summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/src/com/netscape/ca
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
committerAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
commit32150d3ee32f8ac27118af7c792794b538c78a2f (patch)
tree52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/ca/src/com/netscape/ca
parentf05d58a46795553beb8881039cc922974b40db34 (diff)
downloadpki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/ca/src/com/netscape/ca')
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAPolicy.java54
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAService.java1245
-rw-r--r--pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java416
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java1671
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java35
-rw-r--r--pki/base/ca/src/com/netscape/ca/CertificateAuthority.java949
-rw-r--r--pki/base/ca/src/com/netscape/ca/SigningUnit.java188
7 files changed, 2519 insertions, 2039 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CAPolicy.java b/pki/base/ca/src/com/netscape/ca/CAPolicy.java
index 80c801a4..6326cf8c 100644
--- a/pki/base/ca/src/com/netscape/ca/CAPolicy.java
+++ b/pki/base/ca/src/com/netscape/ca/CAPolicy.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
@@ -32,14 +31,11 @@ import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cmscore.policy.GenericPolicyProcessor;
import com.netscape.cmscore.util.Debug;
-
/**
- * XXX Just inherit 'GenericPolicyProcessor' (from RA) for now.
- * This really bad. need to make a special case just for connector.
- * would like a much better way of doing this to handle both EE and
- * connectors.
- * XXX2 moved to just implement IPolicy since GenericPolicyProcessor is
- * unuseable for CA.
+ * XXX Just inherit 'GenericPolicyProcessor' (from RA) for now. This really bad.
+ * need to make a special case just for connector. would like a much better way
+ * of doing this to handle both EE and connectors. XXX2 moved to just implement
+ * IPolicy since GenericPolicyProcessor is unuseable for CA.
*
* @version $Revision$, $Date$
*/
@@ -47,8 +43,7 @@ public class CAPolicy implements IPolicy {
IConfigStore mConfig = null;
ICertificateAuthority mCA = null;
- public static String PROP_PROCESSOR =
- "processor";
+ public static String PROP_PROCESSOR = "processor";
// These are the different types of policy that are
// allowed for the "processor" property
public static String PR_TYPE_CLASSIC = "classic";
@@ -64,19 +59,19 @@ public class CAPolicy implements IPolicy {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mCA = (ICertificateAuthority) owner;
mConfig = config;
- String processorType = // XXX - need to upgrade 4.2
- config.getString(PROP_PROCESSOR, PR_TYPE_CLASSIC);
+ String processorType = // XXX - need to upgrade 4.2
+ config.getString(PROP_PROCESSOR, PR_TYPE_CLASSIC);
Debug.trace("selected policy processor = " + processorType);
if (processorType.equals(PR_TYPE_CLASSIC)) {
mPolicies = new GenericPolicyProcessor();
} else {
- throw new EBaseException("Unknown policy processor type (" +
- processorType + ")");
+ throw new EBaseException("Unknown policy processor type ("
+ + processorType + ")");
}
mPolicies.init(mCA, mConfig);
@@ -99,33 +94,31 @@ public class CAPolicy implements IPolicy {
return PolicyResult.REJECTED;
}
- Debug.trace("in CAPolicy.apply(requestType=" +
- r.getRequestType() + ",requestId=" +
- r.getRequestId().toString() + ",requestStatus=" +
- r.getRequestStatus().toString() + ")");
+ Debug.trace("in CAPolicy.apply(requestType=" + r.getRequestType()
+ + ",requestId=" + r.getRequestId().toString()
+ + ",requestStatus=" + r.getRequestStatus().toString() + ")");
- if (isProfileRequest(r)) {
- Debug.trace("CAPolicy: Profile-base Request " +
- r.getRequestId().toString());
+ if (isProfileRequest(r)) {
+ Debug.trace("CAPolicy: Profile-base Request "
+ + r.getRequestId().toString());
- CMS.debug("CAPolicy: requestId=" +
- r.getRequestId().toString());
+ CMS.debug("CAPolicy: requestId=" + r.getRequestId().toString());
String profileId = r.getExtDataInString("profileId");
- if (profileId == null || profileId.equals("")) {
+ if (profileId == null || profileId.equals("")) {
return PolicyResult.REJECTED;
}
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem("profile");
try {
- IProfile profile = ps.getProfile(profileId);
+ IProfile profile = ps.getProfile(profileId);
r.setExtData("dbStatus", "NOT_UPDATED");
- profile.populate(r);
- profile.validate(r);
+ profile.populate(r);
+ profile.validate(r);
return PolicyResult.ACCEPTED;
} catch (EBaseException e) {
CMS.debug("CAPolicy: " + e.toString());
@@ -137,4 +130,3 @@ public class CAPolicy implements IPolicy {
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java
index 159539d4..44ab65bc 100644
--- a/pki/base/ca/src/com/netscape/ca/CAService.java
+++ b/pki/base/ca/src/com/netscape/ca/CAService.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -92,7 +91,6 @@ import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.dbs.RevocationInfo;
import com.netscape.cmscore.util.Debug;
-
/**
* Request Service for CertificateAuthority.
*/
@@ -113,56 +111,31 @@ public class CAService implements ICAService, IService {
private Hashtable mCRLIssuingPoints = new Hashtable();
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
public CAService(ICertificateAuthority ca) {
mCA = ca;
- // init services.
- mServants.put(
- IRequest.ENROLLMENT_REQUEST,
- new serviceIssue(this));
- mServants.put(
- IRequest.RENEWAL_REQUEST,
- new serviceRenewal(this));
- mServants.put(
- IRequest.REVOCATION_REQUEST,
- new serviceRevoke(this));
- mServants.put(
- IRequest.CMCREVOKE_REQUEST,
- new serviceRevoke(this));
- mServants.put(
- IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST,
- new serviceCheckChallenge(this));
- mServants.put(
- IRequest.GETCERTS_FOR_CHALLENGE_REQUEST,
- new getCertsForChallenge(this));
- mServants.put(
- IRequest.UNREVOCATION_REQUEST,
- new serviceUnrevoke(this));
- mServants.put(
- IRequest.GETCACHAIN_REQUEST,
- new serviceGetCAChain(this));
- mServants.put(
- IRequest.GETCRL_REQUEST,
- new serviceGetCRL(this));
- mServants.put(
- IRequest.GETREVOCATIONINFO_REQUEST,
- new serviceGetRevocationInfo(this));
- mServants.put(
- IRequest.GETCERTS_REQUEST,
- new serviceGetCertificates(this));
- mServants.put(
- IRequest.CLA_CERT4CRL_REQUEST,
- new serviceCert4Crl(this));
- mServants.put(
- IRequest.CLA_UNCERT4CRL_REQUEST,
- new serviceUnCert4Crl(this));
- mServants.put(
- IRequest.GETCERT_STATUS_REQUEST,
- new getCertStatus(this));
+ // init services.
+ mServants.put(IRequest.ENROLLMENT_REQUEST, new serviceIssue(this));
+ mServants.put(IRequest.RENEWAL_REQUEST, new serviceRenewal(this));
+ mServants.put(IRequest.REVOCATION_REQUEST, new serviceRevoke(this));
+ mServants.put(IRequest.CMCREVOKE_REQUEST, new serviceRevoke(this));
+ mServants.put(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST,
+ new serviceCheckChallenge(this));
+ mServants.put(IRequest.GETCERTS_FOR_CHALLENGE_REQUEST,
+ new getCertsForChallenge(this));
+ mServants.put(IRequest.UNREVOCATION_REQUEST, new serviceUnrevoke(this));
+ mServants.put(IRequest.GETCACHAIN_REQUEST, new serviceGetCAChain(this));
+ mServants.put(IRequest.GETCRL_REQUEST, new serviceGetCRL(this));
+ mServants.put(IRequest.GETREVOCATIONINFO_REQUEST,
+ new serviceGetRevocationInfo(this));
+ mServants.put(IRequest.GETCERTS_REQUEST, new serviceGetCertificates(
+ this));
+ mServants.put(IRequest.CLA_CERT4CRL_REQUEST, new serviceCert4Crl(this));
+ mServants.put(IRequest.CLA_UNCERT4CRL_REQUEST, new serviceUnCert4Crl(
+ this));
+ mServants.put(IRequest.GETCERT_STATUS_REQUEST, new getCertStatus(this));
}
public void init(IConfigStore config) throws EBaseException {
@@ -170,28 +143,32 @@ public class CAService implements ICAService, IService {
try {
// MOVED TO com.netscape.certsrv.apps.CMS
- // java.security.Security.addProvider(new netscape.security.provider.CMS());
- // java.security.Provider pr = java.security.Security.getProvider("CMS");
- // if (pr != null) {
- // ;
- // }
- // else
- // Debug.trace("Something is wrong in CMS install !");
- java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
+ // java.security.Security.addProvider(new
+ // netscape.security.provider.CMS());
+ // java.security.Provider pr =
+ // java.security.Security.getProvider("CMS");
+ // if (pr != null) {
+ // ;
+ // }
+ // else
+ // Debug.trace("Something is wrong in CMS install !");
+ java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory
+ .getInstance("X.509");
Debug.trace("CertificateFactory Type : " + cf.getType());
- Debug.trace("CertificateFactory Provider : " + cf.getProvider().getInfo());
+ Debug.trace("CertificateFactory Provider : "
+ + cf.getProvider().getInfo());
} catch (java.security.cert.CertificateException e) {
- Debug.trace("Something is happen in install CMS provider !" + e.toString());
- }
+ Debug.trace("Something is happen in install CMS provider !"
+ + e.toString());
+ }
}
public void startup() throws EBaseException {
IConfigStore kraConfig = mConfig.getSubStore("KRA");
if (kraConfig != null) {
- mArchivalRequired = kraConfig.getBoolean(
- "archivalRequired", true);
+ mArchivalRequired = kraConfig.getBoolean("archivalRequired", true);
mKRAConnector = getConnector(kraConfig);
if (mKRAConnector != null) {
if (Debug.ON) {
@@ -228,8 +205,7 @@ public class CAService implements ICAService, IService {
mKRAConnector = c;
}
- public IConnector getConnector(IConfigStore config)
- throws EBaseException {
+ public IConnector getConnector(IConfigStore config) throws EBaseException {
IConnector connector = null;
if (config == null || config.size() <= 0) {
@@ -241,13 +217,15 @@ public class CAService implements ICAService, IService {
if (extConnector != null) {
try {
- connector = (IConnector)
- Class.forName(extConnector).newInstance();
+ connector = (IConnector) Class.forName(extConnector)
+ .newInstance();
// connector.start() will be called later on
return connector;
} catch (Exception e) {
// ignore external class if error
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_LOAD_CONNECTOR", extConnector, e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_LOAD_CONNECTOR",
+ extConnector, e.toString()));
}
}
@@ -263,7 +241,8 @@ public class CAService implements ICAService, IService {
if (authority == null) {
String msg = "local authority " + id + " not found.";
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_AUTHORITY_NOT_FOUND", id));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_AUTHORITY_NOT_FOUND", id));
throw new EBaseException(msg);
}
connector = new LocalConnector((ICertAuthority) mCA, authority);
@@ -278,25 +257,27 @@ public class CAService implements ICAService, IService {
int timeout = config.getInteger("timeout", 0);
// Insert end
// Changed by beomsuk
- //RemoteAuthority remauthority =
- // new RemoteAuthority(host, port, uri);
- RemoteAuthority remauthority =
- new RemoteAuthority(host, port, uri, timeout);
+ // RemoteAuthority remauthority =
+ // new RemoteAuthority(host, port, uri);
+ RemoteAuthority remauthority = new RemoteAuthority(host, port, uri,
+ timeout);
- // Change end
- if (nickname == null)
+ // Change end
+ if (nickname == null)
nickname = mCA.getNickname();
- // Changed by beomsuk
- //connector =
- // new HttpConnector(mCA, nickname, remauthority, resendInterval);
+ // Changed by beomsuk
+ // connector =
+ // new HttpConnector(mCA, nickname, remauthority, resendInterval);
if (timeout == 0)
- connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config);
+ connector = new HttpConnector((IAuthority) mCA, nickname,
+ remauthority, resendInterval, config);
else
- connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout);
- // Change end
+ connector = new HttpConnector((IAuthority) mCA, nickname,
+ remauthority, resendInterval, config, timeout);
+ // Change end
- // log(ILogger.LL_INFO, "remote authority "+
- // host+":"+port+" "+uri+" inited");
+ // log(ILogger.LL_INFO, "remote authority "+
+ // host+":"+port+" "+uri+" inited");
}
return connector;
}
@@ -311,13 +292,12 @@ public class CAService implements ICAService, IService {
}
/**
- * After population of defaults, and constraint validation,
- * the profile request is processed here.
+ * After population of defaults, and constraint validation, the profile
+ * request is processed here.
*/
- public void serviceProfileRequest(IRequest request)
- throws EBaseException {
- CMS.debug("CAService: serviceProfileRequest requestId=" +
- request.getRequestId().toString());
+ public void serviceProfileRequest(IRequest request) throws EBaseException {
+ CMS.debug("CAService: serviceProfileRequest requestId="
+ + request.getRequestId().toString());
String profileId = request.getExtDataInString("profileId");
@@ -325,8 +305,7 @@ public class CAService implements ICAService, IService {
throw new EBaseException("profileId not found");
}
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem("profile");
IProfile profile = null;
try {
@@ -340,25 +319,26 @@ public class CAService implements ICAService, IService {
// assumed rejected
request.setExtData("dbStatus", "NOT_UPDATED");
- // profile.populate(request);
+ // profile.populate(request);
profile.validate(request);
profile.execute(request);
// This function is called only from ConnectorServlet
- // serialize to request queue
+ // serialize to request queue
}
/**
- * method interface for IService
+ * method interface for IService
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used
- * whenever a user private key archive request is made. This is an option
- * in a cert enrollment request detected by an RA or a CA, so, if selected,
- * it should be logged immediately following the certificate request.
+ * whenever a user private key archive request is made. This is an option in
+ * a cert enrollment request detected by an RA or a CA, so, if selected, it
+ * should be logged immediately following the certificate request.
* </ul>
+ *
* @param request a certificate enrollment request from an RA or CA
* @return true or false
*/
@@ -373,23 +353,25 @@ public class CAService implements ICAService, IService {
// short cut profile-based request
if (isProfileRequest(request)) {
try {
- CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance=" + request);
+ CMS.debug("CAServic: x0 requestStatus="
+ + request.getRequestStatus().toString() + " instance="
+ + request);
serviceProfileRequest(request);
request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
- CMS.debug("CAServic: x1 requestStatus=" + request.getRequestStatus().toString());
+ CMS.debug("CAServic: x1 requestStatus="
+ + request.getRequestStatus().toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
return true;
} catch (EBaseException e) {
- CMS.debug("CAServic: x2 requestStatus=" + request.getRequestStatus().toString());
+ CMS.debug("CAServic: x2 requestStatus="
+ + request.getRequestStatus().toString());
// need to put error into the request
CMS.debug("CAService: serviceRequest " + e.toString());
request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
@@ -397,11 +379,9 @@ public class CAService implements ICAService, IService {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -413,17 +393,18 @@ public class CAService implements ICAService, IService {
IServant servant = (IServant) mServants.get(type);
if (servant == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type));
request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
- request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type)));
+ request.setExtData(
+ IRequest.ERROR,
+ new ECAException(CMS.getUserMessage(
+ "CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type)));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -432,8 +413,9 @@ public class CAService implements ICAService, IService {
try {
// send request to KRA first
- if (type.equals(IRequest.ENROLLMENT_REQUEST) &&
- isPKIArchiveOptionPresent(request) && mKRAConnector != null) {
+ if (type.equals(IRequest.ENROLLMENT_REQUEST)
+ && isPKIArchiveOptionPresent(request)
+ && mKRAConnector != null) {
if (Debug.ON) {
Debug.trace("*** Sending enrollment request to KRA");
}
@@ -441,36 +423,36 @@ public class CAService implements ICAService, IService {
if (mArchivalRequired == true) {
if (sendStatus == false) {
- request.setExtData(IRequest.RESULT,
- IRequest.RES_ERROR);
- request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST")));
+ request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
+ request.setExtData(
+ IRequest.ERROR,
+ new ECAException(
+ CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST")));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditArchiveID);
audit(auditMessage);
return true;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
- request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS);
+ request.setExtData(IRequest.RESULT,
+ IRequest.RES_SUCCESS);
request.deleteExtData(IRequest.ERROR);
}
}
if (request.getExtDataInString(IRequest.ERROR) != null) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditArchiveID);
audit(auditMessage);
@@ -479,7 +461,8 @@ public class CAService implements ICAService, IService {
}
} else {
if (Debug.ON) {
- Debug.trace("*** NOT Send to KRA type=" + type + " ENROLLMENT=" + IRequest.ENROLLMENT_REQUEST);
+ Debug.trace("*** NOT Send to KRA type=" + type
+ + " ENROLLMENT=" + IRequest.ENROLLMENT_REQUEST);
}
}
@@ -491,11 +474,9 @@ public class CAService implements ICAService, IService {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
@@ -506,16 +487,14 @@ public class CAService implements ICAService, IService {
if (Debug.ON)
Debug.trace("serviceRequest completed = " + completed);
- if (!(type.equals(IRequest.REVOCATION_REQUEST) ||
- type.equals(IRequest.UNREVOCATION_REQUEST) ||
- type.equals(IRequest.CMCREVOKE_REQUEST))) {
+ if (!(type.equals(IRequest.REVOCATION_REQUEST)
+ || type.equals(IRequest.UNREVOCATION_REQUEST) || type
+ .equals(IRequest.CMCREVOKE_REQUEST))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditArchiveID);
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditArchiveID);
audit(auditMessage);
}
@@ -524,7 +503,7 @@ public class CAService implements ICAService, IService {
}
/**
- * register CRL Issuing Point
+ * register CRL Issuing Point
*/
public void addCRLIssuingPoint(String id, ICRLIssuingPoint crlIssuingPoint) {
mCRLIssuingPoints.put(id, crlIssuingPoint);
@@ -541,8 +520,8 @@ public class CAService implements ICAService, IService {
* Checks if PKIArchiveOption present in the request.
*/
private boolean isPKIArchiveOptionPresent(IRequest request) {
- String crmfBlob = request.getExtDataInString(
- IRequest.HTTP_PARAMS, CRMF_REQUEST);
+ String crmfBlob = request.getExtDataInString(IRequest.HTTP_PARAMS,
+ CRMF_REQUEST);
if (crmfBlob == null) {
if (Debug.ON) {
@@ -550,7 +529,8 @@ public class CAService implements ICAService, IService {
}
} else {
try {
- PKIArchiveOptionsContainer opts[] = CRMFParser.getPKIArchiveOptions(crmfBlob);
+ PKIArchiveOptionsContainer opts[] = CRMFParser
+ .getPKIArchiveOptions(crmfBlob);
if (opts != null) {
return true;
@@ -562,20 +542,19 @@ public class CAService implements ICAService, IService {
return false;
}
- ///
- /// CA related routines.
- ///
+ // /
+ // / CA related routines.
+ // /
- public X509CertImpl issueX509Cert(X509CertInfo certi)
- throws EBaseException {
+ public X509CertImpl issueX509Cert(X509CertInfo certi) throws EBaseException {
return issueX509Cert(certi, null, null);
}
/**
* issue cert for enrollment.
*/
- public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid)
- throws EBaseException {
+ public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId,
+ String rid) throws EBaseException {
CMS.debug("issueX509Cert");
X509CertImpl certImpl = issueX509Cert("", certi, false, null);
@@ -586,7 +565,7 @@ public class CAService implements ICAService, IService {
}
X509CertImpl issueX509Cert(String rid, X509CertInfo certi)
- throws EBaseException {
+ throws EBaseException {
return issueX509Cert(rid, certi, false, null);
}
@@ -594,7 +573,7 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
void storeX509Cert(String profileId, String rid, X509CertImpl cert)
- throws EBaseException {
+ throws EBaseException {
storeX509Cert(rid, cert, false, null, null, null, profileId);
}
@@ -602,28 +581,27 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId)
- throws EBaseException {
+ throws EBaseException {
storeX509Cert(rid, cert, false, null, crmfReqId, null, null);
}
- void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId,
- String challengePassword) throws EBaseException {
- storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword, null);
+ void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId,
+ String challengePassword) throws EBaseException {
+ storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword,
+ null);
}
/**
- * issue cert for enrollment and renewal.
- * renewal is expected to have original cert serial no. in cert info
- * field.
+ * issue cert for enrollment and renewal. renewal is expected to have
+ * original cert serial no. in cert info field.
*/
- X509CertImpl issueX509Cert(String rid, X509CertInfo certi,
- boolean renewal, BigInteger oldSerialNo)
- throws EBaseException {
+ X509CertImpl issueX509Cert(String rid, X509CertInfo certi, boolean renewal,
+ BigInteger oldSerialNo) throws EBaseException {
String algname = null;
X509CertImpl cert = null;
- // NOTE: In this implementation, the "oldSerialNo"
- // parameter is NOT used!
+ // NOTE: In this implementation, the "oldSerialNo"
+ // parameter is NOT used!
boolean doUTF8 = mConfig.getBoolean("dnUTF8Encoding", false);
@@ -631,11 +609,12 @@ public class CAService implements ICAService, IService {
try {
// check required fields in certinfo.
- if (certi.get(X509CertInfo.SUBJECT) == null ||
- certi.get(X509CertInfo.KEY) == null) {
+ if (certi.get(X509CertInfo.SUBJECT) == null
+ || certi.get(X509CertInfo.KEY) == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR"));
- // XXX how do you reject a request in the service object ?
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR"));
+ // XXX how do you reject a request in the service object ?
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_REQD_FIELDS_IN_CERTISSUE"));
}
@@ -647,34 +626,31 @@ public class CAService implements ICAService, IService {
}
// set default validity if not set.
- // validity would normally be set by policies or by
- // agent or by authentication module.
- CertificateValidity validity = (CertificateValidity)
- certi.get(X509CertInfo.VALIDITY);
+ // validity would normally be set by policies or by
+ // agent or by authentication module.
+ CertificateValidity validity = (CertificateValidity) certi
+ .get(X509CertInfo.VALIDITY);
Date begin = null, end = null;
if (validity != null) {
- begin = (Date)
- validity.get(CertificateValidity.NOT_BEFORE);
- end = (Date)
- validity.get(CertificateValidity.NOT_AFTER);
+ begin = (Date) validity.get(CertificateValidity.NOT_BEFORE);
+ end = (Date) validity.get(CertificateValidity.NOT_AFTER);
}
- if (validity == null ||
- (begin.getTime() == 0 && end.getTime() == 0)) {
+ if (validity == null
+ || (begin.getTime() == 0 && end.getTime() == 0)) {
if (Debug.ON) {
Debug.trace("setting default validity");
}
-
+
begin = CMS.getCurrentDate();
end = new Date(begin.getTime() + mCA.getDefaultValidity());
- certi.set(CertificateValidity.NAME,
- new CertificateValidity(begin, end));
+ certi.set(CertificateValidity.NAME, new CertificateValidity(
+ begin, end));
}
/*
- * For non-CA certs, check if validity exceeds CA time.
- * If so, set to CA's not after if default validity
- * exceeds ca's not after.
+ * For non-CA certs, check if validity exceeds CA time. If so, set
+ * to CA's not after if default validity exceeds ca's not after.
*/
// First find out if it is a CA cert
@@ -683,21 +659,26 @@ public class CAService implements ICAService, IService {
BasicConstraintsExtension bc_ext = null;
try {
- exts = (CertificateExtensions)
- certi.get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions) certi
+ .get(X509CertInfo.EXTENSIONS);
if (exts != null) {
Enumeration e = exts.getElements();
while (e.hasMoreElements()) {
- netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement();
+ netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e
+ .nextElement();
- if (ext.getExtensionId().toString().equals(PKIXExtensions.BasicConstraints_Id.toString())) {
+ if (ext.getExtensionId()
+ .toString()
+ .equals(PKIXExtensions.BasicConstraints_Id
+ .toString())) {
bc_ext = (BasicConstraintsExtension) ext;
}
}
- if(bc_ext != null) {
- Boolean isCA = (Boolean) bc_ext.get(BasicConstraintsExtension.IS_CA);
+ if (bc_ext != null) {
+ Boolean isCA = (Boolean) bc_ext
+ .get(BasicConstraintsExtension.IS_CA);
is_ca = isCA.booleanValue();
}
} // exts != null
@@ -705,95 +686,108 @@ public class CAService implements ICAService, IService {
CMS.debug("EnrollDefault: getExtension " + e.toString());
}
- Date caNotAfter =
- mCA.getSigningUnit().getCertImpl().getNotAfter();
+ Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter();
if (begin.after(caNotAfter)) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY"));
- throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_BEGIN_AFTER_CA_VALIDITY"));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY"));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CERT_BEGIN_AFTER_CA_VALIDITY"));
}
if (end.after(caNotAfter)) {
- if(!is_ca) {
+ if (!is_ca) {
if (!mCA.isEnablePastCATime()) {
end = caNotAfter;
- certi.set(CertificateValidity.NAME,
- new CertificateValidity(begin, caNotAfter));
+ certi.set(CertificateValidity.NAME,
+ new CertificateValidity(begin, caNotAfter));
CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime != true...resetting");
} else {
CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime = true...not resetting");
}
} else {
CMS.debug("CAService: issueX509Cert: CA cert issuance past CA's NOT_AFTER.");
- } //!is_ca
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_PAST_NOT_AFTER"));
+ } // !is_ca
+ mCA.log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_PAST_NOT_AFTER"));
}
// check algorithm in certinfo.
AlgorithmId algid = null;
- CertificateAlgorithmId algor = (CertificateAlgorithmId)
- certi.get(X509CertInfo.ALGORITHM_ID);
+ CertificateAlgorithmId algor = (CertificateAlgorithmId) certi
+ .get(X509CertInfo.ALGORITHM_ID);
- if (algor == null || algor.toString().equals(CertInfo.SERIALIZE_ALGOR.toString())) {
+ if (algor == null
+ || algor.toString().equals(
+ CertInfo.SERIALIZE_ALGOR.toString())) {
algname = mCA.getSigningUnit().getDefaultAlgorithm();
algid = AlgorithmId.get(algname);
- certi.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(algid));
+ certi.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(algid));
} else {
- algid = (AlgorithmId)
- algor.get(CertificateAlgorithmId.ALGORITHM);
+ algid = (AlgorithmId) algor
+ .get(CertificateAlgorithmId.ALGORITHM);
algname = algid.getName();
}
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
if (Debug.ON) {
e.printStackTrace();
}
throw new ECAException(
CMS.getUserMessage("CMS_CA_ERROR_GETTING_FIELDS_IN_ISSUE"));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString()));
if (Debug.ON) {
e.printStackTrace();
}
throw new ECAException(
CMS.getUserMessage("CMS_CA_ERROR_GETTING_FIELDS_IN_ISSUE"));
} catch (NoSuchAlgorithmException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname));
if (Debug.ON) {
e.printStackTrace();
}
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
}
// get old cert serial number if renewal
if (renewal) {
try {
- CertificateSerialNumber serialno = (CertificateSerialNumber)
- certi.get(X509CertInfo.SERIAL_NUMBER);
+ CertificateSerialNumber serialno = (CertificateSerialNumber) certi
+ .get(X509CertInfo.SERIAL_NUMBER);
if (serialno == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
- SerialNumber serialnum = (SerialNumber)
- serialno.get(CertificateSerialNumber.NUMBER);
+ SerialNumber serialnum = (SerialNumber) serialno
+ .get(CertificateSerialNumber.NUMBER);
if (serialnum == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
} catch (CertificateException e) {
- // not possible
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", e.getMessage()));
+ // not possible
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL",
+ e.getMessage()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
} catch (IOException e) {
- // not possible.
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", e.getMessage()));
+ // not possible.
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL",
+ e.getMessage()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
@@ -801,34 +795,43 @@ public class CAService implements ICAService, IService {
// set issuer, serial number
try {
- BigInteger serialNo =
- mCA.getCertificateRepository().getNextSerialNumber();
-
- certi.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(serialNo));
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL", serialNo.toString(16)));
+ BigInteger serialNo = mCA.getCertificateRepository()
+ .getNextSerialNumber();
+
+ certi.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
+ serialNo));
+ mCA.log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL",
+ serialNo.toString(16)));
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_NEXT_SERIAL", e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_NO_NEXT_SERIAL", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_NOSERIALNO", rid));
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SET_SERIALNO_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SET_SERIALNO_FAILED", rid));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SET_SERIALNO_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SET_SERIALNO_FAILED", rid));
}
try {
- certi.set(X509CertInfo.ISSUER,
- new CertificateIssuerName(mCA.getX500Name()));
+ certi.set(X509CertInfo.ISSUER,
+ new CertificateIssuerName(mCA.getX500Name()));
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SET_ISSUER_FAILED", rid));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SET_ISSUER_FAILED", rid));
}
byte[] utf8_encodingOrder = { DerValue.tag_UTF8String };
@@ -837,20 +840,28 @@ public class CAService implements ICAService, IService {
try {
CMS.debug("doUTF8 true, updating subject.");
- CertificateSubjectName sName = (CertificateSubjectName) certi.get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sName = (CertificateSubjectName) certi
+ .get(X509CertInfo.SUBJECT);
String subject = certi.get(X509CertInfo.SUBJECT).toString();
certi.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- new X500Name(subject,
- new LdapV3DNStrConverter(X500NameAttrMap.getDirDefault(), true), utf8_encodingOrder)));
+ new X500Name(subject, new LdapV3DNStrConverter(
+ X500NameAttrMap.getDirDefault(), true),
+ utf8_encodingOrder)));
} catch (CertificateException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT",
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SET_ISSUER_FAILED", rid));
} catch (IOException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT",
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SET_ISSUER_FAILED", rid));
}
}
@@ -859,22 +870,21 @@ public class CAService implements ICAService, IService {
return cert;
}
- void storeX509Cert(String rid, X509CertImpl cert,
- boolean renewal, BigInteger oldSerialNo)
- throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert, boolean renewal,
+ BigInteger oldSerialNo) throws EBaseException {
storeX509Cert(rid, cert, renewal, oldSerialNo, null, null, null);
}
- void storeX509Cert(String rid, X509CertImpl cert,
- boolean renewal, BigInteger oldSerialNo, String crmfReqId,
- String challengePassword, String profileId) throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert, boolean renewal,
+ BigInteger oldSerialNo, String crmfReqId, String challengePassword,
+ String profileId) throws EBaseException {
// now store in repository.
- // if renewal, set the old serial number in the new cert,
- // set the new serial number in the old cert.
+ // if renewal, set the old serial number in the new cert,
+ // set the new serial number in the old cert.
CMS.debug("In storeX509Cert");
try {
- BigInteger newSerialNo = cert.getSerialNumber();
+ BigInteger newSerialNo = cert.getSerialNumber();
MetaInfo metaInfo = new MetaInfo();
if (profileId != null)
@@ -884,34 +894,37 @@ public class CAService implements ICAService, IService {
if (challengePassword != null && !challengePassword.equals(""))
metaInfo.set("challengePhrase", challengePassword);
if (crmfReqId != null) {
- //System.out.println("Adding crmf reqid "+crmfReqId);
+ // System.out.println("Adding crmf reqid "+crmfReqId);
metaInfo.set(CertRecord.META_CRMF_REQID, crmfReqId);
}
if (renewal)
metaInfo.set(CertRecord.META_OLD_CERT, oldSerialNo.toString());
mCA.getCertificateRepository().addCertificateRecord(
- new CertRecord(newSerialNo, cert, metaInfo));
+ new CertRecord(newSerialNo, cert, metaInfo));
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_STORE_SERIAL", cert.getSerialNumber().toString(16)));
+ mCA.log(ILogger.LL_INFO, CMS.getLogMessage(
+ "CMSCORE_CA_STORE_SERIAL",
+ cert.getSerialNumber().toString(16)));
if (renewal) {
/*
- mCA.getCertificateRepository().markCertificateAsRenewed(
- BigIntegerMapper.BigIntegerToDB(oldSerialNo));
- mCA.mCertRepot.markCertificateAsRenewed(oldSerialNo);
+ * mCA.getCertificateRepository().markCertificateAsRenewed(
+ * BigIntegerMapper.BigIntegerToDB(oldSerialNo));
+ * mCA.mCertRepot.markCertificateAsRenewed(oldSerialNo);
*/
MetaInfo oldMeta = null;
- CertRecord oldCertRec = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
+ CertRecord oldCertRec = (CertRecord) mCA
+ .getCertificateRepository().readCertificateRecord(
+ oldSerialNo);
if (oldCertRec == null) {
- Exception e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Cannot read cert record for " + oldSerialNo));
+ Exception e = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Cannot read cert record for " + oldSerialNo));
e.printStackTrace();
}
- if (oldCertRec != null)
+ if (oldCertRec != null)
oldMeta = oldCertRec.getMetaInfo();
if (oldMeta == null) {
if (Debug.ON) {
@@ -926,25 +939,29 @@ public class CAService implements ICAService, IService {
while (n.hasMoreElements()) {
String name = (String) n.nextElement();
- System.out.println("name " + name + " value " +
- oldMeta.get(name));
+ System.out.println("name " + name + " value "
+ + oldMeta.get(name));
}
}
}
- oldMeta.set(CertRecord.META_RENEWED_CERT,
- newSerialNo.toString());
+ oldMeta.set(CertRecord.META_RENEWED_CERT,
+ newSerialNo.toString());
ModificationSet modSet = new ModificationSet();
- modSet.add(CertRecord.ATTR_AUTO_RENEW,
- Modification.MOD_REPLACE,
- CertRecord.AUTO_RENEWAL_DONE);
- modSet.add(ICertRecord.ATTR_META_INFO,
- Modification.MOD_REPLACE, oldMeta);
- mCA.getCertificateRepository().modifyCertificateRecord(oldSerialNo, modSet);
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", oldSerialNo.toString(16), newSerialNo.toString(16)));
+ modSet.add(CertRecord.ATTR_AUTO_RENEW,
+ Modification.MOD_REPLACE, CertRecord.AUTO_RENEWAL_DONE);
+ modSet.add(ICertRecord.ATTR_META_INFO,
+ Modification.MOD_REPLACE, oldMeta);
+ mCA.getCertificateRepository().modifyCertificateRecord(
+ oldSerialNo, modSet);
+ mCA.log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL",
+ oldSerialNo.toString(16),
+ newSerialNo.toString(16)));
if (Debug.ON) {
- CertRecord check = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
+ CertRecord check = (CertRecord) mCA
+ .getCertificateRepository().readCertificateRecord(
+ oldSerialNo);
MetaInfo meta = check.getMetaInfo();
Enumeration n = oldMeta.getElements();
@@ -956,7 +973,9 @@ public class CAService implements ICAService, IService {
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber().toString(16)));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber()
+ .toString(16)));
if (Debug.ON)
e.printStackTrace();
throw e;
@@ -966,23 +985,25 @@ public class CAService implements ICAService, IService {
/**
* revoke cert, check fields in crlentry, etc.
*/
- public void revokeCert(RevokedCertImpl crlentry)
- throws EBaseException {
+ public void revokeCert(RevokedCertImpl crlentry) throws EBaseException {
revokeCert(crlentry, null);
}
public void revokeCert(RevokedCertImpl crlentry, String requestId)
- throws EBaseException {
+ throws EBaseException {
BigInteger serialno = crlentry.getSerialNumber();
Date revdate = crlentry.getRevocationDate();
CRLExtensions crlentryexts = crlentry.getExtensions();
- CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialno);
+ CertRecord certRec = (CertRecord) mCA.getCertificateRepository()
+ .readCertificateRecord(serialno);
if (certRec == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialno.toString(16)));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND",
+ serialno.toString(16)));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CANT_FIND_CERT_SERIAL",
"0x" + serialno.toString(16)));
}
RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo();
@@ -993,8 +1014,8 @@ public class CAService implements ICAService, IService {
exts = revInfo.getCRLEntryExtensions();
if (exts != null) {
try {
- reasonext = (CRLReasonExtension)
- exts.get(CRLReasonExtension.NAME);
+ reasonext = (CRLReasonExtension) exts
+ .get(CRLReasonExtension.NAME);
} catch (X509ExtensionException e) {
// this means no crl reason extension set.
}
@@ -1002,16 +1023,18 @@ public class CAService implements ICAService, IService {
// allow revoking certs that are on hold.
String certStatus = certRec.getStatus();
- if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
- certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
- throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_ALREADY_REVOKED",
+ if (certStatus.equals(ICertRecord.STATUS_REVOKED)
+ || certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CERT_ALREADY_REVOKED",
"0x" + Long.toHexString(serialno.longValue())));
}
try {
- mCA.getCertificateRepository().markAsRevoked(serialno,
- new RevocationInfo(revdate, crlentryexts));
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED",
- serialno.toString(16)));
+ mCA.getCertificateRepository().markAsRevoked(serialno,
+ new RevocationInfo(revdate, crlentryexts));
+ mCA.log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED",
+ serialno.toString(16)));
// inform all CRLIssuingPoints about revoked certificate
Enumeration eIPs = mCRLIssuingPoints.elements();
@@ -1024,23 +1047,28 @@ public class CAService implements ICAService, IService {
if (ip.isCACertsOnly()) {
X509CertImpl cert = certRec.getCertificate();
- if (cert != null) b = cert.getBasicConstraintsIsCA();
+ if (cert != null)
+ b = cert.getBasicConstraintsIsCA();
}
if (ip.isProfileCertsOnly()) {
MetaInfo metaInfo = certRec.getMetaInfo();
if (metaInfo != null) {
- String profileId = (String)metaInfo.get("profileId");
+ String profileId = (String) metaInfo
+ .get("profileId");
if (profileId != null) {
b = ip.checkCurrentProfile(profileId);
}
}
}
- if (b) ip.addRevokedCert(serialno, crlentry, requestId);
+ if (b)
+ ip.addRevokedCert(serialno, crlentry, requestId);
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION", serialno.toString(), e.toString()));
- //e.printStackTrace();
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION",
+ serialno.toString(), e.toString()));
+ // e.printStackTrace();
throw e;
}
return;
@@ -1049,19 +1077,21 @@ public class CAService implements ICAService, IService {
/**
* unrevoke cert, check serial number, etc.
*/
- void unrevokeCert(BigInteger serialNo)
- throws EBaseException {
+ void unrevokeCert(BigInteger serialNo) throws EBaseException {
unrevokeCert(serialNo, null);
}
void unrevokeCert(BigInteger serialNo, String requestId)
- throws EBaseException {
- CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialNo);
+ throws EBaseException {
+ CertRecord certRec = (CertRecord) mCA.getCertificateRepository()
+ .readCertificateRecord(serialNo);
if (certRec == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialNo.toString(16)));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND",
+ serialNo.toString(16)));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CANT_FIND_CERT_SERIAL",
"0x" + serialNo.toString(16)));
}
RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo();
@@ -1069,34 +1099,42 @@ public class CAService implements ICAService, IService {
CRLReasonExtension reasonext = null;
if (revInfo == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
+ serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
exts = revInfo.getCRLEntryExtensions();
if (exts != null) {
try {
- reasonext = (CRLReasonExtension)
- exts.get(CRLReasonExtension.NAME);
+ reasonext = (CRLReasonExtension) exts
+ .get(CRLReasonExtension.NAME);
} catch (X509ExtensionException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
- serialNo.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
+ serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_IS_NOT_ON_HOLD", serialNo.toString()));
}
} else {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
+ serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
// allow unrevoking certs that are on hold.
- if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) ||
- certRec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED)) &&
- reasonext != null &&
- reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) {
+ if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) || certRec
+ .getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))
+ && reasonext != null
+ && reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) {
try {
mCA.getCertificateRepository().unmarkRevoked(serialNo, revInfo,
- certRec.getRevokedOn(), certRec.getRevokedBy());
- mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", serialNo.toString(16)));
+ certRec.getRevokedOn(), certRec.getRevokedBy());
+ mCA.log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED",
+ serialNo.toString(16)));
// inform all CRLIssuingPoints about unrevoked certificate
Enumeration eIPs = mCRLIssuingPoints.elements();
@@ -1109,27 +1147,34 @@ public class CAService implements ICAService, IService {
if (ip.isCACertsOnly()) {
X509CertImpl cert = certRec.getCertificate();
- if (cert != null) b = cert.getBasicConstraintsIsCA();
+ if (cert != null)
+ b = cert.getBasicConstraintsIsCA();
}
if (ip.isProfileCertsOnly()) {
MetaInfo metaInfo = certRec.getMetaInfo();
if (metaInfo != null) {
- String profileId = (String)metaInfo.get("profileId");
+ String profileId = (String) metaInfo
+ .get("profileId");
if (profileId != null) {
b = ip.checkCurrentProfile(profileId);
}
}
}
- if (b) ip.addUnrevokedCert(serialNo, requestId);
+ if (b)
+ ip.addUnrevokedCert(serialNo, requestId);
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ERROR_UNREVOKE", serialNo.toString(16)));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_ERROR_UNREVOKE",
+ serialNo.toString(16)));
throw e;
}
} else {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD",
+ serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
"0x" + serialNo.toString(16)));
}
@@ -1138,10 +1183,10 @@ public class CAService implements ICAService, IService {
/**
* Signed Audit Log
- *
+ *
* This method is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
private void audit(String msg) {
@@ -1152,20 +1197,17 @@ public class CAService implements ICAService, IService {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "SubjectID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
private String auditSubjectID() {
@@ -1180,8 +1222,7 @@ public class CAService implements ICAService, IService {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -1197,11 +1238,11 @@ public class CAService implements ICAService, IService {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @return id string containing the signed audit log message RequesterID
*/
private String auditRequesterID() {
@@ -1216,8 +1257,8 @@ public class CAService implements ICAService, IService {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- requesterID = (String)
- auditContext.get(SessionContext.REQUESTER_ID);
+ requesterID = (String) auditContext
+ .get(SessionContext.REQUESTER_ID);
if (requesterID != null) {
requesterID = requesterID.trim();
@@ -1232,16 +1273,14 @@ public class CAService implements ICAService, IService {
}
}
-
-///
-/// servant classes
-///
+// /
+// / servant classes
+// /
interface IServant {
public boolean service(IRequest request) throws EBaseException;
}
-
class serviceIssue implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1251,9 +1290,8 @@ class serviceIssue implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
- // XXX This is ugly. should associate attributes with
+ public boolean service(IRequest request) throws EBaseException {
+ // XXX This is ugly. should associate attributes with
// request types, not policy.
// XXX how do we know what to look for in request ?
@@ -1262,21 +1300,23 @@ class serviceIssue implements IServant {
else
return false; // Don't know what it is ?????
}
-
- public boolean serviceX509(IRequest request)
- throws EBaseException {
- // XXX This is ugly. should associate attributes with
+
+ public boolean serviceX509(IRequest request) throws EBaseException {
+ // XXX This is ugly. should associate attributes with
// request types, not policy.
// XXX how do we know what to look for in request ?
- X509CertInfo certinfos[] =
- request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certinfos[] = request
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certinfos == null || certinfos[0] == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ"));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId()
+ .toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ"));
}
- String challengePassword =
- request.getExtDataInString(CAService.CHALLENGE_PHRASE);
+ String challengePassword = request
+ .getExtDataInString(CAService.CHALLENGE_PHRASE);
X509CertImpl[] certs = new X509CertImpl[certinfos.length];
String rid = request.getRequestId().toString();
@@ -1286,7 +1326,9 @@ class serviceIssue implements IServant {
try {
certs[i] = mService.issueX509Cert(rid, certinfos[i]);
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR", Integer.toString(i), rid, e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR",
+ Integer.toString(i), rid, e.toString()));
throw e;
}
}
@@ -1295,25 +1337,31 @@ class serviceIssue implements IServant {
for (i = 0; i < certs.length; i++) {
try {
- mService.storeX509Cert(rid, certs[i], crmfReqId, challengePassword);
+ mService.storeX509Cert(rid, certs[i], crmfReqId,
+ challengePassword);
} catch (EBaseException e) {
e.printStackTrace();
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_STORE_ERROR", Integer.toString(i), rid, e.toString()));
- ex = e; // save to throw later.
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_STORE_ERROR",
+ Integer.toString(i), rid, e.toString()));
+ ex = e; // save to throw later.
break;
}
}
if (ex != null) {
for (int j = 0; j < i; j++) {
- // delete the stored cert records from the database.
- // we issue all or nothing.
- BigInteger serialNo =
- ((X509Certificate) certs[i]).getSerialNumber();
+ // delete the stored cert records from the database.
+ // we issue all or nothing.
+ BigInteger serialNo = ((X509Certificate) certs[i])
+ .getSerialNumber();
try {
- mCA.getCertificateRepository().deleteCertificateRecord(serialNo);
+ mCA.getCertificateRepository().deleteCertificateRecord(
+ serialNo);
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", serialNo.toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_DELETE_CERT_ERROR",
+ serialNo.toString(), e.toString()));
}
}
throw ex;
@@ -1325,7 +1373,6 @@ class serviceIssue implements IServant {
}
}
-
class serviceRenewal implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1335,14 +1382,15 @@ class serviceRenewal implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
// XXX if one fails should all fail ? - can't backtrack.
- X509CertInfo certinfos[] =
- request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certinfos[] = request
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certinfos == null || certinfos[0] == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId()
+ .toString()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
@@ -1362,31 +1410,37 @@ class serviceRenewal implements IServant {
SerialNumber serialnum = null;
try {
- CertificateSerialNumber serialno = (CertificateSerialNumber)
- certinfos[i].get(X509CertInfo.SERIAL_NUMBER);
+ CertificateSerialNumber serialno = (CertificateSerialNumber) certinfos[i]
+ .get(X509CertInfo.SERIAL_NUMBER);
if (serialno == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
+ mCA.log(ILogger.LL_FAILURE, CMS
+ .getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
- serialnum = (SerialNumber)
- serialno.get(CertificateSerialNumber.NUMBER);
+ serialnum = (SerialNumber) serialno
+ .get(CertificateSerialNumber.NUMBER);
} catch (IOException e) {
if (Debug.ON)
e.printStackTrace();
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT",
+ e.toString()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
} catch (CertificateException e) {
if (Debug.ON)
e.printStackTrace();
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT",
+ e.toString()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
if (serialnum == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", ""));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", ""));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
@@ -1394,26 +1448,30 @@ class serviceRenewal implements IServant {
BigInteger oldSerialNo = serialnumBigInt.toBigInteger();
// get cert record
- CertRecord certRecord = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
+ CertRecord certRecord = (CertRecord) mCA
+ .getCertificateRepository().readCertificateRecord(
+ oldSerialNo);
if (certRecord == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString()));
- svcerrors[i] = new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
- oldSerialNo.toString())).toString();
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString()));
+ svcerrors[i] = new ECAException(CMS.getUserMessage(
+ "CMS_CA_CANT_FIND_CERT_SERIAL",
+ oldSerialNo.toString())).toString();
continue;
}
- // check if cert has been revoked.
+ // check if cert has been revoked.
String certStatus = certRecord.getStatus();
- if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
- certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString()));
- svcerrors[i] = new ECAException(
- CMS.getUserMessage("CMS_CA_CANNOT_RENEW_REVOKED_CERT",
- "0x" + oldSerialNo.toString(16))).toString();
+ if (certStatus.equals(ICertRecord.STATUS_REVOKED)
+ || certStatus
+ .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString()));
+ svcerrors[i] = new ECAException(CMS.getUserMessage(
+ "CMS_CA_CANNOT_RENEW_REVOKED_CERT", "0x"
+ + oldSerialNo.toString(16))).toString();
continue;
}
@@ -1421,75 +1479,87 @@ class serviceRenewal implements IServant {
MetaInfo metaInfo = certRecord.getMetaInfo();
if (metaInfo != null) {
- String renewed = (String)
- metaInfo.get(ICertRecord.META_RENEWED_CERT);
+ String renewed = (String) metaInfo
+ .get(ICertRecord.META_RENEWED_CERT);
if (renewed != null) {
BigInteger serial = new BigInteger(renewed);
- X509CertImpl cert = (X509CertImpl)
- mCA.getCertificateRepository().getX509Certificate(serial);
+ X509CertImpl cert = (X509CertImpl) mCA
+ .getCertificateRepository().getX509Certificate(
+ serial);
if (cert == null) {
- // something wrong
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_RENEWED", serial.toString()));
- svcerrors[i] = new ECAException(
- CMS.getUserMessage("CMS_CA_ERROR_GETTING_RENEWED_CERT",
- oldSerialNo.toString(), serial.toString())).toString();
+ // something wrong
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_MISSING_RENEWED",
+ serial.toString()));
+ svcerrors[i] = new ECAException(CMS.getUserMessage(
+ "CMS_CA_ERROR_GETTING_RENEWED_CERT",
+ oldSerialNo.toString(), serial.toString()))
+ .toString();
continue;
}
// get cert record
- CertRecord cRecord = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(serial);
+ CertRecord cRecord = (CertRecord) mCA
+ .getCertificateRepository()
+ .readCertificateRecord(serial);
if (cRecord == null) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", serial.toString()));
- svcerrors[i] = new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
- serial.toString())).toString();
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA",
+ serial.toString()));
+ svcerrors[i] = new ECAException(CMS.getUserMessage(
+ "CMS_CA_CANT_FIND_CERT_SERIAL",
+ serial.toString())).toString();
continue;
}
// Check renewed certificate already REVOKED or EXPIRED
String status = cRecord.getStatus();
- if (status.equals(ICertRecord.STATUS_REVOKED) ||
- status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ if (status.equals(ICertRecord.STATUS_REVOKED)
+ || status
+ .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
Debug.trace("It is already revoked or Expired !!!");
- } // it is still new ... So just return this certificate to user
- else {
+ } // it is still new ... So just return this certificate
+ // to user
+ else {
Debug.trace("It is still new !!!");
issuedCerts[i] = cert;
continue;
- }
+ }
}
}
// issue the cert.
- issuedCerts[i] =
- mService.issueX509Cert(rid, certinfos[i], true, oldSerialNo);
+ issuedCerts[i] = mService.issueX509Cert(rid, certinfos[i],
+ true, oldSerialNo);
mService.storeX509Cert(rid, issuedCerts[i], true, oldSerialNo);
} catch (ECAException e) {
svcerrors[i] = e.toString();
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request.getRequestId().toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request
+ .getRequestId().toString()));
}
}
-
+
// always set issued certs regardless of error.
request.setExtData(IRequest.ISSUED_CERTS, issuedCerts);
// set and throw error if any.
int l;
- for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--);
+ for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--)
+ ;
if (l >= 0) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_RENEW", request.getRequestId().toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_NO_RENEW", request.getRequestId().toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_RENEW_FAILED"));
}
return true;
}
}
-
class getCertsForChallenge implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1499,21 +1569,20 @@ class getCertsForChallenge implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
- BigInteger[] serialNoArray =
- request.getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY);
- X509CertImpl[] certs = new X509CertImpl[serialNoArray.length];
+ public boolean service(IRequest request) throws EBaseException {
+ BigInteger[] serialNoArray = request
+ .getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY);
+ X509CertImpl[] certs = new X509CertImpl[serialNoArray.length];
for (int i = 0; i < serialNoArray.length; i++) {
- certs[i] = mCA.getCertificateRepository().getX509Certificate(serialNoArray[i]);
+ certs[i] = mCA.getCertificateRepository().getX509Certificate(
+ serialNoArray[i]);
}
request.setExtData(IRequest.OLD_CERTS, certs);
return true;
}
}
-
class getCertStatus implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1526,8 +1595,8 @@ class getCertStatus implements IServant {
public boolean service(IRequest request) throws EBaseException {
BigInteger serialno = request.getExtDataInBigInteger("serialNumber");
String issuerDN = request.getExtDataInString("issuerDN");
- CertificateRepository certDB = (CertificateRepository)
- mCA.getCertificateRepository();
+ CertificateRepository certDB = (CertificateRepository) mCA
+ .getCertificateRepository();
String status = null;
@@ -1552,13 +1621,12 @@ class getCertStatus implements IServant {
}
}
}
-
+
request.setExtData(IRequest.CERT_STATUS, status);
return true;
}
}
-
class serviceCheckChallenge implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1570,18 +1638,18 @@ class serviceCheckChallenge implements IServant {
try {
mSHADigest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
}
- public boolean service(IRequest request)
- throws EBaseException {
- // note: some request attributes used below are set in
- // authentication/ChallengePhraseAuthentication.java :(
+ public boolean service(IRequest request) throws EBaseException {
+ // note: some request attributes used below are set in
+ // authentication/ChallengePhraseAuthentication.java :(
BigInteger serialno = request.getExtDataInBigInteger("serialNumber");
- String pwd = request.getExtDataInString(
- CAService.CHALLENGE_PHRASE);
- CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
+ String pwd = request.getExtDataInString(CAService.CHALLENGE_PHRASE);
+ CertificateRepository certDB = (CertificateRepository) mCA
+ .getCertificateRepository();
BigInteger[] bigIntArray = null;
if (serialno != null) {
@@ -1605,14 +1673,16 @@ class serviceCheckChallenge implements IServant {
} else {
bigIntArray = new BigInteger[0];
}
- } else
+ } else
bigIntArray = new BigInteger[0];
} else {
String subjectName = request.getExtDataInString("subjectName");
if (subjectName != null) {
- String filter = "(&(x509cert.subject=" + subjectName + ")(certStatus=VALID))";
- ICertRecordList list = certDB.findCertRecordsInList(filter, null, 10);
+ String filter = "(&(x509cert.subject=" + subjectName
+ + ")(certStatus=VALID))";
+ ICertRecordList list = certDB.findCertRecordsInList(filter,
+ null, 10);
int size = list.getSize();
Enumeration en = list.getCertRecords(0, size - 1);
@@ -1637,7 +1707,7 @@ class serviceCheckChallenge implements IServant {
}
}
- if (bigIntArray == null)
+ if (bigIntArray == null)
bigIntArray = new BigInteger[0];
request.setExtData(CAService.SERIALNO_ARRAY, bigIntArray);
@@ -1645,18 +1715,19 @@ class serviceCheckChallenge implements IServant {
}
private boolean compareChallengePassword(CertRecord record, String pwd)
- throws EBaseException {
+ throws EBaseException {
MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
if (metaInfo == null) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "metaInfo"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTRIBUTE", "metaInfo"));
}
String hashpwd = hashPassword(pwd);
// got metaInfo
- String challengeString =
- (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
+ String challengeString = (String) metaInfo
+ .get(CertRecord.META_CHALLENGE_PHRASE);
if (!challengeString.equals(hashpwd)) {
return false;
@@ -1673,7 +1744,6 @@ class serviceCheckChallenge implements IServant {
}
}
-
class serviceRevoke implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1683,32 +1753,35 @@ class serviceRevoke implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
boolean sendStatus = true;
// XXX Need to think passing as array.
- // XXX every implemented according to servlet.
- RevokedCertImpl crlentries[] =
- request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
-
- if (crlentries == null ||
- crlentries.length == 0 ||
- crlentries[0] == null) {
- // XXX should this be an error ?
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId().toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ"));
+ // XXX every implemented according to servlet.
+ RevokedCertImpl crlentries[] = request
+ .getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+
+ if (crlentries == null || crlentries.length == 0
+ || crlentries[0] == null) {
+ // XXX should this be an error ?
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId()
+ .toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ"));
}
- RevokedCertImpl revokedCerts[] =
- new RevokedCertImpl[crlentries.length];
+ RevokedCertImpl revokedCerts[] = new RevokedCertImpl[crlentries.length];
String svcerrors[] = null;
for (int i = 0; i < crlentries.length; i++) {
try {
- mService.revokeCert(crlentries[i], request.getRequestId().toString());
+ mService.revokeCert(crlentries[i], request.getRequestId()
+ .toString());
revokedCerts[i] = crlentries[i];
} catch (ECAException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i), request.getRequestId().toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i),
+ request.getRequestId().toString(), e.toString()));
revokedCerts[i] = null;
if (svcerrors == null) {
svcerrors = new String[revokedCerts.length];
@@ -1723,8 +1796,7 @@ class serviceRevoke implements IServant {
// if clone ca, send revoked cert records to CLA
if (CAService.mCLAConnector != null) {
CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED"));
- BigInteger revokedCertIds[] =
- new BigInteger[revokedCerts.length];
+ BigInteger revokedCertIds[] = new BigInteger[revokedCerts.length];
for (int i = 0; i < revokedCerts.length; i++) {
revokedCertIds[i] = revokedCerts[i].getSerialNumber();
@@ -1732,16 +1804,18 @@ class serviceRevoke implements IServant {
request.deleteExtData(IRequest.CERT_INFO);
request.deleteExtData(IRequest.OLD_CERTS);
request.setExtData(IRequest.REVOKED_CERT_RECORDS, revokedCertIds);
-
- CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR"));
+
+ CMS.debug(CMS
+ .getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR"));
request.setRequestType(IRequest.CLA_CERT4CRL_REQUEST);
sendStatus = CAService.mCLAConnector.send(request);
if (sendStatus == false) {
- request.setExtData(IRequest.RESULT,
- IRequest.RES_ERROR);
- request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
+ request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
+ request.setExtData(
+ IRequest.ERROR,
+ new ECAException(CMS
+ .getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
return sendStatus;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
@@ -1767,7 +1841,6 @@ class serviceRevoke implements IServant {
}
}
-
class serviceUnrevoke implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1777,21 +1850,22 @@ class serviceUnrevoke implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
boolean sendStatus = true;
- BigInteger oldSerialNo[] =
- request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ BigInteger oldSerialNo[] = request
+ .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo == null || oldSerialNo.length < 1) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER"));
}
String svcerrors[] = null;
boolean needOldCerts = false;
- X509CertImpl oldCerts[] = request.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl oldCerts[] = request
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
if (oldCerts == null || oldCerts.length < 1) {
needOldCerts = true;
@@ -1801,19 +1875,25 @@ class serviceUnrevoke implements IServant {
for (int i = 0; i < oldSerialNo.length; i++) {
try {
if (oldSerialNo[i].compareTo(new BigInteger("0")) < 0) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER"));
}
if (needOldCerts) {
- CertRecord certRec = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo[i]);
+ CertRecord certRec = (CertRecord) mCA
+ .getCertificateRepository().readCertificateRecord(
+ oldSerialNo[i]);
oldCerts[i] = certRec.getCertificate();
}
- mService.unrevokeCert(oldSerialNo[i], request.getRequestId().toString());
+ mService.unrevokeCert(oldSerialNo[i], request.getRequestId()
+ .toString());
} catch (ECAException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_FAILED", oldSerialNo[i].toString(), request.getRequestId().toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_UNREVOKE_FAILED",
+ oldSerialNo[i].toString(), request.getRequestId()
+ .toString()));
if (svcerrors == null) {
svcerrors = new String[oldSerialNo.length];
}
@@ -1826,10 +1906,11 @@ class serviceUnrevoke implements IServant {
request.setRequestType(IRequest.CLA_UNCERT4CRL_REQUEST);
sendStatus = CAService.mCLAConnector.send(request);
if (sendStatus == false) {
- request.setExtData(IRequest.RESULT,
- IRequest.RES_ERROR);
- request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
+ request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
+ request.setExtData(
+ IRequest.ERROR,
+ new ECAException(CMS
+ .getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
return sendStatus;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
@@ -1853,7 +1934,6 @@ class serviceUnrevoke implements IServant {
}
}
-
class serviceGetCAChain implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1877,7 +1957,6 @@ class serviceGetCAChain implements IServant {
}
}
-
class serviceGetCRL implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1887,33 +1966,37 @@ class serviceGetCRL implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
try {
- ICRLIssuingPointRecord crlRec =
- (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(ICertificateAuthority.PROP_MASTER_CRL);
+ ICRLIssuingPointRecord crlRec = (ICRLIssuingPointRecord) mCA
+ .getCRLRepository().readCRLIssuingPointRecord(
+ ICertificateAuthority.PROP_MASTER_CRL);
X509CRLImpl crl = new X509CRLImpl(crlRec.getCRL());
request.setExtData(IRequest.CRL, crl.getEncoded());
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_FIND_CRL"));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString()));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_GETCRL_FIND_CRL"));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString()));
} catch (CRLException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_INST_CRL", ICertificateAuthority.PROP_MASTER_CRL));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOGOOD", ICertificateAuthority.PROP_MASTER_CRL));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_GETCRL_INST_CRL",
+ ICertificateAuthority.PROP_MASTER_CRL));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CRL_ISSUEPT_NOGOOD",
+ ICertificateAuthority.PROP_MASTER_CRL));
} catch (X509ExtensionException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC"));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_EXT_NOGOOD",
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC"));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CRL_ISSUEPT_EXT_NOGOOD",
ICertificateAuthority.PROP_MASTER_CRL));
}
return true;
}
}
-
class serviceGetRevocationInfo implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1923,20 +2006,20 @@ class serviceGetRevocationInfo implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
Enumeration enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
if (name.equals(IRequest.ISSUED_CERTS)) {
- X509CertImpl certsToCheck[] =
- request.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl certsToCheck[] = request
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
- CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
- RevocationInfo info =
- certDB.isCertificateRevoked(certsToCheck[0]);
+ CertificateRepository certDB = (CertificateRepository) mCA
+ .getCertificateRepository();
+ RevocationInfo info = certDB
+ .isCertificateRevoked(certsToCheck[0]);
if (info != null) {
RevokedCertImpl revokedCerts[] = new RevokedCertImpl[1];
@@ -1954,7 +2037,6 @@ class serviceGetRevocationInfo implements IServant {
}
}
-
class serviceGetCertificates implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1964,17 +2046,18 @@ class serviceGetCertificates implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
Enumeration enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
if (name.equals(IRequest.CERT_FILTER)) {
- String filter = request.getExtDataInString(IRequest.CERT_FILTER);
+ String filter = request
+ .getExtDataInString(IRequest.CERT_FILTER);
- CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
+ CertificateRepository certDB = (CertificateRepository) mCA
+ .getCertificateRepository();
X509CertImpl[] certs = certDB.getX509Certificates(filter);
if (certs != null) {
@@ -1986,7 +2069,6 @@ class serviceGetCertificates implements IServant {
}
}
-
class serviceCert4Crl implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1996,42 +2078,44 @@ class serviceCert4Crl implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request) throws EBaseException {
// XXX Need to think passing as array.
- // XXX every implemented according to servlet.
- BigInteger revokedCertIds[] = request.getExtDataInBigIntegerArray(
- IRequest.REVOKED_CERT_RECORDS);
- if (revokedCertIds == null ||
- revokedCertIds.length == 0) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
+ // XXX every implemented according to servlet.
+ BigInteger revokedCertIds[] = request
+ .getExtDataInBigIntegerArray(IRequest.REVOKED_CERT_RECORDS);
+ if (revokedCertIds == null || revokedCertIds.length == 0) {
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId()
+ .toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
}
CertRecord revokedCertRecs[] = new CertRecord[revokedCertIds.length];
for (int i = 0; i < revokedCertIds.length; i++) {
- revokedCertRecs[i] = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(
- revokedCertIds[i]);
+ revokedCertRecs[i] = (CertRecord) mCA.getCertificateRepository()
+ .readCertificateRecord(revokedCertIds[i]);
}
- if (revokedCertRecs == null ||
- revokedCertRecs.length == 0 ||
- revokedCertRecs[0] == null) {
- // XXX should this be an error ?
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
+ if (revokedCertRecs == null || revokedCertRecs.length == 0
+ || revokedCertRecs[0] == null) {
+ // XXX should this be an error ?
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId()
+ .toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
}
- CertRecord recordedCerts[] =
- new CertRecord[revokedCertRecs.length];
+ CertRecord recordedCerts[] = new CertRecord[revokedCertRecs.length];
String svcerrors[] = null;
for (int i = 0; i < revokedCertRecs.length; i++) {
try {
// for CLA, record it into cert repost
- ((CertificateRepository) mCA.getCertificateRepository()).addRevokedCertRecord(revokedCertRecs[i]);
- // mService.revokeCert(crlentries[i]);
+ ((CertificateRepository) mCA.getCertificateRepository())
+ .addRevokedCertRecord(revokedCertRecs[i]);
+ // mService.revokeCert(crlentries[i]);
recordedCerts[i] = revokedCertRecs[i];
// inform all CRLIssuingPoints about revoked certificate
Hashtable hips = mService.getCRLIssuingPoints();
@@ -2040,17 +2124,20 @@ class serviceCert4Crl implements IServant {
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
// form RevokedCertImpl
- RevokedCertImpl rci =
- new RevokedCertImpl(revokedCertRecs[i].getSerialNumber(),
+ RevokedCertImpl rci = new RevokedCertImpl(
+ revokedCertRecs[i].getSerialNumber(),
revokedCertRecs[i].getRevokedOn());
if (ip != null) {
- ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(), rci);
+ ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(),
+ rci);
}
}
} catch (ECAException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i), request.getRequestId().toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i),
+ request.getRequestId().toString(), e.toString()));
recordedCerts[i] = null;
if (svcerrors == null) {
svcerrors = new String[recordedCerts.length];
@@ -2058,8 +2145,8 @@ class serviceCert4Crl implements IServant {
svcerrors[i] = e.toString();
}
}
- //need to record which gets recorded and which failed...cfu
- // request.set(IRequest.REVOKED_CERTS, revokedCerts);
+ // need to record which gets recorded and which failed...cfu
+ // request.set(IRequest.REVOKED_CERTS, revokedCerts);
if (svcerrors != null) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
throw new ECAException(CMS.getUserMessage("CMS_CA_CERT4CRL_FAILED"));
@@ -2069,7 +2156,6 @@ class serviceCert4Crl implements IServant {
}
}
-
class serviceUnCert4Crl implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -2079,13 +2165,13 @@ class serviceUnCert4Crl implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
- BigInteger oldSerialNo[] =
- request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ public boolean service(IRequest request) throws EBaseException {
+ BigInteger oldSerialNo[] = request
+ .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo == null || oldSerialNo.length < 1) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
+ mCA.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER"));
}
@@ -2094,7 +2180,8 @@ class serviceUnCert4Crl implements IServant {
for (int i = 0; i < oldSerialNo.length; i++) {
try {
- mCA.getCertificateRepository().deleteCertificateRecord(oldSerialNo[i]);
+ mCA.getCertificateRepository().deleteCertificateRecord(
+ oldSerialNo[i]);
// inform all CRLIssuingPoints about unrevoked certificate
Hashtable hips = mService.getCRLIssuingPoints();
Enumeration eIPs = hips.elements();
@@ -2107,7 +2194,9 @@ class serviceUnCert4Crl implements IServant {
}
}
} catch (EBaseException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", oldSerialNo[i].toString(), e.toString()));
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_DELETE_CERT_ERROR",
+ oldSerialNo[i].toString(), e.toString()));
if (svcerrors == null) {
svcerrors = new String[oldSerialNo.length];
}
@@ -2118,10 +2207,10 @@ class serviceUnCert4Crl implements IServant {
if (svcerrors != null) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
- throw new ECAException(CMS.getUserMessage("CMS_CA_UNCERT4CRL_FAILED"));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_UNCERT4CRL_FAILED"));
}
return true;
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
index 51d03417..8b06486f 100644
--- a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
+++ b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -56,7 +55,6 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.crl.CMSIssuingDistributionPointExtension;
import com.netscape.cmscore.base.SubsystemRegistry;
-
public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_ENABLE = "enable";
public static final String PROP_EXTENSION = "extension";
@@ -65,7 +63,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_CRITICAL = "critical";
public static final String PROP_CRL_EXT = "CRLExtension";
public static final String PROP_CRL_ENTRY_EXT = "CRLEntryExtension";
-
+
private ICRLIssuingPoint mCRLIssuingPoint = null;
private IConfigStore mConfig = null;
@@ -90,101 +88,110 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
static {
/* Default CRL Extensions */
- mDefaultCRLExtensionNames.addElement(AuthorityKeyIdentifierExtension.NAME);
- mDefaultCRLExtensionNames.addElement(IssuerAlternativeNameExtension.NAME);
+ mDefaultCRLExtensionNames
+ .addElement(AuthorityKeyIdentifierExtension.NAME);
+ mDefaultCRLExtensionNames
+ .addElement(IssuerAlternativeNameExtension.NAME);
mDefaultCRLExtensionNames.addElement(CRLNumberExtension.NAME);
mDefaultCRLExtensionNames.addElement(DeltaCRLIndicatorExtension.NAME);
- mDefaultCRLExtensionNames.addElement(IssuingDistributionPointExtension.NAME);
+ mDefaultCRLExtensionNames
+ .addElement(IssuingDistributionPointExtension.NAME);
mDefaultCRLExtensionNames.addElement(FreshestCRLExtension.NAME);
mDefaultCRLExtensionNames.addElement(AuthInfoAccessExtension.NAME2);
/* Default CRL Entry Extensions */
mDefaultCRLEntryExtensionNames.addElement(CRLReasonExtension.NAME);
- //mDefaultCRLEntryExtensionNames.addElement(HoldInstructionExtension.NAME);
+ // mDefaultCRLEntryExtensionNames.addElement(HoldInstructionExtension.NAME);
mDefaultCRLEntryExtensionNames.addElement(InvalidityDateExtension.NAME);
- //mDefaultCRLEntryExtensionNames.addElement(CertificateIssuerExtension.NAME);
+ // mDefaultCRLEntryExtensionNames.addElement(CertificateIssuerExtension.NAME);
/* Default Enabled CRL Extensions */
mDefaultEnabledCRLExtensions.addElement(CRLNumberExtension.NAME);
- //mDefaultEnabledCRLExtensions.addElement(DeltaCRLIndicatorExtension.NAME);
+ // mDefaultEnabledCRLExtensions.addElement(DeltaCRLIndicatorExtension.NAME);
mDefaultEnabledCRLExtensions.addElement(CRLReasonExtension.NAME);
mDefaultEnabledCRLExtensions.addElement(InvalidityDateExtension.NAME);
/* Default Critical CRL Extensions */
- mDefaultCriticalCRLExtensions.addElement(DeltaCRLIndicatorExtension.NAME);
- mDefaultCriticalCRLExtensions.addElement(IssuingDistributionPointExtension.NAME);
- //mDefaultCriticalCRLExtensions.addElement(CertificateIssuerExtension.NAME);
+ mDefaultCriticalCRLExtensions
+ .addElement(DeltaCRLIndicatorExtension.NAME);
+ mDefaultCriticalCRLExtensions
+ .addElement(IssuingDistributionPointExtension.NAME);
+ // mDefaultCriticalCRLExtensions.addElement(CertificateIssuerExtension.NAME);
/* CRL extension IDs */
mDefaultCRLExtensionIDs.put(PKIXExtensions.AuthorityKey_Id.toString(),
- AuthorityKeyIdentifierExtension.NAME);
- mDefaultCRLExtensionIDs.put(PKIXExtensions.IssuerAlternativeName_Id.toString(),
- IssuerAlternativeNameExtension.NAME);
+ AuthorityKeyIdentifierExtension.NAME);
+ mDefaultCRLExtensionIDs.put(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ IssuerAlternativeNameExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.CRLNumber_Id.toString(),
- CRLNumberExtension.NAME);
- mDefaultCRLExtensionIDs.put(PKIXExtensions.DeltaCRLIndicator_Id.toString(),
- DeltaCRLIndicatorExtension.NAME);
- mDefaultCRLExtensionIDs.put(PKIXExtensions.IssuingDistributionPoint_Id.toString(),
- IssuingDistributionPointExtension.NAME);
+ CRLNumberExtension.NAME);
+ mDefaultCRLExtensionIDs.put(
+ PKIXExtensions.DeltaCRLIndicator_Id.toString(),
+ DeltaCRLIndicatorExtension.NAME);
+ mDefaultCRLExtensionIDs.put(
+ PKIXExtensions.IssuingDistributionPoint_Id.toString(),
+ IssuingDistributionPointExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.ReasonCode_Id.toString(),
- CRLReasonExtension.NAME);
- mDefaultCRLExtensionIDs.put(PKIXExtensions.HoldInstructionCode_Id.toString(),
- HoldInstructionExtension.NAME);
- mDefaultCRLExtensionIDs.put(PKIXExtensions.InvalidityDate_Id.toString(),
- InvalidityDateExtension.NAME);
- //mDefaultCRLExtensionIDs.put(PKIXExtensions.CertificateIssuer_Id.toString(),
- // CertificateIssuerExtension.NAME);
+ CRLReasonExtension.NAME);
+ mDefaultCRLExtensionIDs.put(
+ PKIXExtensions.HoldInstructionCode_Id.toString(),
+ HoldInstructionExtension.NAME);
+ mDefaultCRLExtensionIDs.put(
+ PKIXExtensions.InvalidityDate_Id.toString(),
+ InvalidityDateExtension.NAME);
+ // mDefaultCRLExtensionIDs.put(PKIXExtensions.CertificateIssuer_Id.toString(),
+ // CertificateIssuerExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.FreshestCRL_Id.toString(),
- FreshestCRLExtension.NAME);
+ FreshestCRLExtension.NAME);
mDefaultCRLExtensionIDs.put(AuthInfoAccessExtension.ID.toString(),
- AuthInfoAccessExtension.NAME2);
+ AuthInfoAccessExtension.NAME2);
/* Class names */
- mDefaultCRLExtensionClassNames.put(AuthorityKeyIdentifierExtension.NAME,
- "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+ mDefaultCRLExtensionClassNames.put(
+ AuthorityKeyIdentifierExtension.NAME,
+ "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
mDefaultCRLExtensionClassNames.put(IssuerAlternativeNameExtension.NAME,
- "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+ "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
mDefaultCRLExtensionClassNames.put(CRLNumberExtension.NAME,
- "com.netscape.cms.crl.CMSCRLNumberExtension");
+ "com.netscape.cms.crl.CMSCRLNumberExtension");
mDefaultCRLExtensionClassNames.put(DeltaCRLIndicatorExtension.NAME,
- "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
- mDefaultCRLExtensionClassNames.put(IssuingDistributionPointExtension.NAME,
- "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+ "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+ mDefaultCRLExtensionClassNames.put(
+ IssuingDistributionPointExtension.NAME,
+ "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
mDefaultCRLExtensionClassNames.put(CRLReasonExtension.NAME,
- "com.netscape.cms.crl.CMSCRLReasonExtension");
+ "com.netscape.cms.crl.CMSCRLReasonExtension");
mDefaultCRLExtensionClassNames.put(HoldInstructionExtension.NAME,
- "com.netscape.cms.crl.CMSHoldInstructionExtension");
+ "com.netscape.cms.crl.CMSHoldInstructionExtension");
mDefaultCRLExtensionClassNames.put(InvalidityDateExtension.NAME,
- "com.netscape.cms.crl.CMSInvalidityDateExtension");
- //mDefaultCRLExtensionClassNames.put(CertificateIssuerExtension.NAME,
- // "com.netscape.cms.crl.CMSCertificateIssuerExtension");
+ "com.netscape.cms.crl.CMSInvalidityDateExtension");
+ // mDefaultCRLExtensionClassNames.put(CertificateIssuerExtension.NAME,
+ // "com.netscape.cms.crl.CMSCertificateIssuerExtension");
mDefaultCRLExtensionClassNames.put(FreshestCRLExtension.NAME,
- "com.netscape.cms.crl.CMSFreshestCRLExtension");
+ "com.netscape.cms.crl.CMSFreshestCRLExtension");
mDefaultCRLExtensionClassNames.put(AuthInfoAccessExtension.NAME2,
- "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
+ "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
try {
OIDMap.addAttribute(DeltaCRLIndicatorExtension.class.getName(),
- DeltaCRLIndicatorExtension.OID,
- DeltaCRLIndicatorExtension.NAME);
+ DeltaCRLIndicatorExtension.OID,
+ DeltaCRLIndicatorExtension.NAME);
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(HoldInstructionExtension.class.getName(),
- HoldInstructionExtension.OID,
- HoldInstructionExtension.NAME);
+ HoldInstructionExtension.OID, HoldInstructionExtension.NAME);
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(InvalidityDateExtension.class.getName(),
- InvalidityDateExtension.OID,
- InvalidityDateExtension.NAME);
+ InvalidityDateExtension.OID, InvalidityDateExtension.NAME);
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(FreshestCRLExtension.class.getName(),
- FreshestCRLExtension.OID,
- FreshestCRLExtension.NAME);
+ FreshestCRLExtension.OID, FreshestCRLExtension.NAME);
} catch (CertificateException e) {
}
}
@@ -192,15 +199,16 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
/**
* Constructs a CRL extensions for CRL issuing point.
*/
- public CMSCRLExtensions(ICRLIssuingPoint crlIssuingPoint, IConfigStore config) {
+ public CMSCRLExtensions(ICRLIssuingPoint crlIssuingPoint,
+ IConfigStore config) {
boolean modifiedConfig = false;
- mConfig = config;
+ mConfig = config;
mCRLExtConfig = config.getSubStore(PROP_EXTENSION);
mCRLIssuingPoint = crlIssuingPoint;
- IConfigStore mFileConfig =
- SubsystemRegistry.getInstance().get("MAIN").getConfigStore();
+ IConfigStore mFileConfig = SubsystemRegistry.getInstance().get("MAIN")
+ .getConfigStore();
IConfigStore crlExtConfig = (IConfigStore) mFileConfig;
StringTokenizer st = new StringTokenizer(mCRLExtConfig.getName(), ".");
@@ -212,13 +220,13 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
if (newConfig != null) {
crlExtConfig = newConfig;
}
- }
+ }
if (crlExtConfig != null) {
Enumeration<String> enumExts = crlExtConfig.getSubStoreNames();
while (enumExts.hasMoreElements()) {
- String extName = enumExts.nextElement();
+ String extName = enumExts.nextElement();
IConfigStore extConfig = crlExtConfig.getSubStore(extName);
if (extConfig != null) {
@@ -233,7 +241,9 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
try {
mFileConfig.commit(true);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF",
+ e.toString()));
}
}
}
@@ -247,26 +257,38 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mEnabledCRLExtensions.addElement(extName);
}
} catch (EPropertyNotFound e) {
- extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_ENABLE,
+ mDefaultEnabledCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultEnabledCRLExtensions.contains(extName)) {
mEnabledCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_NO_ENABLE", extName,
+ mDefaultEnabledCRLExtensions.contains(extName) ? "true"
+ : "false"));
} catch (EPropertyNotDefined e) {
- extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_ENABLE,
+ mDefaultEnabledCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultEnabledCRLExtensions.contains(extName)) {
mEnabledCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_UNDEFINE_ENABLE", extName,
+ mDefaultEnabledCRLExtensions.contains(extName) ? "true"
+ : "false"));
} catch (EBaseException e) {
- extConfig.putBoolean(PROP_ENABLE, mDefaultEnabledCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_ENABLE,
+ mDefaultEnabledCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultEnabledCRLExtensions.contains(extName)) {
mEnabledCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_ENABLE", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INVALID_ENABLE", extName,
+ mDefaultEnabledCRLExtensions.contains(extName) ? "true"
+ : "false"));
}
return modifiedConfig;
}
@@ -279,26 +301,38 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mCriticalCRLExtensions.addElement(extName);
}
} catch (EPropertyNotFound e) {
- extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_CRITICAL,
+ mDefaultCriticalCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultCriticalCRLExtensions.contains(extName)) {
mCriticalCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_NO_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_NO_CRITICAL", extName,
+ mDefaultEnabledCRLExtensions.contains(extName) ? "true"
+ : "false"));
} catch (EPropertyNotDefined e) {
- extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_CRITICAL,
+ mDefaultCriticalCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultCriticalCRLExtensions.contains(extName)) {
mCriticalCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_UNDEFINE_CRITICAL", extName,
+ mDefaultEnabledCRLExtensions.contains(extName) ? "true"
+ : "false"));
} catch (EBaseException e) {
- extConfig.putBoolean(PROP_CRITICAL, mDefaultCriticalCRLExtensions.contains(extName));
+ extConfig.putBoolean(PROP_CRITICAL,
+ mDefaultCriticalCRLExtensions.contains(extName));
modifiedConfig = true;
if (mDefaultCriticalCRLExtensions.contains(extName)) {
mCriticalCRLExtensions.addElement(extName);
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_CRITICAL", extName, mDefaultEnabledCRLExtensions.contains(extName) ? "true" : "false"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INVALID_CRITICAL", extName,
+ mDefaultEnabledCRLExtensions.contains(extName) ? "true"
+ : "false"));
}
return modifiedConfig;
}
@@ -319,18 +353,24 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
extConfig.putString(PROP_TYPE, PROP_CRL_ENTRY_EXT);
modifiedConfig = true;
mCRLEntryExtensionNames.addElement(extName);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_ENTRY_EXT));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName,
+ PROP_CRL_ENTRY_EXT));
} else if (mDefaultCRLExtensionNames.contains(extName)) {
extConfig.putString(PROP_TYPE, PROP_CRL_EXT);
modifiedConfig = true;
mCRLExtensionNames.addElement(extName);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, PROP_CRL_EXT));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName,
+ PROP_CRL_EXT));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
}
}
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_UNDEFINE_EXT", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_UNDEFINE_EXT", extName));
}
} catch (EPropertyNotFound e) {
if (mDefaultCRLEntryExtensionNames.contains(extName)) {
@@ -340,9 +380,11 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
extConfig.putString(PROP_TYPE, PROP_CRL_EXT);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_MISSING_EXT", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_MISSING_EXT", extName));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INVALID_EXT", extName, ""));
}
return modifiedConfig;
}
@@ -357,13 +399,14 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mCRLExtensionClassNames.put(extName, extClass);
try {
- Class<ICMSCRLExtension> crlExtClass = (Class<ICMSCRLExtension>) Class.forName(extClass);
+ Class<ICMSCRLExtension> crlExtClass = (Class<ICMSCRLExtension>) Class
+ .forName(extClass);
if (crlExtClass != null) {
- ICMSCRLExtension cmsCRLExt = crlExtClass.newInstance();
+ ICMSCRLExtension cmsCRLExt = crlExtClass.newInstance();
if (cmsCRLExt != null) {
- String id = cmsCRLExt.getCRLExtOID();
+ String id = cmsCRLExt.getCRLExtOID();
if (id != null) {
mCRLExtensionIDs.put(id, extName);
@@ -371,37 +414,48 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
}
} catch (ClassCastException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", extClass, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", extClass,
+ e.toString()));
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", extClass, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", extClass,
+ e.toString()));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", extClass, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", extClass,
+ e.toString()));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", extClass, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", extClass,
+ e.toString()));
}
} else {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mCRLExtensionClassNames.get(extName);
+ extClass = mCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_DEFINED", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_DEFINED", extName));
}
} catch (EPropertyNotFound e) {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mDefaultCRLExtensionClassNames.get(extName);
+ extClass = mDefaultCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_MISSING", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_MISSING", extName));
} catch (EBaseException e) {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mDefaultCRLExtensionClassNames.get(extName);
+ extClass = mDefaultCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_INVALID", extName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_INVALID", extName));
}
return modifiedConfig;
}
@@ -415,9 +469,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public boolean isCRLExtensionEnabled(String extName) {
- return ((mCRLExtensionNames.contains(extName) ||
- mCRLEntryExtensionNames.contains(extName)) &&
- mEnabledCRLExtensions.contains(extName));
+ return ((mCRLExtensionNames.contains(extName) || mCRLEntryExtensionNames
+ .contains(extName)) && mEnabledCRLExtensions.contains(extName));
}
public boolean isCRLExtensionCritical(String extName) {
@@ -428,7 +481,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
String name = null;
if (mCRLExtensionIDs.containsKey(id)) {
- name = mCRLExtensionIDs.get(id);
+ name = mCRLExtensionIDs.get(id);
}
return name;
}
@@ -438,29 +491,34 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public Vector<String> getCRLEntryExtensionNames() {
- return new Vector<String>( mCRLEntryExtensionNames);
+ return new Vector<String>(mCRLEntryExtensionNames);
}
- public void addToCRLExtensions(CRLExtensions crlExts, String extName, Extension ext) {
+ public void addToCRLExtensions(CRLExtensions crlExts, String extName,
+ Extension ext) {
if (mCRLExtensionClassNames.containsKey(extName)) {
- String name = mCRLExtensionClassNames.get(extName);
+ String name = mCRLExtensionClassNames.get(extName);
try {
- Class<ICMSCRLExtension > extClass = (Class<ICMSCRLExtension>) Class.forName(name);
+ Class<ICMSCRLExtension> extClass = (Class<ICMSCRLExtension>) Class
+ .forName(name);
if (extClass != null) {
ICMSCRLExtension cmsCRLExt = extClass.newInstance();
if (cmsCRLExt != null) {
if (ext != null) {
- if (isCRLExtensionCritical(extName) ^ ext.isCritical()) {
- ext = (Extension) cmsCRLExt.setCRLExtensionCriticality(
- ext, isCRLExtensionCritical(extName));
+ if (isCRLExtensionCritical(extName)
+ ^ ext.isCritical()) {
+ ext = (Extension) cmsCRLExt
+ .setCRLExtensionCriticality(ext,
+ isCRLExtensionCritical(extName));
}
} else {
- ext = (Extension) cmsCRLExt.getCRLExtension(mCRLExtConfig.getSubStore(extName),
- mCRLIssuingPoint,
- isCRLExtensionCritical(extName));
+ ext = (Extension) cmsCRLExt.getCRLExtension(
+ mCRLExtConfig.getSubStore(extName),
+ mCRLIssuingPoint,
+ isCRLExtensionCritical(extName));
}
if (crlExts != null && ext != null) {
@@ -469,15 +527,24 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
}
} catch (ClassCastException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_INCORRECT_CLASS", name,
+ e.toString()));
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name,
+ e.toString()));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST",
+ name, e.toString()));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name,
+ e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_ADD", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_ADD", name, e.toString()));
}
}
}
@@ -485,22 +552,18 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
public NameValuePairs getConfigParams(String id) {
NameValuePairs nvp = null;
- if (mCRLEntryExtensionNames.contains(id) ||
- mCRLExtensionNames.contains(id)) {
+ if (mCRLEntryExtensionNames.contains(id)
+ || mCRLExtensionNames.contains(id)) {
nvp = new NameValuePairs();
/*
- if (mCRLEntryExtensionNames.contains(id)) {
- nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLEntryExtension");
- } else {
- nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLExtension");
- }
-
- if (mCRLEntryExtensionNames.contains(id)) {
- nvp.add(PROP_TYPE, "CRLEntryExtension");
- } else {
- nvp.add(PROP_TYPE, "CRLExtension");
- }
+ * if (mCRLEntryExtensionNames.contains(id)) {
+ * nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLEntryExtension"); }
+ * else { nvp.add(Constants.PR_CRLEXT_IMPL_NAME, "CRLExtension"); }
+ *
+ * if (mCRLEntryExtensionNames.contains(id)) { nvp.add(PROP_TYPE,
+ * "CRLEntryExtension"); } else { nvp.add(PROP_TYPE,
+ * "CRLExtension"); }
*/
if (mEnabledCRLExtensions.contains(id)) {
@@ -515,7 +578,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
if (mCRLExtensionClassNames.containsKey(id)) {
- String name = mCRLExtensionClassNames.get(id);
+ String name = mCRLExtensionClassNames.get(id);
if (name != null) {
@@ -523,18 +586,26 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
Class<?> extClass = Class.forName(name);
if (extClass != null) {
- ICMSCRLExtension cmsCRLExt = (ICMSCRLExtension) extClass.newInstance();
+ ICMSCRLExtension cmsCRLExt = (ICMSCRLExtension) extClass
+ .newInstance();
if (cmsCRLExt != null) {
- cmsCRLExt.getConfigParams(mCRLExtConfig.getSubStore(id), nvp);
+ cmsCRLExt.getConfigParams(
+ mCRLExtConfig.getSubStore(id), nvp);
}
}
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_FOUND", name,
+ e.toString()));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_INST", name,
+ e.toString()));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_CLASS_NOT_ACCESS", name,
+ e.toString()));
}
int i = name.lastIndexOf('.');
@@ -552,13 +623,15 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
return nvp;
}
- public void setConfigParams(String id, NameValuePairs nvp, IConfigStore config) {
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ public void setConfigParams(String id, NameValuePairs nvp,
+ IConfigStore config) {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
String ipId = nvp.getValue("id");
- ICRLIssuingPoint ip = null;
- if(ipId != null && ca != null) {
- ip = ca.getCRLIssuingPoint(ipId);
+ ICRLIssuingPoint ip = null;
+ if (ipId != null && ca != null) {
+ ip = ca.getCRLIssuingPoint(ipId);
}
for (int i = 0; i < nvp.size(); i++) {
@@ -567,8 +640,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
String value = p.getValue();
if (name.equals(PROP_ENABLE)) {
- if (!(value.equals(Constants.TRUE) ||
- value.equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) || value
+ .equals(Constants.FALSE))) {
continue;
}
if (value.equals(Constants.TRUE)) {
@@ -582,8 +655,8 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
if (name.equals(PROP_CRITICAL)) {
- if (!(value.equals(Constants.TRUE) ||
- value.equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) || value
+ .equals(Constants.FALSE))) {
continue;
}
if (value.equals(Constants.TRUE)) {
@@ -595,68 +668,82 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
mCriticalCRLExtensions.remove(id);
}
}
- //Sync the onlyContainsCACerts with similar property in CRLIssuingPoint
- //called caCertsOnly.
- if(name.equals(CMSIssuingDistributionPointExtension.PROP_CACERTS)) {
+ // Sync the onlyContainsCACerts with similar property in
+ // CRLIssuingPoint
+ // called caCertsOnly.
+ if (name.equals(CMSIssuingDistributionPointExtension.PROP_CACERTS)) {
NameValuePairs crlIssuingPointPairs = null;
boolean crlCACertsOnly = false;
boolean issuingDistPointExtEnabled = false;
- CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip.getCRLExtensions();
- if(cmsCRLExtensions != null) {
- issuingDistPointExtEnabled = cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
+ CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip
+ .getCRLExtensions();
+ if (cmsCRLExtensions != null) {
+ issuingDistPointExtEnabled = cmsCRLExtensions
+ .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
}
- CMS.debug("issuingDistPointExtEnabled = " + issuingDistPointExtEnabled);
+ CMS.debug("issuingDistPointExtEnabled = "
+ + issuingDistPointExtEnabled);
- if (!(value.equals(Constants.TRUE) ||
- value.equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) || value
+ .equals(Constants.FALSE))) {
continue;
}
- //Get value of caCertsOnly from CRLIssuingPoint
- if((ip != null) && (issuingDistPointExtEnabled == true)) {
+ // Get value of caCertsOnly from CRLIssuingPoint
+ if ((ip != null) && (issuingDistPointExtEnabled == true)) {
crlCACertsOnly = ip.isCACertsOnly();
CMS.debug("CRLCACertsOnly is: " + crlCACertsOnly);
crlIssuingPointPairs = new NameValuePairs();
-
+
}
String newValue = "";
boolean modifiedCRLConfig = false;
- //If the CRLCACertsOnly prop is false change it to true to sync.
- if(value.equals(Constants.TRUE) && (issuingDistPointExtEnabled == true)) {
- if(crlCACertsOnly == false) {
+ // If the CRLCACertsOnly prop is false change it to true to
+ // sync.
+ if (value.equals(Constants.TRUE)
+ && (issuingDistPointExtEnabled == true)) {
+ if (crlCACertsOnly == false) {
CMS.debug(" value = true and CRLCACertsOnly is already false.");
- crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY, Constants.TRUE);
+ crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY,
+ Constants.TRUE);
newValue = Constants.TRUE;
ip.updateConfig(crlIssuingPointPairs);
modifiedCRLConfig = true;
}
}
- //If the CRLCACertsOnly prop is true change it to false to sync.
- if(value.equals(Constants.FALSE) && (issuingDistPointExtEnabled == true)) {
- crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY, Constants.FALSE);
- if(ip != null) {
+ // If the CRLCACertsOnly prop is true change it to false to
+ // sync.
+ if (value.equals(Constants.FALSE)
+ && (issuingDistPointExtEnabled == true)) {
+ crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY,
+ Constants.FALSE);
+ if (ip != null) {
ip.updateConfig(crlIssuingPointPairs);
newValue = Constants.FALSE;
modifiedCRLConfig = true;
}
}
-
- if(modifiedCRLConfig == true) {
- //Commit to this CRL IssuingPoint's config store
- ICertificateAuthority CA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+
+ if (modifiedCRLConfig == true) {
+ // Commit to this CRL IssuingPoint's config store
+ ICertificateAuthority CA = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
IConfigStore crlsSubStore = CA.getConfigStore();
- crlsSubStore = crlsSubStore.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ crlsSubStore = crlsSubStore
+ .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
crlsSubStore = crlsSubStore.getSubStore(ipId);
try {
- crlsSubStore.putString(Constants.PR_CA_CERTS_ONLY,newValue);
+ crlsSubStore.putString(Constants.PR_CA_CERTS_ONLY,
+ newValue);
crlsSubStore.commit(true);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
}
}
}
@@ -691,7 +778,6 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSCRLExtension - " + msg);
+ "CMSCRLExtension - " + msg);
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
index bc859910..064832fe 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
@@ -86,18 +85,17 @@ import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.util.Debug;
/**
- * This class encapsulates CRL issuing mechanism. CertificateAuthority
- * contains a map of CRLIssuingPoint indexed by string ids. Each issuing
- * point contains information about CRL issuing and publishing parameters
- * as well as state information which includes last issued CRL, next CRL
- * serial number, time of the next update etc.
- * If autoUpdateInterval is set to non-zero value then worker thread
- * is created that will perform CRL update at scheduled intervals. Update
- * can also be triggered by invoking updateCRL method directly. Another
- * parameter minUpdateInterval can be used to prevent CRL
- * from being updated too often
+ * This class encapsulates CRL issuing mechanism. CertificateAuthority contains
+ * a map of CRLIssuingPoint indexed by string ids. Each issuing point contains
+ * information about CRL issuing and publishing parameters as well as state
+ * information which includes last issued CRL, next CRL serial number, time of
+ * the next update etc. If autoUpdateInterval is set to non-zero value then
+ * worker thread is created that will perform CRL update at scheduled intervals.
+ * Update can also be triggered by invoking updateCRL method directly. Another
+ * parameter minUpdateInterval can be used to prevent CRL from being updated too
+ * often
* <P>
- *
+ *
* @author awnuk
* @author lhsiao
* @author galperin
@@ -134,8 +132,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
protected String mId = null;
/**
- * Reference to the CertificateAuthority instance which owns this
- * issuing point.
+ * Reference to the CertificateAuthority instance which owns this issuing
+ * point.
*/
protected ICertificateAuthority mCA = null;
@@ -162,16 +160,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* CRL cache
*/
- private Hashtable<BigInteger,RevokedCertificate> mCRLCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger,RevokedCertificate> mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger,RevokedCertificate> mUnrevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger,RevokedCertificate> mExpiredCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mCRLCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mUnrevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mExpiredCerts = new Hashtable<BigInteger, RevokedCertificate>();
private boolean mIncludeExpiredCerts = false;
private boolean mIncludeExpiredCertsOneExtraTime = false;
private boolean mCACertsOnly = false;
private boolean mProfileCertsOnly = false;
- private Vector<String> mProfileList = null;
+ private Vector<String> mProfileList = null;
/**
* Enable CRL cache.
@@ -179,7 +177,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mEnableCRLCache = true;
private boolean mCRLCacheIsCleared = true;
private boolean mEnableCacheRecovery = false;
- private String mFirstUnsaved = null;
+ private String mFirstUnsaved = null;
private boolean mEnableCacheTesting = false;
/**
@@ -188,8 +186,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private long mLastCacheUpdate = 0;
/**
- * Time interval in milliseconds between consequential CRL cache
- * updates performed automatically.
+ * Time interval in milliseconds between consequential CRL cache updates
+ * performed automatically.
*/
private long mCacheUpdateInterval;
@@ -208,7 +206,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* Enable CRL daily updates at listed times.
*/
private boolean mEnableDailyUpdates = false;
- private Vector<Vector<Integer>> mDailyUpdates = null;
+ private Vector<Vector<Integer>> mDailyUpdates = null;
private int mCurrentDay = 0;
private int mLastDay = 0;
private int mTimeListSize = 0;
@@ -220,14 +218,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mEnableUpdateFreq = false;
/**
- * Time interval in milliseconds between consequential CRL Enable CRL daily update at updates
- * performed automatically.
+ * Time interval in milliseconds between consequential CRL Enable CRL daily
+ * update at updates performed automatically.
*/
private long mAutoUpdateInterval;
/**
- * Minimum time interval in milliseconds between consequential
- * CRL updates (manual or automatic).
+ * Minimum time interval in milliseconds between consequential CRL updates
+ * (manual or automatic).
*/
private long mMinUpdateInterval;
@@ -239,17 +237,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* next update grace period
*/
- private long mNextUpdateGracePeriod;
+ private long mNextUpdateGracePeriod;
/**
- * Boolean flag controlling whether CRLv2 extensions are to be
- * used in CRL.
+ * Boolean flag controlling whether CRLv2 extensions are to be used in CRL.
*/
private boolean mAllowExtensions = false;
/**
- * DN of the directory entry where CRLs from this issuing point
- * are published.
+ * DN of the directory entry where CRLs from this issuing point are
+ * published.
*/
private String mPublishDN = null;
@@ -262,7 +259,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Cached value of the CRL extensions to be placed in CRL
*/
- //protected CRLExtensions mCrlExtensions;
+ // protected CRLExtensions mCrlExtensions;
/**
* CRL number
@@ -297,7 +294,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private Thread mUpdateThread = null;
/**
- * for going one more round when auto-interval is set to 0 (turned off)
+ * for going one more round when auto-interval is set to 0 (turned off)
*/
private boolean mDoLastAutoUpdate = false;
@@ -313,15 +310,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private long mDeltaCRLSize = -1;
/**
- * update status, publishing status Strings to store in requests to
- * display result.
+ * update status, publishing status Strings to store in requests to display
+ * result.
*/
private String mCrlUpdateStatus;
private String mCrlUpdateError;
private String mCrlPublishStatus;
private String mCrlPublishError;
- /**
+ /**
* begin, end serial number range of revoked certs if any.
*/
protected BigInteger mBeginSerial = null;
@@ -330,7 +327,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private int mUpdatingCRL = CRL_UPDATE_DONE;
private boolean mDoManualUpdate = false;
- private String mSignatureAlgorithmForManualUpdate = null;
+ private String mSignatureAlgorithmForManualUpdate = null;
private boolean mPublishOnStart = false;
private long[] mSplits = new long[10];
@@ -338,8 +335,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mSaveMemory = false;
/**
- * Constructs a CRL issuing point from instantiating from class name.
- * CRL Issuing point must be followed by method call init(CA, id, config);
+ * Constructs a CRL issuing point from instantiating from class name. CRL
+ * Issuing point must be followed by method call init(CA, id, config);
*/
public CRLIssuingPoint() {
}
@@ -398,39 +395,41 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public boolean isProfileCertsOnly() {
- return (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0);
+ return (mProfileCertsOnly && mProfileList != null && mProfileList
+ .size() > 0);
}
public boolean checkCurrentProfile(String id) {
boolean b = false;
- if (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0) {
+ if (mProfileCertsOnly && mProfileList != null
+ && mProfileList.size() > 0) {
for (int k = 0; k < mProfileList.size(); k++) {
String profileId = mProfileList.elementAt(k);
- if (id != null && profileId != null && profileId.equalsIgnoreCase(id)) {
+ if (id != null && profileId != null
+ && profileId.equalsIgnoreCase(id)) {
b = true;
break;
}
}
}
-
+
return b;
}
-
/**
* Initializes a CRL issuing point config.
* <P>
- *
- * @param ca reference to CertificateAuthority instance which
- * owns this issuing point.
+ *
+ * @param ca reference to CertificateAuthority instance which owns this
+ * issuing point.
* @param id string id of this CRL issuing point.
* @param config configuration of this CRL issuing point.
* @exception EBaseException if initialization failed
* @exception IOException
*/
- public void init(ISubsystem ca, String id, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem ca, String id, IConfigStore config)
+ throws EBaseException {
mCA = (ICertificateAuthority) ca;
mId = id;
@@ -448,17 +447,19 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mConfigStore = config;
- IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
- mPageSize = crlSubStore.getInteger(ICertificateAuthority.PROP_CRL_PAGE_SIZE, CRL_PAGE_SIZE);
- CMS.debug("CRL Page Size: "+ mPageSize);
+ IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(
+ ICertificateAuthority.PROP_CRL_SUBSTORE);
+ mPageSize = crlSubStore.getInteger(
+ ICertificateAuthority.PROP_CRL_PAGE_SIZE, CRL_PAGE_SIZE);
+ CMS.debug("CRL Page Size: " + mPageSize);
- mCountMod = config.getInteger("countMod",0);
+ mCountMod = config.getInteger("countMod", 0);
mCRLRepository = mCA.getCRLRepository();
mCertRepository = mCA.getCertificateRepository();
((CertificateRepository) mCertRepository).addCRLIssuingPoint(mId, this);
mPublisherProcessor = mCA.getPublisherProcessor();
- //mCRLPublisher = mCA.getCRLPublisher();
+ // mCRLPublisher = mCA.getCRLPublisher();
((CAService) mCA.getCAService()).addCRLIssuingPoint(mId, this);
// read in config parameters.
@@ -469,8 +470,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
String crlListName = lname + "_" + mId;
if (mCA.getRequestListener(crlListName) == null) {
- mCA.registerRequestListener(
- crlListName, new RevocationRequestListener());
+ mCA.registerRequestListener(crlListName,
+ new RevocationRequestListener());
}
for (int i = 0; i < mSplits.length; i++) {
@@ -481,52 +482,62 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
setAutoUpdates();
}
-
private int checkTime(String time) {
String digits = "0123456789";
int len = time.length();
- if (len < 3 || len > 5) return -1;
+ if (len < 3 || len > 5)
+ return -1;
int s = time.indexOf(':');
- if (s < 0 || s > 2 || (len - s) != 3) return -1;
+ if (s < 0 || s > 2 || (len - s) != 3)
+ return -1;
int h = 0;
for (int i = 0; i < s; i++) {
h *= 10;
int k = digits.indexOf(time.charAt(i));
- if (k < 0) return -1;
+ if (k < 0)
+ return -1;
h += k;
}
- if (h > 23) return -1;
+ if (h > 23)
+ return -1;
int m = 0;
- for (int i = s+1; i < len; i++) {
+ for (int i = s + 1; i < len; i++) {
m *= 10;
int k = digits.indexOf(time.charAt(i));
- if (k < 0) return -1;
+ if (k < 0)
+ return -1;
m += k;
}
- if (m > 59) return -1;
+ if (m > 59)
+ return -1;
return ((h * 60) + m);
}
- private boolean areTimeListsIdentical(Vector<Vector<Integer>> list1, Vector<Vector<Integer>> list2) {
+ private boolean areTimeListsIdentical(Vector<Vector<Integer>> list1,
+ Vector<Vector<Integer>> list2) {
boolean identical = true;
- if (list1 == null || list2 == null) identical = false;
- if (identical && list1.size() != list2.size()) identical = false;
+ if (list1 == null || list2 == null)
+ identical = false;
+ if (identical && list1.size() != list2.size())
+ identical = false;
for (int i = 0; identical && i < list1.size(); i++) {
Vector<Integer> times1 = list1.elementAt(i);
Vector<Integer> times2 = list2.elementAt(i);
- if (times1.size() != times2.size()) identical = false;
+ if (times1.size() != times2.size())
+ identical = false;
for (int j = 0; identical && j < times1.size(); j++) {
- if ((((times1.elementAt(j))).intValue()) != (((times2.elementAt(j))).intValue())) {
+ if ((((times1.elementAt(j))).intValue()) != (((times2
+ .elementAt(j))).intValue())) {
identical = false;
}
}
}
- CMS.debug("areTimeListsIdentical: identical: "+identical);
+ CMS.debug("areTimeListsIdentical: identical: " + identical);
return identical;
}
@@ -535,23 +546,25 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
int listSize = 0;
for (int i = 0; listedDays != null && i < listedDays.size(); i++) {
Vector<Integer> listedTimes = listedDays.elementAt(i);
- listSize += ((listedTimes != null)? listedTimes.size(): 0);
+ listSize += ((listedTimes != null) ? listedTimes.size() : 0);
}
- CMS.debug("getTimeListSize: ListSize="+listSize);
+ CMS.debug("getTimeListSize: ListSize=" + listSize);
return listSize;
}
private boolean isTimeListExtended(String list) {
- boolean extendedTimeList = true;
- if (list == null || list.indexOf('*') == -1)
- extendedTimeList = false;
- return extendedTimeList;
+ boolean extendedTimeList = true;
+ if (list == null || list.indexOf('*') == -1)
+ extendedTimeList = false;
+ return extendedTimeList;
}
private Vector<Vector<Integer>> getTimeList(String list) {
boolean timeListPresent = false;
- if (list == null || list.length() == 0) return null;
- if (list.charAt(0) == ',' || list.charAt(list.length()-1) == ',') return null;
+ if (list == null || list.length() == 0)
+ return null;
+ if (list.charAt(0) == ',' || list.charAt(list.length() - 1) == ',')
+ return null;
Vector<Vector<Integer>> listedDays = new Vector<Vector<Integer>>();
@@ -559,7 +572,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Vector<Integer> listedTimes = null;
while (days.hasMoreTokens()) {
String dayList = days.nextToken().trim();
- if (dayList == null) continue;
+ if (dayList == null)
+ continue;
if (dayList.equals(";")) {
if (timeListPresent) {
@@ -588,7 +602,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
return null;
} else {
if (t > t0) {
- listedTimes.addElement(new Integer(k*t));
+ listedTimes.addElement(new Integer(k * t));
t0 = t;
} else {
return null;
@@ -598,7 +612,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (!timeListPresent) {
listedTimes = new Vector<Integer>();
- listedDays.addElement(listedTimes);
+ listedDays.addElement(listedTimes);
}
return listedDays;
@@ -607,7 +621,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private String checkProfile(String id, Enumeration<String> e) {
if (e != null) {
while (e.hasMoreElements()) {
- String profileId = e.nextElement();
+ String profileId = e.nextElement();
if (profileId != null && profileId.equalsIgnoreCase(id))
return id;
}
@@ -618,9 +632,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private Vector<String> getProfileList(String list) {
Enumeration<String> e = null;
IConfigStore pc = CMS.getConfigStore().getSubStore("profile");
- if (pc != null) e = pc.getSubStoreNames();
- if (list == null) return null;
- if (list.length() > 0 && list.charAt(list.length()-1) == ',') return null;
+ if (pc != null)
+ e = pc.getSubStoreNames();
+ if (list == null)
+ return null;
+ if (list.length() > 0 && list.charAt(list.length() - 1) == ',')
+ return null;
Vector<String> listedProfiles = new Vector<String>();
@@ -629,8 +646,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
int n = 0;
while (elements.hasMoreTokens()) {
String element = elements.nextToken().trim();
- if (element == null || element.length() == 0) return null;
- if (element.equals(",") && n % 2 == 0) return null;
+ if (element == null || element.length() == 0)
+ return null;
+ if (element.equals(",") && n % 2 == 0)
+ return null;
if (n % 2 == 0) {
String id = checkProfile(element, e);
if (id != null) {
@@ -639,26 +658,28 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
n++;
}
- if (n % 2 == 0) return null;
+ if (n % 2 == 0)
+ return null;
return listedProfiles;
}
-
/**
* get CRL config store info
*/
- protected void initConfig(IConfigStore config)
- throws EBaseException {
+ protected void initConfig(IConfigStore config) throws EBaseException {
mEnable = config.getBoolean(Constants.PR_ENABLE, true);
mDescription = config.getString(Constants.PR_DESCRIPTION);
// Get CRL cache config.
mEnableCRLCache = config.getBoolean(Constants.PR_ENABLE_CACHE, true);
- mCacheUpdateInterval = MINUTE * config.getInteger(Constants.PR_CACHE_FREQ, 0);
- mEnableCacheRecovery = config.getBoolean(Constants.PR_CACHE_RECOVERY, false);
- mEnableCacheTesting = config.getBoolean(Constants.PR_CACHE_TESTING, false);
+ mCacheUpdateInterval = MINUTE
+ * config.getInteger(Constants.PR_CACHE_FREQ, 0);
+ mEnableCacheRecovery = config.getBoolean(Constants.PR_CACHE_RECOVERY,
+ false);
+ mEnableCacheTesting = config.getBoolean(Constants.PR_CACHE_TESTING,
+ false);
// check if CRL generation is enabled
mEnableCRLUpdates = config.getBoolean(Constants.PR_ENABLE_CRL, true);
@@ -671,34 +692,43 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mAlwaysUpdate = config.getBoolean(Constants.PR_UPDATE_ALWAYS, false);
// Get list of daily updates.
- mEnableDailyUpdates = config.getBoolean(Constants.PR_ENABLE_DAILY, false);
+ mEnableDailyUpdates = config.getBoolean(Constants.PR_ENABLE_DAILY,
+ false);
String daily = config.getString(Constants.PR_DAILY_UPDATES, null);
mDailyUpdates = getTimeList(daily);
mExtendedTimeList = isTimeListExtended(daily);
mTimeListSize = getTimeListSize(mDailyUpdates);
- if (mDailyUpdates == null || mDailyUpdates.isEmpty() || mTimeListSize == 0) {
+ if (mDailyUpdates == null || mDailyUpdates.isEmpty()
+ || mTimeListSize == 0) {
mEnableDailyUpdates = false;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
}
// Get auto update interval in minutes.
mEnableUpdateFreq = config.getBoolean(Constants.PR_ENABLE_FREQ, true);
- mAutoUpdateInterval = MINUTE * config.getInteger(Constants.PR_UPDATE_FREQ, 0);
- mMinUpdateInterval = MINUTE * config.getInteger(PROP_MIN_UPDATE_INTERVAL, 0);
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
- mAutoUpdateInterval < mMinUpdateInterval)
+ mAutoUpdateInterval = MINUTE
+ * config.getInteger(Constants.PR_UPDATE_FREQ, 0);
+ mMinUpdateInterval = MINUTE
+ * config.getInteger(PROP_MIN_UPDATE_INTERVAL, 0);
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0
+ && mAutoUpdateInterval < mMinUpdateInterval)
mAutoUpdateInterval = mMinUpdateInterval;
- // get next update grace period
- mNextUpdateGracePeriod = MINUTE * config.getInteger(Constants.PR_GRACE_PERIOD, 0);
+ // get next update grace period
+ mNextUpdateGracePeriod = MINUTE
+ * config.getInteger(Constants.PR_GRACE_PERIOD, 0);
- // Get V2 or V1 CRL
+ // Get V2 or V1 CRL
mAllowExtensions = config.getBoolean(Constants.PR_EXTENSIONS, false);
- mIncludeExpiredCerts = config.getBoolean(Constants.PR_INCLUDE_EXPIREDCERTS, false);
- mIncludeExpiredCertsOneExtraTime = config.getBoolean(Constants.PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME, false);
+ mIncludeExpiredCerts = config.getBoolean(
+ Constants.PR_INCLUDE_EXPIREDCERTS, false);
+ mIncludeExpiredCertsOneExtraTime = config.getBoolean(
+ Constants.PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME, false);
mCACertsOnly = config.getBoolean(Constants.PR_CA_CERTS_ONLY, false);
- mProfileCertsOnly = config.getBoolean(Constants.PR_PROFILE_CERTS_ONLY, false);
+ mProfileCertsOnly = config.getBoolean(Constants.PR_PROFILE_CERTS_ONLY,
+ false);
if (mProfileCertsOnly) {
String profiles = config.getString(Constants.PR_PROFILE_LIST, null);
mProfileList = getProfileList(profiles);
@@ -707,16 +737,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// Get default signing algorithm.
// check if algorithm is supported.
mSigningAlgorithm = mCA.getCRLSigningUnit().getDefaultAlgorithm();
- String algorithm = config.getString(Constants.PR_SIGNING_ALGORITHM, null);
+ String algorithm = config.getString(Constants.PR_SIGNING_ALGORITHM,
+ null);
if (algorithm != null) {
- // make sure this algorithm is acceptable to CA.
+ // make sure this algorithm is acceptable to CA.
mCA.getCRLSigningUnit().checkSigningAlgorithmFromName(algorithm);
mSigningAlgorithm = algorithm;
}
mPublishOnStart = config.getBoolean(PROP_PUBLISH_ON_START, false);
- // if publish dn is null then certificate will be published to
+ // if publish dn is null then certificate will be published to
// CA's entry in the directory.
mPublishDN = config.getString(PROP_PUBLISH_DN, null);
@@ -724,30 +755,28 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mCMSCRLExtensions = new CMSCRLExtensions(this, config);
- mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled())?
- config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true):
- false;
+ mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ? config
+ .getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) : false;
// Get serial number ranges if any.
mBeginSerial = config.getBigInteger(PROP_BEGIN_SERIAL, null);
if (mBeginSerial != null && mBeginSerial.compareTo(BigInteger.ZERO) < 0) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
- PROP_BEGIN_SERIAL, "BigInteger", "positive number"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_PROPERTY_1", PROP_BEGIN_SERIAL,
+ "BigInteger", "positive number"));
}
mEndSerial = config.getBigInteger(PROP_END_SERIAL, null);
if (mEndSerial != null && mEndSerial.compareTo(BigInteger.ZERO) < 0) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
- PROP_END_SERIAL, "BigInteger", "positive number"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_PROPERTY_1", PROP_END_SERIAL,
+ "BigInteger", "positive number"));
}
}
/**
- * Reads CRL issuing point, if missing, it creates one.
- * Initializes CRL cache and republishes CRL if requested
- * Called from auto update thread (run()).
- * Do not call it from init(), because it will block CMS on start.
+ * Reads CRL issuing point, if missing, it creates one. Initializes CRL
+ * cache and republishes CRL if requested Called from auto update thread
+ * (run()). Do not call it from init(), because it will block CMS on start.
*/
private void initCRL() {
ICRLIssuingPointRecord crlRecord = null;
@@ -757,12 +786,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
crlRecord = mCRLRepository.readCRLIssuingPointRecord(mId);
} catch (EDBNotAvailException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_INST_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_INST_CRL",
+ e.toString()));
mInitialized = CRL_IP_INITIALIZATION_FAILED;
return;
} catch (EBaseException e) {
// CRL was never set.
- // fall to the following..
+ // fall to the following..
}
if (crlRecord != null) {
@@ -802,16 +833,19 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mNextUpdate = crlRecord.getNextUpdate();
if (isDeltaCRLEnabled()) {
- mNextDeltaUpdate = (mNextUpdate != null)? new Date(mNextUpdate.getTime()): null;
+ mNextDeltaUpdate = (mNextUpdate != null) ? new Date(
+ mNextUpdate.getTime()) : null;
}
mFirstUnsaved = crlRecord.getFirstUnsaved();
if (Debug.on()) {
- Debug.trace("initCRL CRLNumber="+mCRLNumber.toString()+" CRLSize="+mCRLSize+
- " FirstUnsaved="+mFirstUnsaved);
+ Debug.trace("initCRL CRLNumber=" + mCRLNumber.toString()
+ + " CRLSize=" + mCRLSize + " FirstUnsaved="
+ + mFirstUnsaved);
}
- if (mFirstUnsaved == null ||
- (mFirstUnsaved != null && mFirstUnsaved.equals(ICRLIssuingPointRecord.NEW_CACHE))) {
+ if (mFirstUnsaved == null
+ || (mFirstUnsaved != null && mFirstUnsaved
+ .equals(ICRLIssuingPointRecord.NEW_CACHE))) {
clearCRLCache();
updateCRLCacheRepository();
} else {
@@ -825,10 +859,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
x509crl = new X509CRLImpl(crl);
} catch (Exception e) {
clearCRLCache();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_DECODE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_DECODE_CRL",
+ e.toString()));
} catch (OutOfMemoryError e) {
clearCRLCache();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_DECODE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_DECODE_CRL",
+ e.toString()));
mInitialized = CRL_IP_INITIALIZATION_FAILED;
return;
}
@@ -836,7 +874,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (x509crl != null) {
mLastFullUpdate = x509crl.getThisUpdate();
if (mEnableCRLCache) {
- if (mCRLCacheIsCleared && mUpdatingCRL == CRL_UPDATE_DONE) {
+ if (mCRLCacheIsCleared
+ && mUpdatingCRL == CRL_UPDATE_DONE) {
mRevokedCerts = crlRecord.getRevokedCerts();
if (mRevokedCerts == null) {
mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
@@ -852,9 +891,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (isDeltaCRLEnabled()) {
mNextUpdate = x509crl.getNextUpdate();
}
- mCRLCerts = x509crl.getListOfRevokedCertificates();
+ mCRLCerts = x509crl
+ .getListOfRevokedCertificates();
}
- if (mFirstUnsaved != null && !mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
+ if (mFirstUnsaved != null
+ && !mFirstUnsaved
+ .equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
recoverCRLCache();
} else {
mCRLCacheIsCleared = false;
@@ -867,10 +909,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
x509crl = null;
} catch (EBaseException e) {
x509crl = null;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_PUBLISH_CRL",
+ mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
x509crl = null;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_PUBLISH_CRL",
+ mCRLNumber.toString(), e.toString()));
}
}
}
@@ -879,30 +925,33 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (crlRecord == null) {
- // no crl was ever created, or crl in db is corrupted.
+ // no crl was ever created, or crl in db is corrupted.
// create new one.
try {
- crlRecord = new CRLIssuingPointRecord(mId, BigInteger.ZERO, Long.valueOf(-1),
- null, null, BigInteger.ZERO, Long.valueOf(-1),
- mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
+ crlRecord = new CRLIssuingPointRecord(mId, BigInteger.ZERO,
+ Long.valueOf(-1), null, null, BigInteger.ZERO,
+ Long.valueOf(-1), mRevokedCerts, mUnrevokedCerts,
+ mExpiredCerts);
mCRLRepository.addCRLIssuingPointRecord(crlRecord);
- mCRLNumber = BigInteger.ZERO; //BIG_ZERO;
- mNextCRLNumber = BigInteger.ONE; //BIG_ONE;
+ mCRLNumber = BigInteger.ZERO; // BIG_ZERO;
+ mNextCRLNumber = BigInteger.ONE; // BIG_ONE;
mLastCRLNumber = mCRLNumber;
mDeltaCRLNumber = mCRLNumber;
mNextDeltaCRLNumber = mNextCRLNumber;
mLastUpdate = new Date(0L);
if (crlRecord != null) {
- // This will trigger updateCRLNow, which will also publish CRL.
- if ((mDoManualUpdate == false) &&
- (mEnableCRLCache || mAlwaysUpdate ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
+ // This will trigger updateCRLNow, which will also publish
+ // CRL.
+ if ((mDoManualUpdate == false)
+ && (mEnableCRLCache || mAlwaysUpdate || (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
mInitialized = CRL_IP_INITIALIZED;
setManualUpdate(null);
}
}
} catch (EBaseException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_CREATE_CRL", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_CREATE_CRL",
+ ex.toString()));
mInitialized = CRL_IP_INITIALIZATION_FAILED;
return;
}
@@ -921,13 +970,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
NameValuePair p = params.elementAt(i);
String name = p.getName();
String value = p.getValue();
-
+
// -- Update Schema --
if (name.equals(Constants.PR_ENABLE_CRL)) {
if (value.equals(Constants.FALSE) && mEnableCRLUpdates) {
mEnableCRLUpdates = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE) && (!mEnableCRLUpdates)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mEnableCRLUpdates)) {
mEnableCRLUpdates = true;
modifiedSchedule = true;
}
@@ -951,7 +1001,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_EXTENDED_NEXT_UPDATE)) {
if (value.equals(Constants.FALSE) && mExtendedNextUpdate) {
mExtendedNextUpdate = false;
- } else if (value.equals(Constants.TRUE) && (!mExtendedNextUpdate)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mExtendedNextUpdate)) {
mExtendedNextUpdate = true;
}
}
@@ -969,7 +1020,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (value.equals(Constants.FALSE) && mEnableDailyUpdates) {
mEnableDailyUpdates = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE) && (!mEnableDailyUpdates)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mEnableDailyUpdates)) {
mEnableDailyUpdates = true;
modifiedSchedule = true;
}
@@ -989,9 +1041,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mTimeListSize = getTimeListSize(mDailyUpdates);
modifiedSchedule = true;
}
- if (mDailyUpdates == null || mDailyUpdates.isEmpty() || mTimeListSize == 0) {
+ if (mDailyUpdates == null || mDailyUpdates.isEmpty()
+ || mTimeListSize == 0) {
mEnableDailyUpdates = false;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_INVALID_TIME_LIST"));
}
}
@@ -999,7 +1053,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (value.equals(Constants.FALSE) && mEnableUpdateFreq) {
mEnableUpdateFreq = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE) && (!mEnableUpdateFreq)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mEnableUpdateFreq)) {
mEnableUpdateFreq = true;
modifiedSchedule = true;
}
@@ -1027,7 +1082,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_GRACE_PERIOD)) {
try {
if (value != null && value.length() > 0) {
- mNextUpdateGracePeriod = MINUTE * Long.parseLong(value.trim());
+ mNextUpdateGracePeriod = MINUTE
+ * Long.parseLong(value.trim());
}
} catch (NumberFormatException e) {
noRestart = false;
@@ -1041,7 +1097,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLCacheRepository();
mEnableCRLCache = false;
modifiedSchedule = true;
- } else if (value.equals(Constants.TRUE) && (!mEnableCRLCache)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mEnableCRLCache)) {
clearCRLCache();
updateCRLCacheRepository();
mEnableCRLCache = true;
@@ -1066,7 +1123,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_CACHE_RECOVERY)) {
if (value.equals(Constants.FALSE) && mEnableCacheRecovery) {
mEnableCacheRecovery = false;
- } else if (value.equals(Constants.TRUE) && (!mEnableCacheRecovery)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mEnableCacheRecovery)) {
mEnableCacheRecovery = true;
}
}
@@ -1077,14 +1135,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLCacheRepository();
mEnableCacheTesting = false;
setManualUpdate(null);
- } else if (value.equals(Constants.TRUE) && (!mEnableCacheTesting)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mEnableCacheTesting)) {
mEnableCacheTesting = true;
}
}
// -- CRL Format --
if (name.equals(Constants.PR_SIGNING_ALGORITHM)) {
- if (value != null) value = value.trim();
+ if (value != null)
+ value = value.trim();
if (!mSigningAlgorithm.equals(value)) {
mSigningAlgorithm = value;
}
@@ -1095,7 +1155,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clearCRLCache();
updateCRLCacheRepository();
mAllowExtensions = false;
- } else if (value.equals(Constants.TRUE) && (!mAllowExtensions)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mAllowExtensions)) {
clearCRLCache();
updateCRLCacheRepository();
mAllowExtensions = true;
@@ -1107,7 +1168,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clearCRLCache();
updateCRLCacheRepository();
mIncludeExpiredCerts = false;
- } else if (value.equals(Constants.TRUE) && (!mIncludeExpiredCerts)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mIncludeExpiredCerts)) {
clearCRLCache();
updateCRLCacheRepository();
mIncludeExpiredCerts = true;
@@ -1115,9 +1177,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (name.equals(Constants.PR_INCLUDE_EXPIREDCERTS_ONEEXTRATIME)) {
- if (value.equals(Constants.FALSE) && mIncludeExpiredCertsOneExtraTime) {
+ if (value.equals(Constants.FALSE)
+ && mIncludeExpiredCertsOneExtraTime) {
mIncludeExpiredCertsOneExtraTime = false;
- } else if (value.equals(Constants.TRUE) && (!mIncludeExpiredCertsOneExtraTime)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mIncludeExpiredCertsOneExtraTime)) {
mIncludeExpiredCertsOneExtraTime = true;
}
}
@@ -1125,9 +1189,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_CA_CERTS_ONLY)) {
Extension distExt = getCRLExtension(IssuingDistributionPointExtension.NAME);
IssuingDistributionPointExtension iExt = (IssuingDistributionPointExtension) distExt;
- IssuingDistributionPoint issuingDistributionPoint = null;
- if(iExt != null)
- issuingDistributionPoint = iExt.getIssuingDistributionPoint();
+ IssuingDistributionPoint issuingDistributionPoint = null;
+ if (iExt != null)
+ issuingDistributionPoint = iExt
+ .getIssuingDistributionPoint();
if (value.equals(Constants.FALSE) && mCACertsOnly) {
clearCRLCache();
updateCRLCacheRepository();
@@ -1137,27 +1202,31 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLCacheRepository();
mCACertsOnly = true;
}
- //attempt to sync the IssuingDistributionPoint Extension value of
- //onlyContainsCACerts
- if(issuingDistributionPoint != null && params.size() > 1) {
- boolean onlyContainsCACerts = issuingDistributionPoint.getOnlyContainsCACerts();
- if(onlyContainsCACerts != mCACertsOnly) {
+ // attempt to sync the IssuingDistributionPoint Extension
+ // value of
+ // onlyContainsCACerts
+ if (issuingDistributionPoint != null && params.size() > 1) {
+ boolean onlyContainsCACerts = issuingDistributionPoint
+ .getOnlyContainsCACerts();
+ if (onlyContainsCACerts != mCACertsOnly) {
IConfigStore config = mCA.getConfigStore();
- IConfigStore crlsSubStore =
- config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
- IConfigStore crlSubStore = crlsSubStore.getSubStore(mId);
- IConfigStore crlExtsSubStore =
- crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
- crlExtsSubStore = crlExtsSubStore.getSubStore(IssuingDistributionPointExtension.NAME);
-
- if(crlExtsSubStore != null) {
+ IConfigStore crlsSubStore = config
+ .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = crlsSubStore
+ .getSubStore(mId);
+ IConfigStore crlExtsSubStore = crlSubStore
+ .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+ crlExtsSubStore = crlExtsSubStore
+ .getSubStore(IssuingDistributionPointExtension.NAME);
+
+ if (crlExtsSubStore != null) {
String val = "";
- if(mCACertsOnly == true) {
+ if (mCACertsOnly == true) {
val = Constants.TRUE;
} else {
val = Constants.FALSE;
}
- crlExtsSubStore.putString(PROP_CACERTS,val);
+ crlExtsSubStore.putString(PROP_CACERTS, val);
try {
crlExtsSubStore.commit(true);
} catch (Exception e) {
@@ -1172,7 +1241,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clearCRLCache();
updateCRLCacheRepository();
mProfileCertsOnly = false;
- } else if (value.equals(Constants.TRUE) && (!mProfileCertsOnly)) {
+ } else if (value.equals(Constants.TRUE)
+ && (!mProfileCertsOnly)) {
clearCRLCache();
updateCRLCacheRepository();
mProfileCertsOnly = true;
@@ -1181,12 +1251,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_PROFILE_LIST)) {
Vector<String> profileList = getProfileList(value);
- if (((profileList != null) ^ (mProfileList != null)) ||
- (profileList != null && mProfileList != null &&
- (!mProfileList.equals(profileList)))) {
+ if (((profileList != null) ^ (mProfileList != null))
+ || (profileList != null && mProfileList != null && (!mProfileList
+ .equals(profileList)))) {
if (profileList != null) {
@SuppressWarnings("unchecked")
- Vector<String> newProfileList = (Vector<String>) profileList.clone();
+ Vector<String> newProfileList = (Vector<String>) profileList
+ .clone();
mProfileList = newProfileList;
} else {
mProfileList = null;
@@ -1196,12 +1267,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (mProfileList == null || mProfileList.isEmpty()) {
mProfileCertsOnly = false;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_PROFILE_LIST"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_INVALID_PROFILE_LIST"));
}
}
}
- if (modifiedSchedule) setAutoUpdates();
+ if (modifiedSchedule)
+ setAutoUpdates();
return noRestart;
}
@@ -1220,20 +1293,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
setAutoUpdates();
/*
- if (mUpdateThread != null) {
- try {
- mUpdateThread.interrupt();
- }
- catch (Exception e) {
- }
- }
- */
+ * if (mUpdateThread != null) { try { mUpdateThread.interrupt(); } catch
+ * (Exception e) { } }
+ */
}
/**
* Returns internal id of this CRL issuing point.
* <P>
- *
+ *
* @return internal id of this CRL issuing point
*/
public String getId() {
@@ -1243,7 +1311,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns internal description of this CRL issuing point.
* <P>
- *
+ *
* @return internal description of this CRL issuing point
*/
public String getDescription() {
@@ -1252,7 +1320,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Sets internal description of this CRL issuing point.
- *
+ *
* @param description description for this CRL issuing point.
*/
public void setDescription(String description) {
@@ -1260,10 +1328,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Returns DN of the directory entry where CRLs.from this issuing point
- * are published.
+ * Returns DN of the directory entry where CRLs.from this issuing point are
+ * published.
* <P>
- *
+ *
* @return DN of the directory entry where CRLs are published.
*/
public String getPublishDN() {
@@ -1273,7 +1341,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns signing algorithm.
* <P>
- *
+ *
* @return SigningAlgorithm.
*/
public String getSigningAlgorithm() {
@@ -1287,7 +1355,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current CRL generation schema for this CRL issuing point.
* <P>
- *
+ *
* @return current CRL generation schema for this CRL issuing point
*/
public int getCRLSchema() {
@@ -1297,7 +1365,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return current CRL number of this CRL issuing point
*/
public BigInteger getCRLNumber() {
@@ -1307,17 +1375,18 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current delta CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return current delta CRL number of this CRL issuing point
*/
public BigInteger getDeltaCRLNumber() {
- return (isDeltaCRLEnabled() && mDeltaCRLSize > -1)? mDeltaCRLNumber: BigInteger.ZERO;
+ return (isDeltaCRLEnabled() && mDeltaCRLSize > -1) ? mDeltaCRLNumber
+ : BigInteger.ZERO;
}
/**
* Returns next CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return next CRL number of this CRL issuing point
*/
public BigInteger getNextCRLNumber() {
@@ -1327,17 +1396,18 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns number of entries in the CRL
* <P>
- *
+ *
* @return number of entries in the CRL
*/
public long getCRLSize() {
- return (mCRLCerts.size() > 0 && mCRLSize == 0)? mCRLCerts.size(): mCRLSize;
+ return (mCRLCerts.size() > 0 && mCRLSize == 0) ? mCRLCerts.size()
+ : mCRLSize;
}
/**
* Returns number of entries in delta CRL
* <P>
- *
+ *
* @return number of entries in delta CRL
*/
public long getDeltaCRLSize() {
@@ -1347,7 +1417,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns last update time
* <P>
- *
+ *
* @return last CRL update time
*/
public Date getLastUpdate() {
@@ -1357,7 +1427,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns next update time
* <P>
- *
+ *
* @return next CRL update time
*/
public Date getNextUpdate() {
@@ -1367,7 +1437,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns next update time
* <P>
- *
+ *
* @return next CRL update time
*/
public Date getNextDeltaUpdate() {
@@ -1377,14 +1447,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns all the revoked certificates from the CRL cache.
* <P>
- *
+ *
* @return set of all the revoked certificates or null if there are none.
*/
public Set<RevokedCertificate> getRevokedCertificates(int start, int end) {
if (mCRLCacheIsCleared || mCRLCerts == null || mCRLCerts.isEmpty()) {
return null;
} else {
- Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>(mCRLCerts.values());
+ Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>(
+ mCRLCerts.values());
return certSet;
}
}
@@ -1392,7 +1463,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns certificate authority.
* <P>
- *
+ *
* @return certificate authority
*/
public ISubsystem getCertificateAuthority() {
@@ -1404,29 +1475,27 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
*/
private synchronized void setAutoUpdates() {
- if ((mEnable && mUpdateThread == null) &&
- ((mEnableCRLCache && mCacheUpdateInterval > 0) ||
- (mEnableCRLUpdates &&
- ((mEnableDailyUpdates && mDailyUpdates != null &&
- mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
- (mInitialized == CRL_IP_NOT_INITIALIZED) ||
- mDoLastAutoUpdate || mDoManualUpdate)))) {
+ if ((mEnable && mUpdateThread == null)
+ && ((mEnableCRLCache && mCacheUpdateInterval > 0) || (mEnableCRLUpdates && ((mEnableDailyUpdates
+ && mDailyUpdates != null && mTimeListSize > 0)
+ || (mEnableUpdateFreq && mAutoUpdateInterval > 0)
+ || (mInitialized == CRL_IP_NOT_INITIALIZED)
+ || mDoLastAutoUpdate || mDoManualUpdate)))) {
mUpdateThread = new Thread(this, "CRLIssuingPoint-" + mId);
- log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_ISSUING_START_CRL", mId));
+ log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_START_CRL", mId));
mUpdateThread.setDaemon(true);
mUpdateThread.start();
}
- if ((mInitialized == CRL_IP_INITIALIZED) && (((mNextUpdate != null) ^
- ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0))) ||
- (!mEnableCRLUpdates && mNextUpdate != null))) {
- mDoLastAutoUpdate = true;
+ if ((mInitialized == CRL_IP_INITIALIZED)
+ && (((mNextUpdate != null) ^ ((mEnableDailyUpdates
+ && mDailyUpdates != null && mTimeListSize > 0) || (mEnableUpdateFreq && mAutoUpdateInterval > 0))) || (!mEnableCRLUpdates && mNextUpdate != null))) {
+ mDoLastAutoUpdate = true;
}
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
- mAutoUpdateInterval < mMinUpdateInterval) {
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0
+ && mAutoUpdateInterval < mMinUpdateInterval) {
mAutoUpdateInterval = mMinUpdateInterval;
}
@@ -1434,14 +1503,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Sets CRL manual-update
- * Starts or stops worker thread as necessary.
+ * Sets CRL manual-update Starts or stops worker thread as necessary.
*/
public synchronized void setManualUpdate(String signatureAlgorithm) {
if (!mDoManualUpdate) {
mDoManualUpdate = true;
mSignatureAlgorithmForManualUpdate = signatureAlgorithm;
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0 && mUpdateThread != null) {
+ if (mEnableUpdateFreq && mAutoUpdateInterval > 0
+ && mUpdateThread != null) {
notifyAll();
} else {
setAutoUpdates();
@@ -1453,13 +1522,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* @return auto update interval in milliseconds.
*/
public long getAutoUpdateInterval() {
- return (mEnableUpdateFreq)? mAutoUpdateInterval: 0;
+ return (mEnableUpdateFreq) ? mAutoUpdateInterval : 0;
}
/**
- * @return always update the CRL
+ * @return always update the CRL
*/
- public boolean getAlwaysUpdate() {
+ public boolean getAlwaysUpdate() {
return mAlwaysUpdate;
}
@@ -1473,11 +1542,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Finds next update time expressed as delay or time of the next update.
- *
- * @param fromLastUpdate if true, function returns delay to the next update time
- * otherwise returns the next update time.
- * @param delta if true, function returns the next update time for delta CRL,
- * otherwise returns the next update time for CRL.
+ *
+ * @param fromLastUpdate if true, function returns delay to the next update
+ * time otherwise returns the next update time.
+ * @param delta if true, function returns the next update time for delta
+ * CRL, otherwise returns the next update time for CRL.
* @return delay to the next update time or the next update time itself
*/
private long findNextUpdate(boolean fromLastUpdate, boolean delta) {
@@ -1485,52 +1554,61 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
TimeZone tz = TimeZone.getDefault();
int offset = tz.getOffset(now);
long oneDay = 1440L * MINUTE;
- long nowToday = (now + (long)offset) % oneDay;
+ long nowToday = (now + (long) offset) % oneDay;
long startOfToday = now - nowToday;
- long lastUpdated = (mLastUpdate != null)? mLastUpdate.getTime(): now;
- long lastUpdateDay = lastUpdated - ((lastUpdated + (long)offset) % oneDay);
+ long lastUpdated = (mLastUpdate != null) ? mLastUpdate.getTime() : now;
+ long lastUpdateDay = lastUpdated
+ - ((lastUpdated + (long) offset) % oneDay);
- long lastUpdate = (mLastUpdate != null && fromLastUpdate)? mLastUpdate.getTime(): now;
- long last = (lastUpdate + (long)offset) % oneDay;
+ long lastUpdate = (mLastUpdate != null && fromLastUpdate) ? mLastUpdate
+ .getTime() : now;
+ long last = (lastUpdate + (long) offset) % oneDay;
long lastDay = lastUpdate - last;
boolean isDeltaEnabled = isDeltaCRLEnabled();
long next = 0L;
long nextUpdate = 0L;
- CMS.debug("findNextUpdate: fromLastUpdate: "+fromLastUpdate+" delta: "+delta);
+ CMS.debug("findNextUpdate: fromLastUpdate: " + fromLastUpdate
+ + " delta: " + delta);
- int numberOfDays = (int)((startOfToday - lastUpdateDay) / oneDay);
- if (numberOfDays > 0 && mDailyUpdates.size() > 1 &&
- ((mCurrentDay == mLastDay) ||
- (mCurrentDay != ((mLastDay + numberOfDays) % mDailyUpdates.size())))) {
+ int numberOfDays = (int) ((startOfToday - lastUpdateDay) / oneDay);
+ if (numberOfDays > 0
+ && mDailyUpdates.size() > 1
+ && ((mCurrentDay == mLastDay) || (mCurrentDay != ((mLastDay + numberOfDays) % mDailyUpdates
+ .size())))) {
mCurrentDay = (mLastDay + numberOfDays) % mDailyUpdates.size();
}
- if ((delta || fromLastUpdate) && isDeltaEnabled &&
- (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) &&
- mNextDeltaUpdate != null) {
+ if ((delta || fromLastUpdate)
+ && isDeltaEnabled
+ && (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList))
+ && mNextDeltaUpdate != null) {
nextUpdate = mNextDeltaUpdate.getTime();
} else if (mNextUpdate != null) {
nextUpdate = mNextUpdate.getTime();
}
- if (mEnableDailyUpdates &&
- mDailyUpdates != null && mDailyUpdates.size() > 0) {
+ if (mEnableDailyUpdates && mDailyUpdates != null
+ && mDailyUpdates.size() > 0) {
int n = 0;
- if (mDailyUpdates.size() == 1 && mDailyUpdates.elementAt(0).size() == 1 &&
- mEnableUpdateFreq && mAutoUpdateInterval > 0) {
+ if (mDailyUpdates.size() == 1
+ && mDailyUpdates.elementAt(0).size() == 1
+ && mEnableUpdateFreq && mAutoUpdateInterval > 0) {
// Interval updates with starting time
- long firstTime = MINUTE * ((Integer)mDailyUpdates.elementAt(0).elementAt(0)).longValue();
+ long firstTime = MINUTE
+ * ((Integer) mDailyUpdates.elementAt(0).elementAt(0))
+ .longValue();
long t = firstTime;
long interval = mAutoUpdateInterval;
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) &&
- isDeltaEnabled && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta)
+ && isDeltaEnabled && mUpdateSchema > 1) {
interval *= mUpdateSchema;
}
- while (t < oneDay) {
- if (t - mMinUpdateInterval > last) break;
+ while (t < oneDay) {
+ if (t - mMinUpdateInterval > last)
+ break;
t += interval;
n++;
}
@@ -1542,7 +1620,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (t == firstTime) {
mSchemaCounter = 0;
} else if (n != mSchemaCounter) {
- if (mSchemaCounter != 0 && (mSchemaCounter < n || n == 0)) {
+ if (mSchemaCounter != 0
+ && (mSchemaCounter < n || n == 0)) {
mSchemaCounter = n;
}
}
@@ -1564,9 +1643,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
// search the current day
for (i = 0; i < mDailyUpdates.elementAt(mCurrentDay).size(); i++) {
- long t = MINUTE * ((Integer)mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue();
+ long t = MINUTE
+ * ((Integer) mDailyUpdates.elementAt(mCurrentDay)
+ .elementAt(i)).longValue();
if (mEnableDailyUpdates && mExtendedTimeList) {
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled) {
+ if (mExtendedNextUpdate && (!fromLastUpdate)
+ && (!delta) && isDeltaEnabled) {
if (t < 0) {
t *= -1;
} else {
@@ -1579,8 +1661,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
if (t - mMinUpdateInterval > last) {
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) && (!delta) &&
- isDeltaEnabled && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate
+ && (!fromLastUpdate)
+ && (!(mEnableDailyUpdates && mExtendedTimeList))
+ && (!delta) && isDeltaEnabled
+ && mUpdateSchema > 1) {
i += mUpdateSchema - ((i + m) % mUpdateSchema);
}
break;
@@ -1590,21 +1675,26 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (i < mDailyUpdates.elementAt(mCurrentDay).size()) {
// found inside the current day
- next = (MINUTE * ((Integer)mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue());
+ next = (MINUTE * ((Integer) mDailyUpdates.elementAt(
+ mCurrentDay).elementAt(i)).longValue());
if (mEnableDailyUpdates && mExtendedTimeList && next < 0) {
next *= -1;
if (fromLastUpdate) {
mSchemaCounter = 0;
}
}
- next += ((lastDay < lastUpdateDay)? lastDay: lastUpdateDay) + (oneDay * (mCurrentDay - mLastDay));
+ next += ((lastDay < lastUpdateDay) ? lastDay
+ : lastUpdateDay)
+ + (oneDay * (mCurrentDay - mLastDay));
- if (fromLastUpdate && (!(mEnableDailyUpdates && mExtendedTimeList))) {
+ if (fromLastUpdate
+ && (!(mEnableDailyUpdates && mExtendedTimeList))) {
n = n % mUpdateSchema;
if (i == 0 && mCurrentDay == 0) {
mSchemaCounter = 0;
} else if (n != mSchemaCounter) {
- if (mSchemaCounter != 0 && ((n == 0 && mCurrentDay == 0) || mSchemaCounter < n)) {
+ if (mSchemaCounter != 0
+ && ((n == 0 && mCurrentDay == 0) || mSchemaCounter < n)) {
mSchemaCounter = n;
}
}
@@ -1616,12 +1706,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
long t = 0;
if (mDailyUpdates.size() > 1) {
while (nDays <= mDailyUpdates.size()) {
- int nextDay = (mCurrentDay + nDays) % mDailyUpdates.size();
+ int nextDay = (mCurrentDay + nDays)
+ % mDailyUpdates.size();
if (j < mDailyUpdates.elementAt(nextDay).size()) {
- if (nextDay == 0 && (!(mEnableDailyUpdates && mExtendedTimeList))) j = 0;
- t = MINUTE * ((Integer)mDailyUpdates.elementAt(nextDay).elementAt(j)).longValue();
+ if (nextDay == 0
+ && (!(mEnableDailyUpdates && mExtendedTimeList)))
+ j = 0;
+ t = MINUTE
+ * ((Integer) mDailyUpdates.elementAt(
+ nextDay).elementAt(j))
+ .longValue();
if (mEnableDailyUpdates && mExtendedTimeList) {
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled) {
+ if (mExtendedNextUpdate
+ && (!fromLastUpdate) && (!delta)
+ && isDeltaEnabled) {
if (t < 0) {
t *= -1;
} else {
@@ -1644,7 +1742,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
nDays++;
}
}
- next = ((lastDay < lastUpdateDay)? lastDay: lastUpdateDay) + (oneDay * nDays) + t;
+ next = ((lastDay < lastUpdateDay) ? lastDay : lastUpdateDay)
+ + (oneDay * nDays) + t;
if (fromLastUpdate && mDailyUpdates.size() < 2) {
mSchemaCounter = 0;
@@ -1653,49 +1752,49 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
} else if (mEnableUpdateFreq && mAutoUpdateInterval > 0) {
// Interval updates without starting time
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta)
+ && isDeltaEnabled && mUpdateSchema > 1) {
next = lastUpdate + (mUpdateSchema * mAutoUpdateInterval);
} else {
next = lastUpdate + mAutoUpdateInterval;
}
}
- if (fromLastUpdate && nextUpdate > 0 && (nextUpdate < next || nextUpdate >= now)) {
+ if (fromLastUpdate && nextUpdate > 0
+ && (nextUpdate < next || nextUpdate >= now)) {
next = nextUpdate;
}
- CMS.debug("findNextUpdate: "+((new Date(next)).toString())+((fromLastUpdate)? " delay: "+(next-now): ""));
+ CMS.debug("findNextUpdate: " + ((new Date(next)).toString())
+ + ((fromLastUpdate) ? " delay: " + (next - now) : ""));
- return (fromLastUpdate)? next-now: next;
+ return (fromLastUpdate) ? next - now : next;
}
-
/**
- * Implements Runnable interface. Defines auto-update
- * logic used by worker thread.
+ * Implements Runnable interface. Defines auto-update logic used by worker
+ * thread.
* <P>
*/
public void run() {
- while (mEnable && ((mEnableCRLCache && mCacheUpdateInterval > 0) ||
- (mInitialized == CRL_IP_NOT_INITIALIZED) ||
- mDoLastAutoUpdate || (mEnableCRLUpdates &&
- ((mEnableDailyUpdates && mDailyUpdates != null &&
- mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
- mDoManualUpdate)))) {
+ while (mEnable
+ && ((mEnableCRLCache && mCacheUpdateInterval > 0)
+ || (mInitialized == CRL_IP_NOT_INITIALIZED)
+ || mDoLastAutoUpdate || (mEnableCRLUpdates && ((mEnableDailyUpdates
+ && mDailyUpdates != null && mTimeListSize > 0)
+ || (mEnableUpdateFreq && mAutoUpdateInterval > 0) || mDoManualUpdate)))) {
synchronized (this) {
long delay = 0;
long delay2 = 0;
boolean doCacheUpdate = false;
- boolean scheduledUpdates = mEnableCRLUpdates &&
- ((mEnableDailyUpdates && mDailyUpdates != null &&
- mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0));
+ boolean scheduledUpdates = mEnableCRLUpdates
+ && ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) || (mEnableUpdateFreq && mAutoUpdateInterval > 0));
if (mInitialized == CRL_IP_NOT_INITIALIZED)
initCRL();
- if (mInitialized == CRL_IP_INITIALIZED && (!mEnable)) break;
+ if (mInitialized == CRL_IP_INITIALIZED && (!mEnable))
+ break;
if ((mEnableCRLUpdates && mDoManualUpdate) || mDoLastAutoUpdate) {
delay = 0;
@@ -1704,11 +1803,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (mEnableCRLCache && mCacheUpdateInterval > 0) {
- delay2 = mLastCacheUpdate + mCacheUpdateInterval -
- System.currentTimeMillis();
- if (delay2 < delay ||
- (!(scheduledUpdates || mDoLastAutoUpdate ||
- (mEnableCRLUpdates && mDoManualUpdate)))) {
+ delay2 = mLastCacheUpdate + mCacheUpdateInterval
+ - System.currentTimeMillis();
+ if (delay2 < delay
+ || (!(scheduledUpdates || mDoLastAutoUpdate || (mEnableCRLUpdates && mDoManualUpdate)))) {
delay = delay2;
if (delay <= 0) {
doCacheUpdate = true;
@@ -1718,7 +1816,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (delay > 0) {
- try {
+ try {
wait(delay);
} catch (InterruptedException e) {
}
@@ -1726,18 +1824,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
if (doCacheUpdate) {
updateCRLCacheRepository();
- } else if (mAutoUpdateInterval > 0 || mDoLastAutoUpdate || mDoManualUpdate) {
+ } else if (mAutoUpdateInterval > 0 || mDoLastAutoUpdate
+ || mDoManualUpdate) {
updateCRL();
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_CRL",
- (doCacheUpdate)?"update CRL cache":"update CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_CRL",
+ (doCacheUpdate) ? "update CRL cache"
+ : "update CRL", e.toString()));
if (Debug.on()) {
- Debug.trace((doCacheUpdate)?"update CRL cache":"update CRL" + " error " + e);
+ Debug.trace((doCacheUpdate) ? "update CRL cache"
+ : "update CRL" + " error " + e);
Debug.printStackTrace(e);
}
}
- // put this here to prevent continuous loop if internal
+ // put this here to prevent continuous loop if internal
// db is down.
if (mDoLastAutoUpdate)
mDoLastAutoUpdate = false;
@@ -1751,28 +1853,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mUpdateThread = null;
}
-
/**
- * Updates CRL and publishes it.
- * If time elapsed since last CRL update is less than
- * minUpdateInterval silently returns.
- * Otherwise determines nextUpdate by adding autoUpdateInterval or
- * minUpdateInterval to the current time. If neither of the
- * intervals are defined nextUpdate will be null.
- * Then using specified configuration parameters it formulates new
- * CRL, signs it, updates CRLIssuingPointRecord in the database
- * and publishes CRL in the directory.
+ * Updates CRL and publishes it. If time elapsed since last CRL update is
+ * less than minUpdateInterval silently returns. Otherwise determines
+ * nextUpdate by adding autoUpdateInterval or minUpdateInterval to the
+ * current time. If neither of the intervals are defined nextUpdate will be
+ * null. Then using specified configuration parameters it formulates new
+ * CRL, signs it, updates CRLIssuingPointRecord in the database and
+ * publishes CRL in the directory.
* <P>
*/
private void updateCRL() throws EBaseException {
/*
- if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
- (System.currentTimeMillis() - mLastUpdate.getTime() <
- mMinUpdateInterval)) {
- // log or alternatively throw an Exception
- return;
- }
- */
+ * if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
+ * (System.currentTimeMillis() - mLastUpdate.getTime() <
+ * mMinUpdateInterval)) { // log or alternatively throw an Exception
+ * return; }
+ */
if (mDoManualUpdate && mSignatureAlgorithmForManualUpdate != null) {
updateCRLNow(mSignatureAlgorithmForManualUpdate);
} else {
@@ -1791,21 +1888,25 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mIncludeExpiredCerts)
filter += "(|";
- filter += "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")";
+ filter += "(" + CertRecord.ATTR_CERT_STATUS + "="
+ + CertRecord.STATUS_REVOKED + ")";
if (mIncludeExpiredCerts)
- filter += "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))";
+ filter += "(" + CertRecord.ATTR_CERT_STATUS + "="
+ + CertRecord.STATUS_REVOKED_EXPIRED + "))";
if (mCACertsOnly) {
filter += "(x509cert.BasicConstraints.isCA=on)";
}
- if (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0) {
+ if (mProfileCertsOnly && mProfileList != null
+ && mProfileList.size() > 0) {
if (mProfileList.size() > 1) {
filter += "(|";
}
for (int k = 0; k < mProfileList.size(); k++) {
String id = mProfileList.elementAt(k);
- filter += "(" + CertRecord.ATTR_META_INFO + "=profileId:" + id + ")";
+ filter += "(" + CertRecord.ATTR_META_INFO + "=profileId:" + id
+ + ")";
}
if (mProfileList.size() > 1) {
filter += ")";
@@ -1814,15 +1915,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// check if any ranges specified.
if (mBeginSerial != null) {
- filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString() + ")";
+ filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString()
+ + ")";
}
if (mEndSerial != null) {
- filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString() + ")";
+ filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString()
+ + ")";
}
// get all revoked non-expired certs.
- if (mEndSerial != null || mBeginSerial != null || mCACertsOnly ||
- (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0)) {
+ if (mEndSerial != null
+ || mBeginSerial != null
+ || mCACertsOnly
+ || (mProfileCertsOnly && mProfileList != null && mProfileList
+ .size() > 0)) {
filter = "(&" + filter + ")";
}
@@ -1830,29 +1936,28 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Gets a enumeration of revoked certs to put into CRL.
- * This does not include expired certs.
- * <i>Override this method to make a CRL other than the
- * full/complete CRL.</i>
- * @return Enumeration of CertRecords to put into CRL.
+ * Gets a enumeration of revoked certs to put into CRL. This does not
+ * include expired certs. <i>Override this method to make a CRL other than
+ * the full/complete CRL.</i>
+ *
+ * @return Enumeration of CertRecords to put into CRL.
* @exception EBaseException if an error occured in the database.
*/
- public void processRevokedCerts(IElementProcessor p)
- throws EBaseException {
+ public void processRevokedCerts(IElementProcessor p) throws EBaseException {
CertRecProcessor cp = (CertRecProcessor) p;
String filter = getFilter();
- // NOTE: dangerous cast.
+ // NOTE: dangerous cast.
// correct way would be to modify interface and add
// accessor but we don't want to touch the interface
- CertificateRepository cr = (CertificateRepository)mCertRepository;
+ CertificateRepository cr = (CertificateRepository) mCertRepository;
synchronized (cr.mCertStatusUpdateThread) {
CMS.debug("Starting processRevokedCerts (entered lock)");
- ICertRecordList list = mCertRepository.findCertRecordsInList(filter,
- new String[] {ICertRecord.ATTR_ID, ICertRecord.ATTR_REVO_INFO, "objectclass" },
- "serialno",
- mPageSize);
+ ICertRecordList list = mCertRepository.findCertRecordsInList(
+ filter, new String[] { ICertRecord.ATTR_ID,
+ ICertRecord.ATTR_REVO_INFO, "objectclass" },
+ "serialno", mPageSize);
int totalSize = list.getSize();
@@ -1890,21 +1995,24 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mEnableCacheRecovery) {
// 553815 - original filter was not aligned with any VLV index
// String filter = "(&(requeststate=complete)"+
- // "(|(requestType=" + IRequest.REVOCATION_REQUEST + ")"+
- // "(requestType=" + IRequest.UNREVOCATION_REQUEST + ")))";
+ // "(|(requestType=" + IRequest.REVOCATION_REQUEST + ")"+
+ // "(requestType=" + IRequest.UNREVOCATION_REQUEST + ")))";
String filter = "(requeststate=complete)";
if (Debug.on()) {
- Debug.trace("recoverCRLCache mFirstUnsaved="+mFirstUnsaved+" filter="+filter);
+ Debug.trace("recoverCRLCache mFirstUnsaved=" + mFirstUnsaved
+ + " filter=" + filter);
}
IRequestQueue mQueue = mCA.getRequestQueue();
IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
- new RequestId(mFirstUnsaved), filter, 500, "requestId");
+ new RequestId(mFirstUnsaved), filter, 500, "requestId");
if (Debug.on()) {
- Debug.trace("recoverCRLCache size="+list.getSize()+" index="+list.getCurrentIndex());
+ Debug.trace("recoverCRLCache size=" + list.getSize()
+ + " index=" + list.getCurrentIndex());
}
- CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
+ CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this,
+ mLogger, mAllowExtensions);
boolean includeCert = true;
int s = list.getSize() - list.getCurrentIndex();
@@ -1919,29 +2027,44 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
continue;
}
if (Debug.on()) {
- Debug.trace("recoverCRLCache request="+request.getRequestId().toString()+
- " type="+request.getRequestType());
- }
- if (IRequest.REVOCATION_REQUEST.equals(request.getRequestType())) {
- RevokedCertImpl revokedCert[] =
- request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+ Debug.trace("recoverCRLCache request="
+ + request.getRequestId().toString() + " type="
+ + request.getRequestType());
+ }
+ if (IRequest.REVOCATION_REQUEST
+ .equals(request.getRequestType())) {
+ RevokedCertImpl revokedCert[] = request
+ .getExtDataInRevokedCertArray(IRequest.CERT_INFO);
for (int j = 0; j < revokedCert.length; j++) {
if (Debug.on()) {
- Debug.trace("recoverCRLCache R j="+j+" length="+revokedCert.length+
- " SerialNumber=0x"+revokedCert[j].getSerialNumber().toString(16));
+ Debug.trace("recoverCRLCache R j="
+ + j
+ + " length="
+ + revokedCert.length
+ + " SerialNumber=0x"
+ + revokedCert[j].getSerialNumber()
+ .toString(16));
}
- if(cp != null)
- includeCert = cp.checkRevokedCertExtensions(revokedCert[j].getExtensions());
- if(includeCert) {
- updateRevokedCert(REVOKED_CERT, revokedCert[j].getSerialNumber(), revokedCert[j]);
+ if (cp != null)
+ includeCert = cp
+ .checkRevokedCertExtensions(revokedCert[j]
+ .getExtensions());
+ if (includeCert) {
+ updateRevokedCert(REVOKED_CERT,
+ revokedCert[j].getSerialNumber(),
+ revokedCert[j]);
}
}
- } else if (IRequest.UNREVOCATION_REQUEST.equals(request.getRequestType())) {
- BigInteger serialNo[] = request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ } else if (IRequest.UNREVOCATION_REQUEST.equals(request
+ .getRequestType())) {
+ BigInteger serialNo[] = request
+ .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
for (int j = 0; j < serialNo.length; j++) {
if (Debug.on()) {
- Debug.trace("recoverCRLCache U j="+j+" length="+serialNo.length+
- " SerialNumber=0x"+serialNo[j].toString(16));
+ Debug.trace("recoverCRLCache U j=" + j
+ + " length=" + serialNo.length
+ + " SerialNumber=0x"
+ + serialNo[j].toString(16));
}
updateRevokedCert(UNREVOKED_CERT, serialNo[j], null);
}
@@ -1949,11 +2072,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
try {
- mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts);
+ mCRLRepository.updateRevokedCerts(mId, mRevokedCerts,
+ mUnrevokedCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
mCRLCacheIsCleared = false;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
}
} else {
clearCRLCache();
@@ -1974,32 +2099,33 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
private Extension getCRLExtension(String extName) {
- if(mAllowExtensions == false) {
+ if (mAllowExtensions == false) {
return null;
}
- if(mCMSCRLExtensions.isCRLExtensionEnabled(extName) == false) {
+ if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) == false) {
return null;
}
CMSCRLExtensions exts = (CMSCRLExtensions) this.getCRLExtensions();
CRLExtensions ext = new CRLExtensions();
-
+
Vector<String> extNames = exts.getCRLExtensionNames();
- for (int i = 0; i < extNames.size(); i++) {
- String curName = extNames.elementAt(i);
- if (curName.equals(extName)) {
- exts.addToCRLExtensions(ext, extName, null);
- }
- }
- Extension theExt = null;
- try {
- theExt = ext.get(extName);
- } catch (Exception e) {
+ for (int i = 0; i < extNames.size(); i++) {
+ String curName = extNames.elementAt(i);
+ if (curName.equals(extName)) {
+ exts.addToCRLExtensions(ext, extName, null);
}
+ }
+ Extension theExt = null;
+ try {
+ theExt = ext.get(extName);
+ } catch (Exception e) {
+ }
- CMS.debug("CRLIssuingPoint.getCRLExtension extension: " + theExt);
- return theExt;
+ CMS.debug("CRLIssuingPoint.getCRLExtension extension: " + theExt);
+ return theExt;
}
+
/**
* get required crl entry extensions
*/
@@ -2008,7 +2134,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mAllowExtensions && exts != null && exts.size() > 0) {
entryExt = new CRLExtensions();
- Vector<String> extNames = mCMSCRLExtensions.getCRLEntryExtensionNames();
+ Vector<String> extNames = mCMSCRLExtensions
+ .getCRLEntryExtensionNames();
for (int i = 0; i < extNames.size(); i++) {
String extName = extNames.elementAt(i);
@@ -2018,20 +2145,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
for (k = 0; k < exts.size(); k++) {
Extension ext = (Extension) exts.elementAt(k);
- String name = mCMSCRLExtensions.getCRLExtensionName(
- ext.getExtensionId().toString());
+ String name = mCMSCRLExtensions.getCRLExtensionName(ext
+ .getExtensionId().toString());
if (extName.equals(name)) {
- if (!(ext instanceof CRLReasonExtension) ||
- (((CRLReasonExtension) ext).getReason().toInt() >
- RevocationReason.UNSPECIFIED.toInt())) {
- mCMSCRLExtensions.addToCRLExtensions(entryExt, extName, ext);
+ if (!(ext instanceof CRLReasonExtension)
+ || (((CRLReasonExtension) ext).getReason()
+ .toInt() > RevocationReason.UNSPECIFIED
+ .toInt())) {
+ mCMSCRLExtensions.addToCRLExtensions(entryExt,
+ extName, ext);
}
break;
}
}
if (k == exts.size()) {
- mCMSCRLExtensions.addToCRLExtensions(entryExt, extName, null);
+ mCMSCRLExtensions.addToCRLExtensions(entryExt, extName,
+ null);
}
}
}
@@ -2047,24 +2177,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* update CRL cache with new revoked-unrevoked certificate info
*/
- private void updateRevokedCert(int certType,
- BigInteger serialNumber,
- RevokedCertImpl revokedCert) {
+ private void updateRevokedCert(int certType, BigInteger serialNumber,
+ RevokedCertImpl revokedCert) {
updateRevokedCert(certType, serialNumber, revokedCert, null);
}
- private void updateRevokedCert(int certType,
- BigInteger serialNumber,
- RevokedCertImpl revokedCert,
- String requestId) {
+ private void updateRevokedCert(int certType, BigInteger serialNumber,
+ RevokedCertImpl revokedCert, String requestId) {
synchronized (cacheMonitor) {
- if (requestId != null && mFirstUnsaved != null &&
- mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
+ if (requestId != null && mFirstUnsaved != null
+ && mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
mFirstUnsaved = requestId;
try {
mCRLRepository.updateFirstUnsaved(mId, mFirstUnsaved);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
}
}
if (certType == REVOKED_CERT) {
@@ -2072,19 +2200,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mUnrevokedCerts.remove(serialNumber);
if (mCRLCerts.containsKey(serialNumber)) {
Date revocationDate = revokedCert.getRevocationDate();
- CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert.getExtensions());
- RevokedCertImpl newRevokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExt);
+ CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert
+ .getExtensions());
+ RevokedCertImpl newRevokedCert = new RevokedCertImpl(
+ serialNumber, revocationDate, entryExt);
mCRLCerts.put(serialNumber, newRevokedCert);
}
} else {
Date revocationDate = revokedCert.getRevocationDate();
- CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert.getExtensions());
- RevokedCertImpl newRevokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExt);
+ CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert
+ .getExtensions());
+ RevokedCertImpl newRevokedCert = new RevokedCertImpl(
+ serialNumber, revocationDate, entryExt);
- mRevokedCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
+ mRevokedCerts.put(serialNumber,
+ (RevokedCertificate) newRevokedCert);
}
} else if (certType == UNREVOKED_CERT) {
if (mRevokedCerts.containsKey(serialNumber)) {
@@ -2093,14 +2224,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
CRLExtensions entryExt = new CRLExtensions();
try {
- entryExt.set(CRLReasonExtension.REMOVE_FROM_CRL.getName(),
- CRLReasonExtension.REMOVE_FROM_CRL);
+ entryExt.set(
+ CRLReasonExtension.REMOVE_FROM_CRL.getName(),
+ CRLReasonExtension.REMOVE_FROM_CRL);
} catch (IOException e) {
}
- RevokedCertImpl newRevokedCert = new RevokedCertImpl(serialNumber,
- CMS.getCurrentDate(), entryExt);
+ RevokedCertImpl newRevokedCert = new RevokedCertImpl(
+ serialNumber, CMS.getCurrentDate(), entryExt);
- mUnrevokedCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
+ mUnrevokedCerts.put(serialNumber,
+ (RevokedCertificate) newRevokedCert);
}
}
}
@@ -2109,27 +2242,34 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* registers revoked certificates
*/
- public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert) {
+ public void addRevokedCert(BigInteger serialNumber,
+ RevokedCertImpl revokedCert) {
addRevokedCert(serialNumber, revokedCert, null);
}
- public void addRevokedCert(BigInteger serialNumber, RevokedCertImpl revokedCert,
- String requestId) {
+ public void addRevokedCert(BigInteger serialNumber,
+ RevokedCertImpl revokedCert, String requestId) {
- CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
+ CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger,
+ mAllowExtensions);
boolean includeCert = true;
- if(cp != null)
- includeCert = cp.checkRevokedCertExtensions(revokedCert.getExtensions());
+ if (cp != null)
+ includeCert = cp.checkRevokedCertExtensions(revokedCert
+ .getExtensions());
if (mEnable && mEnableCRLCache && includeCert == true) {
- updateRevokedCert(REVOKED_CERT, serialNumber, revokedCert, requestId);
+ updateRevokedCert(REVOKED_CERT, serialNumber, revokedCert,
+ requestId);
if (mCacheUpdateInterval == 0) {
try {
- mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts);
+ mCRLRepository.updateRevokedCerts(mId, mRevokedCerts,
+ mUnrevokedCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_REVOKED_CERT", mId, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_STORE_REVOKED_CERT", mId,
+ e.toString()));
}
}
}
@@ -2148,10 +2288,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mCacheUpdateInterval == 0) {
try {
- mCRLRepository.updateRevokedCerts(mId, mRevokedCerts, mUnrevokedCerts);
+ mCRLRepository.updateRevokedCerts(mId, mRevokedCerts,
+ mUnrevokedCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_UNREVOKED_CERT", mId, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_STORE_UNREVOKED_CERT", mId,
+ e.toString()));
}
}
}
@@ -2168,20 +2311,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
entryExt.set(CRLReasonExtension.REMOVE_FROM_CRL.getName(),
- CRLReasonExtension.REMOVE_FROM_CRL);
+ CRLReasonExtension.REMOVE_FROM_CRL);
} catch (IOException e) {
}
- RevokedCertImpl newRevokedCert = new RevokedCertImpl(serialNumber,
- CMS.getCurrentDate(), entryExt);
+ RevokedCertImpl newRevokedCert = new RevokedCertImpl(
+ serialNumber, CMS.getCurrentDate(), entryExt);
- mExpiredCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
+ mExpiredCerts.put(serialNumber,
+ (RevokedCertificate) newRevokedCert);
}
if (mCacheUpdateInterval == 0) {
try {
mCRLRepository.updateExpiredCerts(mId, mExpiredCerts);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_EXPIRED_CERT", mId, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_STORE_EXPIRED_CERT", mId,
+ e.toString()));
}
}
}
@@ -2193,19 +2339,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
synchronized (repositoryMonitor) {
try {
mCRLRepository.updateCRLCache(mId, Long.valueOf(mCRLSize),
- mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
+ mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
}
}
}
public boolean isDeltaCRLEnabled() {
- return (mAllowExtensions && mEnableCRLCache &&
- mCMSCRLExtensions.isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME) &&
- mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.NAME) &&
- mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.NAME));
+ return (mAllowExtensions
+ && mEnableCRLCache
+ && mCMSCRLExtensions
+ .isCRLExtensionEnabled(DeltaCRLIndicatorExtension.NAME)
+ && mCMSCRLExtensions
+ .isCRLExtensionEnabled(CRLNumberExtension.NAME) && mCMSCRLExtensions
+ .isCRLExtensionEnabled(CRLReasonExtension.NAME));
}
public boolean isThisCurrentDeltaCRL(X509CRLImpl deltaCRL) {
@@ -2219,16 +2369,19 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = (Extension) crlExtensions.elementAt(k);
- if (DeltaCRLIndicatorExtension.OID.equals(ext.getExtensionId().toString())) {
+ if (DeltaCRLIndicatorExtension.OID.equals(ext
+ .getExtensionId().toString())) {
DeltaCRLIndicatorExtension dExt = (DeltaCRLIndicatorExtension) ext;
BigInteger crlNumber = null;
try {
- crlNumber = (BigInteger) dExt.get(DeltaCRLIndicatorExtension.NUMBER);
+ crlNumber = (BigInteger) dExt
+ .get(DeltaCRLIndicatorExtension.NUMBER);
} catch (IOException e) {
}
- if (crlNumber != null && (crlNumber.equals(mLastCRLNumber) ||
- mLastCRLNumber.equals(BigInteger.ZERO))) {
+ if (crlNumber != null
+ && (crlNumber.equals(mLastCRLNumber) || mLastCRLNumber
+ .equals(BigInteger.ZERO))) {
result = true;
}
}
@@ -2244,7 +2397,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public boolean isCRLCacheEmpty() {
- return ((mCRLCerts != null)? mCRLCerts.isEmpty(): true);
+ return ((mCRLCerts != null) ? mCRLCerts.isEmpty() : true);
}
public boolean isCRLCacheTestingEnabled() {
@@ -2252,8 +2405,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public Date getRevocationDateFromCache(BigInteger serialNumber,
- boolean checkDeltaCache,
- boolean includeExpiredCerts) {
+ boolean checkDeltaCache, boolean includeExpiredCerts) {
Date revocationDate = null;
if (mCRLCerts.containsKey(serialNumber)) {
@@ -2265,7 +2417,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
revocationDate = null;
}
if (mRevokedCerts.containsKey(serialNumber)) {
- revocationDate = mRevokedCerts.get(serialNumber).getRevocationDate();
+ revocationDate = mRevokedCerts.get(serialNumber)
+ .getRevocationDate();
}
if (!includeExpiredCerts && mExpiredCerts.containsKey(serialNumber)) {
revocationDate = null;
@@ -2291,29 +2444,32 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* updates CRL and publishes it now
*/
- public void updateCRLNow()
- throws EBaseException {
+ public void updateCRLNow() throws EBaseException {
updateCRLNow(null);
}
public synchronized void updateCRLNow(String signingAlgorithm)
- throws EBaseException {
+ throws EBaseException {
- if ((!mEnable) || (!mEnableCRLUpdates && !mDoLastAutoUpdate)) return;
+ if ((!mEnable) || (!mEnableCRLUpdates && !mDoLastAutoUpdate))
+ return;
CMS.debug("Updating CRL");
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
- CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATE_STARTED"),
- new Object[] {
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATE_STARTED"),
+ new Object[] {
getId(),
getNextCRLNumber(),
Boolean.toString(isDeltaCRLEnabled()),
Boolean.toString(isCRLCacheEnabled()),
Boolean.toString(mEnableCacheRecovery),
Boolean.toString(mCRLCacheIsCleared),
- ""+mCRLCerts.size()+","+mRevokedCerts.size()+","+mUnrevokedCerts.size()+","+mExpiredCerts.size()+""
- }
- );
+ "" + mCRLCerts.size() + "," + mRevokedCerts.size()
+ + "," + mUnrevokedCerts.size() + ","
+ + mExpiredCerts.size() + "" });
mUpdatingCRL = CRL_UPDATE_STARTED;
if (signingAlgorithm == null || signingAlgorithm.length() == 0)
signingAlgorithm = mSigningAlgorithm;
@@ -2322,20 +2478,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Date nextUpdate = null;
Date nextDeltaUpdate = null;
- if (mEnableCRLUpdates && ((mEnableDailyUpdates &&
- mDailyUpdates != null && mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
+ if (mEnableCRLUpdates
+ && ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) || (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
- if ((!isDeltaCRLEnabled()) || mSchemaCounter == 0 || mUpdateSchema == 1) {
+ if ((!isDeltaCRLEnabled()) || mSchemaCounter == 0
+ || mUpdateSchema == 1) {
nextUpdate = new Date(findNextUpdate(false, false));
mNextUpdate = new Date(nextUpdate.getTime());
}
if (isDeltaCRLEnabled()) {
- if (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1)) {
+ if (mUpdateSchema > 1
+ || (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1)) {
nextDeltaUpdate = new Date(findNextUpdate(false, true));
- if (mExtendedNextUpdate && mSchemaCounter > 0 &&
- mNextUpdate != null && mNextUpdate.equals(nextDeltaUpdate)) {
- if (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1) {
+ if (mExtendedNextUpdate && mSchemaCounter > 0
+ && mNextUpdate != null
+ && mNextUpdate.equals(nextDeltaUpdate)) {
+ if (mEnableDailyUpdates && mExtendedTimeList
+ && mTimeListSize > 1) {
mSchemaCounter = mTimeListSize - 1;
} else {
mSchemaCounter = mUpdateSchema - 1;
@@ -2356,33 +2515,41 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mLastUpdate = thisUpdate;
// mNextUpdate = nextUpdate;
- mNextDeltaUpdate = (nextDeltaUpdate != null)? new Date(nextDeltaUpdate.getTime()): null;
+ mNextDeltaUpdate = (nextDeltaUpdate != null) ? new Date(
+ nextDeltaUpdate.getTime()) : null;
if (nextUpdate != null) {
- nextUpdate.setTime((nextUpdate.getTime())+mNextUpdateGracePeriod);
+ nextUpdate.setTime((nextUpdate.getTime()) + mNextUpdateGracePeriod);
}
if (nextDeltaUpdate != null) {
- nextDeltaUpdate.setTime((nextDeltaUpdate.getTime())+mNextUpdateGracePeriod);
+ nextDeltaUpdate.setTime((nextDeltaUpdate.getTime())
+ + mNextUpdateGracePeriod);
}
mSplits[0] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>)mRevokedCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts
+ .clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>)mUnrevokedCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts
+ .clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate> )mExpiredCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts
+ .clone();
mSplits[0] += System.currentTimeMillis();
// starting from the beginning
- if ((!mEnableCRLCache) ||
- ((mCRLCacheIsCleared && mCRLCerts.isEmpty() && clonedRevokedCerts.isEmpty() &&
- clonedUnrevokedCerts.isEmpty() && clonedExpiredCerts.isEmpty()) ||
- (mCRLCerts.isEmpty() && (!clonedUnrevokedCerts.isEmpty())) ||
- (mCRLCerts.size() < clonedUnrevokedCerts.size()) ||
- (mCRLCerts.isEmpty() && (mCRLSize > 0)) ||
- (mCRLCerts.size() > 0 && mCRLSize == 0))) {
+ if ((!mEnableCRLCache)
+ || ((mCRLCacheIsCleared && mCRLCerts.isEmpty()
+ && clonedRevokedCerts.isEmpty()
+ && clonedUnrevokedCerts.isEmpty() && clonedExpiredCerts
+ .isEmpty())
+ || (mCRLCerts.isEmpty() && (!clonedUnrevokedCerts
+ .isEmpty()))
+ || (mCRLCerts.size() < clonedUnrevokedCerts.size())
+ || (mCRLCerts.isEmpty() && (mCRLSize > 0)) || (mCRLCerts
+ .size() > 0 && mCRLSize == 0))) {
mSplits[5] -= System.currentTimeMillis();
mDeltaCRLSize = -1;
@@ -2392,15 +2559,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clonedExpiredCerts.clear();
mSchemaCounter = 0;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS
+ .getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("generation");
+ statsSub.startTiming("generation");
}
- CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
+ CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this,
+ mLogger, mAllowExtensions);
processRevokedCerts(cp);
if (statsSub != null) {
- statsSub.endTiming("generation");
+ statsSub.endTiming("generation");
}
mCRLCacheIsCleared = false;
@@ -2409,17 +2578,21 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (isDeltaCRLEnabled()) {
mSplits[1] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate> )clonedRevokedCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts
+ .clone();
deltaCRLCerts.putAll(clonedUnrevokedCerts);
if (mIncludeExpiredCertsOneExtraTime) {
if (!clonedExpiredCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedExpiredCerts.keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedExpiredCerts
+ .keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
- if ((mLastFullUpdate != null &&
- mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
- mLastFullUpdate == null) {
- deltaCRLCerts.put(serialNumber, clonedExpiredCerts.get(serialNumber));
+ if ((mLastFullUpdate != null && mLastFullUpdate
+ .after((mExpiredCerts.get(serialNumber))
+ .getRevocationDate()))
+ || mLastFullUpdate == null) {
+ deltaCRLCerts.put(serialNumber,
+ clonedExpiredCerts.get(serialNumber));
}
}
}
@@ -2430,14 +2603,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mLastCRLNumber = mCRLNumber;
CRLExtensions ext = new CRLExtensions();
- Vector<String> extNames = mCMSCRLExtensions.getCRLExtensionNames();
+ Vector<String> extNames = mCMSCRLExtensions
+ .getCRLExtensionNames();
for (int i = 0; i < extNames.size(); i++) {
String extName = extNames.elementAt(i);
- if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) &&
- (!extName.equals(FreshestCRLExtension.NAME))) {
- mCMSCRLExtensions.addToCRLExtensions(ext, extName, null);
+ if (mCMSCRLExtensions.isCRLExtensionEnabled(extName)
+ && (!extName.equals(FreshestCRLExtension.NAME))) {
+ mCMSCRLExtensions
+ .addToCRLExtensions(ext, extName, null);
}
}
mSplits[1] += System.currentTimeMillis();
@@ -2449,15 +2624,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
byte[] newDeltaCRL;
// #56123 - dont generate CRL if no revoked certificates
- if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+ if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
if (deltaCRLCerts.size() == 0) {
CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated");
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "No Revoked Certificates"));
}
}
X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
- AlgorithmId.get(signingAlgorithm),
- thisUpdate, nextDeltaUpdate, deltaCRLCerts, ext);
+ AlgorithmId.get(signingAlgorithm), thisUpdate,
+ nextDeltaUpdate, deltaCRLCerts, ext);
newX509DeltaCRL = mCA.sign(crl, signingAlgorithm);
newDeltaCRL = newX509DeltaCRL.getEncoded();
@@ -2465,47 +2642,51 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[3] -= System.currentTimeMillis();
mCRLRepository.updateDeltaCRL(mId, mNextDeltaCRLNumber,
- Long.valueOf(deltaCRLCerts.size()), mNextDeltaUpdate, newDeltaCRL);
+ Long.valueOf(deltaCRLCerts.size()),
+ mNextDeltaUpdate, newDeltaCRL);
mSplits[3] += System.currentTimeMillis();
mDeltaCRLSize = deltaCRLCerts.size();
-
long totalTime = 0;
String splitTimes = " (";
for (int i = 1; i < mSplits.length && i < 5; i++) {
totalTime += mSplits[i];
- if (i > 1) splitTimes += ",";
+ if (i > 1)
+ splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
splitTimes += ")";
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
- new Object[] {
- getId(),
- getNextCRLNumber(),
- getCRLNumber(),
- getLastUpdate(),
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
+ new Object[] { getId(), getNextCRLNumber(),
+ getCRLNumber(), getLastUpdate(),
getNextDeltaUpdate(),
- Long.toString(mDeltaCRLSize),
- Long.toString(totalTime)+splitTimes
- }
- );
+ Long.toString(mDeltaCRLSize),
+ Long.toString(totalTime) + splitTimes });
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_SIGN_OR_STORE_DELTA",
+ e.toString()));
mDeltaCRLSize = -1;
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (CRLException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (X509ExtensionException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
} catch (OutOfMemoryError e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_SIGN_DELTA", e.toString()));
mDeltaCRLSize = -1;
}
@@ -2515,12 +2696,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[4] += System.currentTimeMillis();
} catch (EBaseException e) {
newX509DeltaCRL = null;
- if (Debug.on())
+ if (Debug.on())
Debug.printStackTrace(e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_PUBLISH_DELTA",
+ mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
newX509DeltaCRL = null;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_PUBLISH_DELTA",
+ mCRLNumber.toString(), e.toString()));
}
} else {
mDeltaCRLSize = -1;
@@ -2529,12 +2714,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[5] -= System.currentTimeMillis();
if (mSchemaCounter == 0) {
- if (((!mCRLCerts.isEmpty()) && ((!clonedRevokedCerts.isEmpty()) ||
- (!clonedUnrevokedCerts.isEmpty()) || (!clonedExpiredCerts.isEmpty()))) ||
- (mCRLCerts.isEmpty() && (mCRLSize == 0) && (!clonedRevokedCerts.isEmpty()))) {
+ if (((!mCRLCerts.isEmpty()) && ((!clonedRevokedCerts.isEmpty())
+ || (!clonedUnrevokedCerts.isEmpty()) || (!clonedExpiredCerts
+ .isEmpty())))
+ || (mCRLCerts.isEmpty() && (mCRLSize == 0) && (!clonedRevokedCerts
+ .isEmpty()))) {
if (!clonedUnrevokedCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedUnrevokedCerts.keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedUnrevokedCerts
+ .keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
if (mCRLCerts.containsKey(serialNumber)) {
@@ -2545,22 +2733,27 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (!clonedRevokedCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedRevokedCerts.keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedRevokedCerts
+ .keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
- mCRLCerts.put(serialNumber, mRevokedCerts.get(serialNumber));
+ mCRLCerts.put(serialNumber,
+ mRevokedCerts.get(serialNumber));
mRevokedCerts.remove(serialNumber);
}
}
if (!clonedExpiredCerts.isEmpty()) {
- for (Enumeration<BigInteger> e = clonedExpiredCerts.keys(); e.hasMoreElements();) {
+ for (Enumeration<BigInteger> e = clonedExpiredCerts
+ .keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
- if ((!mIncludeExpiredCertsOneExtraTime) ||
- (mLastFullUpdate != null &&
- mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
- mLastFullUpdate == null) {
+ if ((!mIncludeExpiredCertsOneExtraTime)
+ || (mLastFullUpdate != null && mLastFullUpdate
+ .after((mExpiredCerts
+ .get(serialNumber))
+ .getRevocationDate()))
+ || mLastFullUpdate == null) {
if (mCRLCerts.containsKey(serialNumber)) {
mCRLCerts.remove(serialNumber);
}
@@ -2591,14 +2784,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mAllowExtensions) {
ext = new CRLExtensions();
- Vector<String> extNames = mCMSCRLExtensions.getCRLExtensionNames();
+ Vector<String> extNames = mCMSCRLExtensions
+ .getCRLExtensionNames();
for (int i = 0; i < extNames.size(); i++) {
String extName = extNames.elementAt(i);
- if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) &&
- (!extName.equals(DeltaCRLIndicatorExtension.NAME))) {
- mCMSCRLExtensions.addToCRLExtensions(ext, extName, null);
+ if (mCMSCRLExtensions.isCRLExtensionEnabled(extName)
+ && (!extName
+ .equals(DeltaCRLIndicatorExtension.NAME))) {
+ mCMSCRLExtensions
+ .addToCRLExtensions(ext, extName, null);
}
}
}
@@ -2610,22 +2806,24 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
byte[] newCRL;
- CMS.debug("Making CRL with algorithm " +
- signingAlgorithm + " " + AlgorithmId.get(signingAlgorithm));
+ CMS.debug("Making CRL with algorithm " + signingAlgorithm + " "
+ + AlgorithmId.get(signingAlgorithm));
mSplits[7] -= System.currentTimeMillis();
// #56123 - dont generate CRL if no revoked certificates
- if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
- if (mCRLCerts.size() == 0) {
- CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated");
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
- }
+ if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+ if (mCRLCerts.size() == 0) {
+ CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated");
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "No Revoked Certificates"));
+ }
}
CMS.debug("before new X509CRLImpl");
X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
- AlgorithmId.get(signingAlgorithm),
- thisUpdate, nextUpdate, mCRLCerts, ext);
+ AlgorithmId.get(signingAlgorithm), thisUpdate,
+ nextUpdate, mCRLCerts, ext);
CMS.debug("before sign");
newX509CRL = mCA.sign(crl, signingAlgorithm);
@@ -2638,20 +2836,21 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[8] -= System.currentTimeMillis();
Date nextUpdateDate = mNextUpdate;
- if (isDeltaCRLEnabled() && (mUpdateSchema > 1 ||
- (mEnableDailyUpdates && mExtendedTimeList)) && mNextDeltaUpdate != null) {
+ if (isDeltaCRLEnabled()
+ && (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList))
+ && mNextDeltaUpdate != null) {
nextUpdateDate = mNextDeltaUpdate;
}
if (mSaveMemory) {
- mCRLRepository.updateCRLIssuingPointRecord(
- mId, newCRL, thisUpdate, nextUpdateDate,
- mNextCRLNumber, Long.valueOf(mCRLCerts.size()));
+ mCRLRepository.updateCRLIssuingPointRecord(mId, newCRL,
+ thisUpdate, nextUpdateDate, mNextCRLNumber,
+ Long.valueOf(mCRLCerts.size()));
updateCRLCacheRepository();
} else {
- mCRLRepository.updateCRLIssuingPointRecord(
- mId, newCRL, thisUpdate, nextUpdateDate,
- mNextCRLNumber, Long.valueOf(mCRLCerts.size()),
- mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
+ mCRLRepository.updateCRLIssuingPointRecord(mId, newCRL,
+ thisUpdate, nextUpdateDate, mNextCRLNumber,
+ Long.valueOf(mCRLCerts.size()), mRevokedCerts,
+ mUnrevokedCerts, mExpiredCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
}
@@ -2663,11 +2862,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mNextCRLNumber = mCRLNumber.add(BigInteger.ONE);
mNextDeltaCRLNumber = mNextCRLNumber;
-
CMS.debug("Logging CRL Update to transaction log");
- long totalTime = 0;
- long crlTime = 0;
- long deltaTime = 0;
+ long totalTime = 0;
+ long crlTime = 0;
+ long deltaTime = 0;
String splitTimes = " (";
for (int i = 0; i < mSplits.length; i++) {
totalTime += mSplits[i];
@@ -2676,53 +2874,67 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} else {
crlTime += mSplits[i];
}
- if (i > 0) splitTimes += ",";
+ if (i > 0)
+ splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
- splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," + Long.toString(totalTime) + ")";
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"),
- new Object[] {
- getId(),
- getCRLNumber(),
- getLastUpdate(),
- getNextUpdate(),
+ splitTimes += "," + Long.toString(deltaTime) + ","
+ + Long.toString(crlTime) + ","
+ + Long.toString(totalTime) + ")";
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"),
+ new Object[] { getId(), getCRLNumber(),
+ getLastUpdate(), getNextUpdate(),
Long.toString(mCRLSize),
Long.toString(totalTime),
Long.toString(crlTime),
- Long.toString(deltaTime)+splitTimes
- }
- );
+ Long.toString(deltaTime) + splitTimes });
CMS.debug("Finished Logging CRL Update to transaction log");
} catch (EBaseException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- if (Debug.on())
+ if (Debug.on())
Debug.printStackTrace(e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_CRL", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_SIGN_OR_STORE_CRL", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (NoSuchAlgorithmException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (CRLException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (X509ExtensionException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
} catch (OutOfMemoryError e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_CRL",
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
}
try {
@@ -2734,11 +2946,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} catch (EBaseException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_PUBLISH_CRL",
+ mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_CRL", mCRLNumber.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_PUBLISH_CRL",
+ mCRLNumber.toString(), e.toString()));
}
}
@@ -2746,10 +2962,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mDeltaCRLNumber = mNextDeltaCRLNumber;
mNextDeltaCRLNumber = mDeltaCRLNumber.add(BigInteger.ONE);
}
-
- if ((!(mEnableDailyUpdates && mExtendedTimeList)) || mSchemaCounter == 0) mSchemaCounter++;
- if ((mEnableDailyUpdates && mExtendedTimeList && mSchemaCounter >= mTimeListSize) ||
- (mUpdateSchema > 1 && mSchemaCounter >= mUpdateSchema)) mSchemaCounter = 0;
+
+ if ((!(mEnableDailyUpdates && mExtendedTimeList))
+ || mSchemaCounter == 0)
+ mSchemaCounter++;
+ if ((mEnableDailyUpdates && mExtendedTimeList && mSchemaCounter >= mTimeListSize)
+ || (mUpdateSchema > 1 && mSchemaCounter >= mUpdateSchema))
+ mSchemaCounter = 0;
mLastDay = mCurrentDay;
mUpdatingCRL = CRL_UPDATE_DONE;
@@ -2760,35 +2979,32 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* publish CRL. called from updateCRLNow() and init().
*/
- public void publishCRL()
- throws EBaseException {
+ public void publishCRL() throws EBaseException {
publishCRL(null);
}
- protected void publishCRL(X509CRLImpl x509crl)
- throws EBaseException {
+ protected void publishCRL(X509CRLImpl x509crl) throws EBaseException {
publishCRL(x509crl, false);
}
-
+
/*
- * The Session Context is a Hashtable, but without type information.
- * Suppress the warnings generated by adding to the session context
- *
+ * The Session Context is a Hashtable, but without type information.
+ * Suppress the warnings generated by adding to the session context
*/
@SuppressWarnings("unchecked")
- protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
- throws EBaseException {
+ protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
+ throws EBaseException {
SessionContext sc = SessionContext.getContext();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("crl_publishing");
+ statsSub.startTiming("crl_publishing");
}
if (mCountMod == 0) {
- sc.put(SC_CRL_COUNT, Integer.toString(mCount));
+ sc.put(SC_CRL_COUNT, Integer.toString(mCount));
} else {
- sc.put(SC_CRL_COUNT, Integer.toString(mCount%mCountMod));
+ sc.put(SC_CRL_COUNT, Integer.toString(mCount % mCountMod));
}
mCount++;
sc.put(SC_ISSUING_POINT_ID, mId);
@@ -2805,16 +3021,18 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (x509crl == null) {
crlRecord = mCRLRepository.readCRLIssuingPointRecord(mId);
if (crlRecord != null) {
- byte[] crl = (isDeltaCRL) ? crlRecord.getDeltaCRL() : crlRecord.getCRL();
+ byte[] crl = (isDeltaCRL) ? crlRecord.getDeltaCRL()
+ : crlRecord.getCRL();
if (crl != null) {
x509crl = new X509CRLImpl(crl);
}
}
}
- if (x509crl != null &&
- mPublisherProcessor != null && mPublisherProcessor.enabled()) {
- Enumeration<ILdapRule> rules = mPublisherProcessor.getRules(IPublisherProcessor.PROP_LOCAL_CRL);
+ if (x509crl != null && mPublisherProcessor != null
+ && mPublisherProcessor.enabled()) {
+ Enumeration<ILdapRule> rules = mPublisherProcessor
+ .getRules(IPublisherProcessor.PROP_LOCAL_CRL);
if (rules == null || !rules.hasMoreElements()) {
CMS.debug("CRL publishing is not enabled.");
} else {
@@ -2822,7 +3040,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mPublisherProcessor.publishCRL(mPublishDN, x509crl);
CMS.debug("CRL published to " + mPublishDN);
} else {
- mPublisherProcessor.publishCRL(x509crl,getId());
+ mPublisherProcessor.publishCRL(x509crl, getId());
CMS.debug("CRL published.");
}
}
@@ -2830,18 +3048,18 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} catch (Exception e) {
CMS.debug("Could not publish CRL. Error " + e);
CMS.debug("Could not publish CRL. ID " + mId);
- throw new EErrorPublishCRL(
- CMS.getUserMessage("CMS_CA_ERROR_PUBLISH_CRL", mId, e.toString()));
+ throw new EErrorPublishCRL(CMS.getUserMessage(
+ "CMS_CA_ERROR_PUBLISH_CRL", mId, e.toString()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("crl_publishing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("crl_publishing");
+ }
}
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CRLIssuingPoint " + mId + " - " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
+ "CRLIssuingPoint " + mId + " - " + msg);
}
void setConfigParam(String name, String value) {
@@ -2851,7 +3069,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
class RevocationRequestListener implements IRequestListener {
public void init(ISubsystem sys, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
}
public void set(String name, String val) {
@@ -2860,38 +3078,37 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
public void accept(IRequest r) {
String requestType = r.getRequestType();
- if (requestType.equals(IRequest.REVOCATION_REQUEST) ||
- requestType.equals(IRequest.UNREVOCATION_REQUEST) ||
- requestType.equals(IRequest.CLA_CERT4CRL_REQUEST) ||
- requestType.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
+ if (requestType.equals(IRequest.REVOCATION_REQUEST)
+ || requestType.equals(IRequest.UNREVOCATION_REQUEST)
+ || requestType.equals(IRequest.CLA_CERT4CRL_REQUEST)
+ || requestType.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
CMS.debug("Revocation listener called.");
// check if serial number is in begin/end range if set.
if (mBeginSerial != null || mEndSerial != null) {
- CMS.debug(
- "Checking if serial number is between " +
- mBeginSerial + " and " + mEndSerial);
- BigInteger[] serialNos =
- r.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ CMS.debug("Checking if serial number is between "
+ + mBeginSerial + " and " + mEndSerial);
+ BigInteger[] serialNos = r
+ .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (serialNos == null || serialNos.length == 0) {
- X509CertImpl oldCerts[] =
- r.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl oldCerts[] = r
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
- if (oldCerts == null || oldCerts.length == 0)
+ if (oldCerts == null || oldCerts.length == 0)
return;
serialNos = new BigInteger[oldCerts.length];
for (int i = 0; i < oldCerts.length; i++) {
serialNos[i] = oldCerts[i].getSerialNumber();
}
}
-
+
boolean inRange = false;
for (int i = 0; i < serialNos.length; i++) {
- if ((mBeginSerial == null ||
- serialNos[i].compareTo(mBeginSerial) >= 0) &&
- (mEndSerial == null ||
- serialNos[i].compareTo(mEndSerial) <= 0)) {
+ if ((mBeginSerial == null || serialNos[i]
+ .compareTo(mBeginSerial) >= 0)
+ && (mEndSerial == null || serialNos[i]
+ .compareTo(mEndSerial) <= 0)) {
inRange = true;
}
}
@@ -2905,7 +3122,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
updateCRLNow();
r.setExtData(mCrlUpdateStatus, IRequest.RES_SUCCESS);
if (mPublisherProcessor != null) {
- r.setExtData(mCrlPublishStatus, IRequest.RES_SUCCESS);
+ r.setExtData(mCrlPublishStatus,
+ IRequest.RES_SUCCESS);
}
} catch (EErrorPublishCRL e) {
// error already logged in updateCRLNow();
@@ -2915,17 +3133,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
r.setExtData(mCrlPublishError, e);
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
r.setExtData(mCrlUpdateStatus, IRequest.RES_ERROR);
r.setExtData(mCrlUpdateError, e);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_ISSUING_UPDATE_CRL", e.toString()));
if (Debug.on())
Debug.printStackTrace(e);
r.setExtData(mCrlUpdateStatus, IRequest.RES_ERROR);
- r.setExtData(mCrlUpdateError,
- new EBaseException(
- CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())));
+ r.setExtData(
+ mCrlUpdateError,
+ new EBaseException(
+ CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ e.toString())));
}
}
}
@@ -2933,7 +3156,6 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
-
class CertRecProcessor implements IElementProcessor {
private Hashtable<BigInteger, RevokedCertificate> mCRLCerts = null;
private boolean mAllowExtensions = false;
@@ -2944,107 +3166,109 @@ class CertRecProcessor implements IElementProcessor {
private boolean mIssuingDistPointEnabled = false;
private BitArray mOnlySomeReasons = null;
- public CertRecProcessor(Hashtable<BigInteger, RevokedCertificate> crlCerts, CRLIssuingPoint ip, ILogger logger, boolean allowExtensions) {
+ public CertRecProcessor(Hashtable<BigInteger, RevokedCertificate> crlCerts,
+ CRLIssuingPoint ip, ILogger logger, boolean allowExtensions) {
mCRLCerts = crlCerts;
mLogger = logger;
mIP = ip;
mAllowExtensions = allowExtensions;
mIssuingDistPointAttempted = false;
- mIssuingDistPointEnabled = false;
+ mIssuingDistPointEnabled = false;
mOnlySomeReasons = null;
}
private boolean initCRLIssuingDistPointExtension() {
- boolean result = false;
- CMSCRLExtensions exts = null;
-
- if(mIssuingDistPointAttempted == true) {
- if((mIssuingDistPointEnabled == true) && (mOnlySomeReasons != null )) {
- return true;
- } else {
- return false;
- }
- }
-
- mIssuingDistPointAttempted = true;
- exts = (CMSCRLExtensions) mIP.getCRLExtensions();
- if(exts == null) {
- return result;
- }
- boolean isIssuingDistPointExtEnabled = false;
- isIssuingDistPointExtEnabled = exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
- if(isIssuingDistPointExtEnabled == false) {
+ boolean result = false;
+ CMSCRLExtensions exts = null;
+
+ if (mIssuingDistPointAttempted == true) {
+ if ((mIssuingDistPointEnabled == true)
+ && (mOnlySomeReasons != null)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ mIssuingDistPointAttempted = true;
+ exts = (CMSCRLExtensions) mIP.getCRLExtensions();
+ if (exts == null) {
+ return result;
+ }
+ boolean isIssuingDistPointExtEnabled = false;
+ isIssuingDistPointExtEnabled = exts
+ .isCRLExtensionEnabled(IssuingDistributionPointExtension.NAME);
+ if (isIssuingDistPointExtEnabled == false) {
mIssuingDistPointEnabled = false;
return false;
}
mIssuingDistPointEnabled = true;
- //Get info out of the IssuingDistPointExtension
+ // Get info out of the IssuingDistPointExtension
CRLExtensions ext = new CRLExtensions();
Vector<String> extNames = exts.getCRLExtensionNames();
- for (int i = 0; i < extNames.size(); i++) {
- String extName = extNames.elementAt(i);
- if (extName.equals(IssuingDistributionPointExtension.NAME)) {
- exts.addToCRLExtensions(ext, extName, null);
- }
- }
- Extension issuingDistExt = null;
- try {
- issuingDistExt = ext.get(IssuingDistributionPointExtension.NAME);
- } catch (Exception e) {
+ for (int i = 0; i < extNames.size(); i++) {
+ String extName = extNames.elementAt(i);
+ if (extName.equals(IssuingDistributionPointExtension.NAME)) {
+ exts.addToCRLExtensions(ext, extName, null);
}
+ }
+ Extension issuingDistExt = null;
+ try {
+ issuingDistExt = ext.get(IssuingDistributionPointExtension.NAME);
+ } catch (Exception e) {
+ }
- IssuingDistributionPointExtension iExt = null;
- if(issuingDistExt != null)
- iExt = (IssuingDistributionPointExtension) issuingDistExt;
- IssuingDistributionPoint issuingDistributionPoint = null;
- if(iExt != null)
- issuingDistributionPoint = iExt.getIssuingDistributionPoint();
+ IssuingDistributionPointExtension iExt = null;
+ if (issuingDistExt != null)
+ iExt = (IssuingDistributionPointExtension) issuingDistExt;
+ IssuingDistributionPoint issuingDistributionPoint = null;
+ if (iExt != null)
+ issuingDistributionPoint = iExt.getIssuingDistributionPoint();
- BitArray onlySomeReasons = null;
+ BitArray onlySomeReasons = null;
- if(issuingDistributionPoint != null)
- onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
+ if (issuingDistributionPoint != null)
+ onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
- boolean applyReasonMatch = false;
- boolean reasonMatch = true;
+ boolean applyReasonMatch = false;
+ boolean reasonMatch = true;
- if(onlySomeReasons != null) {
- applyReasonMatch = !onlySomeReasons.toString().equals("0000000");
- CMS.debug("applyReasonMatch " + applyReasonMatch);
- if(applyReasonMatch == true) {
- mOnlySomeReasons = onlySomeReasons;
- result = true;
- }
+ if (onlySomeReasons != null) {
+ applyReasonMatch = !onlySomeReasons.toString().equals("0000000");
+ CMS.debug("applyReasonMatch " + applyReasonMatch);
+ if (applyReasonMatch == true) {
+ mOnlySomeReasons = onlySomeReasons;
+ result = true;
}
- return result;
+ }
+ return result;
}
- private boolean checkOnlySomeReasonsExtension(CRLExtensions entryExts)
- {
+ private boolean checkOnlySomeReasonsExtension(CRLExtensions entryExts) {
boolean includeCert = true;
- //This is exactly how the Pretty Print code obtains the reason code
- //through the extensions
- if(entryExts == null) {
+ // This is exactly how the Pretty Print code obtains the reason code
+ // through the extensions
+ if (entryExts == null) {
return includeCert;
}
Extension crlReasonExt = null;
try {
- crlReasonExt = entryExts.get(CRLReasonExtension.NAME);
+ crlReasonExt = entryExts.get(CRLReasonExtension.NAME);
} catch (Exception e) {
return includeCert;
}
RevocationReason reason = null;
int reasonIndex = 0;
- if(crlReasonExt != null) {
+ if (crlReasonExt != null) {
try {
- CRLReasonExtension theReason = (CRLReasonExtension) crlReasonExt;
- reason = (RevocationReason) theReason.get("value");
- reasonIndex = reason.toInt();
- CMS.debug("revoked reason " + reason);
+ CRLReasonExtension theReason = (CRLReasonExtension) crlReasonExt;
+ reason = (RevocationReason) theReason.get("value");
+ reasonIndex = reason.toInt();
+ CMS.debug("revoked reason " + reason);
} catch (Exception e) {
return includeCert;
}
@@ -3052,37 +3276,37 @@ class CertRecProcessor implements IElementProcessor {
return includeCert;
}
boolean reasonMatch = false;
- if(reason != null) {
- if(mOnlySomeReasons != null) {
+ if (reason != null) {
+ if (mOnlySomeReasons != null) {
reasonMatch = mOnlySomeReasons.get(reasonIndex);
- if(reasonMatch != true) {
+ if (reasonMatch != true) {
includeCert = false;
} else {
CMS.debug("onlySomeReasons match! reason: " + reason);
}
}
}
-
+
return includeCert;
}
- public boolean checkRevokedCertExtensions(CRLExtensions crlExtensions)
- {
- //For now just check the onlySomeReason CRL IssuingDistributionPoint extension
+ public boolean checkRevokedCertExtensions(CRLExtensions crlExtensions) {
+ // For now just check the onlySomeReason CRL IssuingDistributionPoint
+ // extension
- boolean includeCert = true;
- if((crlExtensions == null) || (mAllowExtensions == false)) {
+ boolean includeCert = true;
+ if ((crlExtensions == null) || (mAllowExtensions == false)) {
return includeCert;
}
boolean inited = initCRLIssuingDistPointExtension();
- //If the CRLIssuingDistPointExtension is not available or
+ // If the CRLIssuingDistPointExtension is not available or
// if onlySomeReasons does not apply, bail.
- if(inited == false) {
+ if (inited == false) {
return includeCert;
- }
+ }
- //Check the onlySomeReasonsExtension
+ // Check the onlySomeReasonsExtension
includeCert = checkOnlySomeReasonsExtension(crlExtensions);
return includeCert;
@@ -3101,23 +3325,24 @@ class CertRecProcessor implements IElementProcessor {
crlExts = revInfo.getCRLEntryExtensions();
entryExt = mIP.getRequiredEntryExtensions(crlExts);
}
- RevokedCertificate newRevokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExt);
+ RevokedCertificate newRevokedCert = new RevokedCertImpl(
+ serialNumber, revocationDate, entryExt);
boolean includeCert = checkRevokedCertExtensions(crlExts);
if (includeCert == true) {
- mCRLCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
+ mCRLCerts
+ .put(serialNumber, (RevokedCertificate) newRevokedCert);
if (serialNumber != null) {
- CMS.debug("Putting certificate serial: 0x"+serialNumber.toString(16)+" into CRL hashtable");
+ CMS.debug("Putting certificate serial: 0x"
+ + serialNumber.toString(16) + " into CRL hashtable");
}
}
} catch (EBaseException e) {
- CMS.debug(
- "CA failed constructing CRL entry: " +
- (mCRLCerts.size() + 1) + " " + e);
- throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
+ CMS.debug("CA failed constructing CRL entry: "
+ + (mCRLCerts.size() + 1) + " " + e);
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
}
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java b/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
index bb204386..f4e3a80b 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
@@ -17,44 +17,43 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.math.BigInteger;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cmscore.dbs.CertRecord;
-
/**
- * A CRL Issuing point that contains revoked certs, include onces that
- * have expired.
+ * A CRL Issuing point that contains revoked certs, include onces that have
+ * expired.
*/
public class CRLWithExpiredCerts extends CRLIssuingPoint {
/**
- * overrides getRevokedCerts in CRLIssuingPoint to include
- * all revoked certs, including once that have expired.
- *
+ * overrides getRevokedCerts in CRLIssuingPoint to include all revoked
+ * certs, including once that have expired.
+ *
* @param thisUpdate parameter is ignored.
- *
+ *
* @exception EBaseException if an exception occured getting revoked
- * certificates from the database.
+ * certificates from the database.
*/
public String getFilter() {
// PLEASE DONT CHANGE THE FILTER. It is indexed.
// Changing it will degrade performance. See
// also com.netscape.certsetup.LDAPUtil.java
- String filter =
- "(|(" + CertRecord.ATTR_CERT_STATUS + "=" +
- CertRecord.STATUS_REVOKED + ")" +
- "(" + CertRecord.ATTR_CERT_STATUS + "=" +
- CertRecord.STATUS_REVOKED_EXPIRED + "))";
+ String filter = "(|(" + CertRecord.ATTR_CERT_STATUS + "="
+ + CertRecord.STATUS_REVOKED + ")" + "("
+ + CertRecord.ATTR_CERT_STATUS + "="
+ + CertRecord.STATUS_REVOKED_EXPIRED + "))";
// check if any ranges specified.
- if (mBeginSerial != null)
- filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString() + ")";
+ if (mBeginSerial != null)
+ filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString()
+ + ")";
if (mEndSerial != null)
- filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString() + ")";
- // get all revoked non-expired certs.
+ filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString()
+ + ")";
+ // get all revoked non-expired certs.
if (mEndSerial != null || mBeginSerial != null) {
filter = "(&" + filter + ")";
}
diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
index a81ae362..cec5b2f2 100644
--- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -117,25 +116,26 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
import com.netscape.cmsutil.ocsp.UnknownInfo;
-
/**
- * A class represents a Certificate Authority that is
- * responsible for certificate specific operations.
+ * A class represents a Certificate Authority that is responsible for
+ * certificate specific operations.
* <P>
- *
+ *
* @author lhsiao
* @version $Revision$, $Date$
*/
-public class CertificateAuthority implements ICertificateAuthority, ICertAuthority, IOCSPService {
+public class CertificateAuthority implements ICertificateAuthority,
+ ICertAuthority, IOCSPService {
public static final String OFFICIAL_NAME = "Certificate Manager";
- public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2");
+ public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER(
+ "1.3.6.1.5.5.7.48.1.2");
protected ISubsystem mOwner = null;
protected IConfigStore mConfig = null;
protected ILogger mLogger = CMS.getLogger();
- protected Hashtable<String, CRLIssuingPoint> mCRLIssuePoints = new Hashtable<String, CRLIssuingPoint>();
- protected CRLIssuingPoint mMasterCRLIssuePoint = null; // the complete crl.
+ protected Hashtable<String, CRLIssuingPoint> mCRLIssuePoints = new Hashtable<String, CRLIssuingPoint>();
+ protected CRLIssuingPoint mMasterCRLIssuePoint = null; // the complete crl.
protected SigningUnit mSigningUnit;
protected SigningUnit mOCSPSigningUnit;
protected SigningUnit mCRLSigningUnit;
@@ -143,8 +143,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
protected X500Name mName = null;
protected X500Name mCRLName = null;
protected X500Name mOCSPName = null;
- protected String mNickname = null; // nickname of CA signing cert.
- protected String mOCSPNickname = null; // nickname of OCSP signing cert.
+ protected String mNickname = null; // nickname of CA signing cert.
+ protected String mOCSPNickname = null; // nickname of OCSP signing cert.
protected long mCertSerialNumberCounter = System.currentTimeMillis();
protected long mRequestID = System.currentTimeMillis();
@@ -185,7 +185,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
protected boolean mEnableOCSP;
protected int mFastSigning = FASTSIGNING_DISABLED;
- protected static final long SECOND = 1000; // 1000 milliseconds
+ protected static final long SECOND = 1000; // 1000 milliseconds
protected static final long MINUTE = 60 * SECOND;
protected static final long HOUR = 60 * MINUTE;
protected static final long DAY = 24 * HOUR;
@@ -197,7 +197,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// for the notification listeners
- /**
+ /**
* Package constants
*/
@@ -261,12 +261,12 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
}
-
public void publishCRLNow() throws EBaseException {
if (mMasterCRLIssuePoint != null) {
mMasterCRLIssuePoint.publishCRL();
}
}
+
public ICRLPublisher getCRLPublisher() {
return mCRLPublisher;
}
@@ -286,105 +286,108 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Initializes this CA subsystem.
* <P>
- *
+ *
* @param owner owner of this subsystem
* @param config configuration of this subsystem
* @exception EBaseException failed to initialize this CA
*/
- public void init(ISubsystem owner, IConfigStore config) throws
- EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
- try {
- CMS.debug("CertificateAuthority init ");
- mOwner = owner;
- mConfig = config;
+ try {
+ CMS.debug("CertificateAuthority init ");
+ mOwner = owner;
+ mConfig = config;
- // init cert & crl database.
- initCaDatabases();
+ // init cert & crl database.
+ initCaDatabases();
- // init signing unit & CA cert.
- try {
- initSigUnit();
- // init default CA attributes like cert version, validity.
- initDefCaAttrs();
- } catch (EBaseException e) {
- if (CMS.isPreOpMode())
- ;
- else
- throw e;
- }
+ // init signing unit & CA cert.
+ try {
+ initSigUnit();
+ // init default CA attributes like cert version, validity.
+ initDefCaAttrs();
+ } catch (EBaseException e) {
+ if (CMS.isPreOpMode())
+ ;
+ else
+ throw e;
+ }
- // init web gateway.
- initWebGateway();
+ // init web gateway.
+ initWebGateway();
- mUseNonces = mConfig.getBoolean("enableNonces", true);
- mMaxNonces = mConfig.getInteger("maxNumberOfNonces", 100);
- if (mUseNonces) {
- mNonces = new Nonces(mMaxNonces);
- CMS.debug("CertificateAuthority init: Nonces enabled. ("+mNonces.size()+")");
- }
+ mUseNonces = mConfig.getBoolean("enableNonces", true);
+ mMaxNonces = mConfig.getInteger("maxNumberOfNonces", 100);
+ if (mUseNonces) {
+ mNonces = new Nonces(mMaxNonces);
+ CMS.debug("CertificateAuthority init: Nonces enabled. ("
+ + mNonces.size() + ")");
+ }
- // init request queue and related modules.
- CMS.debug("CertificateAuthority init: initRequestQueue");
- initRequestQueue();
- if (CMS.isPreOpMode())
- return;
+ // init request queue and related modules.
+ CMS.debug("CertificateAuthority init: initRequestQueue");
+ initRequestQueue();
+ if (CMS.isPreOpMode())
+ return;
- // set certificate status to 10 minutes
- mCertRepot.setCertStatusUpdateInterval(
- mRequestQueue.getRequestRepository(),
- mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
- mConfig.getBoolean("listenToCloneModifications", false));
- mCertRepot.setConsistencyCheck(
- mConfig.getBoolean("ConsistencyCheck", false));
- mCertRepot.setSkipIfInConsistent(
- mConfig.getBoolean("SkipIfInConsistent", false));
-
- mService.init(config.getSubStore("connector"));
+ // set certificate status to 10 minutes
+ mCertRepot.setCertStatusUpdateInterval(
+ mRequestQueue.getRequestRepository(),
+ mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
+ mConfig.getBoolean("listenToCloneModifications", false));
+ mCertRepot.setConsistencyCheck(mConfig.getBoolean(
+ "ConsistencyCheck", false));
+ mCertRepot.setSkipIfInConsistent(mConfig.getBoolean(
+ "SkipIfInConsistent", false));
- initMiscellaneousListeners();
+ mService.init(config.getSubStore("connector"));
- // instantiate CRL publisher
- IConfigStore cpStore = null;
+ initMiscellaneousListeners();
- mByName = config.getBoolean("byName", true);
+ // instantiate CRL publisher
+ IConfigStore cpStore = null;
- cpStore = config.getSubStore("crlPublisher");
- if (cpStore != null && cpStore.size() > 0) {
- String publisherClass = cpStore.getString("class");
+ mByName = config.getBoolean("byName", true);
- if (publisherClass != null) {
- try {
- Class pc = Class.forName(publisherClass);
-
- mCRLPublisher = (ICRLPublisher)
- pc.newInstance();
- mCRLPublisher.init(this, cpStore);
- } catch (ClassNotFoundException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- } catch (IllegalAccessException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- } catch (InstantiationException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ cpStore = config.getSubStore("crlPublisher");
+ if (cpStore != null && cpStore.size() > 0) {
+ String publisherClass = cpStore.getString("class");
+
+ if (publisherClass != null) {
+ try {
+ Class pc = Class.forName(publisherClass);
+
+ mCRLPublisher = (ICRLPublisher) pc.newInstance();
+ mCRLPublisher.init(this, cpStore);
+ } catch (ClassNotFoundException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ } catch (IllegalAccessException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ } catch (InstantiationException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ }
}
}
- }
- // initialize publisher processor (publish remote admin
- // rely on this subsystem, so it has to be initialized)
- initPublish();
+ // initialize publisher processor (publish remote admin
+ // rely on this subsystem, so it has to be initialized)
+ initPublish();
- // Initialize CRL issuing points.
- // note CRL framework depends on DBS, CRYPTO and PUBLISHING
- // being functional.
- initCRL();
+ // Initialize CRL issuing points.
+ // note CRL framework depends on DBS, CRYPTO and PUBLISHING
+ // being functional.
+ initCRL();
- } catch (EBaseException e) {
- if (CMS.isPreOpMode())
- return;
- else
- throw e;
- }
+ } catch (EBaseException e) {
+ if (CMS.isPreOpMode())
+ return;
+ else
+ throw e;
+ }
}
/**
@@ -393,7 +396,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public IRequestQueue getRequestQueue() {
return mRequestQueue;
}
-
+
/**
* registers listener
*/
@@ -506,7 +509,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
mService.startup();
mRequestQueue.recover();
-
+
// Note that this could be null.
// setup Admin operations
@@ -514,7 +517,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
initNotificationListeners();
startPublish();
- // startCRL();
+ // startCRL();
}
/**
@@ -524,7 +527,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public void shutdown() {
Enumeration enums = mCRLIssuePoints.elements();
while (enums.hasMoreElements()) {
- CRLIssuingPoint point = (CRLIssuingPoint)enums.nextElement();
+ CRLIssuingPoint point = (CRLIssuingPoint) enums.nextElement();
point.shutdown();
}
@@ -577,7 +580,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return mDefaultValidity;
}
- public SignatureAlgorithm getDefaultSignatureAlgorithm() {
+ public SignatureAlgorithm getDefaultSignatureAlgorithm() {
return mSigningUnit.getDefaultSignatureAlgorithm();
}
@@ -591,8 +594,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public String getStartSerial() {
try {
- BigInteger serial =
- ((Repository) mCertRepot).getTheSerialNumber();
+ BigInteger serial = ((Repository) mCertRepot).getTheSerialNumber();
if (serial == null)
return "";
@@ -600,7 +602,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return serial.toString(16);
} catch (EBaseException e) {
// shouldn't get here.
- return "";
+ return "";
}
}
@@ -624,24 +626,23 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Retrieves certificate repository.
* <P>
- *
+ *
* @return certificate repository
*/
public ICertificateRepository getCertificateRepository() {
return mCertRepot;
}
-
+
/**
* Retrieves replica repository.
* <P>
- *
+ *
* @return replica repository
*/
public IReplicaIDRepository getReplicaRepository() {
return mReplicaRepot;
}
-
/**
* Retrieves CRL repository.
*/
@@ -656,6 +657,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Retrieves the CRL issuing point by id.
* <P>
+ *
* @param id string id of the CRL issuing point
* @return CRL issuing point
*/
@@ -666,6 +668,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Enumerates CRL issuing points
* <P>
+ *
* @return security service
*/
public Enumeration getCRLIssuingPoints() {
@@ -680,7 +683,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* Adds CRL issuing point with the given identifier and description.
*/
public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id,
- boolean enable, String description) {
+ boolean enable, String description) {
crlSubStore.makeSubStore(id);
IConfigStore c = crlSubStore.getSubStore(id);
@@ -712,26 +715,34 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// crl extensions
// AuthorityInformationAccess
c.putString("extension.AuthorityInformationAccess.enable", "false");
- c.putString("extension.AuthorityInformationAccess.critical", "false");
- c.putString("extension.AuthorityInformationAccess.type", "CRLExtension");
+ c.putString("extension.AuthorityInformationAccess.critical",
+ "false");
+ c.putString("extension.AuthorityInformationAccess.type",
+ "CRLExtension");
c.putString("extension.AuthorityInformationAccess.class",
- "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
- c.putString("extension.AuthorityInformationAccess.numberOfAccessDescriptions", "1");
- c.putString("extension.AuthorityInformationAccess.accessMethod0", "caIssuers");
- c.putString("extension.AuthorityInformationAccess.accessLocationType0", "URI");
- c.putString("extension.AuthorityInformationAccess.accessLocation0", "");
+ "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
+ c.putString(
+ "extension.AuthorityInformationAccess.numberOfAccessDescriptions",
+ "1");
+ c.putString("extension.AuthorityInformationAccess.accessMethod0",
+ "caIssuers");
+ c.putString(
+ "extension.AuthorityInformationAccess.accessLocationType0",
+ "URI");
+ c.putString("extension.AuthorityInformationAccess.accessLocation0",
+ "");
// AuthorityKeyIdentifier
c.putString("extension.AuthorityKeyIdentifier.enable", "false");
c.putString("extension.AuthorityKeyIdentifier.critical", "false");
c.putString("extension.AuthorityKeyIdentifier.type", "CRLExtension");
c.putString("extension.AuthorityKeyIdentifier.class",
- "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+ "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
// IssuerAlternativeName
c.putString("extension.IssuerAlternativeName.enable", "false");
c.putString("extension.IssuerAlternativeName.critical", "false");
c.putString("extension.IssuerAlternativeName.type", "CRLExtension");
c.putString("extension.IssuerAlternativeName.class",
- "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+ "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
c.putString("extension.IssuerAlternativeName.numNames", "0");
c.putString("extension.IssuerAlternativeName.nameType0", "");
c.putString("extension.IssuerAlternativeName.name0", "");
@@ -740,62 +751,71 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.CRLNumber.critical", "false");
c.putString("extension.CRLNumber.type", "CRLExtension");
c.putString("extension.CRLNumber.class",
- "com.netscape.cms.crl.CMSCRLNumberExtension");
+ "com.netscape.cms.crl.CMSCRLNumberExtension");
// DeltaCRLIndicator
c.putString("extension.DeltaCRLIndicator.enable", "false");
c.putString("extension.DeltaCRLIndicator.critical", "true");
c.putString("extension.DeltaCRLIndicator.type", "CRLExtension");
c.putString("extension.DeltaCRLIndicator.class",
- "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+ "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
// IssuingDistributionPoint
c.putString("extension.IssuingDistributionPoint.enable", "false");
c.putString("extension.IssuingDistributionPoint.critical", "true");
- c.putString("extension.IssuingDistributionPoint.type", "CRLExtension");
+ c.putString("extension.IssuingDistributionPoint.type",
+ "CRLExtension");
c.putString("extension.IssuingDistributionPoint.class",
- "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+ "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
c.putString("extension.IssuingDistributionPoint.pointType", "");
c.putString("extension.IssuingDistributionPoint.pointName", "");
- c.putString("extension.IssuingDistributionPoint.onlyContainsUserCerts", "false");
- c.putString("extension.IssuingDistributionPoint.onlyContainsCACerts", "false");
- c.putString("extension.IssuingDistributionPoint.onlySomeReasons", "");
- //"keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
- c.putString("extension.IssuingDistributionPoint.indirectCRL", "false");
+ c.putString(
+ "extension.IssuingDistributionPoint.onlyContainsUserCerts",
+ "false");
+ c.putString(
+ "extension.IssuingDistributionPoint.onlyContainsCACerts",
+ "false");
+ c.putString("extension.IssuingDistributionPoint.onlySomeReasons",
+ "");
+ // "keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
+ c.putString("extension.IssuingDistributionPoint.indirectCRL",
+ "false");
// CRLReason
c.putString("extension.CRLReason.enable", "true");
c.putString("extension.CRLReason.critical", "false");
c.putString("extension.CRLReason.type", "CRLEntryExtension");
c.putString("extension.CRLReason.class",
- "com.netscape.cms.crl.CMSCRLReasonExtension");
+ "com.netscape.cms.crl.CMSCRLReasonExtension");
// HoldInstruction - removed by RFC 5280
// c.putString("extension.HoldInstruction.enable", "false");
// c.putString("extension.HoldInstruction.critical", "false");
- // c.putString("extension.HoldInstruction.type", "CRLEntryExtension");
+ // c.putString("extension.HoldInstruction.type",
+ // "CRLEntryExtension");
// c.putString("extension.HoldInstruction.class",
- // "com.netscape.cms.crl.CMSHoldInstructionExtension");
+ // "com.netscape.cms.crl.CMSHoldInstructionExtension");
// c.putString("extension.HoldInstruction.instruction", "none");
// InvalidityDate
c.putString("extension.InvalidityDate.enable", "true");
c.putString("extension.InvalidityDate.critical", "false");
c.putString("extension.InvalidityDate.type", "CRLEntryExtension");
c.putString("extension.InvalidityDate.class",
- "com.netscape.cms.crl.CMSInvalidityDateExtension");
+ "com.netscape.cms.crl.CMSInvalidityDateExtension");
// CertificateIssuer
/*
- c.putString("extension.CertificateIssuer.enable", "false");
- c.putString("extension.CertificateIssuer.critical", "true");
- c.putString("extension.CertificateIssuer.type", "CRLEntryExtension");
- c.putString("extension.CertificateIssuer.class",
- "com.netscape.cms.crl.CMSCertificateIssuerExtension");
- c.putString("extension.CertificateIssuer.numNames", "0");
- c.putString("extension.CertificateIssuer.nameType0", "");
- c.putString("extension.CertificateIssuer.name0", "");
+ * c.putString("extension.CertificateIssuer.enable", "false");
+ * c.putString("extension.CertificateIssuer.critical", "true");
+ * c.putString("extension.CertificateIssuer.type",
+ * "CRLEntryExtension");
+ * c.putString("extension.CertificateIssuer.class",
+ * "com.netscape.cms.crl.CMSCertificateIssuerExtension");
+ * c.putString("extension.CertificateIssuer.numNames", "0");
+ * c.putString("extension.CertificateIssuer.nameType0", "");
+ * c.putString("extension.CertificateIssuer.name0", "");
*/
// FreshestCRL
c.putString("extension.FreshestCRL.enable", "false");
c.putString("extension.FreshestCRL.critical", "false");
c.putString("extension.FreshestCRL.type", "CRLExtension");
c.putString("extension.FreshestCRL.class",
- "com.netscape.cms.crl.CMSFreshestCRLExtension");
+ "com.netscape.cms.crl.CMSFreshestCRLExtension");
c.putString("extension.FreshestCRL.numPoints", "0");
c.putString("extension.FreshestCRL.pointType0", "");
c.putString("extension.FreshestCRL.pointName0", "");
@@ -807,7 +827,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
try {
issuingPointClassName = c.getString(PROP_CLASS);
issuingPointClass = Class.forName(issuingPointClassName);
- issuingPoint = (CRLIssuingPoint) issuingPointClass.newInstance();
+ issuingPoint = (CRLIssuingPoint) issuingPointClass
+ .newInstance();
issuingPoint.init(this, id, c);
mCRLIssuePoints.put(id, issuingPoint);
} catch (EPropertyNotFound e) {
@@ -845,7 +866,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
mCRLRepot.deleteCRLIssuingPointRecord(id);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("FAILED_REMOVING_CRL_IP_2", id, e.toString()));
+ CMS.getLogMessage("FAILED_REMOVING_CRL_IP_2", id,
+ e.toString()));
}
}
}
@@ -853,7 +875,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns X500 name of the Certificate Authority
* <P>
- *
+ *
* @return CA name
*/
public X500Name getX500Name() {
@@ -871,6 +893,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns nickname of CA's signing cert.
* <p>
+ *
* @return CA signing cert nickname.
*/
public String getNickname() {
@@ -880,6 +903,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns nickname of OCSP's signing cert.
* <p>
+ *
* @return OCSP signing cert nickname.
*/
public String getOCSPNickname() {
@@ -889,7 +913,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns default signing unit used by this CA
* <P>
- *
+ *
* @return request identifier
*/
public ISigningUnit getSigningUnit() {
@@ -905,28 +929,29 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
public void setBasicConstraintMaxLen(int num) {
- mConfig.putString("Policy.rule.BasicConstraintsExt.maxPathLen", "" + num);
+ mConfig.putString("Policy.rule.BasicConstraintsExt.maxPathLen", ""
+ + num);
}
/**
- * Signs CRL using the specified signature algorithm.
- * If no algorithm is specified the CA's default signing algorithm
- * is used.
+ * Signs CRL using the specified signature algorithm. If no algorithm is
+ * specified the CA's default signing algorithm is used.
* <P>
+ *
* @param crl the CRL to be signed.
- * @param algname the algorithm name to use. This is a JCA name such
- * as MD5withRSA, etc. If set to null the default signing algorithm
- * is used.
- *
+ * @param algname the algorithm name to use. This is a JCA name such as
+ * MD5withRSA, etc. If set to null the default signing algorithm
+ * is used.
+ *
* @return the signed CRL
*/
public X509CRLImpl sign(X509CRLImpl crl, String algname)
- throws EBaseException {
+ throws EBaseException {
X509CRLImpl signedcrl = null;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long startTime = CMS.getCurrentDate().getTime();
@@ -959,48 +984,57 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("Failed to add signature to CRL object.");
}
} catch (CRLException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
+ e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} catch (X509ExtensionException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
+ e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
+ e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CRL", e.toString(),
+ e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("signing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("signing");
+ }
}
return signedcrl;
}
/**
- * Signs the given certificate info using specified signing algorithm
- * If no algorithm is specified the CA's default algorithm is used.
+ * Signs the given certificate info using specified signing algorithm If no
+ * algorithm is specified the CA's default algorithm is used.
* <P>
+ *
* @param certInfo the certificate info to be signed.
- * @param algname the signing algorithm to use. These are names defined
- * in JCA, such as MD5withRSA, etc. If null the CA's default
- * signing algorithm will be used.
+ * @param algname the signing algorithm to use. These are names defined in
+ * JCA, such as MD5withRSA, etc. If null the CA's default signing
+ * algorithm will be used.
* @return signed certificate
*/
- public X509CertImpl sign(X509CertInfo certInfo, String algname)
- throws EBaseException {
+ public X509CertImpl sign(X509CertInfo certInfo, String algname)
+ throws EBaseException {
X509CertImpl signedcert = null;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long startTime = CMS.getCurrentDate().getTime();
@@ -1009,7 +1043,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
DerOutputStream tmp = new DerOutputStream();
if (certInfo == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_CERTINFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_NO_CERTINFO"));
return null;
}
@@ -1024,20 +1059,20 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("sign cert encoding cert");
certInfo.encode(tmp);
byte[] rawCert = tmp.toByteArray();
-
+
// encode algorithm identifier
CMS.debug("sign cert encoding algorithm");
alg.encode(tmp);
-
+
CMS.debug("CA cert signing: signing cert");
byte[] signature = mSigningUnit.sign(rawCert, algname);
-
+
tmp.putBitString(signature);
-
+
// Wrap the signed data in a SEQUENCE { data, algorithm, sig }
out.write(DerValue.tag_Sequence, tmp);
- //log(ILogger.LL_INFO, "CertificateAuthority: done signing");
-
+ // log(ILogger.LL_INFO, "CertificateAuthority: done signing");
+
switch (mFastSigning) {
case FASTSIGNING_DISABLED:
signedcert = new X509CertImpl(out.toByteArray());
@@ -1050,52 +1085,55 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
default:
break;
}
- }
- catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
+ } catch (NoSuchAlgorithmException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("signing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("signing");
+ }
}
return signedcert;
}
/**
- * Sign a byte array using the specified algorithm.
- * If algorithm is null the CA's default algorithm is used.
+ * Sign a byte array using the specified algorithm. If algorithm is null the
+ * CA's default algorithm is used.
* <p>
- * @param data the data to be signed in a byte array.
+ *
+ * @param data the data to be signed in a byte array.
* @param algname the algorithm to use.
* @return the signature in a byte array.
- */
- public byte[] sign(byte[] data, String algname)
- throws EBaseException {
+ */
+ public byte[] sign(byte[] data, String algname) throws EBaseException {
return mSigningUnit.sign(data, algname);
}
/**
* logs a message in the CA area.
+ *
* @param level the debug level.
* @param msg the message to debug.
*/
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_CA,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_CA, level, msg);
}
/**
* Retrieves certificate chains of this CA.
+ *
* @return this CA's cert chain.
*/
public CertificateChain getCACertChain() {
@@ -1104,18 +1142,18 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public X509CertImpl getCACert() {
if (mCaCert != null) {
- return mCaCert;
+ return mCaCert;
}
// during configuration
try {
- String cert = mConfig.getString("signing.cert", null);
- if (cert != null) {
- return new X509CertImpl(CMS.AtoB(cert));
- }
+ String cert = mConfig.getString("signing.cert", null);
+ if (cert != null) {
+ return new X509CertImpl(CMS.AtoB(cert));
+ }
} catch (EBaseException e) {
- CMS.debug(e);
+ CMS.debug(e);
} catch (CertificateException e) {
- CMS.debug(e);
+ CMS.debug(e);
}
return null;
}
@@ -1125,10 +1163,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
public String[] getCASigningAlgorithms() {
- if (mCASigningAlgorithms != null)
+ if (mCASigningAlgorithms != null)
return mCASigningAlgorithms;
- if (mCaCert == null)
+ if (mCaCert == null)
return null; // CA not inited yet.
X509Key caPubKey = null;
@@ -1136,49 +1174,48 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
caPubKey = (X509Key) mCaCert.get(X509CertImpl.PUBLIC_KEY);
} catch (CertificateParsingException e) {
}
- if (caPubKey == null)
- return null; // something seriously wrong.
+ if (caPubKey == null)
+ return null; // something seriously wrong.
AlgorithmId alg = caPubKey.getAlgorithmId();
- if (alg == null)
- return null; // something seriously wrong.
+ if (alg == null)
+ return null; // something seriously wrong.
mCASigningAlgorithms = AlgorithmId.getSigningAlgorithms(alg);
if (mCASigningAlgorithms == null) {
- CMS.debug(
- "CA - no signing algorithms for " + alg.getName());
+ CMS.debug("CA - no signing algorithms for " + alg.getName());
} else {
- CMS.debug(
- "CA First signing algorithm is " + mCASigningAlgorithms[0]);
+ CMS.debug("CA First signing algorithm is "
+ + mCASigningAlgorithms[0]);
}
return mCASigningAlgorithms;
}
- //////////
- // Initialization routines.
+ // ////////
+ // Initialization routines.
//
-
/**
* init CA signing unit & cert chain.
*/
- private void initSigUnit()
- throws EBaseException {
+ private void initSigUnit() throws EBaseException {
try {
// init signing unit
mSigningUnit = new SigningUnit();
- IConfigStore caSigningCfg =
- mConfig.getSubStore(PROP_SIGNING_SUBSTORE);
+ IConfigStore caSigningCfg = mConfig
+ .getSubStore(PROP_SIGNING_SUBSTORE);
mSigningUnit.init(this, caSigningCfg);
CMS.debug("CA signing unit inited");
// for identrus
- IConfigStore CrlStore = mConfig.getSubStore(PROP_CRL_SIGNING_SUBSTORE);
+ IConfigStore CrlStore = mConfig
+ .getSubStore(PROP_CRL_SIGNING_SUBSTORE);
if (CrlStore != null && CrlStore.size() > 0) {
mCRLSigningUnit = new SigningUnit();
- mCRLSigningUnit.init(this, mConfig.getSubStore(PROP_CRL_SIGNING_SUBSTORE));
+ mCRLSigningUnit.init(this,
+ mConfig.getSubStore(PROP_CRL_SIGNING_SUBSTORE));
} else {
mCRLSigningUnit = mSigningUnit;
}
@@ -1186,43 +1223,44 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// init cert chain
CryptoManager manager = CryptoManager.getInstance();
- int caChainNum =
- caSigningCfg.getInteger(PROP_CA_CHAIN_NUM, 0);
+ int caChainNum = caSigningCfg.getInteger(PROP_CA_CHAIN_NUM, 0);
CMS.debug("cachainNum= " + caChainNum);
if (caChainNum > 0) {
// custom build chain (for cross cert chain)
// audit here ***
- IConfigStore chainStore =
- caSigningCfg.getSubStore(PROP_CA_CHAIN);
+ IConfigStore chainStore = caSigningCfg
+ .getSubStore(PROP_CA_CHAIN);
if (chainStore == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_OCSP_CHAIN",
"ca cert chain config error"));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED",
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_BUILD_CA_CHAIN_FAILED",
"ca cert chain config error"));
}
- java.security.cert.X509Certificate[] implchain =
- new java.security.cert.X509Certificate[caChainNum];
+ java.security.cert.X509Certificate[] implchain = new java.security.cert.X509Certificate[caChainNum];
for (int i = 0; i < caChainNum; i++) {
String subtreeName = PROP_CA_CERT + i;
// cert file name must be full path
- String certFileName =
- chainStore.getString(subtreeName, null);
+ String certFileName = chainStore.getString(subtreeName,
+ null);
if ((certFileName == null) || certFileName.equals("")) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", "cert file config error"));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_OCSP_CHAIN",
+ "cert file config error"));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_BUILD_CA_CHAIN_FAILED",
"cert file config error"));
}
byte[] b64Bytes = getCertFromFile(certFileName);
String b64String = new String(b64Bytes);
- byte[] certBytes = KeyCertUtil.convertB64EToByteArray(b64String);
+ byte[] certBytes = KeyCertUtil
+ .convertB64EToByteArray(b64String);
implchain[i] = new X509CertImpl(certBytes);
} // for
@@ -1231,11 +1269,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("in init - custom built CA cert chain.");
} else {
// build ca chain the traditional way
- org.mozilla.jss.crypto.X509Certificate[] chain =
- manager.buildCertificateChain(mSigningUnit.getCert());
+ org.mozilla.jss.crypto.X509Certificate[] chain = manager
+ .buildCertificateChain(mSigningUnit.getCert());
// do this in case other subsyss expect a X509CertImpl
- java.security.cert.X509Certificate[] implchain =
- new java.security.cert.X509Certificate[chain.length];
+ java.security.cert.X509Certificate[] implchain = new java.security.cert.X509Certificate[chain.length];
for (int i = 0; i < chain.length; i++) {
implchain[i] = new X509CertImpl(chain[i].getEncoded());
@@ -1244,22 +1281,23 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("in init - got CA chain from JSS.");
}
- IConfigStore OCSPStore = mConfig.getSubStore(PROP_OCSP_SIGNING_SUBSTORE);
+ IConfigStore OCSPStore = mConfig
+ .getSubStore(PROP_OCSP_SIGNING_SUBSTORE);
if (OCSPStore != null && OCSPStore.size() > 0) {
mOCSPSigningUnit = new SigningUnit();
- mOCSPSigningUnit.init(this, mConfig.getSubStore(PROP_OCSP_SIGNING_SUBSTORE));
+ mOCSPSigningUnit.init(this,
+ mConfig.getSubStore(PROP_OCSP_SIGNING_SUBSTORE));
CMS.debug("Separate OCSP signing unit inited");
} else {
mOCSPSigningUnit = mSigningUnit;
CMS.debug("Shared OCSP signing unit inited");
}
- org.mozilla.jss.crypto.X509Certificate[] ocspChain =
- manager.buildCertificateChain(mOCSPSigningUnit.getCert());
+ org.mozilla.jss.crypto.X509Certificate[] ocspChain = manager
+ .buildCertificateChain(mOCSPSigningUnit.getCert());
// do this in case other subsyss expect a X509CertImpl
- java.security.cert.X509Certificate[] ocspImplchain =
- new java.security.cert.X509Certificate[ocspChain.length];
+ java.security.cert.X509Certificate[] ocspImplchain = new java.security.cert.X509Certificate[ocspChain.length];
for (int i = 0; i < ocspChain.length; i++) {
ocspImplchain[i] = new X509CertImpl(ocspChain[i].getEncoded());
@@ -1285,40 +1323,47 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("in init - got CA name " + mName);
} catch (CryptoManager.NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGNING", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGNING",
+ e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
} catch (CertificateException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
} catch (FileNotFoundException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
} catch (IOException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
} catch (TokenException e) {
if (Debug.ON)
e.printStackTrace();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_BUILD_CA_CHAIN_FAILED", e.toString()));
}
}
/**
* read ca cert from path, converts and bytes
*/
- byte[] getCertFromFile(String path)
- throws FileNotFoundException, IOException {
+ byte[] getCertFromFile(String path) throws FileNotFoundException,
+ IOException {
File file = new File(path);
Long l = Long.valueOf(file.length());
@@ -1330,33 +1375,30 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return b;
}
- /**
+ /**
* init default cert attributes.
*/
- private void initDefCaAttrs()
- throws EBaseException {
- int version = mConfig.getInteger(PROP_X509CERT_VERSION,
+ private void initDefCaAttrs() throws EBaseException {
+ int version = mConfig.getInteger(PROP_X509CERT_VERSION,
CertificateVersion.V3);
- if (version != CertificateVersion.V1 &&
- version != CertificateVersion.V3) {
+ if (version != CertificateVersion.V1
+ && version != CertificateVersion.V3) {
throw new ECAException(
CMS.getUserMessage("CMS_CA_X509CERT_VERSION_NOT_SUPPORTED"));
}
try {
mDefaultCertVersion = new CertificateVersion(version - 1);
} catch (IOException e) {
- // should never occur.
+ // should never occur.
}
int validity_in_days = mConfig.getInteger(PROP_DEF_VALIDITY, 2 * 365);
mDefaultValidity = validity_in_days * DAY; // days in config file.
- mEnablePastCATime =
- mConfig.getBoolean(PROP_ENABLE_PAST_CATIME, false);
- mEnableOCSP =
- mConfig.getBoolean(PROP_ENABLE_OCSP, true);
+ mEnablePastCATime = mConfig.getBoolean(PROP_ENABLE_PAST_CATIME, false);
+ mEnableOCSP = mConfig.getBoolean(PROP_ENABLE_OCSP, true);
String fs = mConfig.getString(PROP_FAST_SIGNING, "");
@@ -1371,29 +1413,29 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* init cert & crl database
*/
- private void initCaDatabases()
- throws EBaseException {
+ private void initCaDatabases() throws EBaseException {
int certdb_inc = mConfig.getInteger(PROP_CERTDB_INC, 5);
String certReposDN = mConfig.getString(PROP_CERT_REPOS_DN, null);
- if (certReposDN == null) {
- certReposDN = "ou=certificateRepository, ou=" + getId() +
- ", " + getDBSubsystem().getBaseDN();
+ if (certReposDN == null) {
+ certReposDN = "ou=certificateRepository, ou=" + getId() + ", "
+ + getDBSubsystem().getBaseDN();
}
String reposDN = mConfig.getString(PROP_REPOS_DN, null);
- if (reposDN == null) {
- reposDN = "ou=certificateRepository, ou=" + getId() +
- ", " + getDBSubsystem().getBaseDN();
+ if (reposDN == null) {
+ reposDN = "ou=certificateRepository, ou=" + getId() + ", "
+ + getDBSubsystem().getBaseDN();
}
- int transitMaxRecords = mConfig.getInteger(PROP_CERTDB_TRANS_MAXRECORDS, 1000000);
- int transitRecordPageSize = mConfig.getInteger(PROP_CERTDB_TRANS_PAGESIZE, 200);
+ int transitMaxRecords = mConfig.getInteger(
+ PROP_CERTDB_TRANS_MAXRECORDS, 1000000);
+ int transitRecordPageSize = mConfig.getInteger(
+ PROP_CERTDB_TRANS_PAGESIZE, 200);
- mCertRepot = new CertificateRepository(
- DBSubsystem.getInstance(),
- certReposDN, certdb_inc, reposDN);
+ mCertRepot = new CertificateRepository(DBSubsystem.getInstance(),
+ certReposDN, certdb_inc, reposDN);
mCertRepot.setTransitMaxRecords(transitMaxRecords);
mCertRepot.setTransitRecordPageSize(transitRecordPageSize);
@@ -1404,19 +1446,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
int crldb_inc = mConfig.getInteger(PROP_CRLDB_INC, 5);
- mCRLRepot = new CRLRepository(
- DBSubsystem.getInstance(),
- crldb_inc,
- "ou=crlIssuingPoints, ou=" + getId() + ", " +
- getDBSubsystem().getBaseDN());
+ mCRLRepot = new CRLRepository(DBSubsystem.getInstance(), crldb_inc,
+ "ou=crlIssuingPoints, ou=" + getId() + ", "
+ + getDBSubsystem().getBaseDN());
CMS.debug("CRL Repot inited");
String replicaReposDN = mConfig.getString(PROP_REPLICAID_DN, null);
if (replicaReposDN == null) {
- replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
+ replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
}
- mReplicaRepot = new ReplicaIDRepository(
- DBSubsystem.getInstance(), 1, replicaReposDN);
+ mReplicaRepot = new ReplicaIDRepository(DBSubsystem.getInstance(), 1,
+ replicaReposDN);
CMS.debug("Replica Repot inited");
}
@@ -1424,13 +1464,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* init web gateway - just gets the ee gateway for this CA.
*/
- private void initWebGateway()
- throws EBaseException {
+ private void initWebGateway() throws EBaseException {
}
- private void startPublish()
- throws EBaseException {
- //xxx Note that CMS411 only support ca cert publishing to ldap
+ private void startPublish() throws EBaseException {
+ // xxx Note that CMS411 only support ca cert publishing to ldap
// if ldap publishing is not enabled while publishing isenabled
// there will be a lot of problem.
try {
@@ -1440,34 +1478,36 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
} catch (ELdapException e) {
// exception not thrown - not seen as a fatal error.
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_PUBLISH", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_PUBLISH", e.toString()));
}
}
/**
* init publishing
*/
- private void initPublish()
- throws EBaseException {
+ private void initPublish() throws EBaseException {
IConfigStore c = null;
try {
c = mConfig.getSubStore(PROP_PUBLISH_SUBSTORE);
if (c != null && c.size() > 0) {
- mPublisherProcessor = new PublisherProcessor(
- getId() + "pp");
+ mPublisherProcessor = new PublisherProcessor(getId() + "pp");
mPublisherProcessor.init(this, c);
CMS.debug("Publishing inited");
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISH"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISH"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_INIT_PUBLISH_MODULE_FAILED"));
}
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_ERROR_PUBLISH_MODULE", e.toString()));
- //throw new ECAException(
- // CAResources.INIT_PUBLISH_MODULE_FAILED, e);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_ERROR_PUBLISH_MODULE",
+ e.toString()));
+ // throw new ECAException(
+ // CAResources.INIT_PUBLISH_MODULE_FAILED, e);
}
}
@@ -1488,7 +1528,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
while (names.hasMoreElements()) {
String id = (String) names.nextElement();
- if (Debug.ON)
+ if (Debug.ON)
Debug.trace("registering listener impl: " + id);
String cl = implc.getString(id + "." + PROP_CLASS);
@@ -1507,42 +1547,50 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
Debug.trace("registering listener instance: " + id);
IConfigStore iConfig = instc.getSubStore(id);
String implName = instc.getString(id + "." + PROP_PLUGIN);
- ListenerPlugin plugin = (ListenerPlugin) mListenerPlugins.get(implName);
+ ListenerPlugin plugin = (ListenerPlugin) mListenerPlugins
+ .get(implName);
if (plugin == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_ERROR_LISTENER", implName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_ERROR_LISTENER", implName));
throw new Exception("Cannot initialize");
}
String className = plugin.getClassPath();
-
+
try {
IRequestListener listener = null;
- listener = (IRequestListener)
- Class.forName(className).newInstance();
+ listener = (IRequestListener) Class.forName(className)
+ .newInstance();
- //listener.init(id, implName, iConfig);
+ // listener.init(id, implName, iConfig);
listener.init(this, iConfig);
- // registerRequestListener(id, (IRequestListener) listener);
- //log(ILogger.LL_INFO,
- // "Listener instance " + id + " added");
+ // registerRequestListener(id, (IRequestListener)
+ // listener);
+ // log(ILogger.LL_INFO,
+ // "Listener instance " + id + " added");
} catch (Exception e) {
if (Debug.ON) {
e.printStackTrace();
}
Debug.trace("failed to add listener instance");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_INIT_LISTENER", id, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CMSCORE_CA_CA_INIT_LISTENER", id,
+ e.toString()));
throw e;
}
}
-
+
}
-
+
} catch (Exception e) {
- log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CA_FAILED_LISTENER", e.toString()));
+ log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSCORE_CA_CA_FAILED_LISTENER",
+ e.toString()));
}
-
+
}
/**
@@ -1556,63 +1604,79 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
if (nc != null && nc.size() > 0) {
// Initialize Certificate Issued notification listener
- String certificateIssuedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateIssuedListener");
+ String certificateIssuedListenerClassName = nc.getString(
+ "certificateIssuedListenerClassName",
+ "com.netscape.cms.listeners.CertificateIssuedListener");
try {
- mCertIssuedListener = (IRequestListener) Class.forName(certificateIssuedListenerClassName).newInstance();
+ mCertIssuedListener = (IRequestListener) Class.forName(
+ certificateIssuedListenerClassName).newInstance();
mCertIssuedListener.init(this, nc);
} catch (Exception e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateIssuedListenerClassName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_REGISTER_LISTENER",
+ certificateIssuedListenerClassName));
}
// Initialize Revoke Request notification listener
-
- String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateRevokedListener");
+
+ String certificateRevokedListenerClassName = nc
+ .getString("certificateIssuedListenerClassName",
+ "com.netscape.cms.listeners.CertificateRevokedListener");
try {
- mCertRevokedListener = (IRequestListener) Class.forName(certificateRevokedListenerClassName).newInstance();
+ mCertRevokedListener = (IRequestListener) Class.forName(
+ certificateRevokedListenerClassName).newInstance();
mCertRevokedListener.init(this, nc);
} catch (Exception e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_LISTENER", certificateRevokedListenerClassName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_REGISTER_LISTENER",
+ certificateRevokedListenerClassName));
}
// Initialize Request In Queue notification listener
IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE);
-
- String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.RequestInQListener");
+
+ String requestInQListenerClassName = nc.getString(
+ "certificateIssuedListenerClassName",
+ "com.netscape.cms.listeners.RequestInQListener");
try {
- mReqInQListener = (IRequestListener) Class.forName(requestInQListenerClassName).newInstance();
+ mReqInQListener = (IRequestListener) Class.forName(
+ requestInQListenerClassName).newInstance();
mReqInQListener.init(this, nc);
} catch (Exception e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_REGISTER_REQ_LISTENER", requestInQListenerClassName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_CA_REGISTER_REQ_LISTENER",
+ requestInQListenerClassName));
}
// Initialize extra listeners
IConfigStore mListenerConfig = null;
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_NONE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_NONE"));
}
} catch (Exception e) {
e.printStackTrace();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_FAILED"));
- // throw e;
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_NOTIFY_FAILED"));
+ // throw e;
}
}
/**
* initialize request queue components
*/
- private void initRequestQueue()
- throws EBaseException {
+ private void initRequestQueue() throws EBaseException {
mPolicy = new CAPolicy();
((CAPolicy) mPolicy).init(this, mConfig.getSubStore(PROP_POLICY));
CMS.debug("CA policy inited");
mService = new CAService(this);
CMS.debug("CA service inited");
- mNotify = new ARequestNotifier (this);
+ mNotify = new ARequestNotifier(this);
CMS.debug("CA notifier inited");
mPNotify = new ARequestNotifier();
CMS.debug("CA pending notifier inited");
@@ -1621,22 +1685,23 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
try {
int reqdb_inc = mConfig.getInteger("reqdbInc", 5);
- mRequestQueue =
- RequestSubsystem.getInstance().getRequestQueue(
- getId(), reqdb_inc, mPolicy, mService, mNotify, mPNotify);
+ mRequestQueue = RequestSubsystem.getInstance().getRequestQueue(
+ getId(), reqdb_inc, mPolicy, mService, mNotify, mPNotify);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_QUEUE_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_QUEUE_FAILED",
+ e.toString()));
throw e;
}
// init request scheduler if configured
- String schedulerClass =
- mConfig.getString("requestSchedulerClass", null);
+ String schedulerClass = mConfig
+ .getString("requestSchedulerClass", null);
if (schedulerClass != null) {
- try {
- IRequestScheduler scheduler = (IRequestScheduler)
- Class.forName(schedulerClass).newInstance();
+ try {
+ IRequestScheduler scheduler = (IRequestScheduler) Class
+ .forName(schedulerClass).newInstance();
mRequestQueue.setRequestScheduler(scheduler);
} catch (Exception e) {
@@ -1646,35 +1711,30 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
/*
- private void startCRL()
- throws EBaseException
- {
- Enumeration e = mCRLIssuePoints.keys();
- while (e.hasMoreElements()) {
- CRLIssuingPoint cp = (CRLIssuingPoint)
- mCRLIssuePoints.get(e.nextElement());
- cp.startup();
- }
- }
+ * private void startCRL() throws EBaseException { Enumeration e =
+ * mCRLIssuePoints.keys(); while (e.hasMoreElements()) { CRLIssuingPoint cp
+ * = (CRLIssuingPoint) mCRLIssuePoints.get(e.nextElement()); cp.startup(); }
+ * }
*/
-
+
/**
- * initialize CRL
+ * initialize CRL
*/
- private void initCRL()
- throws EBaseException {
+ private void initCRL() throws EBaseException {
IConfigStore crlConfig = mConfig.getSubStore(PROP_CRL_SUBSTORE);
if ((crlConfig == null) || (crlConfig.size() <= 0)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL"));
- //throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL"));
+ // throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
return;
}
Enumeration<String> issuePointIdEnum = crlConfig.getSubStoreNames();
if (issuePointIdEnum == null || !issuePointIdEnum.hasMoreElements()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL_SUBSTORE"));
- //throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_NO_MASTER_CRL_SUBSTORE"));
+ // throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
return;
}
@@ -1683,8 +1743,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
while (issuePointIdEnum.hasMoreElements()) {
String issuePointId = (String) issuePointIdEnum.nextElement();
- CMS.debug(
- "initializing crl issue point " + issuePointId);
+ CMS.debug("initializing crl issue point " + issuePointId);
IConfigStore issuePointConfig = null;
String issuePointClassName = null;
Class issuePointClass = null;
@@ -1697,29 +1756,28 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
issuePoint = (CRLIssuingPoint) issuePointClass.newInstance();
issuePoint.init(this, issuePointId, issuePointConfig);
mCRLIssuePoints.put(issuePointId, issuePoint);
- if (mMasterCRLIssuePoint == null &&
- issuePointId.equals(PROP_MASTER_CRL))
+ if (mMasterCRLIssuePoint == null
+ && issuePointId.equals(PROP_MASTER_CRL))
mMasterCRLIssuePoint = issuePoint;
} catch (ClassNotFoundException e) {
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
- issuePointId, e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CRL_ISSUING_POINT_INIT_FAILED", issuePointId,
+ e.toString()));
} catch (InstantiationException e) {
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
- issuePointId, e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CRL_ISSUING_POINT_INIT_FAILED", issuePointId,
+ e.toString()));
} catch (IllegalAccessException e) {
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
- issuePointId, e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_CRL_ISSUING_POINT_INIT_FAILED", issuePointId,
+ e.toString()));
}
}
/*
- if (mMasterCRLIssuePoint == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_FULL_CRL", PROP_MASTER_CRL));
- throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL);
- }
+ * if (mMasterCRLIssuePoint == null) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSCORE_CA_CA_NO_FULL_CRL", PROP_MASTER_CRL));
+ * throw new ECAException(CAResources.NO_CONFIG_FOR_MASTER_CRL); }
*/
log(ILogger.LL_INFO, "CRL Issuing Points inited");
}
@@ -1744,9 +1802,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return mSignTime;
}
- public long getOCSPTotalLookupTime()
- {
- return mLookupTime;
+ public long getOCSPTotalLookupTime() {
+ return mLookupTime;
}
public ResponderID getResponderIDByName() {
@@ -1754,8 +1811,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
X500Name name = getOCSPX500Name();
Name.Template nameTemplate = new Name.Template();
- return new NameID((Name) nameTemplate.decode(
- new ByteArrayInputStream(name.getEncoded())));
+ return new NameID(
+ (Name) nameTemplate.decode(new ByteArrayInputStream(name
+ .getEncoded())));
} catch (IOException e) {
return null;
} catch (InvalidBERException e) {
@@ -1766,8 +1824,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public ResponderID getResponderIDByHash() {
/*
- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- --(excluding the tag and length fields)
+ * KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ * --(excluding the tag and length fields)
*/
PublicKey publicKey = getOCSPSigningUnit().getPublicKey();
MessageDigest md = null;
@@ -1786,8 +1844,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Process OCSPRequest.
*/
- public OCSPResponse validate(OCSPRequest request)
- throws EBaseException {
+ public OCSPResponse validate(OCSPRequest request) throws EBaseException {
if (!mEnableOCSP) {
CMS.debug("Local ocsp service is disable.");
@@ -1795,23 +1852,22 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
mNumOCSPRequest++;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
long startTime = CMS.getCurrentDate().getTime();
try {
- //log(ILogger.LL_INFO, "start OCSP request");
+ // log(ILogger.LL_INFO, "start OCSP request");
TBSRequest tbsReq = request.getTBSRequest();
// (3) look into database to check the
- // certificate's status
+ // certificate's status
Vector singleResponses = new Vector();
if (statsSub != null) {
- statsSub.startTiming("lookup");
+ statsSub.startTiming("lookup");
}
long lookupStartTime = CMS.getCurrentDate().getTime();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
- com.netscape.cmsutil.ocsp.Request req =
- tbsReq.getRequestAt(i);
+ com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
CertID cid = req.getCertID();
SingleResponse sr = processRequest(cid);
@@ -1819,12 +1875,12 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
long lookupEndTime = CMS.getCurrentDate().getTime();
if (statsSub != null) {
- statsSub.endTiming("lookup");
+ statsSub.endTiming("lookup");
}
mLookupTime += lookupEndTime - lookupStartTime;
if (statsSub != null) {
- statsSub.startTiming("build_response");
+ statsSub.startTiming("build_response");
}
SingleResponse res[] = new SingleResponse[singleResponses.size()];
@@ -1833,16 +1889,16 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
ResponderID rid = null;
if (mByName) {
if (mResponderIDByName == null) {
- mResponderIDByName = getResponderIDByName();
+ mResponderIDByName = getResponderIDByName();
}
rid = mResponderIDByName;
} else {
if (mResponderIDByHash == null) {
- mResponderIDByHash = getResponderIDByHash();
+ mResponderIDByHash = getResponderIDByHash();
}
rid = mResponderIDByHash;
}
-
+
Extension nonce[] = null;
for (int j = 0; j < tbsReq.getExtensionsCount(); j++) {
@@ -1853,34 +1909,36 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
nonce[0] = thisExt;
}
}
- ResponseData rd = new ResponseData(rid,
- new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
+ ResponseData rd = new ResponseData(rid, new GeneralizedTime(
+ CMS.getCurrentDate()), res, nonce);
if (statsSub != null) {
- statsSub.endTiming("build_response");
+ statsSub.endTiming("build_response");
}
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long signStartTime = CMS.getCurrentDate().getTime();
BasicOCSPResponse basicRes = sign(rd);
long signEndTime = CMS.getCurrentDate().getTime();
mSignTime += signEndTime - signStartTime;
if (statsSub != null) {
- statsSub.endTiming("signing");
+ statsSub.endTiming("signing");
}
OCSPResponse response = new OCSPResponse(
- OCSPResponseStatus.SUCCESSFUL,
- new ResponseBytes(ResponseBytes.OCSP_BASIC,
- new OCTET_STRING(ASN1Util.encode(basicRes))));
+ OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(
+ ResponseBytes.OCSP_BASIC, new OCTET_STRING(
+ ASN1Util.encode(basicRes))));
- //log(ILogger.LL_INFO, "done OCSP request");
+ // log(ILogger.LL_INFO, "done OCSP request");
long endTime = CMS.getCurrentDate().getTime();
mTotalTime += endTime - startTime;
return response;
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_REQUEST", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_REQUEST",
+ e.toString()));
return null;
}
}
@@ -1890,11 +1948,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
- String algname = mOCSPSigningUnit.getDefaultAlgorithm();
+ String algname = mOCSPSigningUnit.getDefaultAlgorithm();
byte rd_data[] = ASN1Util.encode(rd);
if (rd_data != null) {
- mTotalData += rd_data.length;
+ mTotalData += rd_data.length;
}
rd.encode(tmp);
AlgorithmId.get(algname).encode(tmp);
@@ -1907,25 +1965,27 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
DerOutputStream tmpChain = new DerOutputStream();
DerOutputStream tmp1 = new DerOutputStream();
DerOutputStream outChain = new DerOutputStream();
- java.security.cert.X509Certificate chains[] =
- mOCSPCertChain.getChain();
+ java.security.cert.X509Certificate chains[] = mOCSPCertChain
+ .getChain();
for (int i = 0; i < chains.length; i++) {
tmpChain.putDerValue(new DerValue(chains[i].getEncoded()));
}
tmp1.write(DerValue.tag_Sequence, tmpChain);
tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0),
- tmp1);
+ tmp1);
out.write(DerValue.tag_Sequence, tmp);
- BasicOCSPResponse response = new BasicOCSPResponse(out.toByteArray());
+ BasicOCSPResponse response = new BasicOCSPResponse(
+ out.toByteArray());
return response;
} catch (Exception e) {
e.printStackTrace();
// error e
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGN", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGN", e.toString()));
return null;
}
}
@@ -1951,12 +2011,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
try {
issuingPointId = mConfig.getString(
- "ocspUseCacheIssuingPointId", PROP_MASTER_CRL);
+ "ocspUseCacheIssuingPointId", PROP_MASTER_CRL);
} catch (EBaseException e) {
}
- CRLIssuingPoint point = (CRLIssuingPoint)
- getCRLIssuingPoint(issuingPointId);
+ CRLIssuingPoint point = (CRLIssuingPoint) getCRLIssuingPoint(issuingPointId);
if (point.isCRLCacheEnabled()) {
// only do this if cache is enabled
@@ -1965,26 +2024,29 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
boolean includeExpiredCerts = false;
try {
- checkDeltaCache = mConfig.getBoolean("ocspUseCacheCheckDeltaCache", false);
+ checkDeltaCache = mConfig.getBoolean(
+ "ocspUseCacheCheckDeltaCache", false);
} catch (EBaseException e) {
}
try {
- includeExpiredCerts = mConfig.getBoolean("ocspUseCacheIncludeExpiredCerts", false);
+ includeExpiredCerts = mConfig.getBoolean(
+ "ocspUseCacheIncludeExpiredCerts", false);
} catch (EBaseException e) {
}
- Date revokedOn = point.getRevocationDateFromCache(
- sno, checkDeltaCache, includeExpiredCerts);
+ Date revokedOn = point.getRevocationDateFromCache(sno,
+ checkDeltaCache, includeExpiredCerts);
if (revokedOn == null) {
certStatus = new GoodInfo();
} else {
certStatus = new RevokedInfo(new GeneralizedTime(revokedOn));
}
- return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
+ return new SingleResponse(cid, certStatus, thisUpdate,
+ nextUpdate);
}
}
- try {
+ try {
ICertRecord rec = mCertRepot.readCertificateRecord(serialNo);
String status = rec.getStatus();
@@ -1996,11 +2058,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// not yet valid
certStatus = new UnknownInfo();
} else if (status.equals(CertRecord.STATUS_REVOKED)) {
- certStatus = new RevokedInfo(new GeneralizedTime(rec.getRevokedOn()));
+ certStatus = new RevokedInfo(new GeneralizedTime(
+ rec.getRevokedOn()));
} else if (status.equals(CertRecord.STATUS_EXPIRED)) {
certStatus = new UnknownInfo();
} else if (status.equals(CertRecord.STATUS_REVOKED_EXPIRED)) {
- certStatus = new RevokedInfo(new GeneralizedTime(rec.getRevokedOn()));
+ certStatus = new RevokedInfo(new GeneralizedTime(
+ rec.getRevokedOn()));
} else {
certStatus = new UnknownInfo();
}
@@ -2012,4 +2076,3 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/SigningUnit.java b/pki/base/ca/src/com/netscape/ca/SigningUnit.java
index 6b0dfc64..a0918af8 100644
--- a/pki/base/ca/src/com/netscape/ca/SigningUnit.java
+++ b/pki/base/ca/src/com/netscape/ca/SigningUnit.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
@@ -50,10 +49,9 @@ import com.netscape.certsrv.security.ISigningUnit;
import com.netscape.cmscore.security.JssSubsystem;
import com.netscape.cmsutil.util.Cert;
-
/**
* CA signing unit based on JSS.
- *
+ *
* $Revision$ $Date$
*/
@@ -81,8 +79,8 @@ public final class SigningUnit implements ISigningUnit {
private ISubsystem mOwner = null;
- private String mDefSigningAlgname = null;
- private SignatureAlgorithm mDefSigningAlgorithm = null;
+ private String mDefSigningAlgname = null;
+ private SignatureAlgorithm mDefSigningAlgorithm = null;
public SigningUnit() {
}
@@ -114,7 +112,7 @@ public final class SigningUnit implements ISigningUnit {
public PrivateKey getPrivateKey() {
return mPrivk;
}
-
+
public void updateConfig(String nickname, String tokenname) {
mConfig.putString(PROP_CERT_NICKNAME, nickname);
mConfig.putString(PROP_TOKEN_NAME, tokenname);
@@ -133,8 +131,8 @@ public final class SigningUnit implements ISigningUnit {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
- mOwner = owner;
+ throws EBaseException {
+ mOwner = owner;
mConfig = config;
String tokenname = null;
@@ -144,24 +142,25 @@ public final class SigningUnit implements ISigningUnit {
mNickname = getNickName();
tokenname = config.getString(PROP_TOKEN_NAME);
- if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
- tokenname.equalsIgnoreCase("Internal Key Storage Token")) {
+ if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)
+ || tokenname.equalsIgnoreCase("Internal Key Storage Token")) {
mToken = mManager.getInternalKeyStorageToken();
- setNewNickName(mNickname);
+ setNewNickName(mNickname);
} else {
mToken = mManager.getTokenByName(tokenname);
- mNickname = tokenname + ":" + mNickname;
- setNewNickName(mNickname);
- }
+ mNickname = tokenname + ":" + mNickname;
+ setNewNickName(mNickname);
+ }
CMS.debug(config.getName() + " Signing Unit nickname " + mNickname);
CMS.debug("Got token " + tokenname + " by name");
- PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
+ PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
mToken.login(cb); // ONE_TIME by default.
mCert = mManager.findCertByNickname(mNickname);
- CMS.debug("Found cert by nickname: '"+mNickname+"' with serial number: "+mCert.getSerialNumber());
+ CMS.debug("Found cert by nickname: '" + mNickname
+ + "' with serial number: " + mCert.getSerialNumber());
mCertImpl = new X509CertImpl(mCert.getEncoded());
CMS.debug("converted to x509CertImpl");
@@ -174,38 +173,52 @@ public final class SigningUnit implements ISigningUnit {
// get def alg and check if def sign alg is valid for token.
mDefSigningAlgname = config.getString(PROP_DEFAULT_SIGNALG);
- mDefSigningAlgorithm =
- checkSigningAlgorithmFromName(mDefSigningAlgname);
- CMS.debug(
- "got signing algorithm " + mDefSigningAlgorithm);
+ mDefSigningAlgorithm = checkSigningAlgorithmFromName(mDefSigningAlgname);
+ CMS.debug("got signing algorithm " + mDefSigningAlgorithm);
mInited = true;
} catch (java.security.cert.CertificateException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT", e.getMessage()));
- throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT",
+ e.getMessage()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (CryptoManager.NotInitializedException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT",
+ e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
} catch (IncorrectPasswordException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"));
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD",
+ e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"));
} catch (NoSuchTokenException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_NOT_FOUND", tokenname, e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND", tokenname));
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_TOKEN_NOT_FOUND", tokenname,
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND",
+ tokenname));
} catch (ObjectNotFoundException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CERT_NOT_FOUND", e.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_CA_SIGNING_CERT_NOT_FOUND",
+ e.toString()));
+ throw new ECAException(
+ CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
} catch (TokenException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_ERROR"));
- } catch (Exception e){
- CMS.debug("SigningUnit init: debug "+ e.toString());
- }
+ } catch (Exception e) {
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ }
}
/**
@@ -218,41 +231,47 @@ public final class SigningUnit implements ISigningUnit {
* @exception EBaseException if signing algorithm is not supported.
*/
public SignatureAlgorithm checkSigningAlgorithmFromName(String algname)
- throws EBaseException {
+ throws EBaseException {
try {
SignatureAlgorithm sigalg = null;
sigalg = mapAlgorithmToJss(algname);
if (sigalg == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
}
Signature signer = mToken.getSignatureContext(sigalg);
signer.initSign(mPrivk);
return sigalg;
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname,
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
} catch (TokenException e) {
// from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname,
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname,
+ e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED_FOR_KEY", algname));
}
}
/**
* @param algname is expected to be one of JCA's algorithm names.
*/
- public byte[] sign(byte[] data, String algname)
- throws EBaseException {
+ public byte[] sign(byte[] data, String algname) throws EBaseException {
if (!mInited) {
throw new EBaseException("CASigningUnit not initialized!");
}
@@ -264,11 +283,11 @@ public final class SigningUnit implements ISigningUnit {
if (algname != null) {
signAlg = checkSigningAlgorithmFromName(algname);
}
-
- // XXX use a pool of signers based on alg ?
+
+ // XXX use a pool of signers based on alg ?
// XXX Map algor. name to id. hack: use hardcoded define for now.
- CMS.debug(
- "Getting algorithm context for " + algname + " " + signAlg);
+ CMS.debug("Getting algorithm context for " + algname + " "
+ + signAlg);
Signature signer = mToken.getSignatureContext(signAlg);
signer.initSign(mPrivk);
@@ -277,26 +296,29 @@ public final class SigningUnit implements ISigningUnit {
CMS.debug("Signing Certificate");
return signer.sign();
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
} catch (TokenException e) {
// from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (InvalidKeyException e) {
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (SignatureException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
}
}
-
+
public boolean verify(byte[] data, byte[] signature, String algname)
- throws EBaseException {
+ throws EBaseException {
if (!mInited) {
throw new EBaseException("CASigningUnit not initialized!");
}
@@ -304,9 +326,10 @@ public final class SigningUnit implements ISigningUnit {
SignatureAlgorithm signAlg = mapAlgorithmToJss(algname);
if (signAlg == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
- throw new ECAException(
- CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname, ""));
+ throw new ECAException(CMS.getUserMessage(
+ "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname));
}
// XXX make this configurable. hack: use hardcoded for now.
Signature signer = mToken.getSignatureContext(signAlg);
@@ -315,20 +338,24 @@ public final class SigningUnit implements ISigningUnit {
signer.update(data);
return signer.verify(signature);
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (TokenException e) {
// from get signature context or from initSign
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
} catch (SignatureException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
// XXX fix this exception later.
throw new EBaseException(e.toString());
}
@@ -337,8 +364,8 @@ public final class SigningUnit implements ISigningUnit {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA,
- level, "CASigningUnit: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
+ "CASigningUnit: " + msg);
}
/**
@@ -356,15 +383,14 @@ public final class SigningUnit implements ISigningUnit {
}
public void setDefaultAlgorithm(String algorithm) throws EBaseException {
- mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm);
+ mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm);
mDefSigningAlgname = algorithm;
- log(ILogger.LL_INFO,
- "Default signing algorithm is set to " + algorithm);
+ log(ILogger.LL_INFO, "Default signing algorithm is set to " + algorithm);
}
/**
* get all possible algorithms for the CA signing key type.
- */
+ */
public String[] getAllAlgorithms() throws EBaseException {
byte[] keybytes = mPubk.getEncoded();
X509Key key = new X509Key();
@@ -375,7 +401,8 @@ public final class SigningUnit implements ISigningUnit {
String msg = "Invalid encoding in CA signing key.";
log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", msg));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", msg));
}
if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) {
@@ -389,4 +416,3 @@ public final class SigningUnit implements ISigningUnit {
return Cert.mapAlgorithmToJss(algname);
}
}
-
generated by cgit (git 2.34.1) at 2024-06-07 11:08:03 +0000