summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/src/com/netscape/ca
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/ca/src/com/netscape/ca')
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAPolicy.java49
-rw-r--r--pki/base/ca/src/com/netscape/ca/CAService.java502
-rw-r--r--pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java142
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java855
-rw-r--r--pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java24
-rw-r--r--pki/base/ca/src/com/netscape/ca/CertificateAuthority.java486
-rw-r--r--pki/base/ca/src/com/netscape/ca/SigningUnit.java75
7 files changed, 1060 insertions, 1073 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CAPolicy.java b/pki/base/ca/src/com/netscape/ca/CAPolicy.java
index 80c801a4..afcf581c 100644
--- a/pki/base/ca/src/com/netscape/ca/CAPolicy.java
+++ b/pki/base/ca/src/com/netscape/ca/CAPolicy.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
@@ -32,13 +31,12 @@ import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cmscore.policy.GenericPolicyProcessor;
import com.netscape.cmscore.util.Debug;
-
/**
- * XXX Just inherit 'GenericPolicyProcessor' (from RA) for now.
- * This really bad. need to make a special case just for connector.
- * would like a much better way of doing this to handle both EE and
+ * XXX Just inherit 'GenericPolicyProcessor' (from RA) for now.
+ * This really bad. need to make a special case just for connector.
+ * would like a much better way of doing this to handle both EE and
* connectors.
- * XXX2 moved to just implement IPolicy since GenericPolicyProcessor is
+ * XXX2 moved to just implement IPolicy since GenericPolicyProcessor is
* unuseable for CA.
*
* @version $Revision$, $Date$
@@ -47,8 +45,8 @@ public class CAPolicy implements IPolicy {
IConfigStore mConfig = null;
ICertificateAuthority mCA = null;
- public static String PROP_PROCESSOR =
- "processor";
+ public static String PROP_PROCESSOR =
+ "processor";
// These are the different types of policy that are
// allowed for the "processor" property
public static String PR_TYPE_CLASSIC = "classic";
@@ -64,12 +62,12 @@ public class CAPolicy implements IPolicy {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mCA = (ICertificateAuthority) owner;
mConfig = config;
- String processorType = // XXX - need to upgrade 4.2
- config.getString(PROP_PROCESSOR, PR_TYPE_CLASSIC);
+ String processorType = // XXX - need to upgrade 4.2
+ config.getString(PROP_PROCESSOR, PR_TYPE_CLASSIC);
Debug.trace("selected policy processor = " + processorType);
if (processorType.equals(PR_TYPE_CLASSIC)) {
@@ -100,32 +98,32 @@ public class CAPolicy implements IPolicy {
}
Debug.trace("in CAPolicy.apply(requestType=" +
- r.getRequestType() + ",requestId=" +
- r.getRequestId().toString() + ",requestStatus=" +
- r.getRequestStatus().toString() + ")");
+ r.getRequestType() + ",requestId=" +
+ r.getRequestId().toString() + ",requestStatus=" +
+ r.getRequestStatus().toString() + ")");
- if (isProfileRequest(r)) {
- Debug.trace("CAPolicy: Profile-base Request " +
- r.getRequestId().toString());
+ if (isProfileRequest(r)) {
+ Debug.trace("CAPolicy: Profile-base Request " +
+ r.getRequestId().toString());
- CMS.debug("CAPolicy: requestId=" +
- r.getRequestId().toString());
+ CMS.debug("CAPolicy: requestId=" +
+ r.getRequestId().toString());
String profileId = r.getExtDataInString("profileId");
- if (profileId == null || profileId.equals("")) {
+ if (profileId == null || profileId.equals("")) {
return PolicyResult.REJECTED;
}
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ IProfileSubsystem ps = (IProfileSubsystem)
+ CMS.getSubsystem("profile");
try {
- IProfile profile = ps.getProfile(profileId);
+ IProfile profile = ps.getProfile(profileId);
r.setExtData("dbStatus", "NOT_UPDATED");
- profile.populate(r);
- profile.validate(r);
+ profile.populate(r);
+ profile.validate(r);
return PolicyResult.ACCEPTED;
} catch (EBaseException e) {
CMS.debug("CAPolicy: " + e.toString());
@@ -137,4 +135,3 @@ public class CAPolicy implements IPolicy {
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java
index 64fd73e4..17b174f4 100644
--- a/pki/base/ca/src/com/netscape/ca/CAService.java
+++ b/pki/base/ca/src/com/netscape/ca/CAService.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -93,7 +92,6 @@ import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.dbs.RevocationInfo;
import com.netscape.cmscore.util.Debug;
-
/**
* Request Service for CertificateAuthority.
*/
@@ -114,56 +112,55 @@ public class CAService implements ICAService, IService {
private Hashtable<String, ICRLIssuingPoint> mCRLIssuingPoints = new Hashtable<String, ICRLIssuingPoint>();
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
+ "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
public CAService(ICertificateAuthority ca) {
mCA = ca;
// init services.
mServants.put(
- IRequest.ENROLLMENT_REQUEST,
- new serviceIssue(this));
+ IRequest.ENROLLMENT_REQUEST,
+ new serviceIssue(this));
mServants.put(
- IRequest.RENEWAL_REQUEST,
- new serviceRenewal(this));
+ IRequest.RENEWAL_REQUEST,
+ new serviceRenewal(this));
mServants.put(
- IRequest.REVOCATION_REQUEST,
- new serviceRevoke(this));
+ IRequest.REVOCATION_REQUEST,
+ new serviceRevoke(this));
mServants.put(
- IRequest.CMCREVOKE_REQUEST,
- new serviceRevoke(this));
+ IRequest.CMCREVOKE_REQUEST,
+ new serviceRevoke(this));
mServants.put(
- IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST,
- new serviceCheckChallenge(this));
+ IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST,
+ new serviceCheckChallenge(this));
mServants.put(
- IRequest.GETCERTS_FOR_CHALLENGE_REQUEST,
- new getCertsForChallenge(this));
+ IRequest.GETCERTS_FOR_CHALLENGE_REQUEST,
+ new getCertsForChallenge(this));
mServants.put(
- IRequest.UNREVOCATION_REQUEST,
- new serviceUnrevoke(this));
+ IRequest.UNREVOCATION_REQUEST,
+ new serviceUnrevoke(this));
mServants.put(
- IRequest.GETCACHAIN_REQUEST,
- new serviceGetCAChain(this));
+ IRequest.GETCACHAIN_REQUEST,
+ new serviceGetCAChain(this));
mServants.put(
- IRequest.GETCRL_REQUEST,
- new serviceGetCRL(this));
+ IRequest.GETCRL_REQUEST,
+ new serviceGetCRL(this));
mServants.put(
- IRequest.GETREVOCATIONINFO_REQUEST,
- new serviceGetRevocationInfo(this));
+ IRequest.GETREVOCATIONINFO_REQUEST,
+ new serviceGetRevocationInfo(this));
mServants.put(
- IRequest.GETCERTS_REQUEST,
- new serviceGetCertificates(this));
+ IRequest.GETCERTS_REQUEST,
+ new serviceGetCertificates(this));
mServants.put(
- IRequest.CLA_CERT4CRL_REQUEST,
- new serviceCert4Crl(this));
+ IRequest.CLA_CERT4CRL_REQUEST,
+ new serviceCert4Crl(this));
mServants.put(
- IRequest.CLA_UNCERT4CRL_REQUEST,
- new serviceUnCert4Crl(this));
+ IRequest.CLA_UNCERT4CRL_REQUEST,
+ new serviceUnCert4Crl(this));
mServants.put(
- IRequest.GETCERT_STATUS_REQUEST,
- new getCertStatus(this));
+ IRequest.GETCERT_STATUS_REQUEST,
+ new getCertStatus(this));
}
public void init(IConfigStore config) throws EBaseException {
@@ -184,7 +181,7 @@ public class CAService implements ICAService, IService {
Debug.trace("CertificateFactory Provider : " + cf.getProvider().getInfo());
} catch (java.security.cert.CertificateException e) {
Debug.trace("Something is happen in install CMS provider !" + e.toString());
- }
+ }
}
public void startup() throws EBaseException {
@@ -229,8 +226,8 @@ public class CAService implements ICAService, IService {
mKRAConnector = c;
}
- public IConnector getConnector(IConfigStore config)
- throws EBaseException {
+ public IConnector getConnector(IConfigStore config)
+ throws EBaseException {
IConnector connector = null;
if (config == null || config.size() <= 0) {
@@ -282,14 +279,14 @@ public class CAService implements ICAService, IService {
//RemoteAuthority remauthority =
// new RemoteAuthority(host, port, uri);
RemoteAuthority remauthority =
- new RemoteAuthority(host, port, uri, timeout);
+ new RemoteAuthority(host, port, uri, timeout);
// Change end
- if (nickname == null)
+ if (nickname == null)
nickname = mCA.getNickname();
- // Changed by beomsuk
- //connector =
- // new HttpConnector(mCA, nickname, remauthority, resendInterval);
+ // Changed by beomsuk
+ //connector =
+ // new HttpConnector(mCA, nickname, remauthority, resendInterval);
if (timeout == 0)
connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config);
else
@@ -315,10 +312,10 @@ public class CAService implements ICAService, IService {
* After population of defaults, and constraint validation,
* the profile request is processed here.
*/
- public void serviceProfileRequest(IRequest request)
- throws EBaseException {
- CMS.debug("CAService: serviceProfileRequest requestId=" +
- request.getRequestId().toString());
+ public void serviceProfileRequest(IRequest request)
+ throws EBaseException {
+ CMS.debug("CAService: serviceProfileRequest requestId=" +
+ request.getRequestId().toString());
String profileId = request.getExtDataInString("profileId");
@@ -327,7 +324,7 @@ public class CAService implements ICAService, IService {
}
IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ CMS.getSubsystem("profile");
IProfile profile = null;
try {
@@ -351,15 +348,13 @@ public class CAService implements ICAService, IService {
}
/**
- * method interface for IService
+ * method interface for IService
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used
- * whenever a user private key archive request is made. This is an option
- * in a cert enrollment request detected by an RA or a CA, so, if selected,
- * it should be logged immediately following the certificate request.
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used whenever a user private key archive request is made. This is an option in a cert enrollment request detected by an RA or a CA, so, if selected, it should be logged immediately following the certificate request.
* </ul>
+ *
* @param request a certificate enrollment request from an RA or CA
* @return true or false
*/
@@ -417,7 +412,7 @@ public class CAService implements ICAService, IService {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type));
request.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type)));
+ new ECAException(CMS.getUserMessage("CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type)));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
@@ -433,8 +428,8 @@ public class CAService implements ICAService, IService {
try {
// send request to KRA first
- if (type.equals(IRequest.ENROLLMENT_REQUEST) &&
- isPKIArchiveOptionPresent(request) && mKRAConnector != null) {
+ if (type.equals(IRequest.ENROLLMENT_REQUEST) &&
+ isPKIArchiveOptionPresent(request) && mKRAConnector != null) {
if (Debug.ON) {
Debug.trace("*** Sending enrollment request to KRA");
}
@@ -443,9 +438,9 @@ public class CAService implements ICAService, IService {
if (mArchivalRequired == true) {
if (sendStatus == false) {
request.setExtData(IRequest.RESULT,
- IRequest.RES_ERROR);
+ IRequest.RES_ERROR);
request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST")));
+ new ECAException(CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST")));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -508,8 +503,7 @@ public class CAService implements ICAService, IService {
Debug.trace("serviceRequest completed = " + completed);
if (!(type.equals(IRequest.REVOCATION_REQUEST) ||
- type.equals(IRequest.UNREVOCATION_REQUEST) ||
- type.equals(IRequest.CMCREVOKE_REQUEST))) {
+ type.equals(IRequest.UNREVOCATION_REQUEST) || type.equals(IRequest.CMCREVOKE_REQUEST))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
@@ -525,7 +519,7 @@ public class CAService implements ICAService, IService {
}
/**
- * register CRL Issuing Point
+ * register CRL Issuing Point
*/
public void addCRLIssuingPoint(String id, ICRLIssuingPoint crlIssuingPoint) {
mCRLIssuingPoints.put(id, crlIssuingPoint);
@@ -568,7 +562,7 @@ public class CAService implements ICAService, IService {
///
public X509CertImpl issueX509Cert(X509CertInfo certi)
- throws EBaseException {
+ throws EBaseException {
return issueX509Cert(certi, null, null);
}
@@ -576,7 +570,7 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid)
- throws EBaseException {
+ throws EBaseException {
CMS.debug("issueX509Cert");
X509CertImpl certImpl = issueX509Cert("", certi, false, null);
@@ -587,7 +581,7 @@ public class CAService implements ICAService, IService {
}
X509CertImpl issueX509Cert(String rid, X509CertInfo certi)
- throws EBaseException {
+ throws EBaseException {
return issueX509Cert(rid, certi, false, null);
}
@@ -595,7 +589,7 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
void storeX509Cert(String profileId, String rid, X509CertImpl cert)
- throws EBaseException {
+ throws EBaseException {
storeX509Cert(rid, cert, false, null, null, null, profileId);
}
@@ -603,23 +597,23 @@ public class CAService implements ICAService, IService {
* issue cert for enrollment.
*/
void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId)
- throws EBaseException {
+ throws EBaseException {
storeX509Cert(rid, cert, false, null, crmfReqId, null, null);
}
- void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId,
- String challengePassword) throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId,
+ String challengePassword) throws EBaseException {
storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword, null);
}
/**
* issue cert for enrollment and renewal.
* renewal is expected to have original cert serial no. in cert info
- * field.
+ * field.
*/
- X509CertImpl issueX509Cert(String rid, X509CertInfo certi,
- boolean renewal, BigInteger oldSerialNo)
- throws EBaseException {
+ X509CertImpl issueX509Cert(String rid, X509CertInfo certi,
+ boolean renewal, BigInteger oldSerialNo)
+ throws EBaseException {
String algname = null;
X509CertImpl cert = null;
@@ -633,7 +627,7 @@ public class CAService implements ICAService, IService {
try {
// check required fields in certinfo.
if (certi.get(X509CertInfo.SUBJECT) == null ||
- certi.get(X509CertInfo.KEY) == null) {
+ certi.get(X509CertInfo.KEY) == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR"));
// XXX how do you reject a request in the service object ?
@@ -651,7 +645,7 @@ public class CAService implements ICAService, IService {
// validity would normally be set by policies or by
// agent or by authentication module.
CertificateValidity validity = (CertificateValidity)
- certi.get(X509CertInfo.VALIDITY);
+ certi.get(X509CertInfo.VALIDITY);
Date begin = null, end = null;
if (validity != null) {
@@ -660,16 +654,16 @@ public class CAService implements ICAService, IService {
end = (Date)
validity.get(CertificateValidity.NOT_AFTER);
}
- if (validity == null ||
- (begin.getTime() == 0 && end.getTime() == 0)) {
+ if (validity == null ||
+ (begin.getTime() == 0 && end.getTime() == 0)) {
if (Debug.ON) {
Debug.trace("setting default validity");
}
-
+
begin = CMS.getCurrentDate();
end = new Date(begin.getTime() + mCA.getDefaultValidity());
- certi.set(CertificateValidity.NAME,
- new CertificateValidity(begin, end));
+ certi.set(CertificateValidity.NAME,
+ new CertificateValidity(begin, end));
}
/*
@@ -685,7 +679,7 @@ public class CAService implements ICAService, IService {
try {
exts = (CertificateExtensions)
- certi.get(X509CertInfo.EXTENSIONS);
+ certi.get(X509CertInfo.EXTENSIONS);
if (exts != null) {
Enumeration<Extension> e = exts.getAttributes();
@@ -697,7 +691,7 @@ public class CAService implements ICAService, IService {
}
}
- if(bc_ext != null) {
+ if (bc_ext != null) {
Boolean isCA = (Boolean) bc_ext.get(BasicConstraintsExtension.IS_CA);
is_ca = isCA.booleanValue();
}
@@ -706,8 +700,8 @@ public class CAService implements ICAService, IService {
CMS.debug("EnrollDefault: getExtension " + e.toString());
}
- Date caNotAfter =
- mCA.getSigningUnit().getCertImpl().getNotAfter();
+ Date caNotAfter =
+ mCA.getSigningUnit().getCertImpl().getNotAfter();
if (begin.after(caNotAfter)) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY"));
@@ -715,11 +709,11 @@ public class CAService implements ICAService, IService {
}
if (end.after(caNotAfter)) {
- if(!is_ca) {
+ if (!is_ca) {
if (!mCA.isEnablePastCATime()) {
end = caNotAfter;
- certi.set(CertificateValidity.NAME,
- new CertificateValidity(begin, caNotAfter));
+ certi.set(CertificateValidity.NAME,
+ new CertificateValidity(begin, caNotAfter));
CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime != true...resetting");
} else {
CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime = true...not resetting");
@@ -733,13 +727,13 @@ public class CAService implements ICAService, IService {
// check algorithm in certinfo.
AlgorithmId algid = null;
CertificateAlgorithmId algor = (CertificateAlgorithmId)
- certi.get(X509CertInfo.ALGORITHM_ID);
+ certi.get(X509CertInfo.ALGORITHM_ID);
if (algor == null || algor.toString().equals(CertInfo.SERIALIZE_ALGOR.toString())) {
algname = mCA.getSigningUnit().getDefaultAlgorithm();
algid = AlgorithmId.get(algname);
- certi.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(algid));
+ certi.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(algid));
} else {
algid = (AlgorithmId)
algor.get(CertificateAlgorithmId.ALGORITHM);
@@ -772,7 +766,7 @@ public class CAService implements ICAService, IService {
if (renewal) {
try {
CertificateSerialNumber serialno = (CertificateSerialNumber)
- certi.get(X509CertInfo.SERIAL_NUMBER);
+ certi.get(X509CertInfo.SERIAL_NUMBER);
if (serialno == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
@@ -780,7 +774,7 @@ public class CAService implements ICAService, IService {
CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ"));
}
SerialNumber serialnum = (SerialNumber)
- serialno.get(CertificateSerialNumber.NUMBER);
+ serialno.get(CertificateSerialNumber.NUMBER);
if (serialnum == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
@@ -802,11 +796,11 @@ public class CAService implements ICAService, IService {
// set issuer, serial number
try {
- BigInteger serialNo =
- mCA.getCertificateRepository().getNextSerialNumber();
+ BigInteger serialNo =
+ mCA.getCertificateRepository().getNextSerialNumber();
certi.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(serialNo));
+ new CertificateSerialNumber(serialNo));
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL", serialNo.toString(16)));
} catch (EBaseException e) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_NEXT_SERIAL", e.toString()));
@@ -822,8 +816,8 @@ public class CAService implements ICAService, IService {
}
try {
- certi.set(X509CertInfo.ISSUER,
- new CertificateIssuerName(mCA.getX500Name()));
+ certi.set(X509CertInfo.ISSUER,
+ new CertificateIssuerName(mCA.getX500Name()));
} catch (CertificateException e) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
@@ -844,7 +838,7 @@ public class CAService implements ICAService, IService {
certi.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
new X500Name(subject,
- new LdapV3DNStrConverter(X500NameAttrMap.getDirDefault(), true), utf8_encodingOrder)));
+ new LdapV3DNStrConverter(X500NameAttrMap.getDirDefault(), true), utf8_encodingOrder)));
} catch (CertificateException e) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString()));
@@ -860,22 +854,22 @@ public class CAService implements ICAService, IService {
return cert;
}
- void storeX509Cert(String rid, X509CertImpl cert,
- boolean renewal, BigInteger oldSerialNo)
- throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert,
+ boolean renewal, BigInteger oldSerialNo)
+ throws EBaseException {
storeX509Cert(rid, cert, renewal, oldSerialNo, null, null, null);
}
- void storeX509Cert(String rid, X509CertImpl cert,
- boolean renewal, BigInteger oldSerialNo, String crmfReqId,
- String challengePassword, String profileId) throws EBaseException {
+ void storeX509Cert(String rid, X509CertImpl cert,
+ boolean renewal, BigInteger oldSerialNo, String crmfReqId,
+ String challengePassword, String profileId) throws EBaseException {
// now store in repository.
// if renewal, set the old serial number in the new cert,
// set the new serial number in the old cert.
CMS.debug("In storeX509Cert");
try {
- BigInteger newSerialNo = cert.getSerialNumber();
+ BigInteger newSerialNo = cert.getSerialNumber();
MetaInfo metaInfo = new MetaInfo();
if (profileId != null)
@@ -891,7 +885,7 @@ public class CAService implements ICAService, IService {
if (renewal)
metaInfo.set(CertRecord.META_OLD_CERT, oldSerialNo.toString());
mCA.getCertificateRepository().addCertificateRecord(
- new CertRecord(newSerialNo, cert, metaInfo));
+ new CertRecord(newSerialNo, cert, metaInfo));
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_STORE_SERIAL", cert.getSerialNumber().toString(16)));
if (renewal) {
@@ -903,16 +897,16 @@ public class CAService implements ICAService, IService {
*/
MetaInfo oldMeta = null;
CertRecord oldCertRec = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
if (oldCertRec == null) {
- Exception e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Cannot read cert record for " + oldSerialNo));
+ Exception e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+ "Cannot read cert record for " + oldSerialNo));
e.printStackTrace();
}
- if (oldCertRec != null)
+ if (oldCertRec != null)
oldMeta = oldCertRec.getMetaInfo();
if (oldMeta == null) {
if (Debug.ON) {
@@ -928,24 +922,24 @@ public class CAService implements ICAService, IService {
String name = (String) n.nextElement();
System.out.println("name " + name + " value " +
- oldMeta.get(name));
+ oldMeta.get(name));
}
}
}
- oldMeta.set(CertRecord.META_RENEWED_CERT,
- newSerialNo.toString());
+ oldMeta.set(CertRecord.META_RENEWED_CERT,
+ newSerialNo.toString());
ModificationSet modSet = new ModificationSet();
- modSet.add(CertRecord.ATTR_AUTO_RENEW,
- Modification.MOD_REPLACE,
- CertRecord.AUTO_RENEWAL_DONE);
- modSet.add(ICertRecord.ATTR_META_INFO,
- Modification.MOD_REPLACE, oldMeta);
+ modSet.add(CertRecord.ATTR_AUTO_RENEW,
+ Modification.MOD_REPLACE,
+ CertRecord.AUTO_RENEWAL_DONE);
+ modSet.add(ICertRecord.ATTR_META_INFO,
+ Modification.MOD_REPLACE, oldMeta);
mCA.getCertificateRepository().modifyCertificateRecord(oldSerialNo, modSet);
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", oldSerialNo.toString(16), newSerialNo.toString(16)));
if (Debug.ON) {
CertRecord check = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
MetaInfo meta = check.getMetaInfo();
Enumeration<String> n = oldMeta.getElements();
@@ -968,12 +962,12 @@ public class CAService implements ICAService, IService {
* revoke cert, check fields in crlentry, etc.
*/
public void revokeCert(RevokedCertImpl crlentry)
- throws EBaseException {
+ throws EBaseException {
revokeCert(crlentry, null);
}
public void revokeCert(RevokedCertImpl crlentry, String requestId)
- throws EBaseException {
+ throws EBaseException {
BigInteger serialno = crlentry.getSerialNumber();
Date revdate = crlentry.getRevocationDate();
CRLExtensions crlentryexts = crlentry.getExtensions();
@@ -983,8 +977,8 @@ public class CAService implements ICAService, IService {
if (certRec == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialno.toString(16)));
throw new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
- "0x" + serialno.toString(16)));
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ "0x" + serialno.toString(16)));
}
RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo();
CRLExtensions exts = null;
@@ -1004,13 +998,13 @@ public class CAService implements ICAService, IService {
String certStatus = certRec.getStatus();
if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
- certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
- throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_ALREADY_REVOKED",
+ certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_ALREADY_REVOKED",
"0x" + Long.toHexString(serialno.longValue())));
}
try {
- mCA.getCertificateRepository().markAsRevoked(serialno,
- new RevocationInfo(revdate, crlentryexts));
+ mCA.getCertificateRepository().markAsRevoked(serialno,
+ new RevocationInfo(revdate, crlentryexts));
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED",
serialno.toString(16)));
// inform all CRLIssuingPoints about revoked certificate
@@ -1025,18 +1019,20 @@ public class CAService implements ICAService, IService {
if (ip.isCACertsOnly()) {
X509CertImpl cert = certRec.getCertificate();
- if (cert != null) b = cert.getBasicConstraintsIsCA();
+ if (cert != null)
+ b = cert.getBasicConstraintsIsCA();
}
if (ip.isProfileCertsOnly()) {
MetaInfo metaInfo = certRec.getMetaInfo();
if (metaInfo != null) {
- String profileId = (String)metaInfo.get("profileId");
+ String profileId = (String) metaInfo.get("profileId");
if (profileId != null) {
b = ip.checkCurrentProfile(profileId);
}
}
}
- if (b) ip.addRevokedCert(serialno, crlentry, requestId);
+ if (b)
+ ip.addRevokedCert(serialno, crlentry, requestId);
}
}
} catch (EBaseException e) {
@@ -1051,19 +1047,19 @@ public class CAService implements ICAService, IService {
* unrevoke cert, check serial number, etc.
*/
void unrevokeCert(BigInteger serialNo)
- throws EBaseException {
+ throws EBaseException {
unrevokeCert(serialNo, null);
}
void unrevokeCert(BigInteger serialNo, String requestId)
- throws EBaseException {
+ throws EBaseException {
CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialNo);
if (certRec == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialNo.toString(16)));
throw new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
- "0x" + serialNo.toString(16)));
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ "0x" + serialNo.toString(16)));
}
RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo();
CRLExtensions exts = null;
@@ -1071,7 +1067,7 @@ public class CAService implements ICAService, IService {
if (revInfo == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
exts = revInfo.getCRLEntryExtensions();
@@ -1080,23 +1076,23 @@ public class CAService implements ICAService, IService {
reasonext = (CRLReasonExtension)
exts.get(CRLReasonExtension.class.getSimpleName());
} catch (X509ExtensionException e) {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
} else {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
serialNo.toString()));
}
// allow unrevoking certs that are on hold.
if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) ||
certRec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED)) &&
- reasonext != null &&
- reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) {
+ reasonext != null &&
+ reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) {
try {
mCA.getCertificateRepository().unmarkRevoked(serialNo, revInfo,
- certRec.getRevokedOn(), certRec.getRevokedBy());
+ certRec.getRevokedOn(), certRec.getRevokedBy());
mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", serialNo.toString(16)));
// inform all CRLIssuingPoints about unrevoked certificate
Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
@@ -1110,18 +1106,20 @@ public class CAService implements ICAService, IService {
if (ip.isCACertsOnly()) {
X509CertImpl cert = certRec.getCertificate();
- if (cert != null) b = cert.getBasicConstraintsIsCA();
+ if (cert != null)
+ b = cert.getBasicConstraintsIsCA();
}
if (ip.isProfileCertsOnly()) {
MetaInfo metaInfo = certRec.getMetaInfo();
if (metaInfo != null) {
- String profileId = (String)metaInfo.get("profileId");
+ String profileId = (String) metaInfo.get("profileId");
if (profileId != null) {
b = ip.checkCurrentProfile(profileId);
}
}
}
- if (b) ip.addUnrevokedCert(serialNo, requestId);
+ if (b)
+ ip.addUnrevokedCert(serialNo, requestId);
}
}
} catch (EBaseException e) {
@@ -1129,8 +1127,8 @@ public class CAService implements ICAService, IService {
throw e;
}
} else {
- mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
- throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
+ mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString()));
+ throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD",
"0x" + serialNo.toString(16)));
}
@@ -1139,10 +1137,10 @@ public class CAService implements ICAService, IService {
/**
* Signed Audit Log
- *
+ *
* This method is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
private void audit(String msg) {
@@ -1154,19 +1152,19 @@ public class CAService implements ICAService, IService {
}
mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
+ *
* This method is called to obtain the "SubjectID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
private String auditSubjectID() {
@@ -1198,11 +1196,11 @@ public class CAService implements ICAService, IService {
/**
* Signed Audit Log Requester ID
- *
+ *
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message RequesterID
*/
private String auditRequesterID() {
@@ -1233,7 +1231,6 @@ public class CAService implements ICAService, IService {
}
}
-
///
/// servant classes
///
@@ -1242,7 +1239,6 @@ interface IServant {
public boolean service(IRequest request) throws EBaseException;
}
-
class serviceIssue implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1253,7 +1249,7 @@ class serviceIssue implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
// XXX This is ugly. should associate attributes with
// request types, not policy.
// XXX how do we know what to look for in request ?
@@ -1263,21 +1259,21 @@ class serviceIssue implements IServant {
else
return false; // Don't know what it is ?????
}
-
+
public boolean serviceX509(IRequest request)
- throws EBaseException {
+ throws EBaseException {
// XXX This is ugly. should associate attributes with
// request types, not policy.
// XXX how do we know what to look for in request ?
- X509CertInfo certinfos[] =
- request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certinfos[] =
+ request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certinfos == null || certinfos[0] == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ"));
}
- String challengePassword =
- request.getExtDataInString(CAService.CHALLENGE_PHRASE);
+ String challengePassword =
+ request.getExtDataInString(CAService.CHALLENGE_PHRASE);
X509CertImpl[] certs = new X509CertImpl[certinfos.length];
String rid = request.getRequestId().toString();
@@ -1308,8 +1304,8 @@ class serviceIssue implements IServant {
for (int j = 0; j < i; j++) {
// delete the stored cert records from the database.
// we issue all or nothing.
- BigInteger serialNo =
- ((X509Certificate) certs[i]).getSerialNumber();
+ BigInteger serialNo =
+ ((X509Certificate) certs[i]).getSerialNumber();
try {
mCA.getCertificateRepository().deleteCertificateRecord(serialNo);
@@ -1326,7 +1322,6 @@ class serviceIssue implements IServant {
}
}
-
class serviceRenewal implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1337,10 +1332,10 @@ class serviceRenewal implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
// XXX if one fails should all fail ? - can't backtrack.
- X509CertInfo certinfos[] =
- request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certinfos[] =
+ request.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certinfos == null || certinfos[0] == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString()));
@@ -1364,7 +1359,7 @@ class serviceRenewal implements IServant {
try {
CertificateSerialNumber serialno = (CertificateSerialNumber)
- certinfos[i].get(X509CertInfo.SERIAL_NUMBER);
+ certinfos[i].get(X509CertInfo.SERIAL_NUMBER);
if (serialno == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER"));
@@ -1396,25 +1391,25 @@ class serviceRenewal implements IServant {
// get cert record
CertRecord certRecord = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo);
if (certRecord == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString()));
svcerrors[i] = new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
- oldSerialNo.toString())).toString();
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ oldSerialNo.toString())).toString();
continue;
}
// check if cert has been revoked.
String certStatus = certRecord.getStatus();
- if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
- certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ if (certStatus.equals(ICertRecord.STATUS_REVOKED) ||
+ certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString()));
svcerrors[i] = new ECAException(
CMS.getUserMessage("CMS_CA_CANNOT_RENEW_REVOKED_CERT",
- "0x" + oldSerialNo.toString(16))).toString();
+ "0x" + oldSerialNo.toString(16))).toString();
continue;
}
@@ -1423,49 +1418,49 @@ class serviceRenewal implements IServant {
if (metaInfo != null) {
String renewed = (String)
- metaInfo.get(ICertRecord.META_RENEWED_CERT);
+ metaInfo.get(ICertRecord.META_RENEWED_CERT);
if (renewed != null) {
BigInteger serial = new BigInteger(renewed);
X509CertImpl cert = (X509CertImpl)
- mCA.getCertificateRepository().getX509Certificate(serial);
+ mCA.getCertificateRepository().getX509Certificate(serial);
if (cert == null) {
// something wrong
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_RENEWED", serial.toString()));
svcerrors[i] = new ECAException(
CMS.getUserMessage("CMS_CA_ERROR_GETTING_RENEWED_CERT",
- oldSerialNo.toString(), serial.toString())).toString();
+ oldSerialNo.toString(), serial.toString())).toString();
continue;
}
// get cert record
CertRecord cRecord = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(serial);
+ mCA.getCertificateRepository().readCertificateRecord(serial);
if (cRecord == null) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", serial.toString()));
svcerrors[i] = new ECAException(
- CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
- serial.toString())).toString();
+ CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL",
+ serial.toString())).toString();
continue;
}
// Check renewed certificate already REVOKED or EXPIRED
String status = cRecord.getStatus();
- if (status.equals(ICertRecord.STATUS_REVOKED) ||
- status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ if (status.equals(ICertRecord.STATUS_REVOKED) ||
+ status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
Debug.trace("It is already revoked or Expired !!!");
} // it is still new ... So just return this certificate to user
- else {
+ else {
Debug.trace("It is still new !!!");
issuedCerts[i] = cert;
continue;
- }
+ }
}
}
// issue the cert.
- issuedCerts[i] =
+ issuedCerts[i] =
mService.issueX509Cert(rid, certinfos[i], true, oldSerialNo);
mService.storeX509Cert(rid, issuedCerts[i], true, oldSerialNo);
} catch (ECAException e) {
@@ -1473,14 +1468,15 @@ class serviceRenewal implements IServant {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request.getRequestId().toString()));
}
}
-
+
// always set issued certs regardless of error.
request.setExtData(IRequest.ISSUED_CERTS, issuedCerts);
// set and throw error if any.
int l;
- for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--);
+ for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--)
+ ;
if (l >= 0) {
request.setExtData(IRequest.SVCERRORS, svcerrors);
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_RENEW", request.getRequestId().toString()));
@@ -1490,7 +1486,6 @@ class serviceRenewal implements IServant {
}
}
-
class getCertsForChallenge implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1501,10 +1496,10 @@ class getCertsForChallenge implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
BigInteger[] serialNoArray =
- request.getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY);
- X509CertImpl[] certs = new X509CertImpl[serialNoArray.length];
+ request.getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY);
+ X509CertImpl[] certs = new X509CertImpl[serialNoArray.length];
for (int i = 0; i < serialNoArray.length; i++) {
certs[i] = mCA.getCertificateRepository().getX509Certificate(serialNoArray[i]);
@@ -1514,7 +1509,6 @@ class getCertsForChallenge implements IServant {
}
}
-
class getCertStatus implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1528,7 +1522,7 @@ class getCertStatus implements IServant {
BigInteger serialno = request.getExtDataInBigInteger("serialNumber");
String issuerDN = request.getExtDataInString("issuerDN");
CertificateRepository certDB = (CertificateRepository)
- mCA.getCertificateRepository();
+ mCA.getCertificateRepository();
String status = null;
@@ -1553,13 +1547,12 @@ class getCertStatus implements IServant {
}
}
}
-
+
request.setExtData(IRequest.CERT_STATUS, status);
return true;
}
}
-
class serviceCheckChallenge implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1576,7 +1569,7 @@ class serviceCheckChallenge implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
// note: some request attributes used below are set in
// authentication/ChallengePhraseAuthentication.java :(
BigInteger serialno = request.getExtDataInBigInteger("serialNumber");
@@ -1606,7 +1599,7 @@ class serviceCheckChallenge implements IServant {
} else {
bigIntArray = new BigInteger[0];
}
- } else
+ } else
bigIntArray = new BigInteger[0];
} else {
String subjectName = request.getExtDataInString("subjectName");
@@ -1623,7 +1616,7 @@ class serviceCheckChallenge implements IServant {
Vector<BigInteger> idv = new Vector<BigInteger>();
while (en.hasMoreElements()) {
- ICertRecord record = en.nextElement();
+ ICertRecord record = en.nextElement();
boolean samepwd = compareChallengePassword(record, pwd);
if (samepwd) {
@@ -1638,7 +1631,7 @@ class serviceCheckChallenge implements IServant {
}
}
- if (bigIntArray == null)
+ if (bigIntArray == null)
bigIntArray = new BigInteger[0];
request.setExtData(CAService.SERIALNO_ARRAY, bigIntArray);
@@ -1646,7 +1639,7 @@ class serviceCheckChallenge implements IServant {
}
private boolean compareChallengePassword(ICertRecord record, String pwd)
- throws EBaseException {
+ throws EBaseException {
MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
if (metaInfo == null) {
@@ -1657,7 +1650,7 @@ class serviceCheckChallenge implements IServant {
// got metaInfo
String challengeString =
- (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
+ (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
if (!challengeString.equals(hashpwd)) {
return false;
@@ -1674,7 +1667,6 @@ class serviceCheckChallenge implements IServant {
}
}
-
class serviceRevoke implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1684,24 +1676,24 @@ class serviceRevoke implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
boolean sendStatus = true;
// XXX Need to think passing as array.
// XXX every implemented according to servlet.
- RevokedCertImpl crlentries[] =
- request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+ RevokedCertImpl crlentries[] =
+ request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
- if (crlentries == null ||
- crlentries.length == 0 ||
- crlentries[0] == null) {
+ if (crlentries == null ||
+ crlentries.length == 0 ||
+ crlentries[0] == null) {
// XXX should this be an error ?
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId().toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ"));
}
- RevokedCertImpl revokedCerts[] =
- new RevokedCertImpl[crlentries.length];
+ RevokedCertImpl revokedCerts[] =
+ new RevokedCertImpl[crlentries.length];
String svcerrors[] = null;
for (int i = 0; i < crlentries.length; i++) {
@@ -1725,7 +1717,7 @@ class serviceRevoke implements IServant {
if (CAService.mCLAConnector != null) {
CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED"));
BigInteger revokedCertIds[] =
- new BigInteger[revokedCerts.length];
+ new BigInteger[revokedCerts.length];
for (int i = 0; i < revokedCerts.length; i++) {
revokedCertIds[i] = revokedCerts[i].getSerialNumber();
@@ -1733,16 +1725,16 @@ class serviceRevoke implements IServant {
request.deleteExtData(IRequest.CERT_INFO);
request.deleteExtData(IRequest.OLD_CERTS);
request.setExtData(IRequest.REVOKED_CERT_RECORDS, revokedCertIds);
-
+
CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR"));
request.setRequestType(IRequest.CLA_CERT4CRL_REQUEST);
sendStatus = CAService.mCLAConnector.send(request);
if (sendStatus == false) {
request.setExtData(IRequest.RESULT,
- IRequest.RES_ERROR);
+ IRequest.RES_ERROR);
request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
+ new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
return sendStatus;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
@@ -1768,7 +1760,6 @@ class serviceRevoke implements IServant {
}
}
-
class serviceUnrevoke implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1778,11 +1769,11 @@ class serviceUnrevoke implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
boolean sendStatus = true;
- BigInteger oldSerialNo[] =
- request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ BigInteger oldSerialNo[] =
+ request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo == null || oldSerialNo.length < 1) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
@@ -1808,7 +1799,7 @@ class serviceUnrevoke implements IServant {
}
if (needOldCerts) {
CertRecord certRec = (CertRecord)
- mCA.getCertificateRepository().readCertificateRecord(oldSerialNo[i]);
+ mCA.getCertificateRepository().readCertificateRecord(oldSerialNo[i]);
oldCerts[i] = certRec.getCertificate();
}
@@ -1828,9 +1819,9 @@ class serviceUnrevoke implements IServant {
sendStatus = CAService.mCLAConnector.send(request);
if (sendStatus == false) {
request.setExtData(IRequest.RESULT,
- IRequest.RES_ERROR);
+ IRequest.RES_ERROR);
request.setExtData(IRequest.ERROR,
- new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
+ new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST")));
return sendStatus;
} else {
if (request.getExtDataInString(IRequest.ERROR) != null) {
@@ -1854,7 +1845,6 @@ class serviceUnrevoke implements IServant {
}
}
-
class serviceGetCAChain implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1878,7 +1868,6 @@ class serviceGetCAChain implements IServant {
}
}
-
class serviceGetCRL implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1889,10 +1878,10 @@ class serviceGetCRL implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
try {
- ICRLIssuingPointRecord crlRec =
- (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(ICertificateAuthority.PROP_MASTER_CRL);
+ ICRLIssuingPointRecord crlRec =
+ (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(ICertificateAuthority.PROP_MASTER_CRL);
X509CRLImpl crl = new X509CRLImpl(crlRec.getCRL());
request.setExtData(IRequest.CRL, crl.getEncoded());
@@ -1908,13 +1897,12 @@ class serviceGetCRL implements IServant {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_EXT_NOGOOD",
- ICertificateAuthority.PROP_MASTER_CRL));
+ ICertificateAuthority.PROP_MASTER_CRL));
}
return true;
}
}
-
class serviceGetRevocationInfo implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1925,7 +1913,7 @@ class serviceGetRevocationInfo implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
Enumeration<String> enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
@@ -1933,11 +1921,11 @@ class serviceGetRevocationInfo implements IServant {
if (name.equals(IRequest.ISSUED_CERTS)) {
X509CertImpl certsToCheck[] =
- request.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ request.getExtDataInCertArray(IRequest.ISSUED_CERTS);
CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository();
- RevocationInfo info =
- certDB.isCertificateRevoked(certsToCheck[0]);
+ RevocationInfo info =
+ certDB.isCertificateRevoked(certsToCheck[0]);
if (info != null) {
RevokedCertImpl revokedCerts[] = new RevokedCertImpl[1];
@@ -1955,7 +1943,6 @@ class serviceGetRevocationInfo implements IServant {
}
}
-
class serviceGetCertificates implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1966,7 +1953,7 @@ class serviceGetCertificates implements IServant {
}
public boolean service(IRequest request)
- throws EBaseException {
+ throws EBaseException {
Enumeration<String> enum1 = request.getExtDataKeys();
while (enum1.hasMoreElements()) {
@@ -1987,7 +1974,6 @@ class serviceGetCertificates implements IServant {
}
}
-
class serviceCert4Crl implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -1997,14 +1983,14 @@ class serviceCert4Crl implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
+ public boolean service(IRequest request)
+ throws EBaseException {
// XXX Need to think passing as array.
// XXX every implemented according to servlet.
BigInteger revokedCertIds[] = request.getExtDataInBigIntegerArray(
IRequest.REVOKED_CERT_RECORDS);
if (revokedCertIds == null ||
- revokedCertIds.length == 0) {
+ revokedCertIds.length == 0) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
}
@@ -2013,19 +1999,19 @@ class serviceCert4Crl implements IServant {
for (int i = 0; i < revokedCertIds.length; i++) {
revokedCertRecs[i] = (CertRecord)
mCA.getCertificateRepository().readCertificateRecord(
- revokedCertIds[i]);
+ revokedCertIds[i]);
}
- if (revokedCertRecs == null ||
- revokedCertRecs.length == 0 ||
- revokedCertRecs[0] == null) {
+ if (revokedCertRecs == null ||
+ revokedCertRecs.length == 0 ||
+ revokedCertRecs[0] == null) {
// XXX should this be an error ?
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ"));
}
- CertRecord recordedCerts[] =
- new CertRecord[revokedCertRecs.length];
+ CertRecord recordedCerts[] =
+ new CertRecord[revokedCertRecs.length];
String svcerrors[] = null;
for (int i = 0; i < revokedCertRecs.length; i++) {
@@ -2041,9 +2027,9 @@ class serviceCert4Crl implements IServant {
while (eIPs.hasMoreElements()) {
ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement();
// form RevokedCertImpl
- RevokedCertImpl rci =
- new RevokedCertImpl(revokedCertRecs[i].getSerialNumber(),
- revokedCertRecs[i].getRevokedOn());
+ RevokedCertImpl rci =
+ new RevokedCertImpl(revokedCertRecs[i].getSerialNumber(),
+ revokedCertRecs[i].getRevokedOn());
if (ip != null) {
ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(), rci);
@@ -2070,7 +2056,6 @@ class serviceCert4Crl implements IServant {
}
}
-
class serviceUnCert4Crl implements IServant {
private ICertificateAuthority mCA;
private CAService mService;
@@ -2080,10 +2065,10 @@ class serviceUnCert4Crl implements IServant {
mCA = mService.getCA();
}
- public boolean service(IRequest request)
- throws EBaseException {
- BigInteger oldSerialNo[] =
- request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ public boolean service(IRequest request)
+ throws EBaseException {
+ BigInteger oldSerialNo[] =
+ request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo == null || oldSerialNo.length < 1) {
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL"));
@@ -2125,4 +2110,3 @@ class serviceUnCert4Crl implements IServant {
return true;
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
index 55449dff..d7171e5d 100644
--- a/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
+++ b/pki/base/ca/src/com/netscape/ca/CMSCRLExtensions.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -56,7 +55,6 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.crl.CMSIssuingDistributionPointExtension;
import com.netscape.cmscore.base.SubsystemRegistry;
-
public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_ENABLE = "enable";
public static final String PROP_EXTENSION = "extension";
@@ -65,7 +63,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
public static final String PROP_CRITICAL = "critical";
public static final String PROP_CRL_EXT = "CRLExtension";
public static final String PROP_CRL_ENTRY_EXT = "CRLEntryExtension";
-
+
private ICRLIssuingPoint mCRLIssuingPoint = null;
private IConfigStore mConfig = null;
@@ -117,74 +115,74 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
/* CRL extension IDs */
mDefaultCRLExtensionIDs.put(PKIXExtensions.AuthorityKey_Id.toString(),
- AuthorityKeyIdentifierExtension.class.getSimpleName());
+ AuthorityKeyIdentifierExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.IssuerAlternativeName_Id.toString(),
- IssuerAlternativeNameExtension.class.getSimpleName());
+ IssuerAlternativeNameExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.CRLNumber_Id.toString(),
- CRLNumberExtension.class.getSimpleName());
+ CRLNumberExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.DeltaCRLIndicator_Id.toString(),
- DeltaCRLIndicatorExtension.class.getSimpleName());
+ DeltaCRLIndicatorExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.IssuingDistributionPoint_Id.toString(),
- IssuingDistributionPointExtension.class.getSimpleName());
+ IssuingDistributionPointExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.ReasonCode_Id.toString(),
- CRLReasonExtension.class.getSimpleName());
+ CRLReasonExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.HoldInstructionCode_Id.toString(),
- HoldInstructionExtension.class.getSimpleName());
+ HoldInstructionExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(PKIXExtensions.InvalidityDate_Id.toString(),
- InvalidityDateExtension.class.getSimpleName());
+ InvalidityDateExtension.class.getSimpleName());
//mDefaultCRLExtensionIDs.put(PKIXExtensions.CertificateIssuer_Id.toString(),
// CertificateIssuerExtension.NAME);
mDefaultCRLExtensionIDs.put(PKIXExtensions.FreshestCRL_Id.toString(),
- FreshestCRLExtension.class.getSimpleName());
+ FreshestCRLExtension.class.getSimpleName());
mDefaultCRLExtensionIDs.put(AuthInfoAccessExtension.ID.toString(),
- AuthInfoAccessExtension.NAME2);
+ AuthInfoAccessExtension.NAME2);
/* Class names */
mDefaultCRLExtensionClassNames.put(AuthorityKeyIdentifierExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+ "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
mDefaultCRLExtensionClassNames.put(IssuerAlternativeNameExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+ "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
mDefaultCRLExtensionClassNames.put(CRLNumberExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSCRLNumberExtension");
+ "com.netscape.cms.crl.CMSCRLNumberExtension");
mDefaultCRLExtensionClassNames.put(DeltaCRLIndicatorExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+ "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
mDefaultCRLExtensionClassNames.put(IssuingDistributionPointExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+ "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
mDefaultCRLExtensionClassNames.put(CRLReasonExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSCRLReasonExtension");
+ "com.netscape.cms.crl.CMSCRLReasonExtension");
mDefaultCRLExtensionClassNames.put(HoldInstructionExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSHoldInstructionExtension");
+ "com.netscape.cms.crl.CMSHoldInstructionExtension");
mDefaultCRLExtensionClassNames.put(InvalidityDateExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSInvalidityDateExtension");
+ "com.netscape.cms.crl.CMSInvalidityDateExtension");
//mDefaultCRLExtensionClassNames.put(CertificateIssuerExtension.NAME,
// "com.netscape.cms.crl.CMSCertificateIssuerExtension");
mDefaultCRLExtensionClassNames.put(FreshestCRLExtension.class.getSimpleName(),
- "com.netscape.cms.crl.CMSFreshestCRLExtension");
+ "com.netscape.cms.crl.CMSFreshestCRLExtension");
mDefaultCRLExtensionClassNames.put(AuthInfoAccessExtension.NAME2,
- "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
+ "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
try {
OIDMap.addAttribute(DeltaCRLIndicatorExtension.class.getName(),
- DeltaCRLIndicatorExtension.OID,
- DeltaCRLIndicatorExtension.class.getSimpleName());
+ DeltaCRLIndicatorExtension.OID,
+ DeltaCRLIndicatorExtension.class.getSimpleName());
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(HoldInstructionExtension.class.getName(),
- HoldInstructionExtension.OID,
- HoldInstructionExtension.class.getSimpleName());
+ HoldInstructionExtension.OID,
+ HoldInstructionExtension.class.getSimpleName());
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(InvalidityDateExtension.class.getName(),
- InvalidityDateExtension.OID,
- InvalidityDateExtension.class.getSimpleName());
+ InvalidityDateExtension.OID,
+ InvalidityDateExtension.class.getSimpleName());
} catch (CertificateException e) {
}
try {
OIDMap.addAttribute(FreshestCRLExtension.class.getName(),
- FreshestCRLExtension.OID,
- FreshestCRLExtension.class.getSimpleName());
+ FreshestCRLExtension.OID,
+ FreshestCRLExtension.class.getSimpleName());
} catch (CertificateException e) {
}
}
@@ -195,12 +193,12 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
public CMSCRLExtensions(ICRLIssuingPoint crlIssuingPoint, IConfigStore config) {
boolean modifiedConfig = false;
- mConfig = config;
+ mConfig = config;
mCRLExtConfig = config.getSubStore(PROP_EXTENSION);
mCRLIssuingPoint = crlIssuingPoint;
- IConfigStore mFileConfig =
- SubsystemRegistry.getInstance().get("MAIN").getConfigStore();
+ IConfigStore mFileConfig =
+ SubsystemRegistry.getInstance().get("MAIN").getConfigStore();
IConfigStore crlExtConfig = (IConfigStore) mFileConfig;
StringTokenizer st = new StringTokenizer(mCRLExtConfig.getName(), ".");
@@ -212,13 +210,13 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
if (newConfig != null) {
crlExtConfig = newConfig;
}
- }
+ }
if (crlExtConfig != null) {
Enumeration<String> enumExts = crlExtConfig.getSubStoreNames();
while (enumExts.hasMoreElements()) {
- String extName = enumExts.nextElement();
+ String extName = enumExts.nextElement();
IConfigStore extConfig = crlExtConfig.getSubStore(extName);
if (extConfig != null) {
@@ -361,10 +359,10 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
Class<ICMSCRLExtension> crlExtClass = (Class<ICMSCRLExtension>) Class.forName(extClass);
if (crlExtClass != null) {
- ICMSCRLExtension cmsCRLExt = crlExtClass.newInstance();
+ ICMSCRLExtension cmsCRLExt = crlExtClass.newInstance();
if (cmsCRLExt != null) {
- String id = cmsCRLExt.getCRLExtOID();
+ String id = cmsCRLExt.getCRLExtOID();
if (id != null) {
mCRLExtensionIDs.put(id, extName);
@@ -383,7 +381,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
} else {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mCRLExtensionClassNames.get(extName);
+ extClass = mCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
@@ -391,14 +389,14 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
} catch (EPropertyNotFound e) {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mDefaultCRLExtensionClassNames.get(extName);
+ extClass = mDefaultCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_CLASS_MISSING", extName));
} catch (EBaseException e) {
if (mDefaultCRLExtensionClassNames.containsKey(extName)) {
- extClass = mDefaultCRLExtensionClassNames.get(extName);
+ extClass = mDefaultCRLExtensionClassNames.get(extName);
extConfig.putString(PROP_CLASS, extClass);
modifiedConfig = true;
}
@@ -416,9 +414,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public boolean isCRLExtensionEnabled(String extName) {
- return ((mCRLExtensionNames.contains(extName) ||
- mCRLEntryExtensionNames.contains(extName)) &&
- mEnabledCRLExtensions.contains(extName));
+ return ((mCRLExtensionNames.contains(extName) || mCRLEntryExtensionNames.contains(extName)) && mEnabledCRLExtensions.contains(extName));
}
public boolean isCRLExtensionCritical(String extName) {
@@ -429,7 +425,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
String name = null;
if (mCRLExtensionIDs.containsKey(id)) {
- name = mCRLExtensionIDs.get(id);
+ name = mCRLExtensionIDs.get(id);
}
return name;
}
@@ -439,16 +435,16 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public Vector<String> getCRLEntryExtensionNames() {
- return new Vector<String>( mCRLEntryExtensionNames);
+ return new Vector<String>(mCRLEntryExtensionNames);
}
public void addToCRLExtensions(CRLExtensions crlExts, String extName, Extension ext) {
if (mCRLExtensionClassNames.containsKey(extName)) {
- String name = mCRLExtensionClassNames.get(extName);
+ String name = mCRLExtensionClassNames.get(extName);
try {
@SuppressWarnings("unchecked")
- Class<ICMSCRLExtension > extClass = (Class<ICMSCRLExtension>) Class.forName(name);
+ Class<ICMSCRLExtension> extClass = (Class<ICMSCRLExtension>) Class.forName(name);
if (extClass != null) {
ICMSCRLExtension cmsCRLExt = extClass.newInstance();
@@ -488,7 +484,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
NameValuePairs nvp = null;
if (mCRLEntryExtensionNames.contains(id) ||
- mCRLExtensionNames.contains(id)) {
+ mCRLExtensionNames.contains(id)) {
nvp = new NameValuePairs();
/*
@@ -517,7 +513,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
if (mCRLExtensionClassNames.containsKey(id)) {
- String name = mCRLExtensionClassNames.get(id);
+ String name = mCRLExtensionClassNames.get(id);
if (name != null) {
@@ -555,12 +551,12 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
public void setConfigParams(String id, NameValuePairs nvp, IConfigStore config) {
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
String ipId = nvp.getValue("id");
- ICRLIssuingPoint ip = null;
- if(ipId != null && ca != null) {
- ip = ca.getCRLIssuingPoint(ipId);
+ ICRLIssuingPoint ip = null;
+ if (ipId != null && ca != null) {
+ ip = ca.getCRLIssuingPoint(ipId);
}
for (int i = 0; i < nvp.size(); i++) {
@@ -569,8 +565,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
String value = p.getValue();
if (name.equals(PROP_ENABLE)) {
- if (!(value.equals(Constants.TRUE) ||
- value.equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) || value.equals(Constants.FALSE))) {
continue;
}
if (value.equals(Constants.TRUE)) {
@@ -584,8 +579,7 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
if (name.equals(PROP_CRITICAL)) {
- if (!(value.equals(Constants.TRUE) ||
- value.equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) || value.equals(Constants.FALSE))) {
continue;
}
if (value.equals(Constants.TRUE)) {
@@ -599,37 +593,36 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
//Sync the onlyContainsCACerts with similar property in CRLIssuingPoint
//called caCertsOnly.
- if(name.equals(CMSIssuingDistributionPointExtension.PROP_CACERTS)) {
+ if (name.equals(CMSIssuingDistributionPointExtension.PROP_CACERTS)) {
NameValuePairs crlIssuingPointPairs = null;
boolean crlCACertsOnly = false;
boolean issuingDistPointExtEnabled = false;
CMSCRLExtensions cmsCRLExtensions = (CMSCRLExtensions) ip.getCRLExtensions();
- if(cmsCRLExtensions != null) {
- issuingDistPointExtEnabled = cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.class.getSimpleName());
+ if (cmsCRLExtensions != null) {
+ issuingDistPointExtEnabled = cmsCRLExtensions.isCRLExtensionEnabled(IssuingDistributionPointExtension.class.getSimpleName());
}
CMS.debug("issuingDistPointExtEnabled = " + issuingDistPointExtEnabled);
- if (!(value.equals(Constants.TRUE) ||
- value.equals(Constants.FALSE))) {
+ if (!(value.equals(Constants.TRUE) || value.equals(Constants.FALSE))) {
continue;
}
//Get value of caCertsOnly from CRLIssuingPoint
- if((ip != null) && (issuingDistPointExtEnabled == true)) {
+ if ((ip != null) && (issuingDistPointExtEnabled == true)) {
crlCACertsOnly = ip.isCACertsOnly();
CMS.debug("CRLCACertsOnly is: " + crlCACertsOnly);
crlIssuingPointPairs = new NameValuePairs();
-
+
}
String newValue = "";
boolean modifiedCRLConfig = false;
//If the CRLCACertsOnly prop is false change it to true to sync.
- if(value.equals(Constants.TRUE) && (issuingDistPointExtEnabled == true)) {
- if(crlCACertsOnly == false) {
+ if (value.equals(Constants.TRUE) && (issuingDistPointExtEnabled == true)) {
+ if (crlCACertsOnly == false) {
CMS.debug(" value = true and CRLCACertsOnly is already false.");
crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY, Constants.TRUE);
newValue = Constants.TRUE;
@@ -639,23 +632,23 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
}
//If the CRLCACertsOnly prop is true change it to false to sync.
- if(value.equals(Constants.FALSE) && (issuingDistPointExtEnabled == true)) {
+ if (value.equals(Constants.FALSE) && (issuingDistPointExtEnabled == true)) {
crlIssuingPointPairs.add(Constants.PR_CA_CERTS_ONLY, Constants.FALSE);
- if(ip != null) {
+ if (ip != null) {
ip.updateConfig(crlIssuingPointPairs);
newValue = Constants.FALSE;
modifiedCRLConfig = true;
}
}
-
- if(modifiedCRLConfig == true) {
+
+ if (modifiedCRLConfig == true) {
//Commit to this CRL IssuingPoint's config store
ICertificateAuthority CA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
IConfigStore crlsSubStore = CA.getConfigStore();
- crlsSubStore = crlsSubStore.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ crlsSubStore = crlsSubStore.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
crlsSubStore = crlsSubStore.getSubStore(ipId);
try {
- crlsSubStore.putString(Constants.PR_CA_CERTS_ONLY,newValue);
+ crlsSubStore.putString(Constants.PR_CA_CERTS_ONLY, newValue);
crlsSubStore.commit(true);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRLEXTS_SAVE_CONF", e.toString()));
@@ -693,7 +686,6 @@ public class CMSCRLExtensions implements ICMSCRLExtensions {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSCRLExtension - " + msg);
+ "CMSCRLExtension - " + msg);
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
index 9f80a097..cc9f853f 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLIssuingPoint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
@@ -85,18 +84,18 @@ import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.util.Debug;
/**
- * This class encapsulates CRL issuing mechanism. CertificateAuthority
- * contains a map of CRLIssuingPoint indexed by string ids. Each issuing
- * point contains information about CRL issuing and publishing parameters
- * as well as state information which includes last issued CRL, next CRL
- * serial number, time of the next update etc.
- * If autoUpdateInterval is set to non-zero value then worker thread
- * is created that will perform CRL update at scheduled intervals. Update
- * can also be triggered by invoking updateCRL method directly. Another
+ * This class encapsulates CRL issuing mechanism. CertificateAuthority
+ * contains a map of CRLIssuingPoint indexed by string ids. Each issuing
+ * point contains information about CRL issuing and publishing parameters
+ * as well as state information which includes last issued CRL, next CRL
+ * serial number, time of the next update etc.
+ * If autoUpdateInterval is set to non-zero value then worker thread
+ * is created that will perform CRL update at scheduled intervals. Update
+ * can also be triggered by invoking updateCRL method directly. Another
* parameter minUpdateInterval can be used to prevent CRL
* from being updated too often
* <P>
- *
+ *
* @author awnuk
* @author lhsiao
* @author galperin
@@ -133,7 +132,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
protected String mId = null;
/**
- * Reference to the CertificateAuthority instance which owns this
+ * Reference to the CertificateAuthority instance which owns this
* issuing point.
*/
protected ICertificateAuthority mCA = null;
@@ -161,16 +160,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* CRL cache
*/
- private Hashtable<BigInteger,RevokedCertificate> mCRLCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger,RevokedCertificate> mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger,RevokedCertificate> mUnrevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
- private Hashtable<BigInteger,RevokedCertificate> mExpiredCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mCRLCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mRevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mUnrevokedCerts = new Hashtable<BigInteger, RevokedCertificate>();
+ private Hashtable<BigInteger, RevokedCertificate> mExpiredCerts = new Hashtable<BigInteger, RevokedCertificate>();
private boolean mIncludeExpiredCerts = false;
private boolean mIncludeExpiredCertsOneExtraTime = false;
private boolean mCACertsOnly = false;
private boolean mProfileCertsOnly = false;
- private Vector<String> mProfileList = null;
+ private Vector<String> mProfileList = null;
/**
* Enable CRL cache.
@@ -178,7 +177,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mEnableCRLCache = true;
private boolean mCRLCacheIsCleared = true;
private boolean mEnableCacheRecovery = false;
- private String mFirstUnsaved = null;
+ private String mFirstUnsaved = null;
private boolean mEnableCacheTesting = false;
/**
@@ -187,7 +186,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private long mLastCacheUpdate = 0;
/**
- * Time interval in milliseconds between consequential CRL cache
+ * Time interval in milliseconds between consequential CRL cache
* updates performed automatically.
*/
private long mCacheUpdateInterval;
@@ -207,7 +206,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* Enable CRL daily updates at listed times.
*/
private boolean mEnableDailyUpdates = false;
- private Vector<Vector<Integer>> mDailyUpdates = null;
+ private Vector<Vector<Integer>> mDailyUpdates = null;
private int mCurrentDay = 0;
private int mLastDay = 0;
private int mTimeListSize = 0;
@@ -219,13 +218,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private boolean mEnableUpdateFreq = false;
/**
- * Time interval in milliseconds between consequential CRL Enable CRL daily update at updates
+ * Time interval in milliseconds between consequential CRL Enable CRL daily update at updates
* performed automatically.
*/
private long mAutoUpdateInterval;
/**
- * Minimum time interval in milliseconds between consequential
+ * Minimum time interval in milliseconds between consequential
* CRL updates (manual or automatic).
*/
private long mMinUpdateInterval;
@@ -238,16 +237,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* next update grace period
*/
- private long mNextUpdateGracePeriod;
+ private long mNextUpdateGracePeriod;
/**
- * Boolean flag controlling whether CRLv2 extensions are to be
+ * Boolean flag controlling whether CRLv2 extensions are to be
* used in CRL.
*/
private boolean mAllowExtensions = false;
/**
- * DN of the directory entry where CRLs from this issuing point
+ * DN of the directory entry where CRLs from this issuing point
* are published.
*/
private String mPublishDN = null;
@@ -296,7 +295,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private Thread mUpdateThread = null;
/**
- * for going one more round when auto-interval is set to 0 (turned off)
+ * for going one more round when auto-interval is set to 0 (turned off)
*/
private boolean mDoLastAutoUpdate = false;
@@ -312,7 +311,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private long mDeltaCRLSize = -1;
/**
- * update status, publishing status Strings to store in requests to
+ * update status, publishing status Strings to store in requests to
* display result.
*/
private String mCrlUpdateStatus;
@@ -320,7 +319,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private String mCrlPublishStatus;
private String mCrlPublishError;
- /**
+ /**
* begin, end serial number range of revoked certs if any.
*/
protected BigInteger mBeginSerial = null;
@@ -329,7 +328,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private int mUpdatingCRL = CRL_UPDATE_DONE;
private boolean mDoManualUpdate = false;
- private String mSignatureAlgorithmForManualUpdate = null;
+ private String mSignatureAlgorithmForManualUpdate = null;
private boolean mPublishOnStart = false;
private long[] mSplits = new long[10];
@@ -412,24 +411,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
}
-
+
return b;
}
-
/**
* Initializes a CRL issuing point config.
* <P>
- *
- * @param ca reference to CertificateAuthority instance which
- * owns this issuing point.
+ *
+ * @param ca reference to CertificateAuthority instance which
+ * owns this issuing point.
* @param id string id of this CRL issuing point.
* @param config configuration of this CRL issuing point.
* @exception EBaseException if initialization failed
* @exception IOException
*/
- public void init(ISubsystem ca, String id, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem ca, String id, IConfigStore config)
+ throws EBaseException {
mCA = (ICertificateAuthority) ca;
mId = id;
@@ -449,9 +447,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
mPageSize = crlSubStore.getInteger(ICertificateAuthority.PROP_CRL_PAGE_SIZE, CRL_PAGE_SIZE);
- CMS.debug("CRL Page Size: "+ mPageSize);
+ CMS.debug("CRL Page Size: " + mPageSize);
- mCountMod = config.getInteger("countMod",0);
+ mCountMod = config.getInteger("countMod", 0);
mCRLRepository = mCA.getCRLRepository();
mCertRepository = mCA.getCertificateRepository();
((CertificateRepository) mCertRepository).addCRLIssuingPoint(mId, this);
@@ -469,7 +467,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mCA.getRequestListener(crlListName) == null) {
mCA.registerRequestListener(
- crlListName, new RevocationRequestListener());
+ crlListName, new RevocationRequestListener());
}
for (int i = 0; i < mSplits.length; i++) {
@@ -480,52 +478,60 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
setAutoUpdates();
}
-
private int checkTime(String time) {
String digits = "0123456789";
int len = time.length();
- if (len < 3 || len > 5) return -1;
+ if (len < 3 || len > 5)
+ return -1;
int s = time.indexOf(':');
- if (s < 0 || s > 2 || (len - s) != 3) return -1;
+ if (s < 0 || s > 2 || (len - s) != 3)
+ return -1;
int h = 0;
for (int i = 0; i < s; i++) {
h *= 10;
int k = digits.indexOf(time.charAt(i));
- if (k < 0) return -1;
+ if (k < 0)
+ return -1;
h += k;
}
- if (h > 23) return -1;
+ if (h > 23)
+ return -1;
int m = 0;
- for (int i = s+1; i < len; i++) {
+ for (int i = s + 1; i < len; i++) {
m *= 10;
int k = digits.indexOf(time.charAt(i));
- if (k < 0) return -1;
+ if (k < 0)
+ return -1;
m += k;
}
- if (m > 59) return -1;
+ if (m > 59)
+ return -1;
return ((h * 60) + m);
}
private boolean areTimeListsIdentical(Vector<Vector<Integer>> list1, Vector<Vector<Integer>> list2) {
boolean identical = true;
- if (list1 == null || list2 == null) identical = false;
- if (identical && list1.size() != list2.size()) identical = false;
+ if (list1 == null || list2 == null)
+ identical = false;
+ if (identical && list1.size() != list2.size())
+ identical = false;
for (int i = 0; identical && i < list1.size(); i++) {
Vector<Integer> times1 = list1.elementAt(i);
Vector<Integer> times2 = list2.elementAt(i);
- if (times1.size() != times2.size()) identical = false;
+ if (times1.size() != times2.size())
+ identical = false;
for (int j = 0; identical && j < times1.size(); j++) {
if ((((times1.elementAt(j))).intValue()) != (((times2.elementAt(j))).intValue())) {
identical = false;
}
}
}
- CMS.debug("areTimeListsIdentical: identical: "+identical);
+ CMS.debug("areTimeListsIdentical: identical: " + identical);
return identical;
}
@@ -533,23 +539,25 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
int listSize = 0;
for (int i = 0; listedDays != null && i < listedDays.size(); i++) {
Vector<Integer> listedTimes = listedDays.elementAt(i);
- listSize += ((listedTimes != null)? listedTimes.size(): 0);
+ listSize += ((listedTimes != null) ? listedTimes.size() : 0);
}
- CMS.debug("getTimeListSize: ListSize="+listSize);
+ CMS.debug("getTimeListSize: ListSize=" + listSize);
return listSize;
}
private boolean isTimeListExtended(String list) {
- boolean extendedTimeList = true;
- if (list == null || list.indexOf('*') == -1)
- extendedTimeList = false;
- return extendedTimeList;
+ boolean extendedTimeList = true;
+ if (list == null || list.indexOf('*') == -1)
+ extendedTimeList = false;
+ return extendedTimeList;
}
private Vector<Vector<Integer>> getTimeList(String list) {
boolean timeListPresent = false;
- if (list == null || list.length() == 0) return null;
- if (list.charAt(0) == ',' || list.charAt(list.length()-1) == ',') return null;
+ if (list == null || list.length() == 0)
+ return null;
+ if (list.charAt(0) == ',' || list.charAt(list.length() - 1) == ',')
+ return null;
Vector<Vector<Integer>> listedDays = new Vector<Vector<Integer>>();
@@ -557,7 +565,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Vector<Integer> listedTimes = null;
while (days.hasMoreTokens()) {
String dayList = days.nextToken().trim();
- if (dayList == null) continue;
+ if (dayList == null)
+ continue;
if (dayList.equals(";")) {
if (timeListPresent) {
@@ -586,7 +595,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
return null;
} else {
if (t > t0) {
- listedTimes.addElement(new Integer(k*t));
+ listedTimes.addElement(new Integer(k * t));
t0 = t;
} else {
return null;
@@ -596,7 +605,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (!timeListPresent) {
listedTimes = new Vector<Integer>();
- listedDays.addElement(listedTimes);
+ listedDays.addElement(listedTimes);
}
return listedDays;
@@ -605,7 +614,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private String checkProfile(String id, Enumeration<String> e) {
if (e != null) {
while (e.hasMoreElements()) {
- String profileId = e.nextElement();
+ String profileId = e.nextElement();
if (profileId != null && profileId.equalsIgnoreCase(id))
return id;
}
@@ -616,9 +625,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private Vector<String> getProfileList(String list) {
Enumeration<String> e = null;
IConfigStore pc = CMS.getConfigStore().getSubStore("profile");
- if (pc != null) e = pc.getSubStoreNames();
- if (list == null) return null;
- if (list.length() > 0 && list.charAt(list.length()-1) == ',') return null;
+ if (pc != null)
+ e = pc.getSubStoreNames();
+ if (list == null)
+ return null;
+ if (list.length() > 0 && list.charAt(list.length() - 1) == ',')
+ return null;
Vector<String> listedProfiles = new Vector<String>();
@@ -627,8 +639,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
int n = 0;
while (elements.hasMoreTokens()) {
String element = elements.nextToken().trim();
- if (element == null || element.length() == 0) return null;
- if (element.equals(",") && n % 2 == 0) return null;
+ if (element == null || element.length() == 0)
+ return null;
+ if (element.equals(",") && n % 2 == 0)
+ return null;
if (n % 2 == 0) {
String id = checkProfile(element, e);
if (id != null) {
@@ -637,17 +651,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
n++;
}
- if (n % 2 == 0) return null;
+ if (n % 2 == 0)
+ return null;
return listedProfiles;
}
-
/**
* get CRL config store info
*/
protected void initConfig(IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mEnable = config.getBoolean(Constants.PR_ENABLE, true);
mDescription = config.getString(Constants.PR_DESCRIPTION);
@@ -684,7 +698,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mAutoUpdateInterval = MINUTE * config.getInteger(Constants.PR_UPDATE_FREQ, 0);
mMinUpdateInterval = MINUTE * config.getInteger(PROP_MIN_UPDATE_INTERVAL, 0);
if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
- mAutoUpdateInterval < mMinUpdateInterval)
+ mAutoUpdateInterval < mMinUpdateInterval)
mAutoUpdateInterval = mMinUpdateInterval;
// get next update grace period
@@ -722,22 +736,22 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mCMSCRLExtensions = new CMSCRLExtensions(this, config);
- mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled())?
- config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true):
+ mExtendedNextUpdate = ((mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) && isDeltaCRLEnabled()) ?
+ config.getBoolean(Constants.PR_EXTENDED_NEXT_UPDATE, true) :
false;
// Get serial number ranges if any.
mBeginSerial = config.getBigInteger(PROP_BEGIN_SERIAL, null);
if (mBeginSerial != null && mBeginSerial.compareTo(BigInteger.ZERO) < 0) {
throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
- PROP_BEGIN_SERIAL, "BigInteger", "positive number"));
+ CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
+ PROP_BEGIN_SERIAL, "BigInteger", "positive number"));
}
mEndSerial = config.getBigInteger(PROP_END_SERIAL, null);
if (mEndSerial != null && mEndSerial.compareTo(BigInteger.ZERO) < 0) {
throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
- PROP_END_SERIAL, "BigInteger", "positive number"));
+ CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
+ PROP_END_SERIAL, "BigInteger", "positive number"));
}
}
@@ -800,16 +814,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mNextUpdate = crlRecord.getNextUpdate();
if (isDeltaCRLEnabled()) {
- mNextDeltaUpdate = (mNextUpdate != null)? new Date(mNextUpdate.getTime()): null;
+ mNextDeltaUpdate = (mNextUpdate != null) ? new Date(mNextUpdate.getTime()) : null;
}
mFirstUnsaved = crlRecord.getFirstUnsaved();
if (Debug.on()) {
- Debug.trace("initCRL CRLNumber="+mCRLNumber.toString()+" CRLSize="+mCRLSize+
- " FirstUnsaved="+mFirstUnsaved);
+ Debug.trace("initCRL CRLNumber=" + mCRLNumber.toString() + " CRLSize=" + mCRLSize +
+ " FirstUnsaved=" + mFirstUnsaved);
}
if (mFirstUnsaved == null ||
- (mFirstUnsaved != null && mFirstUnsaved.equals(ICRLIssuingPointRecord.NEW_CACHE))) {
+ (mFirstUnsaved != null && mFirstUnsaved.equals(ICRLIssuingPointRecord.NEW_CACHE))) {
clearCRLCache();
updateCRLCacheRepository();
} else {
@@ -884,8 +898,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
null, null, BigInteger.ZERO, Long.valueOf(-1),
mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mCRLRepository.addCRLIssuingPointRecord(crlRecord);
- mCRLNumber = BigInteger.ZERO; //BIG_ZERO;
- mNextCRLNumber = BigInteger.ONE; //BIG_ONE;
+ mCRLNumber = BigInteger.ZERO; //BIG_ZERO;
+ mNextCRLNumber = BigInteger.ONE; //BIG_ONE;
mLastCRLNumber = mCRLNumber;
mDeltaCRLNumber = mCRLNumber;
mNextDeltaCRLNumber = mNextCRLNumber;
@@ -893,8 +907,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (crlRecord != null) {
// This will trigger updateCRLNow, which will also publish CRL.
if ((mDoManualUpdate == false) &&
- (mEnableCRLCache || mAlwaysUpdate ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
+ (mEnableCRLCache || mAlwaysUpdate ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
mInitialized = CRL_IP_INITIALIZED;
setManualUpdate(null);
}
@@ -919,7 +933,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
NameValuePair p = params.elementAt(i);
String name = p.getName();
String value = p.getValue();
-
+
// -- Update Schema --
if (name.equals(Constants.PR_ENABLE_CRL)) {
if (value.equals(Constants.FALSE) && mEnableCRLUpdates) {
@@ -1082,7 +1096,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// -- CRL Format --
if (name.equals(Constants.PR_SIGNING_ALGORITHM)) {
- if (value != null) value = value.trim();
+ if (value != null)
+ value = value.trim();
if (!mSigningAlgorithm.equals(value)) {
mSigningAlgorithm = value;
}
@@ -1123,9 +1138,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_CA_CERTS_ONLY)) {
Extension distExt = getCRLExtension(IssuingDistributionPointExtension.class.getSimpleName());
IssuingDistributionPointExtension iExt = (IssuingDistributionPointExtension) distExt;
- IssuingDistributionPoint issuingDistributionPoint = null;
- if(iExt != null)
- issuingDistributionPoint = iExt.getIssuingDistributionPoint();
+ IssuingDistributionPoint issuingDistributionPoint = null;
+ if (iExt != null)
+ issuingDistributionPoint = iExt.getIssuingDistributionPoint();
if (value.equals(Constants.FALSE) && mCACertsOnly) {
clearCRLCache();
updateCRLCacheRepository();
@@ -1137,25 +1152,25 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
//attempt to sync the IssuingDistributionPoint Extension value of
//onlyContainsCACerts
- if(issuingDistributionPoint != null && params.size() > 1) {
+ if (issuingDistributionPoint != null && params.size() > 1) {
boolean onlyContainsCACerts = issuingDistributionPoint.getOnlyContainsCACerts();
- if(onlyContainsCACerts != mCACertsOnly) {
+ if (onlyContainsCACerts != mCACertsOnly) {
IConfigStore config = mCA.getConfigStore();
IConfigStore crlsSubStore =
- config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(mId);
IConfigStore crlExtsSubStore =
- crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+ crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
crlExtsSubStore = crlExtsSubStore.getSubStore(IssuingDistributionPointExtension.class.getSimpleName());
- if(crlExtsSubStore != null) {
+ if (crlExtsSubStore != null) {
String val = "";
- if(mCACertsOnly == true) {
+ if (mCACertsOnly == true) {
val = Constants.TRUE;
} else {
val = Constants.FALSE;
}
- crlExtsSubStore.putString(PROP_CACERTS,val);
+ crlExtsSubStore.putString(PROP_CACERTS, val);
try {
crlExtsSubStore.commit(true);
} catch (Exception e) {
@@ -1180,11 +1195,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (name.equals(Constants.PR_PROFILE_LIST)) {
Vector<String> profileList = getProfileList(value);
if (((profileList != null) ^ (mProfileList != null)) ||
- (profileList != null && mProfileList != null &&
- (!mProfileList.equals(profileList)))) {
+ (profileList != null && mProfileList != null &&
+ (!mProfileList.equals(profileList)))) {
if (profileList != null) {
@SuppressWarnings("unchecked")
- Vector<String> newProfileList = (Vector<String>) profileList.clone();
+ Vector<String> newProfileList = (Vector<String>) profileList.clone();
mProfileList = newProfileList;
} else {
mProfileList = null;
@@ -1199,7 +1214,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
- if (modifiedSchedule) setAutoUpdates();
+ if (modifiedSchedule)
+ setAutoUpdates();
return noRestart;
}
@@ -1231,7 +1247,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns internal id of this CRL issuing point.
* <P>
- *
+ *
* @return internal id of this CRL issuing point
*/
public String getId() {
@@ -1241,7 +1257,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns internal description of this CRL issuing point.
* <P>
- *
+ *
* @return internal description of this CRL issuing point
*/
public String getDescription() {
@@ -1250,7 +1266,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Sets internal description of this CRL issuing point.
- *
+ *
* @param description description for this CRL issuing point.
*/
public void setDescription(String description) {
@@ -1261,7 +1277,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* Returns DN of the directory entry where CRLs.from this issuing point
* are published.
* <P>
- *
+ *
* @return DN of the directory entry where CRLs are published.
*/
public String getPublishDN() {
@@ -1271,7 +1287,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns signing algorithm.
* <P>
- *
+ *
* @return SigningAlgorithm.
*/
public String getSigningAlgorithm() {
@@ -1285,7 +1301,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current CRL generation schema for this CRL issuing point.
* <P>
- *
+ *
* @return current CRL generation schema for this CRL issuing point
*/
public int getCRLSchema() {
@@ -1295,7 +1311,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return current CRL number of this CRL issuing point
*/
public BigInteger getCRLNumber() {
@@ -1305,17 +1321,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns current delta CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return current delta CRL number of this CRL issuing point
*/
public BigInteger getDeltaCRLNumber() {
- return (isDeltaCRLEnabled() && mDeltaCRLSize > -1)? mDeltaCRLNumber: BigInteger.ZERO;
+ return (isDeltaCRLEnabled() && mDeltaCRLSize > -1) ? mDeltaCRLNumber : BigInteger.ZERO;
}
/**
* Returns next CRL number of this CRL issuing point.
* <P>
- *
+ *
* @return next CRL number of this CRL issuing point
*/
public BigInteger getNextCRLNumber() {
@@ -1325,17 +1341,17 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns number of entries in the CRL
* <P>
- *
+ *
* @return number of entries in the CRL
*/
public long getCRLSize() {
- return (mCRLCerts.size() > 0 && mCRLSize == 0)? mCRLCerts.size(): mCRLSize;
+ return (mCRLCerts.size() > 0 && mCRLSize == 0) ? mCRLCerts.size() : mCRLSize;
}
/**
* Returns number of entries in delta CRL
* <P>
- *
+ *
* @return number of entries in delta CRL
*/
public long getDeltaCRLSize() {
@@ -1345,7 +1361,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns last update time
* <P>
- *
+ *
* @return last CRL update time
*/
public Date getLastUpdate() {
@@ -1355,7 +1371,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns next update time
* <P>
- *
+ *
* @return next CRL update time
*/
public Date getNextUpdate() {
@@ -1365,7 +1381,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns next update time
* <P>
- *
+ *
* @return next CRL update time
*/
public Date getNextDeltaUpdate() {
@@ -1375,7 +1391,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns all the revoked certificates from the CRL cache.
* <P>
- *
+ *
* @return set of all the revoked certificates or null if there are none.
*/
public Set<RevokedCertificate> getRevokedCertificates(int start, int end) {
@@ -1390,7 +1406,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Returns certificate authority.
* <P>
- *
+ *
* @return certificate authority
*/
public ISubsystem getCertificateAuthority() {
@@ -1403,13 +1419,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
private synchronized void setAutoUpdates() {
if ((mEnable && mUpdateThread == null) &&
- ((mEnableCRLCache && mCacheUpdateInterval > 0) ||
- (mEnableCRLUpdates &&
- ((mEnableDailyUpdates && mDailyUpdates != null &&
- mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
- (mInitialized == CRL_IP_NOT_INITIALIZED) ||
- mDoLastAutoUpdate || mDoManualUpdate)))) {
+ ((mEnableCRLCache && mCacheUpdateInterval > 0) ||
+ (mEnableCRLUpdates &&
+ ((mEnableDailyUpdates && mDailyUpdates != null &&
+ mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
+ (mInitialized == CRL_IP_NOT_INITIALIZED) ||
+ mDoLastAutoUpdate || mDoManualUpdate)))) {
mUpdateThread = new Thread(this, "CRLIssuingPoint-" + mId);
log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_ISSUING_START_CRL", mId));
mUpdateThread.setDaemon(true);
@@ -1417,14 +1433,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if ((mInitialized == CRL_IP_INITIALIZED) && (((mNextUpdate != null) ^
- ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0))) ||
- (!mEnableCRLUpdates && mNextUpdate != null))) {
- mDoLastAutoUpdate = true;
+ ((mEnableDailyUpdates && mDailyUpdates != null && mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0))) ||
+ (!mEnableCRLUpdates && mNextUpdate != null))) {
+ mDoLastAutoUpdate = true;
}
if (mEnableUpdateFreq && mAutoUpdateInterval > 0 &&
- mAutoUpdateInterval < mMinUpdateInterval) {
+ mAutoUpdateInterval < mMinUpdateInterval) {
mAutoUpdateInterval = mMinUpdateInterval;
}
@@ -1432,7 +1448,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
/**
- * Sets CRL manual-update
+ * Sets CRL manual-update
* Starts or stops worker thread as necessary.
*/
public synchronized void setManualUpdate(String signatureAlgorithm) {
@@ -1451,13 +1467,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* @return auto update interval in milliseconds.
*/
public long getAutoUpdateInterval() {
- return (mEnableUpdateFreq)? mAutoUpdateInterval: 0;
+ return (mEnableUpdateFreq) ? mAutoUpdateInterval : 0;
}
/**
- * @return always update the CRL
+ * @return always update the CRL
*/
- public boolean getAlwaysUpdate() {
+ public boolean getAlwaysUpdate() {
return mAlwaysUpdate;
}
@@ -1471,11 +1487,11 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Finds next update time expressed as delay or time of the next update.
- *
+ *
* @param fromLastUpdate if true, function returns delay to the next update time
- * otherwise returns the next update time.
+ * otherwise returns the next update time.
* @param delta if true, function returns the next update time for delta CRL,
- * otherwise returns the next update time for CRL.
+ * otherwise returns the next update time for CRL.
* @return delay to the next update time or the next update time itself
*/
private long findNextUpdate(boolean fromLastUpdate, boolean delta) {
@@ -1483,52 +1499,53 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
TimeZone tz = TimeZone.getDefault();
int offset = tz.getOffset(now);
long oneDay = 1440L * MINUTE;
- long nowToday = (now + (long)offset) % oneDay;
+ long nowToday = (now + (long) offset) % oneDay;
long startOfToday = now - nowToday;
- long lastUpdated = (mLastUpdate != null)? mLastUpdate.getTime(): now;
- long lastUpdateDay = lastUpdated - ((lastUpdated + (long)offset) % oneDay);
+ long lastUpdated = (mLastUpdate != null) ? mLastUpdate.getTime() : now;
+ long lastUpdateDay = lastUpdated - ((lastUpdated + (long) offset) % oneDay);
- long lastUpdate = (mLastUpdate != null && fromLastUpdate)? mLastUpdate.getTime(): now;
- long last = (lastUpdate + (long)offset) % oneDay;
+ long lastUpdate = (mLastUpdate != null && fromLastUpdate) ? mLastUpdate.getTime() : now;
+ long last = (lastUpdate + (long) offset) % oneDay;
long lastDay = lastUpdate - last;
boolean isDeltaEnabled = isDeltaCRLEnabled();
long next = 0L;
long nextUpdate = 0L;
- CMS.debug("findNextUpdate: fromLastUpdate: "+fromLastUpdate+" delta: "+delta);
+ CMS.debug("findNextUpdate: fromLastUpdate: " + fromLastUpdate + " delta: " + delta);
- int numberOfDays = (int)((startOfToday - lastUpdateDay) / oneDay);
+ int numberOfDays = (int) ((startOfToday - lastUpdateDay) / oneDay);
if (numberOfDays > 0 && mDailyUpdates.size() > 1 &&
- ((mCurrentDay == mLastDay) ||
- (mCurrentDay != ((mLastDay + numberOfDays) % mDailyUpdates.size())))) {
+ ((mCurrentDay == mLastDay) ||
+ (mCurrentDay != ((mLastDay + numberOfDays) % mDailyUpdates.size())))) {
mCurrentDay = (mLastDay + numberOfDays) % mDailyUpdates.size();
}
if ((delta || fromLastUpdate) && isDeltaEnabled &&
- (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) &&
- mNextDeltaUpdate != null) {
+ (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList)) &&
+ mNextDeltaUpdate != null) {
nextUpdate = mNextDeltaUpdate.getTime();
} else if (mNextUpdate != null) {
nextUpdate = mNextUpdate.getTime();
}
if (mEnableDailyUpdates &&
- mDailyUpdates != null && mDailyUpdates.size() > 0) {
+ mDailyUpdates != null && mDailyUpdates.size() > 0) {
int n = 0;
if (mDailyUpdates.size() == 1 && mDailyUpdates.elementAt(0).size() == 1 &&
- mEnableUpdateFreq && mAutoUpdateInterval > 0) {
+ mEnableUpdateFreq && mAutoUpdateInterval > 0) {
// Interval updates with starting time
- long firstTime = MINUTE * ((Integer)mDailyUpdates.elementAt(0).elementAt(0)).longValue();
+ long firstTime = MINUTE * ((Integer) mDailyUpdates.elementAt(0).elementAt(0)).longValue();
long t = firstTime;
long interval = mAutoUpdateInterval;
if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) &&
- isDeltaEnabled && mUpdateSchema > 1) {
+ isDeltaEnabled && mUpdateSchema > 1) {
interval *= mUpdateSchema;
}
- while (t < oneDay) {
- if (t - mMinUpdateInterval > last) break;
+ while (t < oneDay) {
+ if (t - mMinUpdateInterval > last)
+ break;
t += interval;
n++;
}
@@ -1562,7 +1579,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
// search the current day
for (i = 0; i < mDailyUpdates.elementAt(mCurrentDay).size(); i++) {
- long t = MINUTE * ((Integer)mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue();
+ long t = MINUTE * ((Integer) mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue();
if (mEnableDailyUpdates && mExtendedTimeList) {
if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled) {
if (t < 0) {
@@ -1578,7 +1595,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (t - mMinUpdateInterval > last) {
if (mExtendedNextUpdate && (!fromLastUpdate) && (!(mEnableDailyUpdates && mExtendedTimeList)) && (!delta) &&
- isDeltaEnabled && mUpdateSchema > 1) {
+ isDeltaEnabled && mUpdateSchema > 1) {
i += mUpdateSchema - ((i + m) % mUpdateSchema);
}
break;
@@ -1588,14 +1605,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (i < mDailyUpdates.elementAt(mCurrentDay).size()) {
// found inside the current day
- next = (MINUTE * ((Integer)mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue());
+ next = (MINUTE * ((Integer) mDailyUpdates.elementAt(mCurrentDay).elementAt(i)).longValue());
if (mEnableDailyUpdates && mExtendedTimeList && next < 0) {
next *= -1;
if (fromLastUpdate) {
mSchemaCounter = 0;
}
}
- next += ((lastDay < lastUpdateDay)? lastDay: lastUpdateDay) + (oneDay * (mCurrentDay - mLastDay));
+ next += ((lastDay < lastUpdateDay) ? lastDay : lastUpdateDay) + (oneDay * (mCurrentDay - mLastDay));
if (fromLastUpdate && (!(mEnableDailyUpdates && mExtendedTimeList))) {
n = n % mUpdateSchema;
@@ -1616,8 +1633,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
while (nDays <= mDailyUpdates.size()) {
int nextDay = (mCurrentDay + nDays) % mDailyUpdates.size();
if (j < mDailyUpdates.elementAt(nextDay).size()) {
- if (nextDay == 0 && (!(mEnableDailyUpdates && mExtendedTimeList))) j = 0;
- t = MINUTE * ((Integer)mDailyUpdates.elementAt(nextDay).elementAt(j)).longValue();
+ if (nextDay == 0 && (!(mEnableDailyUpdates && mExtendedTimeList)))
+ j = 0;
+ t = MINUTE * ((Integer) mDailyUpdates.elementAt(nextDay).elementAt(j)).longValue();
if (mEnableDailyUpdates && mExtendedTimeList) {
if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled) {
if (t < 0) {
@@ -1642,7 +1660,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
nDays++;
}
}
- next = ((lastDay < lastUpdateDay)? lastDay: lastUpdateDay) + (oneDay * nDays) + t;
+ next = ((lastDay < lastUpdateDay) ? lastDay : lastUpdateDay) + (oneDay * nDays) + t;
if (fromLastUpdate && mDailyUpdates.size() < 2) {
mSchemaCounter = 0;
@@ -1651,7 +1669,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
} else if (mEnableUpdateFreq && mAutoUpdateInterval > 0) {
// Interval updates without starting time
- if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled && mUpdateSchema > 1) {
+ if (mExtendedNextUpdate && (!fromLastUpdate) && (!delta) && isDeltaEnabled && mUpdateSchema > 1) {
next = lastUpdate + (mUpdateSchema * mAutoUpdateInterval);
} else {
next = lastUpdate + mAutoUpdateInterval;
@@ -1662,14 +1680,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
next = nextUpdate;
}
- CMS.debug("findNextUpdate: "+((new Date(next)).toString())+((fromLastUpdate)? " delay: "+(next-now): ""));
+ CMS.debug("findNextUpdate: " + ((new Date(next)).toString()) + ((fromLastUpdate) ? " delay: " + (next - now) : ""));
- return (fromLastUpdate)? next-now: next;
+ return (fromLastUpdate) ? next - now : next;
}
-
/**
- * Implements Runnable interface. Defines auto-update
+ * Implements Runnable interface. Defines auto-update
* logic used by worker thread.
* <P>
*/
@@ -1678,8 +1695,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
(mInitialized == CRL_IP_NOT_INITIALIZED) ||
mDoLastAutoUpdate || (mEnableCRLUpdates &&
((mEnableDailyUpdates && mDailyUpdates != null &&
- mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
+ mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0) ||
mDoManualUpdate)))) {
synchronized (this) {
@@ -1687,13 +1704,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
long delay2 = 0;
boolean doCacheUpdate = false;
boolean scheduledUpdates = mEnableCRLUpdates &&
- ((mEnableDailyUpdates && mDailyUpdates != null &&
- mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0));
+ ((mEnableDailyUpdates && mDailyUpdates != null &&
+ mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0));
if (mInitialized == CRL_IP_NOT_INITIALIZED)
initCRL();
- if (mInitialized == CRL_IP_INITIALIZED && (!mEnable)) break;
+ if (mInitialized == CRL_IP_INITIALIZED && (!mEnable))
+ break;
if ((mEnableCRLUpdates && mDoManualUpdate) || mDoLastAutoUpdate) {
delay = 0;
@@ -1705,8 +1723,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
delay2 = mLastCacheUpdate + mCacheUpdateInterval -
System.currentTimeMillis();
if (delay2 < delay ||
- (!(scheduledUpdates || mDoLastAutoUpdate ||
- (mEnableCRLUpdates && mDoManualUpdate)))) {
+ (!(scheduledUpdates || mDoLastAutoUpdate ||
+ (mEnableCRLUpdates && mDoManualUpdate)))) {
delay = delay2;
if (delay <= 0) {
doCacheUpdate = true;
@@ -1716,7 +1734,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
if (delay > 0) {
- try {
+ try {
wait(delay);
} catch (InterruptedException e) {
}
@@ -1729,9 +1747,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
} catch (Exception e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_CRL",
- (doCacheUpdate)?"update CRL cache":"update CRL", e.toString()));
+ (doCacheUpdate) ? "update CRL cache" : "update CRL", e.toString()));
if (Debug.on()) {
- Debug.trace((doCacheUpdate)?"update CRL cache":"update CRL" + " error " + e);
+ Debug.trace((doCacheUpdate) ? "update CRL cache" : "update CRL" + " error " + e);
Debug.printStackTrace(e);
}
}
@@ -1749,16 +1767,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mUpdateThread = null;
}
-
/**
- * Updates CRL and publishes it.
- * If time elapsed since last CRL update is less than
+ * Updates CRL and publishes it.
+ * If time elapsed since last CRL update is less than
* minUpdateInterval silently returns.
- * Otherwise determines nextUpdate by adding autoUpdateInterval or
- * minUpdateInterval to the current time. If neither of the
+ * Otherwise determines nextUpdate by adding autoUpdateInterval or
+ * minUpdateInterval to the current time. If neither of the
* intervals are defined nextUpdate will be null.
- * Then using specified configuration parameters it formulates new
- * CRL, signs it, updates CRLIssuingPointRecord in the database
+ * Then using specified configuration parameters it formulates new
+ * CRL, signs it, updates CRLIssuingPointRecord in the database
* and publishes CRL in the directory.
* <P>
*/
@@ -1820,7 +1837,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// get all revoked non-expired certs.
if (mEndSerial != null || mBeginSerial != null || mCACertsOnly ||
- (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0)) {
+ (mProfileCertsOnly && mProfileList != null && mProfileList.size() > 0)) {
filter = "(&" + filter + ")";
}
@@ -1830,25 +1847,26 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
/**
* Gets a enumeration of revoked certs to put into CRL.
* This does not include expired certs.
- * <i>Override this method to make a CRL other than the
+ * <i>Override this method to make a CRL other than the
* full/complete CRL.</i>
- * @return Enumeration of CertRecords to put into CRL.
+ *
+ * @return Enumeration of CertRecords to put into CRL.
* @exception EBaseException if an error occured in the database.
*/
public void processRevokedCerts(IElementProcessor p)
- throws EBaseException {
+ throws EBaseException {
CertRecProcessor cp = (CertRecProcessor) p;
String filter = getFilter();
// NOTE: dangerous cast.
// correct way would be to modify interface and add
// accessor but we don't want to touch the interface
- CertificateRepository cr = (CertificateRepository)mCertRepository;
+ CertificateRepository cr = (CertificateRepository) mCertRepository;
synchronized (cr.mCertStatusUpdateThread) {
CMS.debug("Starting processRevokedCerts (entered lock)");
ICertRecordList list = mCertRepository.findCertRecordsInList(filter,
- new String[] {ICertRecord.ATTR_ID, ICertRecord.ATTR_REVO_INFO, "objectclass" },
+ new String[] { ICertRecord.ATTR_ID, ICertRecord.ATTR_REVO_INFO, "objectclass" },
"serialno",
mPageSize);
@@ -1892,14 +1910,14 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
// "(requestType=" + IRequest.UNREVOCATION_REQUEST + ")))";
String filter = "(requeststate=complete)";
if (Debug.on()) {
- Debug.trace("recoverCRLCache mFirstUnsaved="+mFirstUnsaved+" filter="+filter);
+ Debug.trace("recoverCRLCache mFirstUnsaved=" + mFirstUnsaved + " filter=" + filter);
}
IRequestQueue mQueue = mCA.getRequestQueue();
IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
new RequestId(mFirstUnsaved), filter, 500, "requestId");
if (Debug.on()) {
- Debug.trace("recoverCRLCache size="+list.getSize()+" index="+list.getCurrentIndex());
+ Debug.trace("recoverCRLCache size=" + list.getSize() + " index=" + list.getCurrentIndex());
}
CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
@@ -1917,20 +1935,20 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
continue;
}
if (Debug.on()) {
- Debug.trace("recoverCRLCache request="+request.getRequestId().toString()+
- " type="+request.getRequestType());
+ Debug.trace("recoverCRLCache request=" + request.getRequestId().toString() +
+ " type=" + request.getRequestType());
}
if (IRequest.REVOCATION_REQUEST.equals(request.getRequestType())) {
RevokedCertImpl revokedCert[] =
- request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+ request.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
for (int j = 0; j < revokedCert.length; j++) {
if (Debug.on()) {
- Debug.trace("recoverCRLCache R j="+j+" length="+revokedCert.length+
- " SerialNumber=0x"+revokedCert[j].getSerialNumber().toString(16));
+ Debug.trace("recoverCRLCache R j=" + j + " length=" + revokedCert.length +
+ " SerialNumber=0x" + revokedCert[j].getSerialNumber().toString(16));
}
- if(cp != null)
- includeCert = cp.checkRevokedCertExtensions(revokedCert[j].getExtensions());
- if(includeCert) {
+ if (cp != null)
+ includeCert = cp.checkRevokedCertExtensions(revokedCert[j].getExtensions());
+ if (includeCert) {
updateRevokedCert(REVOKED_CERT, revokedCert[j].getSerialNumber(), revokedCert[j]);
}
}
@@ -1938,8 +1956,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
BigInteger serialNo[] = request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
for (int j = 0; j < serialNo.length; j++) {
if (Debug.on()) {
- Debug.trace("recoverCRLCache U j="+j+" length="+serialNo.length+
- " SerialNumber=0x"+serialNo[j].toString(16));
+ Debug.trace("recoverCRLCache U j=" + j + " length=" + serialNo.length +
+ " SerialNumber=0x" + serialNo[j].toString(16));
}
updateRevokedCert(UNREVOKED_CERT, serialNo[j], null);
}
@@ -1972,32 +1990,33 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
private Extension getCRLExtension(String extName) {
- if(mAllowExtensions == false) {
+ if (mAllowExtensions == false) {
return null;
}
- if(mCMSCRLExtensions.isCRLExtensionEnabled(extName) == false) {
+ if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) == false) {
return null;
}
CMSCRLExtensions exts = (CMSCRLExtensions) this.getCRLExtensions();
CRLExtensions ext = new CRLExtensions();
-
+
Vector<String> extNames = exts.getCRLExtensionNames();
- for (int i = 0; i < extNames.size(); i++) {
- String curName = extNames.elementAt(i);
- if (curName.equals(extName)) {
- exts.addToCRLExtensions(ext, extName, null);
- }
- }
- Extension theExt = null;
- try {
- theExt = ext.get(extName);
- } catch (Exception e) {
+ for (int i = 0; i < extNames.size(); i++) {
+ String curName = extNames.elementAt(i);
+ if (curName.equals(extName)) {
+ exts.addToCRLExtensions(ext, extName, null);
}
+ }
+ Extension theExt = null;
+ try {
+ theExt = ext.get(extName);
+ } catch (Exception e) {
+ }
- CMS.debug("CRLIssuingPoint.getCRLExtension extension: " + theExt);
- return theExt;
+ CMS.debug("CRLIssuingPoint.getCRLExtension extension: " + theExt);
+ return theExt;
}
+
/**
* get required crl entry extensions
*/
@@ -2021,7 +2040,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (extName.equals(name)) {
if (!(ext instanceof CRLReasonExtension) ||
- (((CRLReasonExtension) ext).getReason().toInt() >
+ (((CRLReasonExtension) ext).getReason().toInt() >
RevocationReason.UNSPECIFIED.toInt())) {
mCMSCRLExtensions.addToCRLExtensions(entryExt, extName, ext);
}
@@ -2057,7 +2076,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
String requestId) {
synchronized (cacheMonitor) {
if (requestId != null && mFirstUnsaved != null &&
- mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
+ mFirstUnsaved.equals(ICRLIssuingPointRecord.CLEAN_CACHE)) {
mFirstUnsaved = requestId;
try {
mCRLRepository.updateFirstUnsaved(mId, mFirstUnsaved);
@@ -2072,7 +2091,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Date revocationDate = revokedCert.getRevocationDate();
CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert.getExtensions());
RevokedCertImpl newRevokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExt);
+ new RevokedCertImpl(serialNumber, revocationDate, entryExt);
mCRLCerts.put(serialNumber, newRevokedCert);
}
@@ -2080,7 +2099,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Date revocationDate = revokedCert.getRevocationDate();
CRLExtensions entryExt = getRequiredEntryExtensions(revokedCert.getExtensions());
RevokedCertImpl newRevokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExt);
+ new RevokedCertImpl(serialNumber, revocationDate, entryExt);
mRevokedCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
}
@@ -2092,7 +2111,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
entryExt.set(CRLReasonExtension.REMOVE_FROM_CRL.getName(),
- CRLReasonExtension.REMOVE_FROM_CRL);
+ CRLReasonExtension.REMOVE_FROM_CRL);
} catch (IOException e) {
}
RevokedCertImpl newRevokedCert = new RevokedCertImpl(serialNumber,
@@ -2116,8 +2135,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
boolean includeCert = true;
- if(cp != null)
- includeCert = cp.checkRevokedCertExtensions(revokedCert.getExtensions());
+ if (cp != null)
+ includeCert = cp.checkRevokedCertExtensions(revokedCert.getExtensions());
if (mEnable && mEnableCRLCache && includeCert == true) {
updateRevokedCert(REVOKED_CERT, serialNumber, revokedCert, requestId);
@@ -2166,7 +2185,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
try {
entryExt.set(CRLReasonExtension.REMOVE_FROM_CRL.getName(),
- CRLReasonExtension.REMOVE_FROM_CRL);
+ CRLReasonExtension.REMOVE_FROM_CRL);
} catch (IOException e) {
}
RevokedCertImpl newRevokedCert = new RevokedCertImpl(serialNumber,
@@ -2191,7 +2210,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
synchronized (repositoryMonitor) {
try {
mCRLRepository.updateCRLCache(mId, Long.valueOf(mCRLSize),
- mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
+ mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_STORE_CRL_CACHE", e.toString()));
@@ -2202,8 +2221,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
public boolean isDeltaCRLEnabled() {
return (mAllowExtensions && mEnableCRLCache &&
mCMSCRLExtensions.isCRLExtensionEnabled(DeltaCRLIndicatorExtension.class.getSimpleName()) &&
- mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.class.getSimpleName()) &&
- mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.class.getSimpleName()));
+ mCMSCRLExtensions.isCRLExtensionEnabled(CRLNumberExtension.class.getSimpleName()) && mCMSCRLExtensions.isCRLExtensionEnabled(CRLReasonExtension.class.getSimpleName()));
}
public boolean isThisCurrentDeltaCRL(X509CRLImpl deltaCRL) {
@@ -2242,7 +2260,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public boolean isCRLCacheEmpty() {
- return ((mCRLCerts != null)? mCRLCerts.isEmpty(): true);
+ return ((mCRLCerts != null) ? mCRLCerts.isEmpty() : true);
}
public boolean isCRLCacheTestingEnabled() {
@@ -2250,8 +2268,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
public Date getRevocationDateFromCache(BigInteger serialNumber,
- boolean checkDeltaCache,
- boolean includeExpiredCerts) {
+ boolean checkDeltaCache,
+ boolean includeExpiredCerts) {
Date revocationDate = null;
if (mCRLCerts.containsKey(serialNumber)) {
@@ -2290,26 +2308,27 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* updates CRL and publishes it now
*/
public void updateCRLNow()
- throws EBaseException {
+ throws EBaseException {
updateCRLNow(null);
}
public synchronized void updateCRLNow(String signingAlgorithm)
- throws EBaseException {
+ throws EBaseException {
- if ((!mEnable) || (!mEnableCRLUpdates && !mDoLastAutoUpdate)) return;
+ if ((!mEnable) || (!mEnableCRLUpdates && !mDoLastAutoUpdate))
+ return;
CMS.debug("Updating CRL");
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATE_STARTED"),
new Object[] {
- getId(),
- getNextCRLNumber(),
- Boolean.toString(isDeltaCRLEnabled()),
- Boolean.toString(isCRLCacheEnabled()),
- Boolean.toString(mEnableCacheRecovery),
- Boolean.toString(mCRLCacheIsCleared),
- ""+mCRLCerts.size()+","+mRevokedCerts.size()+","+mUnrevokedCerts.size()+","+mExpiredCerts.size()+""
+ getId(),
+ getNextCRLNumber(),
+ Boolean.toString(isDeltaCRLEnabled()),
+ Boolean.toString(isCRLCacheEnabled()),
+ Boolean.toString(mEnableCacheRecovery),
+ Boolean.toString(mCRLCacheIsCleared),
+ "" + mCRLCerts.size() + "," + mRevokedCerts.size() + "," + mUnrevokedCerts.size() + "," + mExpiredCerts.size() + ""
}
);
mUpdatingCRL = CRL_UPDATE_STARTED;
@@ -2321,8 +2340,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Date nextDeltaUpdate = null;
if (mEnableCRLUpdates && ((mEnableDailyUpdates &&
- mDailyUpdates != null && mTimeListSize > 0) ||
- (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
+ mDailyUpdates != null && mTimeListSize > 0) ||
+ (mEnableUpdateFreq && mAutoUpdateInterval > 0))) {
if ((!isDeltaCRLEnabled()) || mSchemaCounter == 0 || mUpdateSchema == 1) {
nextUpdate = new Date(findNextUpdate(false, false));
@@ -2332,7 +2351,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mUpdateSchema > 1 || (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1)) {
nextDeltaUpdate = new Date(findNextUpdate(false, true));
if (mExtendedNextUpdate && mSchemaCounter > 0 &&
- mNextUpdate != null && mNextUpdate.equals(nextDeltaUpdate)) {
+ mNextUpdate != null && mNextUpdate.equals(nextDeltaUpdate)) {
if (mEnableDailyUpdates && mExtendedTimeList && mTimeListSize > 1) {
mSchemaCounter = mTimeListSize - 1;
} else {
@@ -2354,32 +2373,32 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mLastUpdate = thisUpdate;
// mNextUpdate = nextUpdate;
- mNextDeltaUpdate = (nextDeltaUpdate != null)? new Date(nextDeltaUpdate.getTime()): null;
+ mNextDeltaUpdate = (nextDeltaUpdate != null) ? new Date(nextDeltaUpdate.getTime()) : null;
if (nextUpdate != null) {
- nextUpdate.setTime((nextUpdate.getTime())+mNextUpdateGracePeriod);
+ nextUpdate.setTime((nextUpdate.getTime()) + mNextUpdateGracePeriod);
}
if (nextDeltaUpdate != null) {
- nextDeltaUpdate.setTime((nextDeltaUpdate.getTime())+mNextUpdateGracePeriod);
+ nextDeltaUpdate.setTime((nextDeltaUpdate.getTime()) + mNextUpdateGracePeriod);
}
mSplits[0] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>)mRevokedCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedRevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mRevokedCerts.clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>)mUnrevokedCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedUnrevokedCerts = (Hashtable<BigInteger, RevokedCertificate>) mUnrevokedCerts.clone();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate> )mExpiredCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> clonedExpiredCerts = (Hashtable<BigInteger, RevokedCertificate>) mExpiredCerts.clone();
mSplits[0] += System.currentTimeMillis();
// starting from the beginning
if ((!mEnableCRLCache) ||
- ((mCRLCacheIsCleared && mCRLCerts.isEmpty() && clonedRevokedCerts.isEmpty() &&
- clonedUnrevokedCerts.isEmpty() && clonedExpiredCerts.isEmpty()) ||
- (mCRLCerts.isEmpty() && (!clonedUnrevokedCerts.isEmpty())) ||
- (mCRLCerts.size() < clonedUnrevokedCerts.size()) ||
- (mCRLCerts.isEmpty() && (mCRLSize > 0)) ||
+ ((mCRLCacheIsCleared && mCRLCerts.isEmpty() && clonedRevokedCerts.isEmpty() &&
+ clonedUnrevokedCerts.isEmpty() && clonedExpiredCerts.isEmpty()) ||
+ (mCRLCerts.isEmpty() && (!clonedUnrevokedCerts.isEmpty())) ||
+ (mCRLCerts.size() < clonedUnrevokedCerts.size()) ||
+ (mCRLCerts.isEmpty() && (mCRLSize > 0)) ||
(mCRLCerts.size() > 0 && mCRLSize == 0))) {
mSplits[5] -= System.currentTimeMillis();
@@ -2390,15 +2409,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
clonedExpiredCerts.clear();
mSchemaCounter = 0;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("generation");
+ statsSub.startTiming("generation");
}
CertRecProcessor cp = new CertRecProcessor(mCRLCerts, this, mLogger, mAllowExtensions);
processRevokedCerts(cp);
if (statsSub != null) {
- statsSub.endTiming("generation");
+ statsSub.endTiming("generation");
}
mCRLCacheIsCleared = false;
@@ -2407,7 +2426,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (isDeltaCRLEnabled()) {
mSplits[1] -= System.currentTimeMillis();
@SuppressWarnings("unchecked")
- Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate> )clonedRevokedCerts.clone();
+ Hashtable<BigInteger, RevokedCertificate> deltaCRLCerts = (Hashtable<BigInteger, RevokedCertificate>) clonedRevokedCerts.clone();
deltaCRLCerts.putAll(clonedUnrevokedCerts);
if (mIncludeExpiredCertsOneExtraTime) {
@@ -2415,8 +2434,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
for (Enumeration<BigInteger> e = clonedExpiredCerts.keys(); e.hasMoreElements();) {
BigInteger serialNumber = e.nextElement();
if ((mLastFullUpdate != null &&
- mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
- mLastFullUpdate == null) {
+ mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
+ mLastFullUpdate == null) {
deltaCRLCerts.put(serialNumber, clonedExpiredCerts.get(serialNumber));
}
}
@@ -2434,7 +2453,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
String extName = extNames.elementAt(i);
if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) &&
- (!extName.equals(FreshestCRLExtension.class.getSimpleName()))) {
+ (!extName.equals(FreshestCRLExtension.class.getSimpleName()))) {
mCMSCRLExtensions.addToCRLExtensions(ext, extName, null);
}
}
@@ -2447,7 +2466,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
byte[] newDeltaCRL;
// #56123 - dont generate CRL if no revoked certificates
- if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+ if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
if (deltaCRLCerts.size() == 0) {
CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No Delta CRL Generated");
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
@@ -2468,12 +2487,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mDeltaCRLSize = deltaCRLCerts.size();
-
long totalTime = 0;
String splitTimes = " (";
for (int i = 1; i < mSplits.length && i < 5; i++) {
totalTime += mSplits[i];
- if (i > 1) splitTimes += ",";
+ if (i > 1)
+ splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
splitTimes += ")";
@@ -2481,13 +2500,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
AuditFormat.LEVEL,
CMS.getLogMessage("CMSCORE_CA_CA_DELTA_CRL_UPDATED"),
new Object[] {
- getId(),
- getNextCRLNumber(),
- getCRLNumber(),
- getLastUpdate(),
- getNextDeltaUpdate(),
- Long.toString(mDeltaCRLSize),
- Long.toString(totalTime)+splitTimes
+ getId(),
+ getNextCRLNumber(),
+ getCRLNumber(),
+ getLastUpdate(),
+ getNextDeltaUpdate(),
+ Long.toString(mDeltaCRLSize),
+ Long.toString(totalTime) + splitTimes
}
);
} catch (EBaseException e) {
@@ -2513,7 +2532,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mSplits[4] += System.currentTimeMillis();
} catch (EBaseException e) {
newX509DeltaCRL = null;
- if (Debug.on())
+ if (Debug.on())
Debug.printStackTrace(e);
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_PUBLISH_DELTA", mCRLNumber.toString(), e.toString()));
} catch (OutOfMemoryError e) {
@@ -2528,8 +2547,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
if (mSchemaCounter == 0) {
if (((!mCRLCerts.isEmpty()) && ((!clonedRevokedCerts.isEmpty()) ||
- (!clonedUnrevokedCerts.isEmpty()) || (!clonedExpiredCerts.isEmpty()))) ||
- (mCRLCerts.isEmpty() && (mCRLSize == 0) && (!clonedRevokedCerts.isEmpty()))) {
+ (!clonedUnrevokedCerts.isEmpty()) || (!clonedExpiredCerts.isEmpty()))) ||
+ (mCRLCerts.isEmpty() && (mCRLSize == 0) && (!clonedRevokedCerts.isEmpty()))) {
if (!clonedUnrevokedCerts.isEmpty()) {
for (Enumeration<BigInteger> e = clonedUnrevokedCerts.keys(); e.hasMoreElements();) {
@@ -2556,9 +2575,9 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
BigInteger serialNumber = e.nextElement();
if ((!mIncludeExpiredCertsOneExtraTime) ||
- (mLastFullUpdate != null &&
- mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
- mLastFullUpdate == null) {
+ (mLastFullUpdate != null &&
+ mLastFullUpdate.after((mExpiredCerts.get(serialNumber)).getRevocationDate())) ||
+ mLastFullUpdate == null) {
if (mCRLCerts.containsKey(serialNumber)) {
mCRLCerts.remove(serialNumber);
}
@@ -2595,7 +2614,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
String extName = extNames.elementAt(i);
if (mCMSCRLExtensions.isCRLExtensionEnabled(extName) &&
- (!extName.equals(DeltaCRLIndicatorExtension.class.getSimpleName()))) {
+ (!extName.equals(DeltaCRLIndicatorExtension.class.getSimpleName()))) {
mCMSCRLExtensions.addToCRLExtensions(ext, extName, null);
}
}
@@ -2609,16 +2628,16 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
byte[] newCRL;
CMS.debug("Making CRL with algorithm " +
- signingAlgorithm + " " + AlgorithmId.get(signingAlgorithm));
+ signingAlgorithm + " " + AlgorithmId.get(signingAlgorithm));
mSplits[7] -= System.currentTimeMillis();
// #56123 - dont generate CRL if no revoked certificates
- if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
- if (mCRLCerts.size() == 0) {
- CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated");
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
- }
+ if (mConfigStore.getBoolean("noCRLIfNoRevokedCert", false)) {
+ if (mCRLCerts.size() == 0) {
+ CMS.debug("CRLIssuingPoint: No Revoked Certificates Found And noCRLIfNoRevokedCert is set to true - No CRL Generated");
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "No Revoked Certificates"));
+ }
}
CMS.debug("before new X509CRLImpl");
X509CRLImpl crl = new X509CRLImpl(mCA.getCRLX500Name(),
@@ -2637,19 +2656,19 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Date nextUpdateDate = mNextUpdate;
if (isDeltaCRLEnabled() && (mUpdateSchema > 1 ||
- (mEnableDailyUpdates && mExtendedTimeList)) && mNextDeltaUpdate != null) {
+ (mEnableDailyUpdates && mExtendedTimeList)) && mNextDeltaUpdate != null) {
nextUpdateDate = mNextDeltaUpdate;
}
if (mSaveMemory) {
mCRLRepository.updateCRLIssuingPointRecord(
- mId, newCRL, thisUpdate, nextUpdateDate,
- mNextCRLNumber, Long.valueOf(mCRLCerts.size()));
+ mId, newCRL, thisUpdate, nextUpdateDate,
+ mNextCRLNumber, Long.valueOf(mCRLCerts.size()));
updateCRLCacheRepository();
} else {
mCRLRepository.updateCRLIssuingPointRecord(
- mId, newCRL, thisUpdate, nextUpdateDate,
- mNextCRLNumber, Long.valueOf(mCRLCerts.size()),
- mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
+ mId, newCRL, thisUpdate, nextUpdateDate,
+ mNextCRLNumber, Long.valueOf(mCRLCerts.size()),
+ mRevokedCerts, mUnrevokedCerts, mExpiredCerts);
mFirstUnsaved = ICRLIssuingPointRecord.CLEAN_CACHE;
}
@@ -2661,11 +2680,10 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mNextCRLNumber = mCRLNumber.add(BigInteger.ONE);
mNextDeltaCRLNumber = mNextCRLNumber;
-
CMS.debug("Logging CRL Update to transaction log");
- long totalTime = 0;
- long crlTime = 0;
- long deltaTime = 0;
+ long totalTime = 0;
+ long crlTime = 0;
+ long deltaTime = 0;
String splitTimes = " (";
for (int i = 0; i < mSplits.length; i++) {
totalTime += mSplits[i];
@@ -2674,22 +2692,23 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} else {
crlTime += mSplits[i];
}
- if (i > 0) splitTimes += ",";
+ if (i > 0)
+ splitTimes += ",";
splitTimes += Long.toString(mSplits[i]);
}
splitTimes += "," + Long.toString(deltaTime) + "," + Long.toString(crlTime) + "," + Long.toString(totalTime) + ")";
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
AuditFormat.LEVEL,
CMS.getLogMessage("CMSCORE_CA_CA_CRL_UPDATED"),
- new Object[] {
- getId(),
- getCRLNumber(),
- getLastUpdate(),
- getNextUpdate(),
- Long.toString(mCRLSize),
- Long.toString(totalTime),
- Long.toString(crlTime),
- Long.toString(deltaTime)+splitTimes
+ new Object[] {
+ getId(),
+ getCRLNumber(),
+ getLastUpdate(),
+ getNextUpdate(),
+ Long.toString(mCRLSize),
+ Long.toString(totalTime),
+ Long.toString(crlTime),
+ Long.toString(deltaTime) + splitTimes
}
);
CMS.debug("Finished Logging CRL Update to transaction log");
@@ -2697,7 +2716,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
} catch (EBaseException e) {
newX509CRL = null;
mUpdatingCRL = CRL_UPDATE_DONE;
- if (Debug.on())
+ if (Debug.on())
Debug.printStackTrace(e);
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUING_SIGN_OR_STORE_CRL", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
@@ -2744,10 +2763,12 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mDeltaCRLNumber = mNextDeltaCRLNumber;
mNextDeltaCRLNumber = mDeltaCRLNumber.add(BigInteger.ONE);
}
-
- if ((!(mEnableDailyUpdates && mExtendedTimeList)) || mSchemaCounter == 0) mSchemaCounter++;
+
+ if ((!(mEnableDailyUpdates && mExtendedTimeList)) || mSchemaCounter == 0)
+ mSchemaCounter++;
if ((mEnableDailyUpdates && mExtendedTimeList && mSchemaCounter >= mTimeListSize) ||
- (mUpdateSchema > 1 && mSchemaCounter >= mUpdateSchema)) mSchemaCounter = 0;
+ (mUpdateSchema > 1 && mSchemaCounter >= mUpdateSchema))
+ mSchemaCounter = 0;
mLastDay = mCurrentDay;
mUpdatingCRL = CRL_UPDATE_DONE;
@@ -2758,34 +2779,34 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
* publish CRL. called from updateCRLNow() and init().
*/
- public void publishCRL()
- throws EBaseException {
+ public void publishCRL()
+ throws EBaseException {
publishCRL(null);
}
- protected void publishCRL(X509CRLImpl x509crl)
- throws EBaseException {
+ protected void publishCRL(X509CRLImpl x509crl)
+ throws EBaseException {
publishCRL(x509crl, false);
}
-
+
/*
* The Session Context is a Hashtable, but without type information.
* Suppress the warnings generated by adding to the session context
*
*/
- protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
- throws EBaseException {
+ protected void publishCRL(X509CRLImpl x509crl, boolean isDeltaCRL)
+ throws EBaseException {
SessionContext sc = SessionContext.getContext();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("crl_publishing");
+ statsSub.startTiming("crl_publishing");
}
if (mCountMod == 0) {
- sc.put(SC_CRL_COUNT, Integer.toString(mCount));
+ sc.put(SC_CRL_COUNT, Integer.toString(mCount));
} else {
- sc.put(SC_CRL_COUNT, Integer.toString(mCount%mCountMod));
+ sc.put(SC_CRL_COUNT, Integer.toString(mCount % mCountMod));
}
mCount++;
sc.put(SC_ISSUING_POINT_ID, mId);
@@ -2810,7 +2831,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
if (x509crl != null &&
- mPublisherProcessor != null && mPublisherProcessor.enabled()) {
+ mPublisherProcessor != null && mPublisherProcessor.enabled()) {
Enumeration<ILdapRule> rules = mPublisherProcessor.getRules(IPublisherProcessor.PROP_LOCAL_CRL);
if (rules == null || !rules.hasMoreElements()) {
CMS.debug("CRL publishing is not enabled.");
@@ -2819,7 +2840,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
mPublisherProcessor.publishCRL(mPublishDN, x509crl);
CMS.debug("CRL published to " + mPublishDN);
} else {
- mPublisherProcessor.publishCRL(x509crl,getId());
+ mPublisherProcessor.publishCRL(x509crl, getId());
CMS.debug("CRL published.");
}
}
@@ -2830,15 +2851,15 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
throw new EErrorPublishCRL(
CMS.getUserMessage("CMS_CA_ERROR_PUBLISH_CRL", mId, e.toString()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("crl_publishing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("crl_publishing");
+ }
}
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CRLIssuingPoint " + mId + " - " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
+ "CRLIssuingPoint " + mId + " - " + msg);
}
void setConfigParam(String name, String value) {
@@ -2848,7 +2869,7 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
class RevocationRequestListener implements IRequestListener {
public void init(ISubsystem sys, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
}
public void set(String name, String val) {
@@ -2858,36 +2879,36 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
String requestType = r.getRequestType();
if (requestType.equals(IRequest.REVOCATION_REQUEST) ||
- requestType.equals(IRequest.UNREVOCATION_REQUEST) ||
- requestType.equals(IRequest.CLA_CERT4CRL_REQUEST) ||
- requestType.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
+ requestType.equals(IRequest.UNREVOCATION_REQUEST) ||
+ requestType.equals(IRequest.CLA_CERT4CRL_REQUEST) ||
+ requestType.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) {
CMS.debug("Revocation listener called.");
// check if serial number is in begin/end range if set.
if (mBeginSerial != null || mEndSerial != null) {
CMS.debug(
- "Checking if serial number is between " +
- mBeginSerial + " and " + mEndSerial);
- BigInteger[] serialNos =
- r.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ "Checking if serial number is between " +
+ mBeginSerial + " and " + mEndSerial);
+ BigInteger[] serialNos =
+ r.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (serialNos == null || serialNos.length == 0) {
- X509CertImpl oldCerts[] =
- r.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl oldCerts[] =
+ r.getExtDataInCertArray(IRequest.OLD_CERTS);
- if (oldCerts == null || oldCerts.length == 0)
+ if (oldCerts == null || oldCerts.length == 0)
return;
serialNos = new BigInteger[oldCerts.length];
for (int i = 0; i < oldCerts.length; i++) {
serialNos[i] = oldCerts[i].getSerialNumber();
}
}
-
+
boolean inRange = false;
for (int i = 0; i < serialNos.length; i++) {
- if ((mBeginSerial == null ||
+ if ((mBeginSerial == null ||
serialNos[i].compareTo(mBeginSerial) >= 0) &&
- (mEndSerial == null ||
+ (mEndSerial == null ||
serialNos[i].compareTo(mEndSerial) <= 0)) {
inRange = true;
}
@@ -2921,8 +2942,8 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
Debug.printStackTrace(e);
r.setExtData(mCrlUpdateStatus, IRequest.RES_ERROR);
r.setExtData(mCrlUpdateError,
- new EBaseException(
- CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())));
+ new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())));
}
}
}
@@ -2930,7 +2951,6 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
}
}
-
class CertRecProcessor implements IElementProcessor {
private Hashtable<BigInteger, RevokedCertificate> mCRLCerts = null;
private boolean mAllowExtensions = false;
@@ -2947,101 +2967,100 @@ class CertRecProcessor implements IElementProcessor {
mIP = ip;
mAllowExtensions = allowExtensions;
mIssuingDistPointAttempted = false;
- mIssuingDistPointEnabled = false;
+ mIssuingDistPointEnabled = false;
mOnlySomeReasons = null;
}
private boolean initCRLIssuingDistPointExtension() {
- boolean result = false;
- CMSCRLExtensions exts = null;
-
- if(mIssuingDistPointAttempted == true) {
- if((mIssuingDistPointEnabled == true) && (mOnlySomeReasons != null )) {
- return true;
- } else {
- return false;
- }
- }
-
- mIssuingDistPointAttempted = true;
- exts = (CMSCRLExtensions) mIP.getCRLExtensions();
- if(exts == null) {
- return result;
- }
- boolean isIssuingDistPointExtEnabled = false;
- isIssuingDistPointExtEnabled = exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.class.getSimpleName());
- if(isIssuingDistPointExtEnabled == false) {
+ boolean result = false;
+ CMSCRLExtensions exts = null;
+
+ if (mIssuingDistPointAttempted == true) {
+ if ((mIssuingDistPointEnabled == true) && (mOnlySomeReasons != null)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ mIssuingDistPointAttempted = true;
+ exts = (CMSCRLExtensions) mIP.getCRLExtensions();
+ if (exts == null) {
+ return result;
+ }
+ boolean isIssuingDistPointExtEnabled = false;
+ isIssuingDistPointExtEnabled = exts.isCRLExtensionEnabled(IssuingDistributionPointExtension.class.getSimpleName());
+ if (isIssuingDistPointExtEnabled == false) {
mIssuingDistPointEnabled = false;
return false;
}
mIssuingDistPointEnabled = true;
- //Get info out of the IssuingDistPointExtension
+ //Get info out of the IssuingDistPointExtension
CRLExtensions ext = new CRLExtensions();
Vector<String> extNames = exts.getCRLExtensionNames();
- for (int i = 0; i < extNames.size(); i++) {
- String extName = extNames.elementAt(i);
- if (extName.equals(IssuingDistributionPointExtension.class.getSimpleName())) {
- exts.addToCRLExtensions(ext, extName, null);
- }
- }
- Extension issuingDistExt = null;
- try {
- issuingDistExt = ext.get(IssuingDistributionPointExtension.class.getSimpleName());
- } catch (Exception e) {
+ for (int i = 0; i < extNames.size(); i++) {
+ String extName = extNames.elementAt(i);
+ if (extName.equals(IssuingDistributionPointExtension.class.getSimpleName())) {
+ exts.addToCRLExtensions(ext, extName, null);
}
+ }
+ Extension issuingDistExt = null;
+ try {
+ issuingDistExt = ext.get(IssuingDistributionPointExtension.class.getSimpleName());
+ } catch (Exception e) {
+ }
- IssuingDistributionPointExtension iExt = null;
- if(issuingDistExt != null)
- iExt = (IssuingDistributionPointExtension) issuingDistExt;
- IssuingDistributionPoint issuingDistributionPoint = null;
- if(iExt != null)
- issuingDistributionPoint = iExt.getIssuingDistributionPoint();
+ IssuingDistributionPointExtension iExt = null;
+ if (issuingDistExt != null)
+ iExt = (IssuingDistributionPointExtension) issuingDistExt;
+ IssuingDistributionPoint issuingDistributionPoint = null;
+ if (iExt != null)
+ issuingDistributionPoint = iExt.getIssuingDistributionPoint();
- BitArray onlySomeReasons = null;
+ BitArray onlySomeReasons = null;
- if(issuingDistributionPoint != null)
- onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
+ if (issuingDistributionPoint != null)
+ onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
- boolean applyReasonMatch = false;
- boolean reasonMatch = true;
+ boolean applyReasonMatch = false;
+ boolean reasonMatch = true;
- if(onlySomeReasons != null) {
- applyReasonMatch = !onlySomeReasons.toString().equals("0000000");
- CMS.debug("applyReasonMatch " + applyReasonMatch);
- if(applyReasonMatch == true) {
- mOnlySomeReasons = onlySomeReasons;
- result = true;
- }
+ if (onlySomeReasons != null) {
+ applyReasonMatch = !onlySomeReasons.toString().equals("0000000");
+ CMS.debug("applyReasonMatch " + applyReasonMatch);
+ if (applyReasonMatch == true) {
+ mOnlySomeReasons = onlySomeReasons;
+ result = true;
}
- return result;
+ }
+ return result;
}
- private boolean checkOnlySomeReasonsExtension(CRLExtensions entryExts)
- {
+ private boolean checkOnlySomeReasonsExtension(CRLExtensions entryExts) {
boolean includeCert = true;
//This is exactly how the Pretty Print code obtains the reason code
//through the extensions
- if(entryExts == null) {
+ if (entryExts == null) {
return includeCert;
}
Extension crlReasonExt = null;
try {
- crlReasonExt = entryExts.get(CRLReasonExtension.class.getSimpleName());
+ crlReasonExt = entryExts.get(CRLReasonExtension.class.getSimpleName());
} catch (Exception e) {
return includeCert;
}
RevocationReason reason = null;
int reasonIndex = 0;
- if(crlReasonExt != null) {
+ if (crlReasonExt != null) {
try {
- CRLReasonExtension theReason = (CRLReasonExtension) crlReasonExt;
- reason = (RevocationReason) theReason.get("value");
- reasonIndex = reason.toInt();
- CMS.debug("revoked reason " + reason);
+ CRLReasonExtension theReason = (CRLReasonExtension) crlReasonExt;
+ reason = (RevocationReason) theReason.get("value");
+ reasonIndex = reason.toInt();
+ CMS.debug("revoked reason " + reason);
} catch (Exception e) {
return includeCert;
}
@@ -3049,35 +3068,34 @@ class CertRecProcessor implements IElementProcessor {
return includeCert;
}
boolean reasonMatch = false;
- if(reason != null) {
- if(mOnlySomeReasons != null) {
+ if (reason != null) {
+ if (mOnlySomeReasons != null) {
reasonMatch = mOnlySomeReasons.get(reasonIndex);
- if(reasonMatch != true) {
+ if (reasonMatch != true) {
includeCert = false;
} else {
CMS.debug("onlySomeReasons match! reason: " + reason);
}
}
}
-
+
return includeCert;
}
- public boolean checkRevokedCertExtensions(CRLExtensions crlExtensions)
- {
+ public boolean checkRevokedCertExtensions(CRLExtensions crlExtensions) {
//For now just check the onlySomeReason CRL IssuingDistributionPoint extension
- boolean includeCert = true;
- if((crlExtensions == null) || (mAllowExtensions == false)) {
+ boolean includeCert = true;
+ if ((crlExtensions == null) || (mAllowExtensions == false)) {
return includeCert;
}
boolean inited = initCRLIssuingDistPointExtension();
//If the CRLIssuingDistPointExtension is not available or
// if onlySomeReasons does not apply, bail.
- if(inited == false) {
+ if (inited == false) {
return includeCert;
- }
+ }
//Check the onlySomeReasonsExtension
includeCert = checkOnlySomeReasonsExtension(crlExtensions);
@@ -3099,22 +3117,21 @@ class CertRecProcessor implements IElementProcessor {
entryExt = mIP.getRequiredEntryExtensions(crlExts);
}
RevokedCertificate newRevokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExt);
+ new RevokedCertImpl(serialNumber, revocationDate, entryExt);
boolean includeCert = checkRevokedCertExtensions(crlExts);
if (includeCert == true) {
mCRLCerts.put(serialNumber, (RevokedCertificate) newRevokedCert);
if (serialNumber != null) {
- CMS.debug("Putting certificate serial: 0x"+serialNumber.toString(16)+" into CRL hashtable");
+ CMS.debug("Putting certificate serial: 0x" + serialNumber.toString(16) + " into CRL hashtable");
}
}
} catch (EBaseException e) {
CMS.debug(
- "CA failed constructing CRL entry: " +
- (mCRLCerts.size() + 1) + " " + e);
+ "CA failed constructing CRL entry: " +
+ (mCRLCerts.size() + 1) + " " + e);
throw new ECAException(CMS.getUserMessage("CMS_CA_FAILED_CONSTRUCTING_CRL", e.toString()));
}
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java b/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
index bb204386..9ad619ff 100644
--- a/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
+++ b/pki/base/ca/src/com/netscape/ca/CRLWithExpiredCerts.java
@@ -17,44 +17,42 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.math.BigInteger;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cmscore.dbs.CertRecord;
-
/**
- * A CRL Issuing point that contains revoked certs, include onces that
+ * A CRL Issuing point that contains revoked certs, include onces that
* have expired.
*/
public class CRLWithExpiredCerts extends CRLIssuingPoint {
/**
- * overrides getRevokedCerts in CRLIssuingPoint to include
+ * overrides getRevokedCerts in CRLIssuingPoint to include
* all revoked certs, including once that have expired.
- *
+ *
* @param thisUpdate parameter is ignored.
- *
+ *
* @exception EBaseException if an exception occured getting revoked
- * certificates from the database.
+ * certificates from the database.
*/
public String getFilter() {
// PLEASE DONT CHANGE THE FILTER. It is indexed.
// Changing it will degrade performance. See
// also com.netscape.certsetup.LDAPUtil.java
String filter =
- "(|(" + CertRecord.ATTR_CERT_STATUS + "=" +
- CertRecord.STATUS_REVOKED + ")" +
- "(" + CertRecord.ATTR_CERT_STATUS + "=" +
- CertRecord.STATUS_REVOKED_EXPIRED + "))";
+ "(|(" + CertRecord.ATTR_CERT_STATUS + "=" +
+ CertRecord.STATUS_REVOKED + ")" +
+ "(" + CertRecord.ATTR_CERT_STATUS + "=" +
+ CertRecord.STATUS_REVOKED_EXPIRED + "))";
// check if any ranges specified.
- if (mBeginSerial != null)
+ if (mBeginSerial != null)
filter += "(" + CertRecord.ATTR_ID + ">=" + mBeginSerial.toString() + ")";
if (mEndSerial != null)
filter += "(" + CertRecord.ATTR_ID + "<=" + mEndSerial.toString() + ")";
- // get all revoked non-expired certs.
+ // get all revoked non-expired certs.
if (mEndSerial != null || mBeginSerial != null) {
filter = "(&" + filter + ")";
}
diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 657ed72c..745aade9 100644
--- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -117,12 +116,11 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
import com.netscape.cmsutil.ocsp.UnknownInfo;
-
/**
* A class represents a Certificate Authority that is
* responsible for certificate specific operations.
* <P>
- *
+ *
* @author lhsiao
* @version $Revision$, $Date$
*/
@@ -134,7 +132,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
protected ISubsystem mOwner = null;
protected IConfigStore mConfig = null;
protected ILogger mLogger = CMS.getLogger();
- protected Hashtable<String, ICRLIssuingPoint> mCRLIssuePoints = new Hashtable<String, ICRLIssuingPoint>();
+ protected Hashtable<String, ICRLIssuingPoint> mCRLIssuePoints = new Hashtable<String, ICRLIssuingPoint>();
protected CRLIssuingPoint mMasterCRLIssuePoint = null; // the complete crl.
protected SigningUnit mSigningUnit;
protected SigningUnit mOCSPSigningUnit;
@@ -143,8 +141,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
protected X500Name mName = null;
protected X500Name mCRLName = null;
protected X500Name mOCSPName = null;
- protected String mNickname = null; // nickname of CA signing cert.
- protected String mOCSPNickname = null; // nickname of OCSP signing cert.
+ protected String mNickname = null; // nickname of CA signing cert.
+ protected String mOCSPNickname = null; // nickname of OCSP signing cert.
protected long mCertSerialNumberCounter = System.currentTimeMillis();
protected long mRequestID = System.currentTimeMillis();
@@ -185,7 +183,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
protected boolean mEnableOCSP;
protected int mFastSigning = FASTSIGNING_DISABLED;
- protected static final long SECOND = 1000; // 1000 milliseconds
+ protected static final long SECOND = 1000; // 1000 milliseconds
protected static final long MINUTE = 60 * SECOND;
protected static final long HOUR = 60 * MINUTE;
protected static final long DAY = 24 * HOUR;
@@ -197,7 +195,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// for the notification listeners
- /**
+ /**
* Package constants
*/
@@ -261,12 +259,12 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
}
-
public void publishCRLNow() throws EBaseException {
if (mMasterCRLIssuePoint != null) {
mMasterCRLIssuePoint.publishCRL();
}
}
+
public ICRLPublisher getCRLPublisher() {
return mCRLPublisher;
}
@@ -286,7 +284,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Initializes this CA subsystem.
* <P>
- *
+ *
* @param owner owner of this subsystem
* @param config configuration of this subsystem
* @exception EBaseException failed to initialize this CA
@@ -294,97 +292,97 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public void init(ISubsystem owner, IConfigStore config) throws
EBaseException {
- try {
- CMS.debug("CertificateAuthority init ");
- mOwner = owner;
- mConfig = config;
+ try {
+ CMS.debug("CertificateAuthority init ");
+ mOwner = owner;
+ mConfig = config;
- // init cert & crl database.
- initCaDatabases();
+ // init cert & crl database.
+ initCaDatabases();
- // init signing unit & CA cert.
- try {
- initSigUnit();
- // init default CA attributes like cert version, validity.
- initDefCaAttrs();
- } catch (EBaseException e) {
- if (CMS.isPreOpMode())
- ;
- else
- throw e;
- }
+ // init signing unit & CA cert.
+ try {
+ initSigUnit();
+ // init default CA attributes like cert version, validity.
+ initDefCaAttrs();
+ } catch (EBaseException e) {
+ if (CMS.isPreOpMode())
+ ;
+ else
+ throw e;
+ }
- // init web gateway.
- initWebGateway();
+ // init web gateway.
+ initWebGateway();
- mUseNonces = mConfig.getBoolean("enableNonces", true);
- mMaxNonces = mConfig.getInteger("maxNumberOfNonces", 100);
- if (mUseNonces) {
- mNonces = new Nonces(mMaxNonces);
- CMS.debug("CertificateAuthority init: Nonces enabled. ("+mNonces.size()+")");
- }
+ mUseNonces = mConfig.getBoolean("enableNonces", true);
+ mMaxNonces = mConfig.getInteger("maxNumberOfNonces", 100);
+ if (mUseNonces) {
+ mNonces = new Nonces(mMaxNonces);
+ CMS.debug("CertificateAuthority init: Nonces enabled. (" + mNonces.size() + ")");
+ }
- // init request queue and related modules.
- CMS.debug("CertificateAuthority init: initRequestQueue");
- initRequestQueue();
- if (CMS.isPreOpMode())
- return;
+ // init request queue and related modules.
+ CMS.debug("CertificateAuthority init: initRequestQueue");
+ initRequestQueue();
+ if (CMS.isPreOpMode())
+ return;
- // set certificate status to 10 minutes
- mCertRepot.setCertStatusUpdateInterval(
- mRequestQueue.getRequestRepository(),
- mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
- mConfig.getBoolean("listenToCloneModifications", false));
- mCertRepot.setConsistencyCheck(
- mConfig.getBoolean("ConsistencyCheck", false));
- mCertRepot.setSkipIfInConsistent(
- mConfig.getBoolean("SkipIfInConsistent", false));
-
- mService.init(config.getSubStore("connector"));
+ // set certificate status to 10 minutes
+ mCertRepot.setCertStatusUpdateInterval(
+ mRequestQueue.getRequestRepository(),
+ mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
+ mConfig.getBoolean("listenToCloneModifications", false));
+ mCertRepot.setConsistencyCheck(
+ mConfig.getBoolean("ConsistencyCheck", false));
+ mCertRepot.setSkipIfInConsistent(
+ mConfig.getBoolean("SkipIfInConsistent", false));
- initMiscellaneousListeners();
+ mService.init(config.getSubStore("connector"));
- // instantiate CRL publisher
- IConfigStore cpStore = null;
+ initMiscellaneousListeners();
- mByName = config.getBoolean("byName", true);
+ // instantiate CRL publisher
+ IConfigStore cpStore = null;
- cpStore = config.getSubStore("crlPublisher");
- if (cpStore != null && cpStore.size() > 0) {
- String publisherClass = cpStore.getString("class");
+ mByName = config.getBoolean("byName", true);
- if (publisherClass != null) {
- try {
- @SuppressWarnings("unchecked")
- Class<ICRLPublisher> pc = (Class<ICRLPublisher>) Class.forName(publisherClass);
-
- mCRLPublisher = pc.newInstance();
- mCRLPublisher.init(this, cpStore);
- } catch (ClassNotFoundException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- } catch (IllegalAccessException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
- } catch (InstantiationException ee) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ cpStore = config.getSubStore("crlPublisher");
+ if (cpStore != null && cpStore.size() > 0) {
+ String publisherClass = cpStore.getString("class");
+
+ if (publisherClass != null) {
+ try {
+ @SuppressWarnings("unchecked")
+ Class<ICRLPublisher> pc = (Class<ICRLPublisher>) Class.forName(publisherClass);
+
+ mCRLPublisher = pc.newInstance();
+ mCRLPublisher.init(this, cpStore);
+ } catch (ClassNotFoundException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ } catch (IllegalAccessException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ } catch (InstantiationException ee) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_NO_PUBLISHER", ee.toString()));
+ }
}
}
- }
- // initialize publisher processor (publish remote admin
- // rely on this subsystem, so it has to be initialized)
- initPublish();
+ // initialize publisher processor (publish remote admin
+ // rely on this subsystem, so it has to be initialized)
+ initPublish();
- // Initialize CRL issuing points.
- // note CRL framework depends on DBS, CRYPTO and PUBLISHING
- // being functional.
- initCRL();
+ // Initialize CRL issuing points.
+ // note CRL framework depends on DBS, CRYPTO and PUBLISHING
+ // being functional.
+ initCRL();
- } catch (EBaseException e) {
- if (CMS.isPreOpMode())
- return;
- else
- throw e;
- }
+ } catch (EBaseException e) {
+ if (CMS.isPreOpMode())
+ return;
+ else
+ throw e;
+ }
}
/**
@@ -393,7 +391,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public IRequestQueue getRequestQueue() {
return mRequestQueue;
}
-
+
/**
* registers listener
*/
@@ -506,7 +504,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
mService.startup();
mRequestQueue.recover();
-
+
// Note that this could be null.
// setup Admin operations
@@ -524,7 +522,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public void shutdown() {
Enumeration<ICRLIssuingPoint> enums = mCRLIssuePoints.elements();
while (enums.hasMoreElements()) {
- CRLIssuingPoint point = (CRLIssuingPoint)enums.nextElement();
+ CRLIssuingPoint point = (CRLIssuingPoint) enums.nextElement();
point.shutdown();
}
@@ -577,7 +575,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return mDefaultValidity;
}
- public SignatureAlgorithm getDefaultSignatureAlgorithm() {
+ public SignatureAlgorithm getDefaultSignatureAlgorithm() {
return mSigningUnit.getDefaultSignatureAlgorithm();
}
@@ -592,7 +590,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public String getStartSerial() {
try {
BigInteger serial =
- ((Repository) mCertRepot).getTheSerialNumber();
+ ((Repository) mCertRepot).getTheSerialNumber();
if (serial == null)
return "";
@@ -600,7 +598,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return serial.toString(16);
} catch (EBaseException e) {
// shouldn't get here.
- return "";
+ return "";
}
}
@@ -624,24 +622,23 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Retrieves certificate repository.
* <P>
- *
+ *
* @return certificate repository
*/
public ICertificateRepository getCertificateRepository() {
return mCertRepot;
}
-
+
/**
* Retrieves replica repository.
* <P>
- *
+ *
* @return replica repository
*/
public IReplicaIDRepository getReplicaRepository() {
return mReplicaRepot;
}
-
/**
* Retrieves CRL repository.
*/
@@ -656,6 +653,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Retrieves the CRL issuing point by id.
* <P>
+ *
* @param id string id of the CRL issuing point
* @return CRL issuing point
*/
@@ -666,6 +664,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Enumerates CRL issuing points
* <P>
+ *
* @return security service
*/
public Enumeration<ICRLIssuingPoint> getCRLIssuingPoints() {
@@ -680,7 +679,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* Adds CRL issuing point with the given identifier and description.
*/
@SuppressWarnings("unchecked")
- public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id,
+ public boolean addCRLIssuingPoint(IConfigStore crlSubStore, String id,
boolean enable, String description) {
crlSubStore.makeSubStore(id);
IConfigStore c = crlSubStore.getSubStore(id);
@@ -716,7 +715,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.AuthorityInformationAccess.critical", "false");
c.putString("extension.AuthorityInformationAccess.type", "CRLExtension");
c.putString("extension.AuthorityInformationAccess.class",
- "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
+ "com.netscape.cms.crl.CMSAuthInfoAccessExtension");
c.putString("extension.AuthorityInformationAccess.numberOfAccessDescriptions", "1");
c.putString("extension.AuthorityInformationAccess.accessMethod0", "caIssuers");
c.putString("extension.AuthorityInformationAccess.accessLocationType0", "URI");
@@ -726,13 +725,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.AuthorityKeyIdentifier.critical", "false");
c.putString("extension.AuthorityKeyIdentifier.type", "CRLExtension");
c.putString("extension.AuthorityKeyIdentifier.class",
- "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+ "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
// IssuerAlternativeName
c.putString("extension.IssuerAlternativeName.enable", "false");
c.putString("extension.IssuerAlternativeName.critical", "false");
c.putString("extension.IssuerAlternativeName.type", "CRLExtension");
c.putString("extension.IssuerAlternativeName.class",
- "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+ "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
c.putString("extension.IssuerAlternativeName.numNames", "0");
c.putString("extension.IssuerAlternativeName.nameType0", "");
c.putString("extension.IssuerAlternativeName.name0", "");
@@ -741,19 +740,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.CRLNumber.critical", "false");
c.putString("extension.CRLNumber.type", "CRLExtension");
c.putString("extension.CRLNumber.class",
- "com.netscape.cms.crl.CMSCRLNumberExtension");
+ "com.netscape.cms.crl.CMSCRLNumberExtension");
// DeltaCRLIndicator
c.putString("extension.DeltaCRLIndicator.enable", "false");
c.putString("extension.DeltaCRLIndicator.critical", "true");
c.putString("extension.DeltaCRLIndicator.type", "CRLExtension");
c.putString("extension.DeltaCRLIndicator.class",
- "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+ "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
// IssuingDistributionPoint
c.putString("extension.IssuingDistributionPoint.enable", "false");
c.putString("extension.IssuingDistributionPoint.critical", "true");
c.putString("extension.IssuingDistributionPoint.type", "CRLExtension");
c.putString("extension.IssuingDistributionPoint.class",
- "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+ "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
c.putString("extension.IssuingDistributionPoint.pointType", "");
c.putString("extension.IssuingDistributionPoint.pointName", "");
c.putString("extension.IssuingDistributionPoint.onlyContainsUserCerts", "false");
@@ -766,7 +765,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.CRLReason.critical", "false");
c.putString("extension.CRLReason.type", "CRLEntryExtension");
c.putString("extension.CRLReason.class",
- "com.netscape.cms.crl.CMSCRLReasonExtension");
+ "com.netscape.cms.crl.CMSCRLReasonExtension");
// HoldInstruction - removed by RFC 5280
// c.putString("extension.HoldInstruction.enable", "false");
// c.putString("extension.HoldInstruction.critical", "false");
@@ -779,7 +778,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.InvalidityDate.critical", "false");
c.putString("extension.InvalidityDate.type", "CRLEntryExtension");
c.putString("extension.InvalidityDate.class",
- "com.netscape.cms.crl.CMSInvalidityDateExtension");
+ "com.netscape.cms.crl.CMSInvalidityDateExtension");
// CertificateIssuer
/*
c.putString("extension.CertificateIssuer.enable", "false");
@@ -796,7 +795,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
c.putString("extension.FreshestCRL.critical", "false");
c.putString("extension.FreshestCRL.type", "CRLExtension");
c.putString("extension.FreshestCRL.class",
- "com.netscape.cms.crl.CMSFreshestCRLExtension");
+ "com.netscape.cms.crl.CMSFreshestCRLExtension");
c.putString("extension.FreshestCRL.numPoints", "0");
c.putString("extension.FreshestCRL.pointType0", "");
c.putString("extension.FreshestCRL.pointName0", "");
@@ -807,7 +806,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
try {
issuingPointClassName = c.getString(PROP_CLASS);
- issuingPointClass = (Class<CRLIssuingPoint>)Class.forName(issuingPointClassName);
+ issuingPointClass = (Class<CRLIssuingPoint>) Class.forName(issuingPointClassName);
issuingPoint = (CRLIssuingPoint) issuingPointClass.newInstance();
issuingPoint.init(this, id, c);
mCRLIssuePoints.put(id, issuingPoint);
@@ -846,7 +845,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
mCRLRepot.deleteCRLIssuingPointRecord(id);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("FAILED_REMOVING_CRL_IP_2", id, e.toString()));
+ CMS.getLogMessage("FAILED_REMOVING_CRL_IP_2", id, e.toString()));
}
}
}
@@ -854,7 +853,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns X500 name of the Certificate Authority
* <P>
- *
+ *
* @return CA name
*/
public X500Name getX500Name() {
@@ -872,6 +871,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns nickname of CA's signing cert.
* <p>
+ *
* @return CA signing cert nickname.
*/
public String getNickname() {
@@ -881,6 +881,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns nickname of OCSP's signing cert.
* <p>
+ *
* @return OCSP signing cert nickname.
*/
public String getOCSPNickname() {
@@ -890,7 +891,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Returns default signing unit used by this CA
* <P>
- *
+ *
* @return request identifier
*/
public ISigningUnit getSigningUnit() {
@@ -911,23 +912,24 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
/**
* Signs CRL using the specified signature algorithm.
- * If no algorithm is specified the CA's default signing algorithm
+ * If no algorithm is specified the CA's default signing algorithm
* is used.
* <P>
+ *
* @param crl the CRL to be signed.
* @param algname the algorithm name to use. This is a JCA name such
- * as MD5withRSA, etc. If set to null the default signing algorithm
- * is used.
- *
+ * as MD5withRSA, etc. If set to null the default signing algorithm
+ * is used.
+ *
* @return the signed CRL
*/
public X509CRLImpl sign(X509CRLImpl crl, String algname)
- throws EBaseException {
+ throws EBaseException {
X509CRLImpl signedcrl = null;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long startTime = CMS.getCurrentDate().getTime();
@@ -976,9 +978,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
throw new ECAException(
CMS.getUserMessage("CMS_CA_SIGNING_CRL_FAILED", e.getMessage()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("signing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("signing");
+ }
}
return signedcrl;
@@ -988,20 +990,21 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* Signs the given certificate info using specified signing algorithm
* If no algorithm is specified the CA's default algorithm is used.
* <P>
+ *
* @param certInfo the certificate info to be signed.
* @param algname the signing algorithm to use. These are names defined
- * in JCA, such as MD5withRSA, etc. If null the CA's default
- * signing algorithm will be used.
+ * in JCA, such as MD5withRSA, etc. If null the CA's default
+ * signing algorithm will be used.
* @return signed certificate
*/
- public X509CertImpl sign(X509CertInfo certInfo, String algname)
- throws EBaseException {
+ public X509CertImpl sign(X509CertInfo certInfo, String algname)
+ throws EBaseException {
X509CertImpl signedcert = null;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long startTime = CMS.getCurrentDate().getTime();
@@ -1025,20 +1028,20 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("sign cert encoding cert");
certInfo.encode(tmp);
byte[] rawCert = tmp.toByteArray();
-
+
// encode algorithm identifier
CMS.debug("sign cert encoding algorithm");
alg.encode(tmp);
-
+
CMS.debug("CA cert signing: signing cert");
byte[] signature = mSigningUnit.sign(rawCert, algname);
-
+
tmp.putBitString(signature);
-
+
// Wrap the signed data in a SEQUENCE { data, algorithm, sig }
out.write(DerValue.tag_Sequence, tmp);
//log(ILogger.LL_INFO, "CertificateAuthority: done signing");
-
+
switch (mFastSigning) {
case FASTSIGNING_DISABLED:
signedcert = new X509CertImpl(out.toByteArray());
@@ -1051,8 +1054,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
default:
break;
}
- }
- catch (NoSuchAlgorithmException e) {
+ } catch (NoSuchAlgorithmException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_SIGN_CERT", e.toString(), e.getMessage()));
throw new ECAException(
CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
@@ -1065,9 +1067,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
throw new ECAException(
CMS.getUserMessage("CMS_CA_SIGNING_CERT_FAILED", e.getMessage()));
} finally {
- if (statsSub != null) {
- statsSub.endTiming("signing");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("signing");
+ }
}
return signedcert;
}
@@ -1076,27 +1078,30 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* Sign a byte array using the specified algorithm.
* If algorithm is null the CA's default algorithm is used.
* <p>
- * @param data the data to be signed in a byte array.
+ *
+ * @param data the data to be signed in a byte array.
* @param algname the algorithm to use.
* @return the signature in a byte array.
- */
- public byte[] sign(byte[] data, String algname)
- throws EBaseException {
+ */
+ public byte[] sign(byte[] data, String algname)
+ throws EBaseException {
return mSigningUnit.sign(data, algname);
}
/**
* logs a message in the CA area.
+ *
* @param level the debug level.
* @param msg the message to debug.
*/
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_CA,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_CA,
+ level, msg);
}
/**
* Retrieves certificate chains of this CA.
+ *
* @return this CA's cert chain.
*/
public CertificateChain getCACertChain() {
@@ -1105,18 +1110,18 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
public X509CertImpl getCACert() {
if (mCaCert != null) {
- return mCaCert;
+ return mCaCert;
}
// during configuration
try {
- String cert = mConfig.getString("signing.cert", null);
- if (cert != null) {
- return new X509CertImpl(CMS.AtoB(cert));
- }
+ String cert = mConfig.getString("signing.cert", null);
+ if (cert != null) {
+ return new X509CertImpl(CMS.AtoB(cert));
+ }
} catch (EBaseException e) {
- CMS.debug(e);
+ CMS.debug(e);
} catch (CertificateException e) {
- CMS.debug(e);
+ CMS.debug(e);
}
return null;
}
@@ -1126,10 +1131,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
public String[] getCASigningAlgorithms() {
- if (mCASigningAlgorithms != null)
+ if (mCASigningAlgorithms != null)
return mCASigningAlgorithms;
- if (mCaCert == null)
+ if (mCaCert == null)
return null; // CA not inited yet.
X509Key caPubKey = null;
@@ -1137,19 +1142,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
caPubKey = (X509Key) mCaCert.get(X509CertImpl.PUBLIC_KEY);
} catch (CertificateParsingException e) {
}
- if (caPubKey == null)
- return null; // something seriously wrong.
+ if (caPubKey == null)
+ return null; // something seriously wrong.
AlgorithmId alg = caPubKey.getAlgorithmId();
- if (alg == null)
- return null; // something seriously wrong.
+ if (alg == null)
+ return null; // something seriously wrong.
mCASigningAlgorithms = AlgorithmId.getSigningAlgorithms(alg);
if (mCASigningAlgorithms == null) {
CMS.debug(
- "CA - no signing algorithms for " + alg.getName());
+ "CA - no signing algorithms for " + alg.getName());
} else {
- CMS.debug(
- "CA First signing algorithm is " + mCASigningAlgorithms[0]);
+ CMS.debug(
+ "CA First signing algorithm is " + mCASigningAlgorithms[0]);
}
return mCASigningAlgorithms;
@@ -1159,17 +1164,16 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// Initialization routines.
//
-
/**
* init CA signing unit & cert chain.
*/
private void initSigUnit()
- throws EBaseException {
+ throws EBaseException {
try {
// init signing unit
mSigningUnit = new SigningUnit();
IConfigStore caSigningCfg =
- mConfig.getSubStore(PROP_SIGNING_SUBSTORE);
+ mConfig.getSubStore(PROP_SIGNING_SUBSTORE);
mSigningUnit.init(this, caSigningCfg);
CMS.debug("CA signing unit inited");
@@ -1188,38 +1192,38 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CryptoManager manager = CryptoManager.getInstance();
int caChainNum =
- caSigningCfg.getInteger(PROP_CA_CHAIN_NUM, 0);
+ caSigningCfg.getInteger(PROP_CA_CHAIN_NUM, 0);
CMS.debug("cachainNum= " + caChainNum);
if (caChainNum > 0) {
// custom build chain (for cross cert chain)
// audit here ***
IConfigStore chainStore =
- caSigningCfg.getSubStore(PROP_CA_CHAIN);
+ caSigningCfg.getSubStore(PROP_CA_CHAIN);
if (chainStore == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN",
- "ca cert chain config error"));
+ CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN",
+ "ca cert chain config error"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED",
- "ca cert chain config error"));
+ "ca cert chain config error"));
}
java.security.cert.X509Certificate[] implchain =
- new java.security.cert.X509Certificate[caChainNum];
+ new java.security.cert.X509Certificate[caChainNum];
for (int i = 0; i < caChainNum; i++) {
String subtreeName = PROP_CA_CERT + i;
// cert file name must be full path
String certFileName =
- chainStore.getString(subtreeName, null);
+ chainStore.getString(subtreeName, null);
if ((certFileName == null) || certFileName.equals("")) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_OCSP_CHAIN", "cert file config error"));
throw new ECAException(
CMS.getUserMessage("CMS_CA_BUILD_CA_CHAIN_FAILED",
- "cert file config error"));
+ "cert file config error"));
}
byte[] b64Bytes = getCertFromFile(certFileName);
String b64String = new String(b64Bytes);
@@ -1232,11 +1236,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("in init - custom built CA cert chain.");
} else {
// build ca chain the traditional way
- org.mozilla.jss.crypto.X509Certificate[] chain =
- manager.buildCertificateChain(mSigningUnit.getCert());
+ org.mozilla.jss.crypto.X509Certificate[] chain =
+ manager.buildCertificateChain(mSigningUnit.getCert());
// do this in case other subsyss expect a X509CertImpl
java.security.cert.X509Certificate[] implchain =
- new java.security.cert.X509Certificate[chain.length];
+ new java.security.cert.X509Certificate[chain.length];
for (int i = 0; i < chain.length; i++) {
implchain[i] = new X509CertImpl(chain[i].getEncoded());
@@ -1256,11 +1260,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
CMS.debug("Shared OCSP signing unit inited");
}
- org.mozilla.jss.crypto.X509Certificate[] ocspChain =
- manager.buildCertificateChain(mOCSPSigningUnit.getCert());
+ org.mozilla.jss.crypto.X509Certificate[] ocspChain =
+ manager.buildCertificateChain(mOCSPSigningUnit.getCert());
// do this in case other subsyss expect a X509CertImpl
java.security.cert.X509Certificate[] ocspImplchain =
- new java.security.cert.X509Certificate[ocspChain.length];
+ new java.security.cert.X509Certificate[ocspChain.length];
for (int i = 0; i < ocspChain.length; i++) {
ocspImplchain[i] = new X509CertImpl(ocspChain[i].getEncoded());
@@ -1319,7 +1323,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* read ca cert from path, converts and bytes
*/
byte[] getCertFromFile(String path)
- throws FileNotFoundException, IOException {
+ throws FileNotFoundException, IOException {
File file = new File(path);
Long l = Long.valueOf(file.length());
@@ -1331,16 +1335,16 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return b;
}
- /**
+ /**
* init default cert attributes.
*/
private void initDefCaAttrs()
- throws EBaseException {
- int version = mConfig.getInteger(PROP_X509CERT_VERSION,
+ throws EBaseException {
+ int version = mConfig.getInteger(PROP_X509CERT_VERSION,
CertificateVersion.V3);
- if (version != CertificateVersion.V1 &&
- version != CertificateVersion.V3) {
+ if (version != CertificateVersion.V1 &&
+ version != CertificateVersion.V3) {
throw new ECAException(
CMS.getUserMessage("CMS_CA_X509CERT_VERSION_NOT_SUPPORTED"));
}
@@ -1354,9 +1358,9 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
mDefaultValidity = validity_in_days * DAY; // days in config file.
- mEnablePastCATime =
+ mEnablePastCATime =
mConfig.getBoolean(PROP_ENABLE_PAST_CATIME, false);
- mEnableOCSP =
+ mEnableOCSP =
mConfig.getBoolean(PROP_ENABLE_OCSP, true);
String fs = mConfig.getString(PROP_FAST_SIGNING, "");
@@ -1373,19 +1377,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* init cert & crl database
*/
private void initCaDatabases()
- throws EBaseException {
+ throws EBaseException {
int certdb_inc = mConfig.getInteger(PROP_CERTDB_INC, 5);
String certReposDN = mConfig.getString(PROP_CERT_REPOS_DN, null);
- if (certReposDN == null) {
- certReposDN = "ou=certificateRepository, ou=" + getId() +
+ if (certReposDN == null) {
+ certReposDN = "ou=certificateRepository, ou=" + getId() +
", " + getDBSubsystem().getBaseDN();
}
String reposDN = mConfig.getString(PROP_REPOS_DN, null);
- if (reposDN == null) {
- reposDN = "ou=certificateRepository, ou=" + getId() +
+ if (reposDN == null) {
+ reposDN = "ou=certificateRepository, ou=" + getId() +
", " + getDBSubsystem().getBaseDN();
}
@@ -1409,15 +1413,15 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
DBSubsystem.getInstance(),
crldb_inc,
"ou=crlIssuingPoints, ou=" + getId() + ", " +
- getDBSubsystem().getBaseDN());
+ getDBSubsystem().getBaseDN());
CMS.debug("CRL Repot inited");
String replicaReposDN = mConfig.getString(PROP_REPLICAID_DN, null);
if (replicaReposDN == null) {
- replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
+ replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
}
mReplicaRepot = new ReplicaIDRepository(
- DBSubsystem.getInstance(), 1, replicaReposDN);
+ DBSubsystem.getInstance(), 1, replicaReposDN);
CMS.debug("Replica Repot inited");
}
@@ -1426,11 +1430,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* init web gateway - just gets the ee gateway for this CA.
*/
private void initWebGateway()
- throws EBaseException {
+ throws EBaseException {
}
private void startPublish()
- throws EBaseException {
+ throws EBaseException {
//xxx Note that CMS411 only support ca cert publishing to ldap
// if ldap publishing is not enabled while publishing isenabled
// there will be a lot of problem.
@@ -1449,7 +1453,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* init publishing
*/
private void initPublish()
- throws EBaseException {
+ throws EBaseException {
IConfigStore c = null;
try {
@@ -1489,7 +1493,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
while (names.hasMoreElements()) {
String id = (String) names.nextElement();
- if (Debug.ON)
+ if (Debug.ON)
Debug.trace("registering listener impl: " + id);
String cl = implc.getString(id + "." + PROP_CLASS);
@@ -1515,11 +1519,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
throw new Exception("Cannot initialize");
}
String className = plugin.getClassPath();
-
+
try {
IRequestListener listener = null;
- listener = (IRequestListener)
+ listener = (IRequestListener)
Class.forName(className).newInstance();
//listener.init(id, implName, iConfig);
@@ -1537,13 +1541,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
throw e;
}
}
-
+
}
-
+
} catch (Exception e) {
log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CA_FAILED_LISTENER", e.toString()));
}
-
+
}
/**
@@ -1567,7 +1571,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
// Initialize Revoke Request notification listener
-
+
String certificateRevokedListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.CertificateRevokedListener");
try {
@@ -1579,7 +1583,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// Initialize Request In Queue notification listener
IConfigStore rq = nc.getSubStore(PROP_REQ_IN_Q_SUBSTORE);
-
+
String requestInQListenerClassName = nc.getString("certificateIssuedListenerClassName", "com.netscape.cms.listeners.RequestInQListener");
try {
@@ -1606,14 +1610,14 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* initialize request queue components
*/
private void initRequestQueue()
- throws EBaseException {
+ throws EBaseException {
mPolicy = new CAPolicy();
((CAPolicy) mPolicy).init(this, mConfig.getSubStore(PROP_POLICY));
CMS.debug("CA policy inited");
mService = new CAService(this);
CMS.debug("CA service inited");
- mNotify = new ARequestNotifier (this);
+ mNotify = new ARequestNotifier(this);
CMS.debug("CA notifier inited");
mPNotify = new ARequestNotifier();
CMS.debug("CA pending notifier inited");
@@ -1622,22 +1626,22 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
try {
int reqdb_inc = mConfig.getInteger("reqdbInc", 5);
- mRequestQueue =
+ mRequestQueue =
RequestSubsystem.getInstance().getRequestQueue(
- getId(), reqdb_inc, mPolicy, mService, mNotify, mPNotify);
+ getId(), reqdb_inc, mPolicy, mService, mNotify, mPNotify);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CA_QUEUE_FAILED", e.toString()));
throw e;
}
// init request scheduler if configured
- String schedulerClass =
- mConfig.getString("requestSchedulerClass", null);
+ String schedulerClass =
+ mConfig.getString("requestSchedulerClass", null);
if (schedulerClass != null) {
- try {
+ try {
IRequestScheduler scheduler = (IRequestScheduler)
- Class.forName(schedulerClass).newInstance();
+ Class.forName(schedulerClass).newInstance();
mRequestQueue.setRequestScheduler(scheduler);
} catch (Exception e) {
@@ -1658,13 +1662,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
}
*/
-
+
/**
- * initialize CRL
+ * initialize CRL
*/
@SuppressWarnings("unchecked")
- private void initCRL()
- throws EBaseException {
+ private void initCRL()
+ throws EBaseException {
IConfigStore crlConfig = mConfig.getSubStore(PROP_CRL_SUBSTORE);
if ((crlConfig == null) || (crlConfig.size() <= 0)) {
@@ -1686,7 +1690,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
String issuePointId = (String) issuePointIdEnum.nextElement();
CMS.debug(
- "initializing crl issue point " + issuePointId);
+ "initializing crl issue point " + issuePointId);
IConfigStore issuePointConfig = null;
String issuePointClassName = null;
@SuppressWarnings("unchecked")
@@ -1700,21 +1704,21 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
issuePoint = issuePointClass.newInstance();
issuePoint.init(this, issuePointId, issuePointConfig);
mCRLIssuePoints.put(issuePointId, issuePoint);
- if (mMasterCRLIssuePoint == null &&
- issuePointId.equals(PROP_MASTER_CRL))
+ if (mMasterCRLIssuePoint == null &&
+ issuePointId.equals(PROP_MASTER_CRL))
mMasterCRLIssuePoint = issuePoint;
} catch (ClassNotFoundException e) {
throw new ECAException(
CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
- issuePointId, e.toString()));
+ issuePointId, e.toString()));
} catch (InstantiationException e) {
throw new ECAException(
CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
- issuePointId, e.toString()));
+ issuePointId, e.toString()));
} catch (IllegalAccessException e) {
throw new ECAException(
CMS.getUserMessage("CMS_CA_CRL_ISSUING_POINT_INIT_FAILED",
- issuePointId, e.toString()));
+ issuePointId, e.toString()));
}
}
@@ -1747,9 +1751,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return mSignTime;
}
- public long getOCSPTotalLookupTime()
- {
- return mLookupTime;
+ public long getOCSPTotalLookupTime() {
+ return mLookupTime;
}
public ResponderID getResponderIDByName() {
@@ -1790,7 +1793,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
* Process OCSPRequest.
*/
public OCSPResponse validate(OCSPRequest request)
- throws EBaseException {
+ throws EBaseException {
if (!mEnableOCSP) {
CMS.debug("Local ocsp service is disable.");
@@ -1798,7 +1801,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
mNumOCSPRequest++;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
long startTime = CMS.getCurrentDate().getTime();
try {
//log(ILogger.LL_INFO, "start OCSP request");
@@ -1808,13 +1811,13 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
// certificate's status
Vector<SingleResponse> singleResponses = new Vector<SingleResponse>();
if (statsSub != null) {
- statsSub.startTiming("lookup");
+ statsSub.startTiming("lookup");
}
long lookupStartTime = CMS.getCurrentDate().getTime();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
com.netscape.cmsutil.ocsp.Request req =
- tbsReq.getRequestAt(i);
+ tbsReq.getRequestAt(i);
CertID cid = req.getCertID();
SingleResponse sr = processRequest(cid);
@@ -1822,12 +1825,12 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
long lookupEndTime = CMS.getCurrentDate().getTime();
if (statsSub != null) {
- statsSub.endTiming("lookup");
+ statsSub.endTiming("lookup");
}
mLookupTime += lookupEndTime - lookupStartTime;
if (statsSub != null) {
- statsSub.startTiming("build_response");
+ statsSub.startTiming("build_response");
}
SingleResponse res[] = new SingleResponse[singleResponses.size()];
@@ -1836,16 +1839,16 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
ResponderID rid = null;
if (mByName) {
if (mResponderIDByName == null) {
- mResponderIDByName = getResponderIDByName();
+ mResponderIDByName = getResponderIDByName();
}
rid = mResponderIDByName;
} else {
if (mResponderIDByHash == null) {
- mResponderIDByHash = getResponderIDByHash();
+ mResponderIDByHash = getResponderIDByHash();
}
rid = mResponderIDByHash;
}
-
+
Extension nonce[] = null;
for (int j = 0; j < tbsReq.getExtensionsCount(); j++) {
@@ -1859,24 +1862,24 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
ResponseData rd = new ResponseData(rid,
new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
if (statsSub != null) {
- statsSub.endTiming("build_response");
+ statsSub.endTiming("build_response");
}
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long signStartTime = CMS.getCurrentDate().getTime();
BasicOCSPResponse basicRes = sign(rd);
long signEndTime = CMS.getCurrentDate().getTime();
mSignTime += signEndTime - signStartTime;
if (statsSub != null) {
- statsSub.endTiming("signing");
+ statsSub.endTiming("signing");
}
OCSPResponse response = new OCSPResponse(
OCSPResponseStatus.SUCCESSFUL,
new ResponseBytes(ResponseBytes.OCSP_BASIC,
- new OCTET_STRING(ASN1Util.encode(basicRes))));
+ new OCTET_STRING(ASN1Util.encode(basicRes))));
//log(ILogger.LL_INFO, "done OCSP request");
long endTime = CMS.getCurrentDate().getTime();
@@ -1893,11 +1896,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
- String algname = mOCSPSigningUnit.getDefaultAlgorithm();
+ String algname = mOCSPSigningUnit.getDefaultAlgorithm();
byte rd_data[] = ASN1Util.encode(rd);
if (rd_data != null) {
- mTotalData += rd_data.length;
+ mTotalData += rd_data.length;
}
rd.encode(tmp);
AlgorithmId.get(algname).encode(tmp);
@@ -1911,14 +1914,14 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
DerOutputStream tmp1 = new DerOutputStream();
DerOutputStream outChain = new DerOutputStream();
java.security.cert.X509Certificate chains[] =
- mOCSPCertChain.getChain();
+ mOCSPCertChain.getChain();
for (int i = 0; i < chains.length; i++) {
tmpChain.putDerValue(new DerValue(chains[i].getEncoded()));
}
tmp1.write(DerValue.tag_Sequence, tmpChain);
tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0),
- tmp1);
+ tmp1);
out.write(DerValue.tag_Sequence, tmp);
@@ -1959,7 +1962,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
} catch (EBaseException e) {
}
CRLIssuingPoint point = (CRLIssuingPoint)
- getCRLIssuingPoint(issuingPointId);
+ getCRLIssuingPoint(issuingPointId);
if (point.isCRLCacheEnabled()) {
// only do this if cache is enabled
@@ -1987,7 +1990,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
}
}
- try {
+ try {
ICertRecord rec = mCertRepot.readCertificateRecord(serialNo);
String status = rec.getStatus();
@@ -2015,4 +2018,3 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
}
}
-
diff --git a/pki/base/ca/src/com/netscape/ca/SigningUnit.java b/pki/base/ca/src/com/netscape/ca/SigningUnit.java
index 6b0dfc64..85e3621d 100644
--- a/pki/base/ca/src/com/netscape/ca/SigningUnit.java
+++ b/pki/base/ca/src/com/netscape/ca/SigningUnit.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.ca;
-
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
@@ -50,10 +49,9 @@ import com.netscape.certsrv.security.ISigningUnit;
import com.netscape.cmscore.security.JssSubsystem;
import com.netscape.cmsutil.util.Cert;
-
/**
* CA signing unit based on JSS.
- *
+ *
* $Revision$ $Date$
*/
@@ -81,8 +79,8 @@ public final class SigningUnit implements ISigningUnit {
private ISubsystem mOwner = null;
- private String mDefSigningAlgname = null;
- private SignatureAlgorithm mDefSigningAlgorithm = null;
+ private String mDefSigningAlgname = null;
+ private SignatureAlgorithm mDefSigningAlgorithm = null;
public SigningUnit() {
}
@@ -114,7 +112,7 @@ public final class SigningUnit implements ISigningUnit {
public PrivateKey getPrivateKey() {
return mPrivk;
}
-
+
public void updateConfig(String nickname, String tokenname) {
mConfig.putString(PROP_CERT_NICKNAME, nickname);
mConfig.putString(PROP_TOKEN_NAME, tokenname);
@@ -133,8 +131,8 @@ public final class SigningUnit implements ISigningUnit {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
- mOwner = owner;
+ throws EBaseException {
+ mOwner = owner;
mConfig = config;
String tokenname = null;
@@ -145,23 +143,23 @@ public final class SigningUnit implements ISigningUnit {
tokenname = config.getString(PROP_TOKEN_NAME);
if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
- tokenname.equalsIgnoreCase("Internal Key Storage Token")) {
+ tokenname.equalsIgnoreCase("Internal Key Storage Token")) {
mToken = mManager.getInternalKeyStorageToken();
- setNewNickName(mNickname);
+ setNewNickName(mNickname);
} else {
mToken = mManager.getTokenByName(tokenname);
- mNickname = tokenname + ":" + mNickname;
- setNewNickName(mNickname);
- }
+ mNickname = tokenname + ":" + mNickname;
+ setNewNickName(mNickname);
+ }
CMS.debug(config.getName() + " Signing Unit nickname " + mNickname);
CMS.debug("Got token " + tokenname + " by name");
- PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
+ PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
mToken.login(cb); // ONE_TIME by default.
mCert = mManager.findCertByNickname(mNickname);
- CMS.debug("Found cert by nickname: '"+mNickname+"' with serial number: "+mCert.getSerialNumber());
+ CMS.debug("Found cert by nickname: '" + mNickname + "' with serial number: " + mCert.getSerialNumber());
mCertImpl = new X509CertImpl(mCert.getEncoded());
CMS.debug("converted to x509CertImpl");
@@ -174,38 +172,38 @@ public final class SigningUnit implements ISigningUnit {
// get def alg and check if def sign alg is valid for token.
mDefSigningAlgname = config.getString(PROP_DEFAULT_SIGNALG);
- mDefSigningAlgorithm =
+ mDefSigningAlgorithm =
checkSigningAlgorithmFromName(mDefSigningAlgname);
CMS.debug(
- "got signing algorithm " + mDefSigningAlgorithm);
+ "got signing algorithm " + mDefSigningAlgorithm);
mInited = true;
} catch (java.security.cert.CertificateException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
+ CMS.debug("SigningUnit init: debug " + e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CA_CERT", e.getMessage()));
throw new ECAException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (CryptoManager.NotInitializedException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
+ CMS.debug("SigningUnit init: debug " + e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_INIT", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_CRYPTO_NOT_INITIALIZED"));
} catch (IncorrectPasswordException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
+ CMS.debug("SigningUnit init: debug " + e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_WRONG_PWD", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_INVALID_PASSWORD"));
} catch (NoSuchTokenException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
+ CMS.debug("SigningUnit init: debug " + e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_TOKEN_NOT_FOUND", tokenname, e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_NOT_FOUND", tokenname));
} catch (ObjectNotFoundException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
+ CMS.debug("SigningUnit init: debug " + e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_CERT_NOT_FOUND", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_OBJECT_NOT_FOUND"));
} catch (TokenException e) {
- CMS.debug("SigningUnit init: debug "+ e.toString());
+ CMS.debug("SigningUnit init: debug " + e.toString());
log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
throw new ECAException(CMS.getUserMessage("CMS_CA_TOKEN_ERROR"));
- } catch (Exception e){
- CMS.debug("SigningUnit init: debug "+ e.toString());
- }
+ } catch (Exception e) {
+ CMS.debug("SigningUnit init: debug " + e.toString());
+ }
}
/**
@@ -218,7 +216,7 @@ public final class SigningUnit implements ISigningUnit {
* @exception EBaseException if signing algorithm is not supported.
*/
public SignatureAlgorithm checkSigningAlgorithmFromName(String algname)
- throws EBaseException {
+ throws EBaseException {
try {
SignatureAlgorithm sigalg = null;
@@ -252,7 +250,7 @@ public final class SigningUnit implements ISigningUnit {
* @param algname is expected to be one of JCA's algorithm names.
*/
public byte[] sign(byte[] data, String algname)
- throws EBaseException {
+ throws EBaseException {
if (!mInited) {
throw new EBaseException("CASigningUnit not initialized!");
}
@@ -264,11 +262,11 @@ public final class SigningUnit implements ISigningUnit {
if (algname != null) {
signAlg = checkSigningAlgorithmFromName(algname);
}
-
+
// XXX use a pool of signers based on alg ?
// XXX Map algor. name to id. hack: use hardcoded define for now.
CMS.debug(
- "Getting algorithm context for " + algname + " " + signAlg);
+ "Getting algorithm context for " + algname + " " + signAlg);
Signature signer = mToken.getSignatureContext(signAlg);
signer.initSign(mPrivk);
@@ -294,9 +292,9 @@ public final class SigningUnit implements ISigningUnit {
throw new EBaseException(e.toString());
}
}
-
+
public boolean verify(byte[] data, byte[] signature, String algname)
- throws EBaseException {
+ throws EBaseException {
if (!mInited) {
throw new EBaseException("CASigningUnit not initialized!");
}
@@ -337,8 +335,8 @@ public final class SigningUnit implements ISigningUnit {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA,
- level, "CASigningUnit: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA,
+ level, "CASigningUnit: " + msg);
}
/**
@@ -356,15 +354,15 @@ public final class SigningUnit implements ISigningUnit {
}
public void setDefaultAlgorithm(String algorithm) throws EBaseException {
- mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm);
+ mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm);
mDefSigningAlgname = algorithm;
- log(ILogger.LL_INFO,
- "Default signing algorithm is set to " + algorithm);
+ log(ILogger.LL_INFO,
+ "Default signing algorithm is set to " + algorithm);
}
/**
* get all possible algorithms for the CA signing key type.
- */
+ */
public String[] getAllAlgorithms() throws EBaseException {
byte[] keybytes = mPubk.getEncoded();
X509Key key = new X509Key();
@@ -389,4 +387,3 @@ public final class SigningUnit implements ISigningUnit {
return Cert.mapAlgorithmToJss(algname);
}
}
-
generated by cgit (git 2.34.1) at 2024-06-10 17:39:16 +0000