaseException { changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_NOTIFIED); } private void changeRenewalAttribute(String serialno, String value) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + serialno + - "," + getDN(); + String name = "cn" + "=" + serialno + "," + getDN(); ModificationSet mods = new ModificationSet(); mods.add(CertRecord.ATTR_AUTO_RENEW, Modification.MOD_REPLACE, - value); + value); s.modify(name, mods); } finally { - if (s != null) + if (s != null) s.close(); } } @@ -1017,6 +1026,7 @@ public class CertificateRepository extends Repository public class RenewableCertificateCollection { Vector mToRenew = null; Vector mToNotify = null; + public RenewableCertificateCollection() { } @@ -1043,21 +1053,20 @@ public class CertificateRepository extends Repository } public Hashtable getRenewableCertificates(String renewalTime) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Hashtable tab = null; try { - String filter = "(&(" + CertRecord.ATTR_CERT_STATUS + "=" + - CertRecord.STATUS_VALID + ")(" - + CertRecord.ATTR_X509CERT + - "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime + - ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" + - CertRecord.AUTO_RENEWAL_DONE + - "))(!(" + CertRecord.ATTR_AUTO_RENEW + "=" + - CertRecord.AUTO_RENEWAL_NOTIFIED + ")))"; - //Enumeration e = s.search(getDN(), filter); + String filter = "(&(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID + ")(" + CertRecord.ATTR_X509CERT + + "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime + + ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" + + CertRecord.AUTO_RENEWAL_DONE + "))(!(" + + CertRecord.ATTR_AUTO_RENEW + "=" + + CertRecord.AUTO_RENEWAL_NOTIFIED + ")))"; + // Enumeration e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -1075,57 +1084,54 @@ public class CertificateRepository extends Repository Object val = null; if ((val = tab.get(subjectDN)) == null) { - RenewableCertificateCollection collection = - new RenewableCertificateCollection(); + RenewableCertificateCollection collection = new RenewableCertificateCollection(); collection.addCertificate(renewalFlag, cert); tab.put(subjectDN, collection); } else { - ((RenewableCertificateCollection) val).addCertificate(renewalFlag, cert); + ((RenewableCertificateCollection) val).addCertificate( + renewalFlag, cert); } } } finally { - if (s != null) + if (s != null) s.close(); } return tab; } /** - * Gets all valid and unexpired certificates pertaining - * to a subject DN. - * - * @param subjectDN The distinguished name of the subject. - * @param validityType The type of certificates to get. + * Gets all valid and unexpired certificates pertaining to a subject DN. + * + * @param subjectDN The distinguished name of the subject. + * @param validityType The type of certificates to get. * @return An array of certificates. */ - public X509CertImpl[] getX509Certificates(String subjectDN, - int validityType) throws EBaseException { + public X509CertImpl[] getX509Certificates(String subjectDN, int validityType) + throws EBaseException { IDBSSession s = mDBService.createSession(); X509CertImpl certs[] = null; try { // XXX - not checking validityType... - String filter = "(&(" + CertRecord.ATTR_X509CERT + - "." + X509CertInfo.SUBJECT + "=" + subjectDN; + String filter = "(&(" + CertRecord.ATTR_X509CERT + "." + + X509CertInfo.SUBJECT + "=" + subjectDN; if (validityType == ALL_VALID_CERTS) { - filter += ")(" + - CertRecord.ATTR_CERT_STATUS + "=" + - CertRecord.STATUS_VALID; + filter += ")(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID; } if (validityType == ALL_UNREVOKED_CERTS) { - filter += ")(|(" + - CertRecord.ATTR_CERT_STATUS + "=" + - CertRecord.STATUS_VALID + ")(" + - CertRecord.ATTR_CERT_STATUS + "=" + - CertRecord.STATUS_EXPIRED + ")"; + filter += ")(|(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID + ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_EXPIRED + ")"; } filter += "))"; - //Enumeration e = s.search(getDN(), filter); + // Enumeration e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -1144,14 +1150,14 @@ public class CertificateRepository extends Repository certs = new X509CertImpl[v.size()]; v.copyInto(certs); } finally { - if (s != null) + if (s != null) s.close(); } return certs; } public X509CertImpl[] getX509Certificates(String filter) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); X509CertImpl certs[] = null; @@ -1160,7 +1166,7 @@ public class CertificateRepository extends Repository Enumeration e = null; if (filter != null && filter.length() > 0) { - //e = s.search(getDN(), filter); + // e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -1181,7 +1187,7 @@ public class CertificateRepository extends Repository v.copyInto(certs); } } finally { - if (s != null) + if (s != null) s.close(); } return certs; @@ -1189,106 +1195,108 @@ public class CertificateRepository extends Repository /** * Retrives all valid certificates excluding ones already revoked. - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getValidCertificates(String from, String to) - throws EBaseException { - IDBSSession s = mDBService.createSession(); - Vector v = new Vector(); + throws EBaseException { + IDBSSession s = mDBService.createSession(); + Vector v = new Vector(); - try { + try { - // 'from' determines 'jumpto' value - // 'to' determines where to stop looking + // 'from' determines 'jumpto' value + // 'to' determines where to stop looking - String ldapfilter = "(certstatus=VALID)"; + String ldapfilter = "(certstatus=VALID)"; - String fromVal = "0"; - try { - if (from != null) { - int fv = Integer.parseInt(from); - fromVal = from; - } - } catch (Exception e1) { - // from is not integer + String fromVal = "0"; + try { + if (from != null) { + int fv = Integer.parseInt(from); + fromVal = from; } + } catch (Exception e1) { + // from is not integer + } - ICertRecordList list = - findCertRecordsInList(ldapfilter, null, fromVal, "serialno", 40); + ICertRecordList list = findCertRecordsInList(ldapfilter, null, + fromVal, "serialno", 40); - BigInteger toInt = null; - if (to != null && !to.trim().equals("")) { - toInt = new BigInteger(to); - } + BigInteger toInt = null; + if (to != null && !to.trim().equals("")) { + toInt = new BigInteger(to); + } + + for (int i = 0;; i++) { + CertRecord rec = (CertRecord) list.getCertRecord(i); + CMS.debug("processing record: " + i); + if (rec == null) { + break; // no element returned + } else { - for (int i=0;; i++) { - CertRecord rec = (CertRecord) list.getCertRecord(i); - CMS.debug("processing record: "+i); - if (rec == null) { - break; // no element returned - } else { - - CMS.debug("processing record: "+i+" "+rec.getSerialNumber()); - // Check if we are past the 'to' marker - if (toInt != null) { - if (rec.getSerialNumber().compareTo(toInt) > 0) { - break; - } + CMS.debug("processing record: " + i + " " + + rec.getSerialNumber()); + // Check if we are past the 'to' marker + if (toInt != null) { + if (rec.getSerialNumber().compareTo(toInt) > 0) { + break; } - v.addElement(rec); - } - } - - } finally { - if (s != null) - s.close(); - } - CMS.debug("returning "+v.size()+" elements"); - return v.elements(); - } + } + v.addElement(rec); + } + } + + } finally { + if (s != null) + s.close(); + } + CMS.debug("returning " + v.size() + " elements"); + return v.elements(); + } /** * Retrives all valid certificates excluding ones already revoked. */ - public Enumeration getAllValidCertificates() - throws EBaseException { + public Enumeration getAllValidCertificates() throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { Date now = CMS.getCurrentDate(); - String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + - CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_BEFORE + "<=" + - DateMapper.dateToDB(now) + ")(" + - CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - DateMapper.dateToDB(now) + "))"; - //e = s.search(getDN(), ldapfilter); + String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_BEFORE + "<=" + + DateMapper.dateToDB(now) + ")(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + "))"; + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all valid not published certificates - * excluding ones already revoked. - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * Retrives all valid not published certificates excluding ones already + * revoked. + * + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getValidNotPublishedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1300,63 +1308,59 @@ public class CertificateRepository extends Repository ldapfilter += CertRecord.ATTR_ID + ">=" + from + ")("; if (to != null && to.length() > 0) ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")("; - ldapfilter += "!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + - CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_BEFORE + "<=" + - DateMapper.dateToDB(now) + ")(" + - CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - DateMapper.dateToDB(now) + ")(!(" + - "certMetainfo=" + - CertRecord.META_LDAPPUBLISH + - ":true)))"; - //e = s.search(getDN(), ldapfilter); + ldapfilter += "!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_BEFORE + "<=" + + DateMapper.dateToDB(now) + ")(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + ")(!(" + "certMetainfo=" + + CertRecord.META_LDAPPUBLISH + ":true)))"; + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - + } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all valid not published certificates - * excluding ones already revoked. + * Retrives all valid not published certificates excluding ones already + * revoked. */ public Enumeration getAllValidNotPublishedCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { Date now = CMS.getCurrentDate(); - String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + - CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_BEFORE + "<=" + - DateMapper.dateToDB(now) + ")(" + - CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - DateMapper.dateToDB(now) + ")(!(" + - "certMetainfo=" + - CertRecord.META_LDAPPUBLISH + - ":true)))"; - //e = s.search(getDN(), ldapfilter); + String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_BEFORE + "<=" + + DateMapper.dateToDB(now) + ")(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + ")(!(" + "certMetainfo=" + + CertRecord.META_LDAPPUBLISH + ":true)))"; + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1364,11 +1368,12 @@ public class CertificateRepository extends Repository /** * Retrives all expired certificates. - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getExpiredCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1380,20 +1385,20 @@ public class CertificateRepository extends Repository ldapfilter += CertRecord.ATTR_ID + ">=" + from + ")("; if (to != null && to.length() > 0) ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")("; - ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - DateMapper.dateToDB(now) + ")))"; - //e = s.search(getDN(), ldapfilter); - + ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + ")))"; + // e = s.search(getDN(), ldapfilter); + ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - } finally { + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1402,27 +1407,26 @@ public class CertificateRepository extends Repository /** * Retrives all expired certificates. */ - public Enumeration getAllExpiredCertificates() - throws EBaseException { + public Enumeration getAllExpiredCertificates() throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { Date now = CMS.getCurrentDate(); - String ldapfilter = "(!(" + CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - DateMapper.dateToDB(now) + "))"; - //e = s.search(getDN(), ldapfilter); + String ldapfilter = "(!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + "))"; + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - - } finally { + + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1430,11 +1434,12 @@ public class CertificateRepository extends Repository /** * Retrives all expired published certificates. - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getExpiredPublishedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1446,24 +1451,23 @@ public class CertificateRepository extends Repository ldapfilter += CertRecord.ATTR_ID + ">=" + from + ")("; if (to != null && to.length() > 0) ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")("; - ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - //DateMapper.dateToDB(now) + ")))"; - DateMapper.dateToDB(now) + "))(" + - "certMetainfo=" + - CertRecord.META_LDAPPUBLISH + - ":true))"; - //e = s.search(getDN(), ldapfilter); - + ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + + // DateMapper.dateToDB(now) + ")))"; + DateMapper.dateToDB(now) + "))(" + "certMetainfo=" + + CertRecord.META_LDAPPUBLISH + ":true))"; + // e = s.search(getDN(), ldapfilter); + ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - } finally { + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1473,7 +1477,7 @@ public class CertificateRepository extends Repository * Retrives all expired publishedcertificates. */ public Enumeration getAllExpiredPublishedCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1481,31 +1485,30 @@ public class CertificateRepository extends Repository Date now = CMS.getCurrentDate(); String ldapfilter = "(&"; - ldapfilter += "(!(" + CertRecord.ATTR_X509CERT + "." + - CertificateValidity.NOT_AFTER + ">=" + - DateMapper.dateToDB(now) + "))"; - ldapfilter += "(certMetainfo=" + - CertRecord.META_LDAPPUBLISH + - ":true))"; - - //e = s.search(getDN(), ldapfilter); + ldapfilter += "(!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + "))"; + ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH + + ":true))"; + + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - - } finally { + + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } - public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, int pageSize) - throws EBaseException { + public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, + int pageSize) throws EBaseException { String now = null; @@ -1515,27 +1518,29 @@ public class CertificateRepository extends Repository IDBSSession s = mDBService.createSession(); try { - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_INVALID + ")"; + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_INVALID + ")"; String[] attrs = null; if (mConsistencyCheck == false) { - attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT}; + attrs = new String[] { "objectclass", CertRecord.ATTR_ID, + CertRecord.ATTR_X509CERT }; } - CMS.debug("getInvalidCertificatesByNotBeforeDate filter " + ldapfilter); - //e = s.search(getDN(), ldapfilter); + CMS.debug("getInvalidCertificatesByNotBeforeDate filter " + + ldapfilter); + // e = s.search(getDN(), ldapfilter); CMS.debug("getInvalidCertificatesByNotBeforeDate: about to call findCertRecordsInList"); list = findCertRecordsInListRawJumpto(ldapfilter, attrs, - DateMapper.dateToDB(date), "notBefore", pageSize); + DateMapper.dateToDB(date), "notBefore", pageSize); - //e = list.getCertRecords(0, size - 1); + // e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - CMS.debug("In getInvalidCertsByNotBeforeDate finally."); if (s != null) @@ -1546,7 +1551,7 @@ public class CertificateRepository extends Repository } public ICertRecordList getValidCertsByNotAfterDate(Date date, int pageSize) - throws EBaseException { + throws EBaseException { String now = null; @@ -1554,17 +1559,20 @@ public class CertificateRepository extends Repository IDBSSession s = mDBService.createSession(); try { - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_VALID + ")"; + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID + ")"; String[] attrs = null; if (mConsistencyCheck == false) { - attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT}; + attrs = new String[] { "objectclass", CertRecord.ATTR_ID, + CertRecord.ATTR_X509CERT }; } CMS.debug("getValidCertsByNotAfterDate filter " + ldapfilter); - //e = s.search(getDN(), ldapfilter); - list = findCertRecordsInListRawJumpto(ldapfilter, attrs, DateMapper.dateToDB(date), "notAfter", pageSize); + // e = s.search(getDN(), ldapfilter); + list = findCertRecordsInListRawJumpto(ldapfilter, attrs, + DateMapper.dateToDB(date), "notAfter", pageSize); } finally { // XXX - transaction is not done at this moment @@ -1576,46 +1584,50 @@ public class CertificateRepository extends Repository } public ICertRecordList getRevokedCertsByNotAfterDate(Date date, int pageSize) - throws EBaseException { + throws EBaseException { ICertRecordList list = null; IDBSSession s = mDBService.createSession(); try { - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_REVOKED + ")"; String[] attrs = null; if (mConsistencyCheck == false) { - attrs = new String[] { "objectclass", CertRecord.ATTR_REVOKED_ON, CertRecord.ATTR_ID, - CertRecord.ATTR_REVO_INFO, CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT}; + attrs = new String[] { "objectclass", + CertRecord.ATTR_REVOKED_ON, CertRecord.ATTR_ID, + CertRecord.ATTR_REVO_INFO, + CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT }; } - CMS.debug("getRevokedCertificatesByNotAfterDate filter " + ldapfilter); - //e = s.search(getDN(), ldapfilter); + CMS.debug("getRevokedCertificatesByNotAfterDate filter " + + ldapfilter); + // e = s.search(getDN(), ldapfilter); CMS.debug("getRevokedCertificatesByNotAfterDate: about to call findCertRecordsInList"); list = findCertRecordsInListRawJumpto(ldapfilter, attrs, - DateMapper.dateToDB(date), "notafter", pageSize); + DateMapper.dateToDB(date), "notafter", pageSize); } finally { // XXX - transaction is not done at this moment - if (s != null) s.close(); } return list; } - + /** - * Retrieves all revoked certificates in the serial number range. - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * Retrieves all revoked certificates in the serial number range. + * + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getRevokedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1627,7 +1639,7 @@ public class CertificateRepository extends Repository if (to != null && to.length() > 0) ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")"; ldapfilter += ")"; - //e = s.search(getDN(), ldapfilter); + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1636,24 +1648,27 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all revoked certificates including ones already expired or - * not yet valid. + * Retrives all revoked certificates including ones already expired or not + * yet valid. */ - public Enumeration getAllRevokedCertificates() - throws EBaseException { + public Enumeration getAllRevokedCertificates() throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter + String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_REVOKED + ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup + // for this filter try { - //e = s.search(getDN(), ldapfilter); + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1661,19 +1676,20 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrieves all revoked publishedcertificates in the serial number range. - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * Retrieves all revoked publishedcertificates in the serial number range. + * + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getRevokedPublishedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1684,11 +1700,10 @@ public class CertificateRepository extends Repository ldapfilter += "(" + CertRecord.ATTR_ID + ">=" + from + ")"; if (to != null && to.length() > 0) ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")"; - //ldapfilter += ")"; - ldapfilter += "(certMetainfo=" + - CertRecord.META_LDAPPUBLISH + - ":true))"; - //e = s.search(getDN(), ldapfilter); + // ldapfilter += ")"; + ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH + + ":true))"; + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1697,27 +1712,30 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all revoked published certificates including ones - * already expired or not yet valid. + * Retrives all revoked published certificates including ones already + * expired or not yet valid. */ public Enumeration getAllRevokedPublishedCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter - - ldapfilter += "(certMetainfo=" + - CertRecord.META_LDAPPUBLISH + - ":true))"; + String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_REVOKED + ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup + // for this filter + + ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH + + ":true))"; try { - //e = s.search(getDN(), ldapfilter); + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1725,30 +1743,31 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrieves all revoked certificates that have not expired. + * Retrieves all revoked certificates that have not expired. */ public Enumeration getRevokedCertificates(Date asOfDate) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { - /*e = s.search(getDN(), "(&(" + - CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT + - "." + CertificateValidity.NOT_AFTER + " >= " + - DateMapper.dateToDB(asOfDate) + "))");*/ - String ldapfilter = "(&(" + - CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT + - "." + CertificateValidity.NOT_AFTER + " >= " + - DateMapper.dateToDB(asOfDate) + "))"; + /* + * e = s.search(getDN(), "(&(" + CertRecord.ATTR_REVO_INFO + "=*)(" + * + CertRecord.ATTR_X509CERT + "." + CertificateValidity.NOT_AFTER + * + " >= " + DateMapper.dateToDB(asOfDate) + "))"); + */ + String ldapfilter = "(&(" + CertRecord.ATTR_REVO_INFO + "=*)(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + " >= " + + DateMapper.dateToDB(asOfDate) + "))"; ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1757,7 +1776,7 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1767,13 +1786,15 @@ public class CertificateRepository extends Repository * Retrives all revoked certificates excluing ones already expired. */ public Enumeration getAllRevokedNonExpiredCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; // index is setup for this filter + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_REVOKED + ")"; // index is setup for this + // filter try { - //e = s.search(getDN(), ldapfilter); + // e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1781,14 +1802,14 @@ public class CertificateRepository extends Repository e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } private LDAPSearchResults startSearchForModifiedCertificateRecords() - throws EBaseException { + throws EBaseException { CMS.debug("startSearchForModifiedCertificateRecords"); LDAPSearchResults r = null; IDBSSession s = mDBService.createSession(); @@ -1798,9 +1819,10 @@ public class CertificateRepository extends Repository r = s.persistentSearch(getDN(), filter, null); CMS.debug("startSearchForModifiedCertificateRecords persistentSearch started"); } catch (Exception e) { - CMS.debug("startSearchForModifiedCertificateRecords persistentSearch Exception="+e); + CMS.debug("startSearchForModifiedCertificateRecords persistentSearch Exception=" + + e); r = null; - if (s != null) + if (s != null) s.close(); } return r; @@ -1808,34 +1830,40 @@ public class CertificateRepository extends Repository public void getModifications(LDAPEntry entry) { if (entry != null) { - CMS.debug("getModifications entry DN="+entry.getDN()); + CMS.debug("getModifications entry DN=" + entry.getDN()); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); ICertRecord certRec = null; try { - certRec = (ICertRecord)mDBService.getRegistry().createObject(entryAttrs); + certRec = (ICertRecord) mDBService.getRegistry().createObject( + entryAttrs); } catch (Exception e) { } if (certRec != null) { String status = certRec.getStatus(); - CMS.debug("getModifications serialNumber="+certRec.getSerialNumber()+ - " status="+status); - if (status != null && (status.equals(ICertRecord.STATUS_VALID) || - status.equals(ICertRecord.STATUS_REVOKED))) { + CMS.debug("getModifications serialNumber=" + + certRec.getSerialNumber() + " status=" + status); + if (status != null + && (status.equals(ICertRecord.STATUS_VALID) || status + .equals(ICertRecord.STATUS_REVOKED))) { Enumeration eIPs = mCRLIssuingPoints.elements(); while (eIPs.hasMoreElements()) { - ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); + ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs + .nextElement(); if (ip != null) { if (status.equals(ICertRecord.STATUS_REVOKED)) { - IRevocationInfo rInfo = certRec.getRevocationInfo(); + IRevocationInfo rInfo = certRec + .getRevocationInfo(); if (rInfo != null) { - ip.addRevokedCert(certRec.getSerialNumber(), - new RevokedCertImpl(certRec.getSerialNumber(), - rInfo.getRevocationDate(), - rInfo.getCRLEntryExtensions())); + ip.addRevokedCert( + certRec.getSerialNumber(), + new RevokedCertImpl(certRec + .getSerialNumber(), rInfo + .getRevocationDate(), rInfo + .getCRLEntryExtensions())); } } else { ip.addUnrevokedCert(certRec.getSerialNumber()); @@ -1850,16 +1878,16 @@ public class CertificateRepository extends Repository } } - /** - * Checks if the presented certificate belongs to the repository - * and is revoked. - * - * @param cert certificate to verify. - * @return RevocationInfo if the presented certificate is revoked otherwise null. + * Checks if the presented certificate belongs to the repository and is + * revoked. + * + * @param cert certificate to verify. + * @return RevocationInfo if the presented certificate is revoked otherwise + * null. */ public RevocationInfo isCertificateRevoked(X509CertImpl cert) - throws EBaseException { + throws EBaseException { RevocationInfo info = null; // 615932 @@ -1871,7 +1899,8 @@ public class CertificateRepository extends Repository if (rec != null) { if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { X500Name name = (X500Name) cert.getSubjectDN(); - X500Name repCertName = (X500Name) rec.getCertificate().getSubjectDN(); + X500Name repCertName = (X500Name) rec.getCertificate() + .getSubjectDN(); if (name.equals(repCertName)) { byte[] certEncoded = null; @@ -1883,9 +1912,8 @@ public class CertificateRepository extends Repository } catch (Exception e) { } - if (certEncoded != null && - repCertEncoded != null && - certEncoded.length == repCertEncoded.length) { + if (certEncoded != null && repCertEncoded != null + && certEncoded.length == repCertEncoded.length) { int i; for (i = 0; i < certEncoded.length; i++) { @@ -1893,7 +1921,8 @@ public class CertificateRepository extends Repository break; } if (i >= certEncoded.length) { - info = (RevocationInfo) ((CertRecord) rec).getRevocationInfo(); + info = (RevocationInfo) ((CertRecord) rec) + .getRevocationInfo(); } } } @@ -1904,15 +1933,14 @@ public class CertificateRepository extends Repository } public void shutdown() { - //if (mCertStatusUpdateThread != null) - // mCertStatusUpdateThread.destroy(); + // if (mCertStatusUpdateThread != null) + // mCertStatusUpdateThread.destroy(); - //if (mRetrieveModificationsThread != null) - // mRetrieveModificationsThread.destroy(); + // if (mRetrieveModificationsThread != null) + // mRetrieveModificationsThread.destroy(); } } - class CertStatusUpdateThread extends Thread { CertificateRepository _cr = null; IRepository _rr = null; @@ -1921,7 +1949,7 @@ class CertStatusUpdateThread extends Thread { CertStatusUpdateThread(CertificateRepository cr, IRepository rr, String name) { super(name); CMS.debug("new CertStatusUpdateThread"); - //setName(name); + // setName(name); _cr = cr; _rr = rr; @@ -1964,7 +1992,6 @@ class CertStatusUpdateThread extends Thread { } } - class RetrieveModificationsThread extends Thread { CertificateRepository _cr = null; LDAPSearchResults _results = null; @@ -1972,7 +1999,7 @@ class RetrieveModificationsThread extends Thread { RetrieveModificationsThread(CertificateRepository cr, String name) { super(name); CMS.debug("new RetrieveModificationsThread"); - //setName(name); + // setName(name); _cr = cr; } @@ -1991,7 +2018,7 @@ class RetrieveModificationsThread extends Thread { _cr.getModifications(entry); } } catch (LDAPException e) { - CMS.debug("LDAPException: "+e.toString()); + CMS.debug("LDAPException: " + e.toString()); } } else { CMS.debug("_results are null"); |