// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.dbs;
import java.math.BigInteger;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import netscape.security.x509.RevokedCertificate;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.dbs.EDBException;
import com.netscape.certsrv.dbs.IDBSSession;
import com.netscape.certsrv.dbs.IDBSearchResults;
import com.netscape.certsrv.dbs.IDBSubsystem;
import com.netscape.certsrv.dbs.Modification;
import com.netscape.certsrv.dbs.ModificationSet;
import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
import com.netscape.certsrv.dbs.crldb.ICRLRepository;
/**
* A class represents a CRL repository. It stores all the
* CRL issuing points.
*
*
* @author thomask
* @version $Revision$, $Date$
*/
public class CRLRepository extends Repository implements ICRLRepository {
private final String mLdapCRLIssuingPointName = "cn";
private IDBSubsystem mDBService;
private String mBaseDN;
/**
* Constructs a CRL repository.
*/
public CRLRepository(IDBSubsystem dbService, int increment, String baseDN)
throws EDBException {
super(dbService, increment, baseDN);
mBaseDN = baseDN;
mDBService = dbService;
/*
DBRegistry reg = dbService.getRegistry();
String crlRecordOC[] = new String[1];
crlRecordOC[0] = Schema.LDAP_OC_CRL_RECORD;
reg.registerObjectClass(CRLIssuingPointRecord.class.getName(), crlRecordOC);
reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID,
new StringMapper(Schema.LDAP_ATTR_CRL_ID));
reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
new BigIntegerMapper(Schema.LDAP_ATTR_CRL_NUMBER));
reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
new LongMapper(Schema.LDAP_ATTR_CRL_SIZE));
reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
new DateMapper(Schema.LDAP_ATTR_THIS_UPDATE));
reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
new DateMapper(Schema.LDAP_ATTR_NEXT_UPDATE));
reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL,
new ByteArrayMapper(Schema.LDAP_ATTR_CRL));
*/
}
/**
* Retrieves backend database handle.
*/
public IDBSubsystem getDBSubsystem() {
return mDBService;
}
/**
* Retrieves DN of this repository.
*/
public String getDN() {
return mBaseDN;
}
/**
* Removes all objects with this repository.
*/
public void removeAllObjects() throws EBaseException {
}
/**
* Adds CRL issuing points.
*/
public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec)
throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
String name = mLdapCRLIssuingPointName + "=" +
((CRLIssuingPointRecord) rec).getId().toString() + "," + getDN();
s.add(name, rec);
} finally {
if (s != null)
s.close();
}
}
/**
* Retrieves all issuing points' names
*/
public Vector getIssuingPointsNames() throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
String[] attrs = { ICRLIssuingPointRecord.ATTR_ID, "objectclass" };
String filter = "objectclass=" + CMS.getCRLIssuingPointRecordName();
IDBSearchResults res = s.search(getDN(), filter, attrs);
Vector v = new Vector();
while (res.hasMoreElements()) {
ICRLIssuingPointRecord nextelement =
(ICRLIssuingPointRecord) res.nextElement();
CMS.debug("CRLRepository getIssuingPointsNames(): name = "
+ nextelement.getId());
v.addElement(nextelement.getId());
}
return v;
} finally {
if (s != null)
s.close();
}
}
/**
* Reads issuing point record.
*/
public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id)
throws EBaseException {
IDBSSession s = mDBService.createSession();
CRLIssuingPointRecord rec = null;
try {
String name = mLdapCRLIssuingPointName + "=" + id +
"," + getDN();
if (s != null) {
rec = (CRLIssuingPointRecord) s.read(name);
}
} finally {
if (s != null)
s.close();
}
return rec;
}
/**
* deletes issuing point record.
*/
public void deleteCRLIssuingPointRecord(String id)
throws EBaseException {
IDBSSession s = null;
try {
s = mDBService.createSession();
String name = mLdapCRLIssuingPointName + "=" + id +
"," + getDN();
if (s != null)
s.delete(name);
} finally {
if (s != null)
s.close();
}
}
public void modifyCRLIssuingPointRecord(String id,
ModificationSet mods) throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
String name = mLdapCRLIssuingPointName + "=" + id +
"," + getDN();
if (s != null)
s.modify(name, mods);
} finally {
if (s != null)
s.close();
}
}
/**
* Updates CRL issuing point record.
*/
public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
throws EBaseException {
ModificationSet mods = new ModificationSet();
if (newCRL != null) {
mods.add(ICRLIssuingPointRecord.ATTR_CRL,
Modification.MOD_REPLACE, newCRL);
}
if (nextUpdate != null) {
mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
Modification.MOD_REPLACE, nextUpdate);
}
mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
Modification.MOD_REPLACE, thisUpdate);
mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
Modification.MOD_REPLACE, crlNumber);
mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
Modification.MOD_REPLACE, crlSize);
modifyCRLIssuingPointRecord(id, mods);
}
/**
* Updates CRL issuing point record.
*/
public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
Hashtable revokedCerts,
Hashtable unrevokedCerts,
Hashtable expiredCerts)
throws EBaseException {
ModificationSet mods = new ModificationSet();
if (newCRL != null) {
mods.add(ICRLIssuingPointRecord.ATTR_CRL,
Modification.MOD_REPLACE, newCRL);
}
if (nextUpdate != null) {
mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
Modification.MOD_REPLACE, nextUpdate);
}
mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
Modification.MOD_REPLACE, thisUpdate);
mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
Modification.MOD_REPLACE, crlNumber);
mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
Modification.MOD_REPLACE, crlSize);
if (revokedCerts != null) {
mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
Modification.MOD_REPLACE, revokedCerts);
}
if (unrevokedCerts != null) {
mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
Modification.MOD_REPLACE, unrevokedCerts);
}
if (expiredCerts != null) {
mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
Modification.MOD_REPLACE, expiredCerts);
}
if (revokedCerts != null || unrevokedCerts != null) {
mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
}
modifyCRLIssuingPointRecord(id, mods);
}
/**
* Updates CRL issuing point record with recently revoked certificates info.
*/
public void updateRevokedCerts(String id,
Hashtable revokedCerts,
Hashtable unrevokedCerts)
throws EBaseException {
ModificationSet mods = new ModificationSet();
mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
Modification.MOD_REPLACE, revokedCerts);
mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
Modification.MOD_REPLACE, unrevokedCerts);
mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
modifyCRLIssuingPointRecord(id, mods);
}
/**
* Updates CRL issuing point record with recently expired certificates info.
*/
public void updateExpiredCerts(String id, Hashtable expiredCerts)
throws EBaseException {
ModificationSet mods = new ModificationSet();
mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
Modification.MOD_REPLACE, expiredCerts);
modifyCRLIssuingPointRecord(id, mods);
}
/**
* Updates CRL issuing point record with CRL cache info.
*/
public void updateCRLCache(String id, Long crlSize,
Hashtable revokedCerts,
Hashtable unrevokedCerts,
Hashtable expiredCerts)
throws EBaseException {
ModificationSet mods = new ModificationSet();
if (crlSize != null) {
mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
Modification.MOD_REPLACE, crlSize);
}
mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
Modification.MOD_REPLACE, revokedCerts);
mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
Modification.MOD_REPLACE, unrevokedCerts);
mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
Modification.MOD_REPLACE, expiredCerts);
mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
modifyCRLIssuingPointRecord(id, mods);
}
/**
* Updates CRL issuing point record with delta-CRL.
*/
public void updateDeltaCRL(String id, BigInteger deltaCRLNumber,
Long deltaCRLSize, Date nextUpdate,
byte[] deltaCRL)
throws EBaseException {
ModificationSet mods = new ModificationSet();
if (deltaCRLNumber != null) {
mods.add(ICRLIssuingPointRecord.ATTR_DELTA_NUMBER,
Modification.MOD_REPLACE, deltaCRLNumber);
}
if (deltaCRLSize != null) {
mods.add(ICRLIssuingPointRecord.ATTR_DELTA_SIZE,
Modification.MOD_REPLACE, deltaCRLSize);
}
if (nextUpdate != null) {
mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
Modification.MOD_REPLACE, nextUpdate);
}
if (deltaCRL != null) {
mods.add(ICRLIssuingPointRecord.ATTR_DELTA_CRL,
Modification.MOD_REPLACE, deltaCRL);
}
modifyCRLIssuingPointRecord(id, mods);
}
public void updateFirstUnsaved(String id, String firstUnsaved)
throws EBaseException {
ModificationSet mods = new ModificationSet();
if (firstUnsaved != null) {
mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
Modification.MOD_REPLACE, firstUnsaved);
}
modifyCRLIssuingPointRecord(id, mods);
}
public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
throws EBaseException {
return null;
}
}