From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Sat, 24 Mar 2012 02:27:47 -0500
Subject: Removed unnecessary pki folder.

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131
---
 .../com/netscape/cms/servlet/cert/UpdateDir.java   | 747 +++++++++++++++++++++
 1 file changed, 747 insertions(+)
 create mode 100644 base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java

(limited to 'base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java')

diff --git a/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
new file mode 100644
index 000000000..707e7ff5f
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
@@ -0,0 +1,747 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.cert;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Vector;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import netscape.security.x509.X509CRLImpl;
+import netscape.security.x509.X509CertImpl;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.authentication.IAuthToken;
+import com.netscape.certsrv.authorization.AuthzToken;
+import com.netscape.certsrv.authorization.EAuthzAccessDenied;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IArgBlock;
+import com.netscape.certsrv.base.MetaInfo;
+import com.netscape.certsrv.base.SessionContext;
+import com.netscape.certsrv.ca.ICRLIssuingPoint;
+import com.netscape.certsrv.ca.ICertificateAuthority;
+import com.netscape.certsrv.dbs.certdb.ICertRecord;
+import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
+import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
+import com.netscape.certsrv.dbs.crldb.ICRLRepository;
+import com.netscape.certsrv.ldap.ELdapException;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.publish.IPublisherProcessor;
+import com.netscape.certsrv.request.IRequest;
+import com.netscape.certsrv.request.RequestId;
+import com.netscape.cms.servlet.base.CMSServlet;
+import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
+import com.netscape.cms.servlet.common.CMSTemplateParams;
+import com.netscape.cms.servlet.common.ECMSGWException;
+
+/**
+ * Update the configured LDAP server with specified objects
+ * 
+ * @version $Revision$, $Date$
+ */
+public class UpdateDir extends CMSServlet {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = 3063889978908136789L;
+    private final static String INFO = "UpdateDir";
+    private final static String TPL_FILE = "updateDir.template";
+    private final static int UPDATE_ALL = 0;
+    private final static int UPDATE_CRL = 1;
+    private final static int UPDATE_CA = 2;
+    private final static int UPDATE_VALID = 3;
+    private final static int VALID_FROM = 4;
+    private final static int VALID_TO = 5;
+    private final static int UPDATE_EXPIRED = 6;
+    private final static int EXPIRED_FROM = 7;
+    private final static int EXPIRED_TO = 8;
+    private final static int UPDATE_REVOKED = 9;
+    private final static int REVOKED_FROM = 10;
+    private final static int REVOKED_TO = 11;
+    private final static int CHECK_FLAG = 12;
+    private final static String[] updateName =
+        { "updateAll", "updateCRL", "updateCA",
+                "updateValid", "validFrom", "validTo",
+                "updateExpired", "expiredFrom", "expiredTo",
+                "updateRevoked", "revokedFrom", "revokedTo",
+                "checkFlag" };
+
+    private String mFormPath = null;
+    private ICertificateAuthority mCA = null;
+    private IPublisherProcessor mPublisherProcessor = null;
+    private ICRLRepository mCRLRepository = null;
+    private boolean mClonedCA = false;
+
+    /**
+     * Constructs UpdateDir servlet.
+     */
+    public UpdateDir() {
+        super();
+    }
+
+    /**
+     * Initialize the servlet. This servlet uses the template
+     * 'updateDir.template' to render the response
+     */
+    public void init(ServletConfig sc) throws ServletException {
+        super.init(sc);
+
+        if (mAuthority != null) {
+            mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
+            if (mAuthority instanceof ICertificateAuthority) {
+                mCA = (ICertificateAuthority) mAuthority;
+                mPublisherProcessor = mCA.getPublisherProcessor();
+                mCRLRepository = mCA.getCRLRepository();
+            }
+
+            // override success to do output orw own template.
+            mTemplates.remove(CMSRequest.SUCCESS);
+            if (mOutputTemplatePath != null) {
+                mFormPath = mOutputTemplatePath;
+            }
+        }
+    }
+
+    /**
+     * Process the HTTP request.
+     * 
+     * @param cmsReq the object holding the request and response information
+     */
+    public void process(CMSRequest cmsReq) throws EBaseException {
+        HttpServletRequest req = cmsReq.getHttpReq();
+        HttpServletResponse resp = cmsReq.getHttpResp();
+
+        IAuthToken authToken = authenticate(cmsReq);
+
+        AuthzToken authzToken = null;
+
+        try {
+            authzToken = authorize(mAclMethod, authToken,
+                        mAuthzResourceName, "update");
+        } catch (EAuthzAccessDenied e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+        } catch (Exception e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+        }
+
+        if (authzToken == null) {
+            cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+            return;
+        }
+
+        EBaseException error = null;
+
+        IArgBlock header = CMS.createArgBlock();
+        IArgBlock fixed = CMS.createArgBlock();
+        CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        try {
+            form = getTemplate(mFormPath, req, locale);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+        }
+
+        try {
+            String crlIssuingPointId = req.getParameter("crlIssuingPoint");
+
+            if (mPublisherProcessor == null ||
+                    !mPublisherProcessor.enabled())
+                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
+
+            String[] updateValue = new String[updateName.length];
+
+            for (int i = 0; i < updateName.length; i++) {
+                updateValue[i] = req.getParameter(updateName[i]);
+            }
+
+            String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
+            String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
+            if (masterHost != null && masterHost.length() > 0 &&
+                    masterPort != null && masterPort.length() > 0) {
+                mClonedCA = true;
+            }
+
+            process(argSet, header, req, resp, crlIssuingPointId, updateValue, locale[0]);
+        } catch (EBaseException e) {
+            error = e;
+        }
+
+        try {
+            ServletOutputStream out = resp.getOutputStream();
+
+            if (error == null) {
+                String xmlOutput = req.getParameter("xml");
+                if (xmlOutput != null && xmlOutput.equals("true")) {
+                    outputXML(resp, argSet);
+                } else {
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                }
+            } else {
+                cmsReq.setStatus(CMSRequest.ERROR);
+                cmsReq.setError(error);
+            }
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+        }
+    }
+
+    private void updateCRLIssuingPoint(
+            IArgBlock header,
+            String crlIssuingPointId,
+            ICRLIssuingPoint crlIssuingPoint,
+            Locale locale) {
+        SessionContext sc = SessionContext.getContext();
+
+        sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId);
+        sc.put(ICRLIssuingPoint.SC_IS_DELTA_CRL, "false");
+        ICRLIssuingPointRecord crlRecord = null;
+
+        try {
+            if (mCRLRepository != null) {
+                crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
+            }
+        } catch (EBaseException e) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
+        }
+
+        if (crlRecord == null) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+            header.addStringValue("crlPublished", "Failure");
+            header.addStringValue("crlError",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+        } else {
+            String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null;
+            byte[] crlbytes = crlRecord.getCRL();
+
+            if (crlbytes == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
+                header.addStringValue("crlPublished", "Failure");
+                header.addStringValue("crlError",
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+            } else {
+                X509CRLImpl crl = null;
+
+                try {
+                    crl = new X509CRLImpl(crlbytes);
+                } catch (Exception e) {
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
+                }
+
+                if (crl == null) {
+                    header.addStringValue("crlPublished", "Failure");
+                    header.addStringValue("crlError",
+                            new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+                } else {
+                    try {
+                        if (publishDN != null) {
+                            mPublisherProcessor.publishCRL(publishDN, crl);
+                        } else {
+                            mPublisherProcessor.publishCRL(crl, crlIssuingPointId);
+                        }
+                        header.addStringValue("crlPublished", "Success");
+                    } catch (ELdapException e) {
+                        header.addStringValue("crlPublished", "Failure");
+                        header.addStringValue("crlError", e.toString(locale));
+                        log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", e.toString()));
+                    }
+                }
+            }
+
+            sc.put(ICRLIssuingPoint.SC_IS_DELTA_CRL, "true");
+            // handle delta CRL if any
+            byte[] deltaCrlBytes = crlRecord.getDeltaCRL();
+
+            if (deltaCrlBytes != null) {
+                X509CRLImpl deltaCrl = null;
+
+                try {
+                    deltaCrl = new X509CRLImpl(deltaCrlBytes);
+                } catch (Exception e) {
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
+                }
+
+                boolean goodDelta = false;
+                if (mClonedCA) {
+                    BigInteger crlNumber = crlRecord.getCRLNumber();
+                    BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
+                    Long deltaCRLSize = crlRecord.getDeltaCRLSize();
+                    if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 &&
+                            crlNumber != null && deltaNumber != null &&
+                            deltaNumber.compareTo(crlNumber) >= 0) {
+                        goodDelta = true;
+                    }
+                }
+
+                if (deltaCrl != null && ((mClonedCA && goodDelta) ||
+                        (crlIssuingPoint != null &&
+                        crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
+                    try {
+                        if (publishDN != null) {
+                            mPublisherProcessor.publishCRL(publishDN, deltaCrl);
+                        } else {
+                            mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId);
+                        }
+                    } catch (ELdapException e) {
+                        log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
+                    }
+                }
+            }
+        } // if
+    }
+
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String crlIssuingPointId,
+            String[] updateValue,
+            Locale locale)
+            throws EBaseException {
+        // all or crl
+        if ((updateValue[UPDATE_ALL] != null &&
+                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
+                (updateValue[UPDATE_CRL] != null &&
+                updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) {
+            // check if received issuing point ID is known to the server
+            if (crlIssuingPointId != null) {
+                Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
+
+                while (ips.hasMoreElements()) {
+                    ICRLIssuingPoint ip = ips.nextElement();
+
+                    if (crlIssuingPointId.equals(ip.getId())) {
+                        break;
+                    }
+                    if (!ips.hasMoreElements())
+                        crlIssuingPointId = null;
+                }
+            }
+            if (crlIssuingPointId == null) {
+                // publish all issuing points
+                if (mClonedCA && mCRLRepository != null) {
+                    Vector<String> ipNames = mCRLRepository.getIssuingPointsNames();
+                    if (ipNames != null && ipNames.size() > 0) {
+                        for (int i = 0; i < ipNames.size(); i++) {
+                            String ipName = ipNames.elementAt(i);
+
+                            updateCRLIssuingPoint(header, ipName, null, locale);
+                        }
+                    }
+                } else {
+                    Enumeration<ICRLIssuingPoint> oips = mCA.getCRLIssuingPoints();
+
+                    while (oips.hasMoreElements()) {
+                        ICRLIssuingPoint oip = oips.nextElement();
+
+                        updateCRLIssuingPoint(header, oip.getId(), oip, locale);
+                    }
+                }
+            } else {
+                ICRLIssuingPoint crlIssuingPoint =
+                        mCA.getCRLIssuingPoint(crlIssuingPointId);
+
+                updateCRLIssuingPoint(header, crlIssuingPointId,
+                        crlIssuingPoint, locale);
+            }
+        }
+
+        ICertificateRepository certificateRepository = (ICertificateRepository) mCA.getCertificateRepository();
+
+        // all or ca
+        if ((updateValue[UPDATE_ALL] != null &&
+                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
+                (updateValue[UPDATE_CA] != null &&
+                updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) {
+            X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
+
+            try {
+                mPublisherProcessor.publishCACert(caCert);
+                header.addStringValue("caCertPublished", "Success");
+            } catch (ELdapException e) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CACERT_1",
+                        caCert.getSerialNumber().toString(16), e.toString()));
+                header.addStringValue("caCertPublished", "Failure");
+                header.addStringValue("caCertError", e.toString(locale));
+            }
+        }
+
+        // all or valid
+        if ((updateValue[UPDATE_ALL] != null &&
+                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
+                (updateValue[UPDATE_VALID] != null &&
+                updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) {
+            if (certificateRepository != null) {
+                if (updateValue[VALID_FROM].startsWith("0x")) {
+                    updateValue[VALID_FROM] = hexToDecimal(updateValue[VALID_FROM]);
+                }
+                if (updateValue[VALID_TO].startsWith("0x")) {
+                    updateValue[VALID_TO] = hexToDecimal(updateValue[VALID_TO]);
+                }
+                Enumeration<ICertRecord> validCerts = null;
+
+                if (updateValue[CHECK_FLAG] != null &&
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                    validCerts =
+                            certificateRepository.getValidNotPublishedCertificates(
+                                    updateValue[VALID_FROM],
+                                    updateValue[VALID_TO]);
+                } else {
+                    validCerts =
+                            certificateRepository.getValidCertificates(
+                                    updateValue[VALID_FROM],
+                                    updateValue[VALID_TO]);
+                }
+                int i = 0;
+                int l = 0;
+                String validCertsError = "";
+
+                if (validCerts != null) {
+                    while (validCerts.hasMoreElements()) {
+                        ICertRecord certRecord =
+                                validCerts.nextElement();
+                        //X509CertImpl cert = certRecord.getCertificate();
+                        X509CertImpl cert = null;
+                        Object o = certRecord.getCertificate();
+
+                        if (o instanceof X509CertImpl)
+                            cert = (X509CertImpl) o;
+
+                        MetaInfo metaInfo = null;
+                        String ridString = null;
+
+                        metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
+                        if (metaInfo == null) {
+                            // ca's self signed signing cert and
+                            // server cert has no related request and
+                            // have no metaInfo
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
+                        } else {
+                            ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+                        }
+
+                        IRequest r = null;
+
+                        if (ridString != null) {
+                            RequestId rid = new RequestId(ridString);
+
+                            r = mCA.getRequestQueue().findRequest(rid);
+                        }
+
+                        try {
+                            l++;
+                            SessionContext sc = SessionContext.getContext();
+
+                            if (r == null) {
+                                if (CMS.isEncryptionCert(cert))
+                                    sc.put((Object) "isEncryptionCert", (Object) "true");
+                                else
+                                    sc.put((Object) "isEncryptionCert", (Object) "false");
+                                mPublisherProcessor.publishCert(cert, null);
+                            } else {
+                                if (CMS.isEncryptionCert(cert))
+                                    r.setExtData("isEncryptionCert", "true");
+                                else
+                                    r.setExtData("isEncryptionCert", "false");
+                                mPublisherProcessor.publishCert(cert, r);
+                            }
+                            i++;
+                        } catch (Exception e) {
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
+                            validCertsError +=
+                                    "Failed to publish certificate: 0x" +
+                                            certRecord.getSerialNumber().toString(16) +
+                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+                        }
+                    }
+                }
+                if (i > 0 && i == l) {
+                    header.addStringValue("validCertsPublished",
+                            "Success");
+                    if (i == 1)
+                        header.addStringValue("validCertsError", i +
+                                " valid certificate is published in the directory.");
+                    else
+                        header.addStringValue("validCertsError", i +
+                                " valid certificates are published in the directory.");
+                } else {
+                    if (l == 0) {
+                        header.addStringValue("validCertsPublished", "No");
+                    } else {
+                        header.addStringValue("validCertsPublished", "Failure");
+                        header.addStringValue("validCertsError",
+                                validCertsError);
+                    }
+                }
+            } else {
+                header.addStringValue("validCertsPublished", "Failure");
+                header.addStringValue("validCertsError", "Certificate repository is unavailable.");
+            }
+        }
+
+        // all or expired
+        if ((updateValue[UPDATE_ALL] != null &&
+                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
+                (updateValue[UPDATE_EXPIRED] != null &&
+                updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) {
+            if (certificateRepository != null) {
+                if (updateValue[EXPIRED_FROM].startsWith("0x")) {
+                    updateValue[EXPIRED_FROM] = hexToDecimal(updateValue[EXPIRED_FROM]);
+                }
+                if (updateValue[EXPIRED_TO].startsWith("0x")) {
+                    updateValue[EXPIRED_TO] = hexToDecimal(updateValue[EXPIRED_TO]);
+                }
+                Enumeration<ICertRecord> expiredCerts = null;
+
+                if (updateValue[CHECK_FLAG] != null &&
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                    expiredCerts =
+                            certificateRepository.getExpiredPublishedCertificates(
+                                    updateValue[EXPIRED_FROM],
+                                    updateValue[EXPIRED_TO]);
+                } else {
+                    expiredCerts =
+                            certificateRepository.getExpiredCertificates(
+                                    updateValue[EXPIRED_FROM],
+                                    updateValue[EXPIRED_TO]);
+                }
+                int i = 0;
+                int l = 0;
+                StringBuffer expiredCertsError = new StringBuffer();
+
+                if (expiredCerts != null) {
+                    while (expiredCerts.hasMoreElements()) {
+                        ICertRecord certRecord = expiredCerts.nextElement();
+                        //X509CertImpl cert = certRecord.getCertificate();
+                        X509CertImpl cert = null;
+                        Object o = certRecord.getCertificate();
+
+                        if (o instanceof X509CertImpl)
+                            cert = (X509CertImpl) o;
+
+                        MetaInfo metaInfo = null;
+                        String ridString = null;
+
+                        metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
+                        if (metaInfo == null) {
+                            // ca's self signed signing cert and
+                            // server cert has no related request and
+                            // have no metaInfo
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
+                        } else {
+                            ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+                        }
+
+                        IRequest r = null;
+
+                        if (ridString != null) {
+                            RequestId rid = new RequestId(ridString);
+
+                            r = mCA.getRequestQueue().findRequest(rid);
+                        }
+
+                        try {
+                            l++;
+                            if (r == null) {
+                                mPublisherProcessor.unpublishCert(cert, null);
+                            } else {
+                                mPublisherProcessor.unpublishCert(cert, r);
+                            }
+                            i++;
+                        } catch (Exception e) {
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
+                            expiredCertsError.append(
+                                    "Failed to unpublish certificate: 0x");
+                            expiredCertsError.append(
+                                    certRecord.getSerialNumber().toString(16));
+                            expiredCertsError.append(
+                                    ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;");
+                        }
+                    }
+                }
+                if (i > 0 && i == l) {
+                    header.addStringValue("expiredCertsUnpublished", "Success");
+                    if (i == 1)
+                        header.addStringValue("expiredCertsError", i +
+                                " expired certificate is unpublished in the directory.");
+                    else
+                        header.addStringValue("expiredCertsError", i +
+                                " expired certificates are unpublished in the directory.");
+                } else {
+                    if (l == 0) {
+                        header.addStringValue("expiredCertsUnpublished", "No");
+                    } else {
+                        header.addStringValue("expiredCertsUnpublished", "Failure");
+                        header.addStringValue("expiredCertsError",
+                                expiredCertsError.toString());
+                    }
+                }
+            } else {
+                header.addStringValue("expiredCertsUnpublished", "Failure");
+                header.addStringValue("expiredCertsError", "Certificate repository is unavailable.");
+            }
+        }
+
+        // all or revoked
+        if ((updateValue[UPDATE_ALL] != null &&
+                updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
+                (updateValue[UPDATE_REVOKED] != null &&
+                updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) {
+            if (certificateRepository != null) {
+                if (updateValue[REVOKED_FROM].startsWith("0x")) {
+                    updateValue[REVOKED_FROM] = hexToDecimal(updateValue[REVOKED_FROM]);
+                }
+                if (updateValue[REVOKED_TO].startsWith("0x")) {
+                    updateValue[REVOKED_TO] = hexToDecimal(updateValue[REVOKED_TO]);
+                }
+                Enumeration<ICertRecord> revokedCerts = null;
+
+                if (updateValue[CHECK_FLAG] != null &&
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                    revokedCerts =
+                            certificateRepository.getRevokedPublishedCertificates(
+                                    updateValue[REVOKED_FROM],
+                                    updateValue[REVOKED_TO]);
+                } else {
+                    revokedCerts =
+                            certificateRepository.getRevokedCertificates(
+                                    updateValue[REVOKED_FROM],
+                                    updateValue[REVOKED_TO]);
+                }
+                int i = 0;
+                int l = 0;
+                String revokedCertsError = "";
+
+                if (revokedCerts != null) {
+                    while (revokedCerts.hasMoreElements()) {
+                        ICertRecord certRecord = revokedCerts.nextElement();
+                        //X509CertImpl cert = certRecord.getCertificate();
+                        X509CertImpl cert = null;
+                        Object o = certRecord.getCertificate();
+
+                        if (o instanceof X509CertImpl)
+                            cert = (X509CertImpl) o;
+
+                        MetaInfo metaInfo = null;
+                        String ridString = null;
+
+                        metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
+                        if (metaInfo == null) {
+                            // ca's self signed signing cert and
+                            // server cert has no related request and
+                            // have no metaInfo
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
+                        } else {
+                            ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+                        }
+
+                        IRequest r = null;
+
+                        if (ridString != null) {
+                            RequestId rid = new RequestId(ridString);
+
+                            r = mCA.getRequestQueue().findRequest(rid);
+                        }
+
+                        try {
+                            l++;
+                            if (r == null) {
+                                mPublisherProcessor.unpublishCert(cert, null);
+                            } else {
+                                mPublisherProcessor.unpublishCert(cert, r);
+                            }
+                            i++;
+                        } catch (Exception e) {
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
+                            revokedCertsError +=
+                                    "Failed to unpublish certificate: 0x" +
+                                            certRecord.getSerialNumber().toString(16) +
+                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+                        }
+                    }
+                }
+                if (i > 0 && i == l) {
+                    header.addStringValue("revokedCertsUnpublished", "Success");
+                    if (i == 1)
+                        header.addStringValue("revokedCertsError", i +
+                                " revoked certificate is unpublished in the directory.");
+                    else
+                        header.addStringValue("revokedCertsError", i +
+                                " revoked certificates are unpublished in the directory.");
+                } else {
+                    if (l == 0) {
+                        header.addStringValue("revokedCertsUnpublished", "No");
+                    } else {
+                        header.addStringValue("revokedCertsUnpublished", "Failure");
+                        header.addStringValue("revokedCertsError",
+                                revokedCertsError);
+                    }
+                }
+            } else {
+                header.addStringValue("revokedCertsUnpublished", "Failure");
+                header.addStringValue("revokedCertsError", "Certificate repository is unavailable.");
+            }
+        }
+
+        return;
+    }
+
+    private String hexToDecimal(String hex) {
+        String newHex = hex.substring(2);
+        BigInteger bi = new BigInteger(newHex, 16);
+
+        return bi.toString();
+    }
+}
-- 
cgit