From ca2332dfed7834c2fdcd2fe0c2201d58725388e9 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 1 Apr 2016 03:22:33 +0200 Subject: Fixed exception handling in CertificateAuthority. The CertificateAuthority.getCACert() has been modified to re-throw the exception instead of ignoring it. All callers have been modified to bubble up the exception. https://fedorahosted.org/pki/ticket/1654 --- .../netscape/certsrv/authority/ICertAuthority.java | 11 ++++++----- .../com/netscape/certsrv/ca/ICMSCRLExtension.java | 4 ++-- .../netscape/certsrv/ca/ICertificateAuthority.java | 20 ++++++++++---------- 3 files changed, 18 insertions(+), 17 deletions(-) (limited to 'base/common/src/com') diff --git a/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java b/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java index 885ca202f..4bd3aff07 100644 --- a/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java +++ b/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java @@ -17,15 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.authority; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; - +import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.request.IRequestListener; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; + /** * Authority that handles certificates needed by the cert registration * servlets. @@ -57,7 +58,7 @@ public interface ICertAuthority extends IAuthority { * * @return CA's certificate. */ - public X509CertImpl getCACert(); + public X509CertImpl getCACert() throws EBaseException; /** * Returns signing algorithms supported by the CA. diff --git a/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java index 3e7115771..63071bd27 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java +++ b/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java @@ -17,11 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.ca; -import netscape.security.x509.Extension; - import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; +import netscape.security.x509.Extension; + /** * An interface representing a CRL extension plugin. *

diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 16d4fc2df..6d83e6d07 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -23,15 +23,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import netscape.security.x509.CertificateChain; -import netscape.security.x509.CertificateIssuerName; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CRLImpl; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - import org.mozilla.jss.crypto.SignatureAlgorithm; import com.netscape.certsrv.authentication.IAuthToken; @@ -50,6 +41,15 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.ISigningUnit; +import netscape.security.x509.CertificateChain; +import netscape.security.x509.CertificateIssuerName; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CRLImpl; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + /** * An interface represents a Certificate Authority that is * responsible for certificate specific operations. @@ -321,7 +321,7 @@ public interface ICertificateAuthority extends ISubsystem { * * @return the CA certificate */ - public X509CertImpl getCACert(); + public X509CertImpl getCACert() throws EBaseException; /** * Updates the CRL immediately for MasterCRL issuing point if it exists. -- cgit