diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java | 1005 |
1 files changed, 489 insertions, 516 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java index fa069245d..740948712 100644 --- a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java +++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.dbs; + import java.math.BigInteger; import java.security.cert.Certificate; import java.util.Arrays; @@ -54,17 +55,18 @@ import com.netscape.certsrv.dbs.certdb.IRevocationInfo; import com.netscape.certsrv.dbs.repository.IRepository; import com.netscape.certsrv.logging.ILogger; + /** - * A class represents a certificate repository. It stores all the issued - * certificate. + * A class represents a certificate repository. It + * stores all the issued certificate. * <P> - * + * * @author thomask * @author kanda * @version $Revision$, $Date$ */ -public class CertificateRepository extends Repository implements - ICertificateRepository { +public class CertificateRepository extends Repository + implements ICertificateRepository { public final String CERT_X509ATTRIBUTE = "x509signedcert"; @@ -83,11 +85,11 @@ public class CertificateRepository extends Repository implements /** * Constructs a certificate repository. */ - public CertificateRepository(IDBSubsystem dbService, String certRepoBaseDN, - int increment, String baseDN) throws EDBException { + public CertificateRepository(IDBSubsystem dbService, String certRepoBaseDN, int increment, String baseDN) + throws EDBException { super(dbService, increment, baseDN); mBaseDN = certRepoBaseDN; - + mDBService = dbService; // registers CMS database attributes @@ -96,19 +98,17 @@ public class CertificateRepository extends Repository implements IConfigStore cfg = mDBService.getConfigStore(); } - public ICertRecord createCertRecord(BigInteger id, Certificate cert, - MetaInfo meta) { + public ICertRecord createCertRecord(BigInteger id, Certificate cert, MetaInfo meta) { return new CertRecord(id, cert, meta); } - public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, - BigInteger serial_upper_bound) throws EBaseException { + public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) + throws EBaseException { - CMS.debug("CertificateRepository: in getLastSerialNumberInRange: low " - + serial_low_bound + " high " + serial_upper_bound); + CMS.debug("CertificateRepository: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound); - if (serial_low_bound == null || serial_upper_bound == null - || serial_low_bound.compareTo(serial_upper_bound) >= 0) { + if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0 ) + { return null; } @@ -117,30 +117,26 @@ public class CertificateRepository extends Repository implements String[] attrs = null; - ICertRecordList recList = findCertRecordsInList(ldapfilter, attrs, - serial_upper_bound.toString(10), "serialno", 5 * -1); + ICertRecordList recList = findCertRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1); int size = recList.getSize(); - CMS.debug("CertificateRepository:getLastSerialNumberInRange: recList size " - + size); + CMS.debug("CertificateRepository:getLastSerialNumberInRange: recList size " + size); if (size <= 0) { CMS.debug("CertificateRepository:getLastSerialNumberInRange: index may be empty"); BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); - CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " - + ret); + ret = ret.add(new BigInteger("-1")); + CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret); return ret; } int ltSize = recList.getSizeBeforeJumpTo(); Vector cList = new Vector(ltSize); - CMS.debug("CertificateRepository:getLastSerialNumberInRange: ltSize " - + ltSize); + CMS.debug("CertificateRepository:getLastSerialNumberInRange: ltSize " + ltSize); CertRecord curRec = null; @@ -155,13 +151,11 @@ public class CertificateRepository extends Repository implements BigInteger serial = curRec.getSerialNumber(); - CMS.debug("CertificateRepository:getLastCertRecordSerialNo: serialno " - + serial); + CMS.debug("CertificateRepository:getLastCertRecordSerialNo: serialno " + serial); - if (((serial.compareTo(serial_low_bound) == 0) || (serial - .compareTo(serial_low_bound) == 1)) - && ((serial.compareTo(serial_upper_bound) == 0) || (serial - .compareTo(serial_upper_bound) == -1))) { + if( ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) && + ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) )) + { CMS.debug("getLastSerialNumberInRange returning: " + serial); return serial; } @@ -169,25 +163,25 @@ public class CertificateRepository extends Repository implements CMS.debug("getLastSerialNumberInRange:found null from getCertRecord"); } } + BigInteger ret = new BigInteger(serial_low_bound.toString(10)); - ret = ret.add(new BigInteger("-1")); + ret = ret.add(new BigInteger("-1")); - CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " - + ret); - return ret; + CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret); + return ret; } /** * Removes all objects with this repository. */ - public void removeCertRecords(BigInteger beginS, BigInteger endS) - throws EBaseException { + public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException + { String filter = "(" + CertRecord.ATTR_CERT_STATUS + "=*" + ")"; - ICertRecordList list = findCertRecordsInList(filter, null, "serialno", - 10); + ICertRecordList list =findCertRecordsInList(filter, + null, "serialno", 10); int size = list.getSize(); Enumeration e = list.getCertRecords(0, size - 1); while (e.hasMoreElements()) { @@ -197,8 +191,8 @@ public class CertificateRepository extends Repository implements BigInteger min = cur; if (endS != null) min = cur.min(endS); - if (cur.equals(beginS) || cur.equals(endS) - || (cur.equals(max) && cur.equals(min))) + if (cur.equals(beginS) || cur.equals(endS) || + (cur.equals(max) && cur.equals(min))) deleteCertificateRecord(cur); } } @@ -228,13 +222,14 @@ public class CertificateRepository extends Repository implements } /** - * interval value: (in seconds) 0 - disable >0 - enable + * interval value: (in seconds) + * 0 - disable + * >0 - enable */ public CertStatusUpdateThread mCertStatusUpdateThread = null; public RetrieveModificationsThread mRetrieveModificationsThread = null; - public void setCertStatusUpdateInterval(IRepository requestRepo, - int interval, boolean listenToCloneModifications) { + public void setCertStatusUpdateInterval(IRepository requestRepo, int interval, boolean listenToCloneModifications) { CMS.debug("In setCertStatusUpdateInterval " + interval); if (interval == 0) { CMS.debug("In setCertStatusUpdateInterval interval = 0" + interval); @@ -247,14 +242,11 @@ public class CertificateRepository extends Repository implements return; } - CMS.debug("In setCertStatusUpdateInterval listenToCloneModifications=" - + listenToCloneModifications - + " mRetrieveModificationsThread=" - + mRetrieveModificationsThread); + CMS.debug("In setCertStatusUpdateInterval listenToCloneModifications="+listenToCloneModifications+ + " mRetrieveModificationsThread="+mRetrieveModificationsThread); if (listenToCloneModifications && mRetrieveModificationsThread == null) { CMS.debug("In setCertStatusUpdateInterval about to create RetrieveModificationsThread"); - mRetrieveModificationsThread = new RetrieveModificationsThread( - this, "RetrieveModificationsThread"); + mRetrieveModificationsThread = new RetrieveModificationsThread(this, "RetrieveModificationsThread"); LDAPSearchResults mResults = null; try { mResults = startSearchForModifiedCertificateRecords(); @@ -267,12 +259,10 @@ public class CertificateRepository extends Repository implements } } - CMS.debug("In setCertStatusUpdateInterval mCertStatusUpdateThread " - + mCertStatusUpdateThread); + CMS.debug("In setCertStatusUpdateInterval mCertStatusUpdateThread " + mCertStatusUpdateThread); if (mCertStatusUpdateThread == null) { CMS.debug("In setCertStatusUpdateInterval about to create CertStatusUpdateThread "); - mCertStatusUpdateThread = new CertStatusUpdateThread(this, - requestRepo, "CertStatusUpdateThread"); + mCertStatusUpdateThread = new CertStatusUpdateThread(this, requestRepo, "CertStatusUpdateThread"); mCertStatusUpdateThread.setInterval(interval); mCertStatusUpdateThread.start(); } else { @@ -282,6 +272,7 @@ public class CertificateRepository extends Repository implements } } + /** * Blocking method. */ @@ -289,21 +280,21 @@ public class CertificateRepository extends Repository implements CMS.debug("In updateCertStatus()"); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH")); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH")); transitInvalidCertificates(); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH")); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH")); transitValidCertificates(); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH")); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH")); transitRevokedExpiredCertificates(); CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH")); + CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH")); } /** @@ -313,14 +304,13 @@ public class CertificateRepository extends Repository implements return mBaseDN; } - public void setRequestDN(String requestDN) { + public void setRequestDN( String requestDN ) { mRequestBaseDN = requestDN; } - public String getRequestDN() { + public String getRequestDN() { return mRequestBaseDN; } - /** * Retrieves backend database handle. */ @@ -329,21 +319,22 @@ public class CertificateRepository extends Repository implements } /** - * Adds a certificate record to the repository. Each certificate record - * contains four parts: certificate, meta-attributes, issue information and - * reovcation information. + * Adds a certificate record to the repository. Each certificate + * record contains four parts: certificate, meta-attributes, + * issue information and reovcation information. * <P> - * + * * @param cert X.509 certificate - * @exception EBaseException failed to add new certificate to the repository + * @exception EBaseException failed to add new certificate to + * the repository */ - public void addCertificateRecord(ICertRecord record) throws EBaseException { + public void addCertificateRecord(ICertRecord record) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" - + ((CertRecord) record).getSerialNumber().toString() + "," - + getDN(); + String name = "cn" + "=" + + ((CertRecord) record).getSerialNumber().toString() + "," + getDN(); SessionContext ctx = SessionContext.getContext(); String uid = (String) ctx.get(SessionContext.USER_ID); @@ -352,30 +343,30 @@ public class CertificateRepository extends Repository implements record.set(CertRecord.ATTR_ISSUED_BY, "system"); /** - * System.out.println("XXX servlet should set USER_ID"); throw - * new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1, - * "null"); + System.out.println("XXX servlet should set USER_ID"); + throw new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1, + "null"); **/ } else { record.set(CertRecord.ATTR_ISSUED_BY, uid); } - // Check validity of this certificate. If it is not invalid, + // Check validity of this certificate. If it is not invalid, // mark it so. We will have a thread to transit the status // from INVALID to VALID. - X509CertImpl x509cert = (X509CertImpl) record - .get(CertRecord.ATTR_X509CERT); + X509CertImpl x509cert = (X509CertImpl) record.get( + CertRecord.ATTR_X509CERT); if (x509cert != null) { Date now = CMS.getCurrentDate(); if (x509cert.getNotBefore().after(now)) { // not yet valid - record.set(ICertRecord.ATTR_CERT_STATUS, - ICertRecord.STATUS_INVALID); + record.set(ICertRecord.ATTR_CERT_STATUS, + ICertRecord.STATUS_INVALID); } } - + s.add(name, record); } finally { if (s != null) @@ -384,19 +375,21 @@ public class CertificateRepository extends Repository implements } /** - * Used by the Clone Master (CLA) to add a revoked certificate record to the - * repository. + * Used by the Clone Master (CLA) to add a revoked certificate + * record to the repository. * <p> - * + * * @param record a CertRecord - * @exception EBaseException failed to add new certificate to the repository + * @exception EBaseException failed to add new certificate to + * the repository */ - public void addRevokedCertRecord(CertRecord record) throws EBaseException { + public void addRevokedCertRecord(CertRecord record) + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + record.getSerialNumber().toString() - + "," + getDN(); + String name = "cn" + "=" + + record.getSerialNumber().toString() + "," + getDN(); s.add(name, record); } finally { @@ -406,14 +399,13 @@ public class CertificateRepository extends Repository implements } /** - * This transits a certificate status from VALID to EXPIRED if a certificate - * becomes expired. + * This transits a certificate status from VALID to EXPIRED + * if a certificate becomes expired. */ public void transitValidCertificates() throws EBaseException { Date now = CMS.getCurrentDate(); - ICertRecordList recList = getValidCertsByNotAfterDate(now, -1 - * mTransitRecordPageSize); + ICertRecordList recList = getValidCertsByNotAfterDate(now, -1 * mTransitRecordPageSize); int size = recList.getSize(); @@ -438,21 +430,18 @@ public class CertificateRepository extends Repository implements for (i = 0; i < ltSize; i++) { obj = recList.getCertRecord(i); - if (obj != null) { + if (obj != null) { curRec = (CertRecord) obj; Date notAfter = curRec.getNotAfter(); - // CMS.debug("notAfter " + notAfter.toString() + " now " + - // now.toString()); + //CMS.debug("notAfter " + notAfter.toString() + " now " + now.toString()); if (notAfter.after(now)) { - CMS.debug("Record does not qualify,notAfter " - + notAfter.toString() + " date " + now.toString()); + CMS.debug("Record does not qualify,notAfter " + notAfter.toString() + " date " + now.toString()); continue; } - CMS.debug("transitValid: curRec: " + i + " " - + curRec.toString()); + CMS.debug("transitValid: curRec: " + i + " " + curRec.toString()); if (mConsistencyCheck) { cList.add(curRec); @@ -471,14 +460,13 @@ public class CertificateRepository extends Repository implements } /** - * This transits a certificate status from REVOKED to REVOKED_EXPIRED if an - * revoked certificate becomes expired. + * This transits a certificate status from REVOKED to REVOKED_EXPIRED + * if an revoked certificate becomes expired. */ public void transitRevokedExpiredCertificates() throws EBaseException { Date now = CMS.getCurrentDate(); - ICertRecordList recList = getRevokedCertsByNotAfterDate(now, -1 - * mTransitRecordPageSize); - + ICertRecordList recList = getRevokedCertsByNotAfterDate(now, -1 * mTransitRecordPageSize); + int size = recList.getSize(); if (size <= 0) { @@ -502,16 +490,13 @@ public class CertificateRepository extends Repository implements obj = recList.getCertRecord(i); if (obj != null) { curRec = (CertRecord) obj; - CMS.debug("transitRevokedExpired: curRec: " + i + " " - + curRec.toString()); + CMS.debug("transitRevokedExpired: curRec: " + i + " " + curRec.toString()); Date notAfter = curRec.getNotAfter(); - // CMS.debug("notAfter " + notAfter.toString() + " now " + - // now.toString()); + // CMS.debug("notAfter " + notAfter.toString() + " now " + now.toString()); if (notAfter.after(now)) { - CMS.debug("Record does not qualify,notAfter " - + notAfter.toString() + " date " + now.toString()); + CMS.debug("Record does not qualify,notAfter " + notAfter.toString() + " date " + now.toString()); continue; } @@ -520,7 +505,7 @@ public class CertificateRepository extends Repository implements } else { cList.add(curRec.getSerialNumber()); } - } else { + } else { CMS.debug("found null record in getCertRecord"); } } @@ -530,15 +515,14 @@ public class CertificateRepository extends Repository implements } /** - * This transits a certificate status from INVALID to VALID if a certificate - * becomes valid. + * This transits a certificate status from INVALID to VALID + * if a certificate becomes valid. */ public void transitInvalidCertificates() throws EBaseException { Date now = CMS.getCurrentDate(); - ICertRecordList recList = getInvalidCertsByNotBeforeDate(now, -1 - * mTransitRecordPageSize); + ICertRecordList recList = getInvalidCertsByNotBeforeDate(now, -1 * mTransitRecordPageSize); int size = recList.getSize(); @@ -569,16 +553,13 @@ public class CertificateRepository extends Repository implements Date notBefore = curRec.getNotBefore(); - // CMS.debug("notBefore " + notBefore.toString() + " now " + - // now.toString()); + //CMS.debug("notBefore " + notBefore.toString() + " now " + now.toString()); if (notBefore.after(now)) { - CMS.debug("Record does not qualify,notBefore " - + notBefore.toString() + " date " + now.toString()); + CMS.debug("Record does not qualify,notBefore " + notBefore.toString() + " date " + now.toString()); continue; } - CMS.debug("transitInValid: curRec: " + i + " " - + curRec.toString()); + CMS.debug("transitInValid: curRec: " + i + " " + curRec.toString()); if (mConsistencyCheck) { cList.add(curRec); @@ -595,8 +576,7 @@ public class CertificateRepository extends Repository implements } - private void transitCertList(Vector cList, String newCertStatus) - throws EBaseException { + private void transitCertList(Vector cList, String newCertStatus) throws EBaseException { CertRecord cRec = null; BigInteger serial = null; @@ -619,9 +599,8 @@ public class CertificateRepository extends Repository implements updateStatus(serial, newCertStatus); if (newCertStatus.equals(CertRecord.STATUS_REVOKED_EXPIRED)) { - - // inform all CRLIssuingPoints about revoked and expired - // certificate + + // inform all CRLIssuingPoints about revoked and expired certificate Enumeration eIPs = mCRLIssuingPoints.elements(); @@ -645,7 +624,7 @@ public class CertificateRepository extends Repository implements * Reads the certificate identified by the given serial no. */ public X509CertImpl getX509Certificate(BigInteger serialNo) - throws EBaseException { + throws EBaseException { X509CertImpl cert = null; ICertRecord cr = readCertificateRecord(serialNo); @@ -656,15 +635,16 @@ public class CertificateRepository extends Repository implements * Deletes certificate record. */ public void deleteCertificateRecord(BigInteger serialNo) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + + serialNo.toString() + "," + getDN(); s.delete(name); } finally { - if (s != null) + if (s != null) s.close(); } } @@ -673,33 +653,35 @@ public class CertificateRepository extends Repository implements * Reads certificate from repository. */ public ICertRecord readCertificateRecord(BigInteger serialNo) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); CertRecord rec = null; try { - String name = "cn" + "=" + serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + + serialNo.toString() + "," + getDN(); rec = (CertRecord) s.read(name); } finally { - if (s != null) + if (s != null) s.close(); } return rec; } public synchronized void modifyCertificateRecord(BigInteger serialNo, - ModificationSet mods) throws EBaseException { + ModificationSet mods) throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + serialNo.toString() + "," + getDN(); + String name = "cn" + "=" + + serialNo.toString() + "," + getDN(); mods.add(CertRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE, - CMS.getCurrentDate()); + CMS.getCurrentDate()); s.modify(name, mods); } finally { - if (s != null) + if (s != null) s.close(); } } @@ -708,7 +690,7 @@ public class CertificateRepository extends Repository implements * Checks if the specified certificate is in the repository. */ public boolean containsCertificate(BigInteger serialNo) - throws EBaseException { + throws EBaseException { try { ICertRecord cr = readCertificateRecord(serialNo); @@ -723,7 +705,7 @@ public class CertificateRepository extends Repository implements * Marks certificate as revoked. */ public void markAsRevoked(BigInteger id, IRevocationInfo info) - throws EBaseException { + throws EBaseException { ModificationSet mods = new ModificationSet(); mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_ADD, info); @@ -731,14 +713,16 @@ public class CertificateRepository extends Repository implements String uid = (String) ctx.get(SessionContext.USER_ID); if (uid == null) { - mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, "system"); + mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, + "system"); } else { - mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, uid); + mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD, + uid); } mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_ADD, - CMS.getCurrentDate()); + CMS.getCurrentDate()); mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, - CertRecord.STATUS_REVOKED); + CertRecord.STATUS_REVOKED); modifyCertificateRecord(id, mods); } @@ -746,14 +730,15 @@ public class CertificateRepository extends Repository implements * Unmarks revoked certificate. */ public void unmarkRevoked(BigInteger id, IRevocationInfo info, - Date revokedOn, String revokedBy) throws EBaseException { + Date revokedOn, String revokedBy) + throws EBaseException { ModificationSet mods = new ModificationSet(); mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_DELETE, info); mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_DELETE, revokedBy); mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_DELETE, revokedOn); mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, - CertRecord.STATUS_VALID); + CertRecord.STATUS_VALID); modifyCertificateRecord(id, mods); } @@ -761,16 +746,17 @@ public class CertificateRepository extends Repository implements * Updates the certificiate record status to the specified. */ public void updateStatus(BigInteger id, String status) - throws EBaseException { + throws EBaseException { CMS.debug("updateStatus: " + id + " status " + status); ModificationSet mods = new ModificationSet(); - mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, status); + mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE, + status); modifyCertificateRecord(id, mods); } public Enumeration searchCertificates(String filter, int maxSize) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -778,14 +764,14 @@ public class CertificateRepository extends Repository implements try { e = s.search(getDN(), filter, maxSize); } finally { - if (s != null) + if (s != null) s.close(); } return e; } - public Enumeration searchCertificates(String filter, int maxSize, - int timeLimit) throws EBaseException { + public Enumeration searchCertificates(String filter, int maxSize, int timeLimit) + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -793,7 +779,7 @@ public class CertificateRepository extends Repository implements try { e = s.search(getDN(), filter, maxSize, timeLimit); } finally { - if (s != null) + if (s != null) s.close(); } return e; @@ -801,39 +787,39 @@ public class CertificateRepository extends Repository implements /** * Returns a list of X509CertImp that satisfies the filter. - * * @deprecated replaced by <code>findCertificatesInList</code> */ - public Enumeration findCertRecs(String filter) throws EBaseException { + public Enumeration findCertRecs(String filter) + throws EBaseException { CMS.debug("findCertRecs " + filter); IDBSSession s = mDBService.createSession(); Enumeration e = null; try { e = s.search(getDN(), filter); } finally { - if (s != null) - s.close(); + if (s != null) s.close(); } return e; } public Enumeration findCertRecs(String filter, String[] attrs) - throws EBaseException { + throws EBaseException { - CMS.debug("findCertRecs " + filter + "attrs " + Arrays.toString(attrs)); + CMS.debug( "findCertRecs " + filter + + "attrs " + Arrays.toString( attrs ) ); IDBSSession s = mDBService.createSession(); Enumeration e = null; try { e = s.search(getDN(), filter, attrs); } finally { - if (s != null) - s.close(); + if (s != null) s.close(); } return e; } - public Enumeration findCertificates(String filter) throws EBaseException { + public Enumeration findCertificates(String filter) + throws EBaseException { Enumeration e = findCertRecords(filter); Vector v = new Vector(); @@ -846,15 +832,18 @@ public class CertificateRepository extends Repository implements } /** - * Finds a list of certificate records that satisifies the filter. If you - * are going to process everything in the list, use this. + * Finds a list of certificate records that satisifies + * the filter. + * If you are going to process everything in the list, + * use this. */ - public Enumeration findCertRecords(String filter) throws EBaseException { + public Enumeration findCertRecords(String filter) + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { - // e = s.search(getDN(), filter); + //e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -862,16 +851,15 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Finds certificate records. Here is a list of filter attribute can be - * used: - * + * Finds certificate records. Here is a list of filter + * attribute can be used: * <pre> * certRecordId * certMetaInfo @@ -882,48 +870,49 @@ public class CertificateRepository extends Repository implements * x509Cert.notAfter * x509Cert.subject * </pre> - * - * The filter should follow RFC1558 LDAP filter syntax. For example, - * + * The filter should follow RFC1558 LDAP filter syntax. + * For example, * <pre> * (&(certRecordId=5)(x509Cert.notBefore=934398398)) * </pre> */ - public ICertRecordList findCertRecordsInList(String filter, String attrs[], - int pageSize) throws EBaseException { - return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID, + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], int pageSize) throws EBaseException { + return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID, pageSize); } - public ICertRecordList findCertRecordsInList(String filter, String attrs[], - String sortKey, int pageSize) throws EBaseException { + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); CMS.debug("In findCertRecordsInList"); CertRecordList list = null; try { - DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), - filter, attrs, sortKey, pageSize); + DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), filter, attrs, + sortKey, pageSize); list = new CertRecordList(vlist); } finally { - if (s != null) + if (s != null) s.close(); } return list; } - public ICertRecordList findCertRecordsInList(String filter, String attrs[], - String jumpTo, String sortKey, int pageSize) throws EBaseException { - return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, - pageSize); + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException { + return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, pageSize); } - public ICertRecordList findCertRecordsInList(String filter, String attrs[], - String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) - throws EBaseException { + public ICertRecordList findCertRecordsInList(String filter, + String attrs[], String jumpTo, boolean hardJumpTo, + String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); CertRecordList list = null; @@ -931,33 +920,33 @@ public class CertificateRepository extends Repository implements try { String jumpToVal = null; - if (hardJumpTo) { - CMS.debug("In findCertRecordsInList with hardJumpto "); - jumpToVal = "99"; - } else { - int len = jumpTo.length(); + if (hardJumpTo) { + CMS.debug("In findCertRecordsInList with hardJumpto "); + jumpToVal = "99"; + } else { + int len = jumpTo.length(); - if (len > 9) { - jumpToVal = Integer.toString(len) + jumpTo; - } else { - jumpToVal = "0" + Integer.toString(len) + jumpTo; - } + if (len > 9) { + jumpToVal = Integer.toString(len) + jumpTo; + } else { + jumpToVal = "0" + Integer.toString(len) + jumpTo; } + } - DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), - filter, attrs, jumpToVal, sortKey, pageSize); + DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), filter, + attrs, jumpToVal, sortKey, pageSize); list = new CertRecordList(vlist); } finally { - if (s != null) + if (s != null) s.close(); } return list; } public ICertRecordList findCertRecordsInListRawJumpto(String filter, - String attrs[], String jumpTo, String sortKey, int pageSize) - throws EBaseException { + String attrs[], String jumpTo, String sortKey, int pageSize) + throws EBaseException { IDBSSession s = mDBService.createSession(); CertRecordList list = null; @@ -965,8 +954,8 @@ public class CertificateRepository extends Repository implements try { - DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), - filter, attrs, jumpTo, sortKey, pageSize); + DBVirtualList vlist = (DBVirtualList) s.createVirtualList(getDN(), filter, + attrs, jumpTo, sortKey, pageSize); list = new CertRecordList(vlist); } finally { @@ -980,42 +969,44 @@ public class CertificateRepository extends Repository implements * Marks certificate as renewable. */ public void markCertificateAsRenewable(ICertRecord record) - throws EBaseException { - changeRenewalAttribute(((CertRecord) record).getSerialNumber() - .toString(), CertRecord.AUTO_RENEWAL_ENABLED); + throws EBaseException { + changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(), + CertRecord.AUTO_RENEWAL_ENABLED); } /** * Marks certificate as renewable. */ public void markCertificateAsNotRenewable(ICertRecord record) - throws EBaseException { - changeRenewalAttribute(((CertRecord) record).getSerialNumber() - .toString(), CertRecord.AUTO_RENEWAL_DISABLED); + throws EBaseException { + changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(), + CertRecord.AUTO_RENEWAL_DISABLED); } - public void markCertificateAsRenewed(String serialNo) throws EBaseException { + public void markCertificateAsRenewed(String serialNo) + throws EBaseException { changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_DONE); } public void markCertificateAsRenewalNotified(String serialNo) - throws EBaseException { + throws EBaseException { changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_NOTIFIED); } private void changeRenewalAttribute(String serialno, String value) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); try { - String name = "cn" + "=" + serialno + "," + getDN(); + String name = "cn" + "=" + serialno + + "," + getDN(); ModificationSet mods = new ModificationSet(); mods.add(CertRecord.ATTR_AUTO_RENEW, Modification.MOD_REPLACE, - value); + value); s.modify(name, mods); } finally { - if (s != null) + if (s != null) s.close(); } } @@ -1026,7 +1017,6 @@ public class CertificateRepository extends Repository implements public class RenewableCertificateCollection { Vector mToRenew = null; Vector mToNotify = null; - public RenewableCertificateCollection() { } @@ -1053,20 +1043,21 @@ public class CertificateRepository extends Repository implements } public Hashtable getRenewableCertificates(String renewalTime) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Hashtable tab = null; try { - String filter = "(&(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_VALID + ")(" + CertRecord.ATTR_X509CERT - + "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime - + ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" - + CertRecord.AUTO_RENEWAL_DONE + "))(!(" - + CertRecord.ATTR_AUTO_RENEW + "=" - + CertRecord.AUTO_RENEWAL_NOTIFIED + ")))"; - // Enumeration e = s.search(getDN(), filter); + String filter = "(&(" + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID + ")(" + + CertRecord.ATTR_X509CERT + + "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime + + ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" + + CertRecord.AUTO_RENEWAL_DONE + + "))(!(" + CertRecord.ATTR_AUTO_RENEW + "=" + + CertRecord.AUTO_RENEWAL_NOTIFIED + ")))"; + //Enumeration e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -1084,54 +1075,57 @@ public class CertificateRepository extends Repository implements Object val = null; if ((val = tab.get(subjectDN)) == null) { - RenewableCertificateCollection collection = new RenewableCertificateCollection(); + RenewableCertificateCollection collection = + new RenewableCertificateCollection(); collection.addCertificate(renewalFlag, cert); tab.put(subjectDN, collection); } else { - ((RenewableCertificateCollection) val).addCertificate( - renewalFlag, cert); + ((RenewableCertificateCollection) val).addCertificate(renewalFlag, cert); } } } finally { - if (s != null) + if (s != null) s.close(); } return tab; } /** - * Gets all valid and unexpired certificates pertaining to a subject DN. - * - * @param subjectDN The distinguished name of the subject. - * @param validityType The type of certificates to get. + * Gets all valid and unexpired certificates pertaining + * to a subject DN. + * + * @param subjectDN The distinguished name of the subject. + * @param validityType The type of certificates to get. * @return An array of certificates. */ - public X509CertImpl[] getX509Certificates(String subjectDN, int validityType) - throws EBaseException { + public X509CertImpl[] getX509Certificates(String subjectDN, + int validityType) throws EBaseException { IDBSSession s = mDBService.createSession(); X509CertImpl certs[] = null; try { // XXX - not checking validityType... - String filter = "(&(" + CertRecord.ATTR_X509CERT + "." - + X509CertInfo.SUBJECT + "=" + subjectDN; + String filter = "(&(" + CertRecord.ATTR_X509CERT + + "." + X509CertInfo.SUBJECT + "=" + subjectDN; if (validityType == ALL_VALID_CERTS) { - filter += ")(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_VALID; + filter += ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID; } if (validityType == ALL_UNREVOKED_CERTS) { - filter += ")(|(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_VALID + ")(" - + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_EXPIRED + ")"; + filter += ")(|(" + + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_VALID + ")(" + + CertRecord.ATTR_CERT_STATUS + "=" + + CertRecord.STATUS_EXPIRED + ")"; } filter += "))"; - // Enumeration e = s.search(getDN(), filter); + //Enumeration e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -1150,14 +1144,14 @@ public class CertificateRepository extends Repository implements certs = new X509CertImpl[v.size()]; v.copyInto(certs); } finally { - if (s != null) + if (s != null) s.close(); } return certs; } public X509CertImpl[] getX509Certificates(String filter) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); X509CertImpl certs[] = null; @@ -1166,7 +1160,7 @@ public class CertificateRepository extends Repository implements Enumeration e = null; if (filter != null && filter.length() > 0) { - // e = s.search(getDN(), filter); + //e = s.search(getDN(), filter); ICertRecordList list = null; list = findCertRecordsInList(filter, null, "serialno", 10); @@ -1187,7 +1181,7 @@ public class CertificateRepository extends Repository implements v.copyInto(certs); } } finally { - if (s != null) + if (s != null) s.close(); } return certs; @@ -1195,108 +1189,106 @@ public class CertificateRepository extends Repository implements /** * Retrives all valid certificates excluding ones already revoked. - * - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getValidCertificates(String from, String to) - throws EBaseException { - IDBSSession s = mDBService.createSession(); - Vector v = new Vector(); + throws EBaseException { + IDBSSession s = mDBService.createSession(); + Vector v = new Vector(); - try { + try { - // 'from' determines 'jumpto' value - // 'to' determines where to stop looking + // 'from' determines 'jumpto' value + // 'to' determines where to stop looking - String ldapfilter = "(certstatus=VALID)"; + String ldapfilter = "(certstatus=VALID)"; - String fromVal = "0"; - try { - if (from != null) { - int fv = Integer.parseInt(from); - fromVal = from; + String fromVal = "0"; + try { + if (from != null) { + int fv = Integer.parseInt(from); + fromVal = from; + } + } catch (Exception e1) { + // from is not integer } - } catch (Exception e1) { - // from is not integer - } - - ICertRecordList list = findCertRecordsInList(ldapfilter, null, - fromVal, "serialno", 40); - - BigInteger toInt = null; - if (to != null && !to.trim().equals("")) { - toInt = new BigInteger(to); - } - for (int i = 0;; i++) { - CertRecord rec = (CertRecord) list.getCertRecord(i); - CMS.debug("processing record: " + i); - if (rec == null) { - break; // no element returned - } else { + ICertRecordList list = + findCertRecordsInList(ldapfilter, null, fromVal, "serialno", 40); - CMS.debug("processing record: " + i + " " - + rec.getSerialNumber()); - // Check if we are past the 'to' marker - if (toInt != null) { - if (rec.getSerialNumber().compareTo(toInt) > 0) { - break; - } - } - v.addElement(rec); + BigInteger toInt = null; + if (to != null && !to.trim().equals("")) { + toInt = new BigInteger(to); } - } - } finally { - if (s != null) - s.close(); - } - CMS.debug("returning " + v.size() + " elements"); - return v.elements(); - } + for (int i=0;; i++) { + CertRecord rec = (CertRecord) list.getCertRecord(i); + CMS.debug("processing record: "+i); + if (rec == null) { + break; // no element returned + } else { + + CMS.debug("processing record: "+i+" "+rec.getSerialNumber()); + // Check if we are past the 'to' marker + if (toInt != null) { + if (rec.getSerialNumber().compareTo(toInt) > 0) { + break; + } + } + v.addElement(rec); + } + } + + } finally { + if (s != null) + s.close(); + } + CMS.debug("returning "+v.size()+" elements"); + return v.elements(); + } /** * Retrives all valid certificates excluding ones already revoked. */ - public Enumeration getAllValidCertificates() throws EBaseException { + public Enumeration getAllValidCertificates() + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { Date now = CMS.getCurrentDate(); - String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_BEFORE + "<=" - + DateMapper.dateToDB(now) + ")(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + DateMapper.dateToDB(now) + "))"; - // e = s.search(getDN(), ldapfilter); + String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_BEFORE + "<=" + + DateMapper.dateToDB(now) + ")(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + "))"; + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all valid not published certificates excluding ones already - * revoked. - * - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * Retrives all valid not published certificates + * excluding ones already revoked. + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getValidNotPublishedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1308,59 +1300,63 @@ public class CertificateRepository extends Repository implements ldapfilter += CertRecord.ATTR_ID + ">=" + from + ")("; if (to != null && to.length() > 0) ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")("; - ldapfilter += "!(" + CertRecord.ATTR_REVO_INFO + "=*))(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_BEFORE + "<=" - + DateMapper.dateToDB(now) + ")(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + DateMapper.dateToDB(now) + ")(!(" + "certMetainfo=" - + CertRecord.META_LDAPPUBLISH + ":true)))"; - // e = s.search(getDN(), ldapfilter); + ldapfilter += "!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_BEFORE + "<=" + + DateMapper.dateToDB(now) + ")(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + ")(!(" + + "certMetainfo=" + + CertRecord.META_LDAPPUBLISH + + ":true)))"; + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - + } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all valid not published certificates excluding ones already - * revoked. + * Retrives all valid not published certificates + * excluding ones already revoked. */ public Enumeration getAllValidNotPublishedCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { Date now = CMS.getCurrentDate(); - String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_BEFORE + "<=" - + DateMapper.dateToDB(now) + ")(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + DateMapper.dateToDB(now) + ")(!(" + "certMetainfo=" - + CertRecord.META_LDAPPUBLISH + ":true)))"; - // e = s.search(getDN(), ldapfilter); + String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_BEFORE + "<=" + + DateMapper.dateToDB(now) + ")(" + + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + ")(!(" + + "certMetainfo=" + + CertRecord.META_LDAPPUBLISH + + ":true)))"; + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1368,12 +1364,11 @@ public class CertificateRepository extends Repository implements /** * Retrives all expired certificates. - * - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getExpiredCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1385,20 +1380,20 @@ public class CertificateRepository extends Repository implements ldapfilter += CertRecord.ATTR_ID + ">=" + from + ")("; if (to != null && to.length() > 0) ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")("; - ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + DateMapper.dateToDB(now) + ")))"; - // e = s.search(getDN(), ldapfilter); - + ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + ")))"; + //e = s.search(getDN(), ldapfilter); + ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - } finally { + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1407,26 +1402,27 @@ public class CertificateRepository extends Repository implements /** * Retrives all expired certificates. */ - public Enumeration getAllExpiredCertificates() throws EBaseException { + public Enumeration getAllExpiredCertificates() + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { Date now = CMS.getCurrentDate(); - String ldapfilter = "(!(" + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + DateMapper.dateToDB(now) + "))"; - // e = s.search(getDN(), ldapfilter); + String ldapfilter = "(!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + "))"; + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - - } finally { + + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1434,12 +1430,11 @@ public class CertificateRepository extends Repository implements /** * Retrives all expired published certificates. - * - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getExpiredPublishedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1451,23 +1446,24 @@ public class CertificateRepository extends Repository implements ldapfilter += CertRecord.ATTR_ID + ">=" + from + ")("; if (to != null && to.length() > 0) ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")("; - ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + - // DateMapper.dateToDB(now) + ")))"; - DateMapper.dateToDB(now) + "))(" + "certMetainfo=" - + CertRecord.META_LDAPPUBLISH + ":true))"; - // e = s.search(getDN(), ldapfilter); - + ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + //DateMapper.dateToDB(now) + ")))"; + DateMapper.dateToDB(now) + "))(" + + "certMetainfo=" + + CertRecord.META_LDAPPUBLISH + + ":true))"; + //e = s.search(getDN(), ldapfilter); + ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - } finally { + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1477,7 +1473,7 @@ public class CertificateRepository extends Repository implements * Retrives all expired publishedcertificates. */ public Enumeration getAllExpiredPublishedCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1485,30 +1481,31 @@ public class CertificateRepository extends Repository implements Date now = CMS.getCurrentDate(); String ldapfilter = "(&"; - ldapfilter += "(!(" + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + ">=" - + DateMapper.dateToDB(now) + "))"; - ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH - + ":true))"; - - // e = s.search(getDN(), ldapfilter); + ldapfilter += "(!(" + CertRecord.ATTR_X509CERT + "." + + CertificateValidity.NOT_AFTER + ">=" + + DateMapper.dateToDB(now) + "))"; + ldapfilter += "(certMetainfo=" + + CertRecord.META_LDAPPUBLISH + + ":true))"; + + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); int size = list.getSize(); e = list.getCertRecords(0, size - 1); - - } finally { + + } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } - public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, - int pageSize) throws EBaseException { + public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, int pageSize) + throws EBaseException { String now = null; @@ -1518,29 +1515,27 @@ public class CertificateRepository extends Repository implements IDBSSession s = mDBService.createSession(); try { - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_INVALID + ")"; + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_INVALID + ")"; String[] attrs = null; if (mConsistencyCheck == false) { - attrs = new String[] { "objectclass", CertRecord.ATTR_ID, - CertRecord.ATTR_X509CERT }; + attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT}; } - CMS.debug("getInvalidCertificatesByNotBeforeDate filter " - + ldapfilter); - // e = s.search(getDN(), ldapfilter); + CMS.debug("getInvalidCertificatesByNotBeforeDate filter " + ldapfilter); + //e = s.search(getDN(), ldapfilter); CMS.debug("getInvalidCertificatesByNotBeforeDate: about to call findCertRecordsInList"); list = findCertRecordsInListRawJumpto(ldapfilter, attrs, - DateMapper.dateToDB(date), "notBefore", pageSize); + DateMapper.dateToDB(date), "notBefore", pageSize); - // e = list.getCertRecords(0, size - 1); + //e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment + CMS.debug("In getInvalidCertsByNotBeforeDate finally."); if (s != null) @@ -1551,7 +1546,7 @@ public class CertificateRepository extends Repository implements } public ICertRecordList getValidCertsByNotAfterDate(Date date, int pageSize) - throws EBaseException { + throws EBaseException { String now = null; @@ -1559,20 +1554,17 @@ public class CertificateRepository extends Repository implements IDBSSession s = mDBService.createSession(); try { - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_VALID + ")"; + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_VALID + ")"; String[] attrs = null; if (mConsistencyCheck == false) { - attrs = new String[] { "objectclass", CertRecord.ATTR_ID, - CertRecord.ATTR_X509CERT }; + attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT}; } CMS.debug("getValidCertsByNotAfterDate filter " + ldapfilter); - // e = s.search(getDN(), ldapfilter); - list = findCertRecordsInListRawJumpto(ldapfilter, attrs, - DateMapper.dateToDB(date), "notAfter", pageSize); + //e = s.search(getDN(), ldapfilter); + list = findCertRecordsInListRawJumpto(ldapfilter, attrs, DateMapper.dateToDB(date), "notAfter", pageSize); } finally { // XXX - transaction is not done at this moment @@ -1584,50 +1576,46 @@ public class CertificateRepository extends Repository implements } public ICertRecordList getRevokedCertsByNotAfterDate(Date date, int pageSize) - throws EBaseException { + throws EBaseException { ICertRecordList list = null; IDBSSession s = mDBService.createSession(); try { - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_REVOKED + ")"; + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; String[] attrs = null; if (mConsistencyCheck == false) { - attrs = new String[] { "objectclass", - CertRecord.ATTR_REVOKED_ON, CertRecord.ATTR_ID, - CertRecord.ATTR_REVO_INFO, - CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT }; + attrs = new String[] { "objectclass", CertRecord.ATTR_REVOKED_ON, CertRecord.ATTR_ID, + CertRecord.ATTR_REVO_INFO, CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT}; } - CMS.debug("getRevokedCertificatesByNotAfterDate filter " - + ldapfilter); - // e = s.search(getDN(), ldapfilter); + CMS.debug("getRevokedCertificatesByNotAfterDate filter " + ldapfilter); + //e = s.search(getDN(), ldapfilter); CMS.debug("getRevokedCertificatesByNotAfterDate: about to call findCertRecordsInList"); list = findCertRecordsInListRawJumpto(ldapfilter, attrs, - DateMapper.dateToDB(date), "notafter", pageSize); + DateMapper.dateToDB(date), "notafter", pageSize); } finally { // XXX - transaction is not done at this moment + if (s != null) s.close(); } return list; } - + /** - * Retrieves all revoked certificates in the serial number range. - * - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * Retrieves all revoked certificates in the serial number range. + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getRevokedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1639,7 +1627,7 @@ public class CertificateRepository extends Repository implements if (to != null && to.length() > 0) ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")"; ldapfilter += ")"; - // e = s.search(getDN(), ldapfilter); + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1648,27 +1636,24 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all revoked certificates including ones already expired or not - * yet valid. + * Retrives all revoked certificates including ones already expired or + * not yet valid. */ - public Enumeration getAllRevokedCertificates() throws EBaseException { + public Enumeration getAllRevokedCertificates() + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_REVOKED + ")(" - + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup - // for this filter + String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter try { - // e = s.search(getDN(), ldapfilter); + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1676,20 +1661,19 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrieves all revoked publishedcertificates in the serial number range. - * - * @param from The starting point of the serial number range. - * @param to The ending point of the serial number range. + * Retrieves all revoked publishedcertificates in the serial number range. + * @param from The starting point of the serial number range. + * @param to The ending point of the serial number range. */ public Enumeration getRevokedPublishedCertificates(String from, String to) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; @@ -1700,10 +1684,11 @@ public class CertificateRepository extends Repository implements ldapfilter += "(" + CertRecord.ATTR_ID + ">=" + from + ")"; if (to != null && to.length() > 0) ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")"; - // ldapfilter += ")"; - ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH - + ":true))"; - // e = s.search(getDN(), ldapfilter); + //ldapfilter += ")"; + ldapfilter += "(certMetainfo=" + + CertRecord.META_LDAPPUBLISH + + ":true))"; + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1712,30 +1697,27 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrives all revoked published certificates including ones already - * expired or not yet valid. + * Retrives all revoked published certificates including ones + * already expired or not yet valid. */ public Enumeration getAllRevokedPublishedCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_REVOKED + ")(" - + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup - // for this filter - - ldapfilter += "(certMetainfo=" + CertRecord.META_LDAPPUBLISH - + ":true))"; + String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter + + ldapfilter += "(certMetainfo=" + + CertRecord.META_LDAPPUBLISH + + ":true))"; try { - // e = s.search(getDN(), ldapfilter); + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1743,31 +1725,30 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } /** - * Retrieves all revoked certificates that have not expired. + * Retrieves all revoked certificates that have not expired. */ public Enumeration getRevokedCertificates(Date asOfDate) - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; try { - /* - * e = s.search(getDN(), "(&(" + CertRecord.ATTR_REVO_INFO + "=*)(" - * + CertRecord.ATTR_X509CERT + "." + CertificateValidity.NOT_AFTER - * + " >= " + DateMapper.dateToDB(asOfDate) + "))"); - */ - String ldapfilter = "(&(" + CertRecord.ATTR_REVO_INFO + "=*)(" - + CertRecord.ATTR_X509CERT + "." - + CertificateValidity.NOT_AFTER + " >= " - + DateMapper.dateToDB(asOfDate) + "))"; + /*e = s.search(getDN(), "(&(" + + CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT + + "." + CertificateValidity.NOT_AFTER + " >= " + + DateMapper.dateToDB(asOfDate) + "))");*/ + String ldapfilter = "(&(" + + CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT + + "." + CertificateValidity.NOT_AFTER + " >= " + + DateMapper.dateToDB(asOfDate) + "))"; ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1776,7 +1757,7 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { // XXX - transaction is not done at this moment - if (s != null) + if (s != null) s.close(); } return e; @@ -1786,15 +1767,13 @@ public class CertificateRepository extends Repository implements * Retrives all revoked certificates excluing ones already expired. */ public Enumeration getAllRevokedNonExpiredCertificates() - throws EBaseException { + throws EBaseException { IDBSSession s = mDBService.createSession(); Enumeration e = null; - String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" - + CertRecord.STATUS_REVOKED + ")"; // index is setup for this - // filter + String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; // index is setup for this filter try { - // e = s.search(getDN(), ldapfilter); + //e = s.search(getDN(), ldapfilter); ICertRecordList list = null; list = findCertRecordsInList(ldapfilter, null, "serialno", 10); @@ -1802,14 +1781,14 @@ public class CertificateRepository extends Repository implements e = list.getCertRecords(0, size - 1); } finally { - if (s != null) + if (s != null) s.close(); } return e; } private LDAPSearchResults startSearchForModifiedCertificateRecords() - throws EBaseException { + throws EBaseException { CMS.debug("startSearchForModifiedCertificateRecords"); LDAPSearchResults r = null; IDBSSession s = mDBService.createSession(); @@ -1819,10 +1798,9 @@ public class CertificateRepository extends Repository implements r = s.persistentSearch(getDN(), filter, null); CMS.debug("startSearchForModifiedCertificateRecords persistentSearch started"); } catch (Exception e) { - CMS.debug("startSearchForModifiedCertificateRecords persistentSearch Exception=" - + e); + CMS.debug("startSearchForModifiedCertificateRecords persistentSearch Exception="+e); r = null; - if (s != null) + if (s != null) s.close(); } return r; @@ -1830,40 +1808,34 @@ public class CertificateRepository extends Repository implements public void getModifications(LDAPEntry entry) { if (entry != null) { - CMS.debug("getModifications entry DN=" + entry.getDN()); + CMS.debug("getModifications entry DN="+entry.getDN()); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); ICertRecord certRec = null; try { - certRec = (ICertRecord) mDBService.getRegistry().createObject( - entryAttrs); + certRec = (ICertRecord)mDBService.getRegistry().createObject(entryAttrs); } catch (Exception e) { } if (certRec != null) { String status = certRec.getStatus(); - CMS.debug("getModifications serialNumber=" - + certRec.getSerialNumber() + " status=" + status); - if (status != null - && (status.equals(ICertRecord.STATUS_VALID) || status - .equals(ICertRecord.STATUS_REVOKED))) { + CMS.debug("getModifications serialNumber="+certRec.getSerialNumber()+ + " status="+status); + if (status != null && (status.equals(ICertRecord.STATUS_VALID) || + status.equals(ICertRecord.STATUS_REVOKED))) { Enumeration eIPs = mCRLIssuingPoints.elements(); while (eIPs.hasMoreElements()) { - ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs - .nextElement(); + ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); if (ip != null) { if (status.equals(ICertRecord.STATUS_REVOKED)) { - IRevocationInfo rInfo = certRec - .getRevocationInfo(); + IRevocationInfo rInfo = certRec.getRevocationInfo(); if (rInfo != null) { - ip.addRevokedCert( - certRec.getSerialNumber(), - new RevokedCertImpl(certRec - .getSerialNumber(), rInfo - .getRevocationDate(), rInfo - .getCRLEntryExtensions())); + ip.addRevokedCert(certRec.getSerialNumber(), + new RevokedCertImpl(certRec.getSerialNumber(), + rInfo.getRevocationDate(), + rInfo.getCRLEntryExtensions())); } } else { ip.addUnrevokedCert(certRec.getSerialNumber()); @@ -1878,16 +1850,16 @@ public class CertificateRepository extends Repository implements } } + /** - * Checks if the presented certificate belongs to the repository and is - * revoked. - * - * @param cert certificate to verify. - * @return RevocationInfo if the presented certificate is revoked otherwise - * null. + * Checks if the presented certificate belongs to the repository + * and is revoked. + * + * @param cert certificate to verify. + * @return RevocationInfo if the presented certificate is revoked otherwise null. */ public RevocationInfo isCertificateRevoked(X509CertImpl cert) - throws EBaseException { + throws EBaseException { RevocationInfo info = null; // 615932 @@ -1899,8 +1871,7 @@ public class CertificateRepository extends Repository implements if (rec != null) { if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { X500Name name = (X500Name) cert.getSubjectDN(); - X500Name repCertName = (X500Name) rec.getCertificate() - .getSubjectDN(); + X500Name repCertName = (X500Name) rec.getCertificate().getSubjectDN(); if (name.equals(repCertName)) { byte[] certEncoded = null; @@ -1912,8 +1883,9 @@ public class CertificateRepository extends Repository implements } catch (Exception e) { } - if (certEncoded != null && repCertEncoded != null - && certEncoded.length == repCertEncoded.length) { + if (certEncoded != null && + repCertEncoded != null && + certEncoded.length == repCertEncoded.length) { int i; for (i = 0; i < certEncoded.length; i++) { @@ -1921,8 +1893,7 @@ public class CertificateRepository extends Repository implements break; } if (i >= certEncoded.length) { - info = (RevocationInfo) ((CertRecord) rec) - .getRevocationInfo(); + info = (RevocationInfo) ((CertRecord) rec).getRevocationInfo(); } } } @@ -1933,14 +1904,15 @@ public class CertificateRepository extends Repository implements } public void shutdown() { - // if (mCertStatusUpdateThread != null) - // mCertStatusUpdateThread.destroy(); + //if (mCertStatusUpdateThread != null) + // mCertStatusUpdateThread.destroy(); - // if (mRetrieveModificationsThread != null) - // mRetrieveModificationsThread.destroy(); + //if (mRetrieveModificationsThread != null) + // mRetrieveModificationsThread.destroy(); } } + class CertStatusUpdateThread extends Thread { CertificateRepository _cr = null; IRepository _rr = null; @@ -1949,7 +1921,7 @@ class CertStatusUpdateThread extends Thread { CertStatusUpdateThread(CertificateRepository cr, IRepository rr, String name) { super(name); CMS.debug("new CertStatusUpdateThread"); - // setName(name); + //setName(name); _cr = cr; _rr = rr; @@ -1992,6 +1964,7 @@ class CertStatusUpdateThread extends Thread { } } + class RetrieveModificationsThread extends Thread { CertificateRepository _cr = null; LDAPSearchResults _results = null; @@ -1999,7 +1972,7 @@ class RetrieveModificationsThread extends Thread { RetrieveModificationsThread(CertificateRepository cr, String name) { super(name); CMS.debug("new RetrieveModificationsThread"); - // setName(name); + //setName(name); _cr = cr; } @@ -2018,7 +1991,7 @@ class RetrieveModificationsThread extends Thread { _cr.getModifications(entry); } } catch (LDAPException e) { - CMS.debug("LDAPException: " + e.toString()); + CMS.debug("LDAPException: "+e.toString()); } } else { CMS.debug("_results are null"); |