From 705084a0021e161f1b4cea25dbaf622cfe68c47e Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Wed, 11 Feb 2015 16:28:50 -0500 Subject: Add granularity to token termination in TPS BZ 1163987. Added revocation checks to optionally revoke expired certs, and handle cases where certs are shared on multiple tokens. --- .../dogtagpki/server/tps/processor/TPSEnrollProcessor.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java') diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 482236bc3..c74fe2cb6 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -1004,7 +1004,7 @@ public class TPSEnrollProcessor extends TPSProcessor { * Get certs from the tokendb for this token to find out about * renewal possibility */ - ArrayList allCerts = tps.tdb.tdbGetCertificatesByCUID(tokenRecord.getId()); + ArrayList allCerts = tps.tdb.tdbGetCertRecordsByCUID(tokenRecord.getId()); certsInfo.setNumCertsToEnroll(keyTypeNum); @@ -1366,7 +1366,7 @@ public class TPSEnrollProcessor extends TPSProcessor { actualCertIndex++; } - ArrayList certs = tps.tdb.tdbGetCertificatesByCUID(toBeRecovered.getId()); + ArrayList certs = tps.tdb.tdbGetCertRecordsByCUID(toBeRecovered.getId()); String serialToRecover = null; TPSCertRecord certToRecover = null; @@ -1441,10 +1441,11 @@ public class TPSEnrollProcessor extends TPSProcessor { } } - // set cert status to active - certToRecover.setStatus("active"); try { - tps.tdb.tdbUpdateCertEntry(certToRecover); + // set cert status to active + tps.tdb.updateCertsStatus(certToRecover.getSerialNumber(), + certToRecover.getIssuedBy(), + "active"); } catch (Exception e) { auditMsg = "failed tdbUpdateCertEntry"; CMS.debug(method + ":" + auditMsg); -- cgit