summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
committerAde Lee <alee@redhat.com>2011-12-08 21:15:59 -0500
commit171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch)
tree1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
parentadad2fcee8a29fdb82376fbce07dedb11fccc182 (diff)
downloadpki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz
pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java411
1 files changed, 244 insertions, 167 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index 7f8b0953..b3809579 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.connector;
+
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@@ -57,10 +58,12 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
+
/**
- * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs
- * from its dependant clone CAs service request and return status.
- *
+ * Clone servlet - part of the Clone Authority (CLA)
+ * processes Revoked certs from its dependant clone CAs
+ * service request and return status.
+ *
* @version $Revision$, $Date$
*/
public class CloneServlet extends CMSServlet {
@@ -85,17 +88,19 @@ public class CloneServlet extends CMSServlet {
String authority = sc.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority) CMS.getSubsystem(authority);
+ mAuthority = (IAuthority)
+ CMS.getSubsystem(authority);
mReqEncoder = CMS.getHttpRequestEncoder();
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
- throw new IOException("CMS server is not ready to serve.");
+ throw new IOException(
+ "CMS server is not ready to serve.");
ServletContext servletContext = mConfig.getServletContext();
@@ -125,14 +130,14 @@ public class CloneServlet extends CMSServlet {
IRequest r = null;
IRequest reply = null;
- // NOTE must read all bufer before redoing handshake for
+ // NOTE must read all bufer before redoing handshake for
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = req.getContentLength();
+ len = req.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -154,16 +159,16 @@ public class CloneServlet extends CMSServlet {
// force client auth handshake, validate clone CA (CCA)
// and get CCA's Id.
- // NOTE must do this after all contents are read for ssl
- // redohandshake to work
+ // NOTE must do this after all contents are read for ssl
+ // redohandshake to work
X509Certificate peerCert;
try {
peerCert = getPeerCert(req);
- } catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ }catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -185,7 +190,7 @@ public class CloneServlet extends CMSServlet {
CMS.debug("CloneServlet: about to authenticate");
token = authenticate(peerCert);
// cfu maybe don't need CCA_Id, because the above check
- // was good enough
+ // was good enough
CCAUserId = token.getInString("userid");
CCA_Id = (String) peerCert.getSubjectDN().toString();
} catch (EInvalidCredentials e) {
@@ -198,17 +203,15 @@ public class CloneServlet extends CMSServlet {
return;
}
- mAuthority.log(
- ILogger.LL_INFO,
- "Clone Certificate Authority authenticated: "
- + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO,
+ "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
// authorize, any authenticated user are authorized
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, token, mAuthzResourceName,
- "submit");
+ authzToken = authorize(mAclMethod, token,
+ mAuthzResourceName, "submit");
} catch (Exception e) {
// do nothing for now
}
@@ -229,34 +232,29 @@ public class CloneServlet extends CMSServlet {
}
// now process CCA request - should just be posting revoked
- // certs for now
+ // certs for now
try {
// decode request.
- CMS.debug("Cloneservlet: before decoding request, encodedreq= "
- + encodedreq);
+ CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq);
msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
- // process request
+ // process request
CMS.debug("Cloneservlet: decoded request");
replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
} catch (IOException e) {
e.printStackTrace();
- mAuthority.log(
- ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
- e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
- mAuthority.log(
- ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
- e.toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
- // encode reply
+ // encode reply
String encodedrep = mReqEncoder.encode(replymsg);
resp.setStatus(HttpServletResponse.SC_OK);
@@ -273,47 +271,46 @@ public class CloneServlet extends CMSServlet {
out.flush();
}
- // cfu ++change this to just check the subject and signer
- protected IAuthToken authenticate(X509Certificate peerCert)
- throws EBaseException {
+ //cfu ++change this to just check the subject and signer
+ protected IAuthToken authenticate(
+ X509Certificate peerCert)
+ throws EBaseException {
try {
- // XXX using agent authentication now since we're only
- // verifying that the cert belongs to a user in the db.
- // XXX change this to ACL in the future.
+ // XXX using agent authentication now since we're only
+ // verifying that the cert belongs to a user in the db.
+ // XXX change this to ACL in the future.
// build JAVA X509Certificate from peerCert.
X509CertImpl cert = new X509CertImpl(peerCert.getEncoded());
AuthCredentials creds = new AuthCredentials();
- creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
- new X509Certificate[] { cert });
+ creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ new X509Certificate[] {cert}
+ );
- IAuthToken token = mAuthSubsystem.authenticate(creds,
+ IAuthToken token = mAuthSubsystem.authenticate(creds,
IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
return token;
} catch (CertificateException e) {
- mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage(
- "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert
- .getSubjectDN().toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (EInvalidCredentials e) {
- mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage(
- "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert
- .getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert
- .getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
throw e;
}
}
- protected IPKIMessage processRequest(String source, String sourceUserId,
- IPKIMessage msg, IAuthToken token) throws EBaseException {
+ protected IPKIMessage processRequest(
+ String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+ throws EBaseException {
IPKIMessage replymsg = null;
IRequest r = null;
IRequestQueue queue = mAuthority.getRequestQueue();
@@ -329,14 +326,13 @@ public class CloneServlet extends CMSServlet {
thisreq = queue.findRequest(thisreqid);
if (thisreq == null) {
// strange case.
- String errormsg = "Cannot find request in request queue "
- + thisreqid;
+ String errormsg = "Cannot find request in request queue " + thisreqid;
mAuthority.log(ILogger.LL_FAILURE, errormsg);
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO, "Found request " + thisreqid
- + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO,
+ "Found request " + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
return replymsg;
@@ -351,7 +347,8 @@ public class CloneServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
- thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA);
+ thisreq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
// Set this so that request's updateBy is recorded
@@ -365,47 +362,55 @@ public class CloneServlet extends CMSServlet {
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
- // for audit log
+ //for audit log
String agentID = sourceUserId;
- String initiative = AuditFormat.FROMRA + " trustedManagerID: "
- + agentID + " remote reqID " + msg.getReqId();
+ String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
+ agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr =
+ token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
-
+
// Get the certificate info from the request
- X509CertInfo certInfo[] = thisreq
- .getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
try {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL, AuditFormat.FORMAT,
- new Object[] { thisreq.getRequestType(),
- thisreq.getRequestId(), initiative,
- authMgr, thisreq.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- "" });
- }
- } else {
- mLogger.log(
- ILogger.EV_AUDIT,
+ mLogger.log(ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] { thisreq.getRequestType(),
- thisreq.getRequestId(), initiative,
- authMgr, thisreq.getRequestStatus() });
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ ""}
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus()}
+ );
}
} else {
- if (thisreq.getRequestType().equals(
- IRequest.CLA_CERT4CRL_REQUEST)) {
- Integer result = thisreq
- .getExtDataInInteger(IRequest.RESULT);
+ if
+ (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+ Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
CMS.debug("CloneServlet: error in CLA_CERT4CRL_REQUEST");
@@ -415,83 +420,155 @@ public class CloneServlet extends CMSServlet {
}
}
- /*
- * cfu --- if
- * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST
- * )) { // XXX make the repeat record. // Get the certificate(s)
- * from the request X509CertImpl issuedCerts[] =
- * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return
- * potentially more than one certificates. if (issuedCerts !=
- * null) { for (int i = 0; i < issuedCerts.length; i++) {
- * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] {
- * thisreq.getRequestType(), thisreq.getRequestId() , initiative
- * , authMgr , "completed", issuedCerts[i].getSubjectDN() ,
- * "cert issued serial number: 0x" +
- * issuedCerts[i].getSerialNumber().toString(16)} ); } } else {
- * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
- * thisreq.getRequestType(), thisreq.getRequestId() , initiative
- * , authMgr , "completed"} ); } } else if
- * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
- * X509CertImpl[] certs =
- * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl
- * old_cert = certs[0]; certs =
- * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
- * X509CertImpl renewed_cert = certs[0]; if (old_cert != null &&
- * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT,
- * ILogger.S_OTHER, AuditFormat.LEVEL,
- * AuditFormat.RENEWALFORMAT, new Object[] {
- * thisreq.getRequestId(), initiative , authMgr , "completed",
- * old_cert.getSubjectDN() ,
- * old_cert.getSerialNumber().toString(16) ,
- * "new serial number: 0x" +
- * renewed_cert.getSerialNumber().toString(16)} ); } else {
- * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
- * thisreq.getRequestType(), thisreq.getRequestId() , initiative
- * , authMgr , "completed with error"} ); } } else if
- * (thisreq.getRequestType
- * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[]
- * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
- * RevokedCertImpl crlentries[] =
- * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
- * CRLExtensions crlExts = crlentries[0].getExtensions(); int
- * reason = 0; if (crlExts != null) { Enumeration enum =
- * crlExts.getElements(); while(enum.hasMoreElements()){
- * Extension ext = (Extension) enum.nextElement(); if (ext
- * instanceof CRLReasonExtension) { reason =
- * ((CRLReasonExtension)ext).getReason().toInt (); break; } } }
- *
- * int count = oldCerts.length; Integer result =
- * (Integer)thisreq.get(IRequest.RESULT); if
- * (result.equals(IRequest.RES_ERROR)) { EBaseException ex =
- * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[]
- * svcErrors =
- * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if
- * (svcErrors != null && svcErrors.length > 0) { for (int i = 0;
- * i < svcErrors.length; i++) { EBaseException err =
- * svcErrors[i]; if (err != null) { for (int j = 0; j < count;
- * j++) { if (oldCerts[j] != null) {
- * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] {
- * thisreq.getRequestId(), initiative , "completed with error: "
- * + err.toString() , oldCerts[j].getSubjectDN() ,
- * oldCerts[j].getSerialNumber().toString(16),
- * RevocationReason.fromInt(reason).toString()} ); } } } } } }
- * else { // the success. for (int j = 0; j < count; j++) { if
- * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT,
- * ILogger.S_OTHER, AuditFormat.LEVEL,
- * AuditFormat.DOREVOKEFORMAT, new Object[] {
- * thisreq.getRequestId(), initiative , "completed" ,
- * oldCerts[j].getSubjectDN() ,
- * oldCerts[j].getSerialNumber().toString(16),
- * RevocationReason.fromInt(reason).toString()} ); } } } } else
- * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
- * thisreq.getRequestType(), thisreq.getRequestId() , initiative
- * , authMgr , "completed"} ); } cfu
- */
+ /* cfu ---
+ if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
+ // XXX make the repeat record.
+ // Get the certificate(s) from the request
+ X509CertImpl issuedCerts[] =
+ (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
+ // return potentially more than one certificates.
+ if (issuedCerts != null) {
+ for (int i = 0; i < issuedCerts.length; i++) {
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId() ,
+ initiative ,
+ authMgr ,
+ "completed",
+ issuedCerts[i].getSubjectDN() ,
+ "cert issued serial number: 0x" +
+ issuedCerts[i].getSerialNumber().toString(16)}
+ );
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId() ,
+ initiative ,
+ authMgr ,
+ "completed"}
+ );
+ }
+ } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
+ X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
+ X509CertImpl old_cert = certs[0];
+ certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
+ X509CertImpl renewed_cert = certs[0];
+ if (old_cert != null && renewed_cert != null) {
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative ,
+ authMgr ,
+ "completed",
+ old_cert.getSubjectDN() ,
+ old_cert.getSerialNumber().toString(16) ,
+ "new serial number: 0x" +
+ renewed_cert.getSerialNumber().toString(16)}
+ );
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId() ,
+ initiative ,
+ authMgr ,
+ "completed with error"}
+ );
+ }
+ } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
+ X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
+ RevokedCertImpl crlentries[] =
+ (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
+ CRLExtensions crlExts = crlentries[0].getExtensions();
+ int reason = 0;
+ if (crlExts != null) {
+ Enumeration enum = crlExts.getElements();
+ while(enum.hasMoreElements()){
+ Extension ext = (Extension) enum.nextElement();
+ if (ext instanceof CRLReasonExtension) {
+ reason = ((CRLReasonExtension)ext).getReason().toInt
+ ();
+ break;
+ }
+ }
+ }
+
+ int count = oldCerts.length;
+ Integer result = (Integer)thisreq.get(IRequest.RESULT);
+ if (result.equals(IRequest.RES_ERROR)) {
+ EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR);
+ EBaseException[] svcErrors =
+ (EBaseException[])thisreq.get(IRequest.SVCERRORS);
+ if (svcErrors != null && svcErrors.length > 0) {
+ for (int i = 0; i < svcErrors.length; i++) {
+ EBaseException err = svcErrors[i];
+ if (err != null) {
+ for (int j = 0; j < count; j++) {
+ if (oldCerts[j] != null) {
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative ,
+ "completed with error: " +
+ err.toString() ,
+ oldCerts[j].getSubjectDN() ,
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString()}
+ );
+ }
+ }
+ }
+ }
+ }
+ } else {
+ // the success.
+ for (int j = 0; j < count; j++) {
+ if (oldCerts[j] != null) {
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative ,
+ "completed" ,
+ oldCerts[j].getSubjectDN() ,
+ oldCerts[j].getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason).toString()}
+ );
+ }
+ }
+ }
+ } else {
+ mLogger.log(ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId() ,
+ initiative ,
+ authMgr ,
+ "completed"}
+ );
+ }
+ cfu */
}
} catch (IOException e) {
} catch (CertificateException e) {
@@ -500,8 +577,8 @@ public class CloneServlet extends CMSServlet {
return replymsg;
}
- protected X509Certificate getPeerCert(HttpServletRequest req)
- throws EBaseException {
+ protected X509Certificate
+ getPeerCert(HttpServletRequest req) throws EBaseException {
return getSSLClientCertificate(req);
}
generated by cgit (git 2.34.1) at 2024-06-10 15:27:44 +0000