diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java | 592 |
1 files changed, 303 insertions, 289 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index ce074a05..d29f795b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -89,20 +87,17 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -110,10 +105,12 @@ public class DoRevokeTPS extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -131,16 +128,20 @@ public class DoRevokeTPS extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -171,11 +172,15 @@ public class DoRevokeTPS extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); - throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.debug("DoRevokeTPS getTemplate failed"); + throw new EBaseException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } CMS.debug("DoRevokeTPS after getTemplate"); @@ -185,16 +190,14 @@ public class DoRevokeTPS extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter( - "revocationReason")); + reason = Integer.parseInt(req.getParameter("revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req.getParameter( - "totalRecordCount")); + totalRecordCount = Integer.parseInt(req + .getParameter("totalRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter( - "invalidityDate")); + long l = Long.parseLong(req.getParameter("invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -203,7 +206,7 @@ public class DoRevokeTPS extends CMSServlet { revokeAll = req.getParameter("revokeAll"); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -212,27 +215,31 @@ public class DoRevokeTPS extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + - " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { CMS.debug("DoRevokeTPS: Missing authentication manager"); @@ -241,13 +248,15 @@ public class DoRevokeTPS extends CMSServlet { } if (authorized) { - process(argSet, header, reason, invalidityDate, initiative, req, - resp, revokeAll, totalRecordCount, comments, locale[0]); + process(argSet, header, reason, invalidityDate, initiative, + req, resp, revokeAll, totalRecordCount, comments, + locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException( + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -260,10 +269,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -271,59 +280,57 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, String initiative, + HttpServletRequest req, HttpServletResponse resp, String revokeAll, + int totalRecordCount, String comments, Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -333,21 +340,20 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); if (tokens.length == 2) { serial = tokens[1]; - //remove the trailing paren + // remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0,serial.length() -1); + serial = serial.substring(0, serial.length() - 1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -393,30 +399,36 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially - if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); + if (xcert != null + && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + + xcert.getSerialNumber()); badCertsRequested = true; continue; } if (xcert != null) { - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", xcert.getSerialNumber() + .toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); + CMS.debug("Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " has been revoked."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + xcert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); + CMS.debug("Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " is going to be revoked."); count++; } } else { @@ -424,40 +436,37 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. - if (alreadyRevokedCertFound == true && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); - - audit(auditMessage); - return; + if (alreadyRevokedCertFound == true + && badCertsRequested == false) { + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); + + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } X509CertImpl[] oldCerts = new X509CertImpl[count]; @@ -468,33 +477,30 @@ public class DoRevokeTPS extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) { - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); + if (initiative.equals(AuditFormat.FROMUSER)) { + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_EE); } else { - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_AGENT); } revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, - Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -512,38 +518,44 @@ public class DoRevokeTPS extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = revReq + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber() + .toString( + 16), + RevocationReason + .fromInt( + reason) + .toString() }); } } } @@ -554,26 +566,24 @@ public class DoRevokeTPS extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus + .equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -584,93 +594,103 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason) + .toString() + + " time: " + + (endTime - startTime) }); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { o_status = "status=3"; - if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { + if (revReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { errorString = "error=Update CRL Error."; // 3 means miscellaneous } } // let known crl publishing status too. - Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; } } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (!updateResult.equals(IRequest.RES_SUCCESS)) { - String updateErrorStr = crl.getCrlUpdateErrorStr(); + String updateErrorStr = crl + .getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); - String error = - revReq.getExtDataInString(updateErrorStr); + CMS.debug("DoRevoke: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); + String error = revReq + .getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error="+error; + if (error != null) { + errorString = "error=" + error; } } - String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl + .getCrlPublishStatusStr(); + Integer publishResult = revReq + .getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); - String error = - revReq.getExtDataInString(publishErrorStr); + String error = revReq + .getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -681,10 +701,11 @@ public class DoRevokeTPS extends CMSServlet { } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = revReq + .getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -697,27 +718,30 @@ public class DoRevokeTPS extends CMSServlet { } } - // add crl publishing status. - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; o_status = "status=3"; } - } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { + } else if (mPublisherProcessor == null + && mPublisherProcessor.ldapEnabled()) { errorString = "error=LDAP publishing not enabled."; o_status = "status=3"; } } else { - if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING + || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error="+stat.toString(); + errorString = "error=" + stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; } - Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq + .getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); @@ -742,17 +766,19 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason) + .toString() }); } } } @@ -762,18 +788,17 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -784,12 +809,9 @@ public class DoRevokeTPS extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -797,21 +819,18 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -819,19 +838,17 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", + e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -839,27 +856,25 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -867,11 +882,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -897,11 +912,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -919,8 +934,8 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + + Integer.toHexString(Integer.valueOf(serialNumber) + .intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -930,11 +945,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -956,4 +971,3 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } - |