summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java285
1 files changed, 153 insertions, 132 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
index 396f333b..83e2d395 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -59,10 +58,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Force the CRL to be updated now.
- *
+ *
* @version $Revision$, $Date$
*/
public class UpdateCRL extends CMSServlet {
@@ -87,40 +85,41 @@ public class UpdateCRL extends CMSServlet {
}
/**
- * Initializes the servlet. This servlet uses updateCRL.template
- * to render the result
+ * Initializes the servlet. This servlet uses updateCRL.template to render
+ * the result
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority)
mCA = (ICertificateAuthority) mAuthority;
-
- // override success to do output orw own template.
+
+ // override success to do output orw own template.
mTemplates.remove(CMSRequest.SUCCESS);
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param signatureAlgorithm the algorithm to use to sign the CRL
- * <li>http.param waitForUpdate true/false - should the servlet wait until
- * the CRL update is complete?
+ * <li>http.param waitForUpdate true/false - should the servlet wait until
+ * the CRL update is complete?
* <li>http.param clearCRLCache true/false - should the CRL cache cleared
- * before the CRL is generated?
+ * before the CRL is generated?
* <li>http.param crlIssuingPoint the CRL Issuing Point to Update
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("crl", true /* main action */);
+ statsSub.startTiming("crl", true /* main action */);
}
long startTime = CMS.getCurrentDate().getTime();
@@ -128,20 +127,20 @@ public class UpdateCRL extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "update");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "update");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
return;
}
@@ -158,21 +157,20 @@ public class UpdateCRL extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
- String signatureAlgorithm =
- req.getParameter("signatureAlgorithm");
+ String signatureAlgorithm = req.getParameter("signatureAlgorithm");
- process(argSet, header, req, resp,
- signatureAlgorithm, locale[0]);
+ process(argSet, header, req, resp, signatureAlgorithm, locale[0]);
} catch (EBaseException e) {
error = e;
}
@@ -183,42 +181,43 @@ public class UpdateCRL extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
}
- private CRLExtensions crlEntryExtensions (String reason, String invalidity) {
+ private CRLExtensions crlEntryExtensions(String reason, String invalidity) {
CRLExtensions entryExts = new CRLExtensions();
CRLReasonExtension crlReasonExtn = null;
if (reason != null && reason.length() > 0) {
try {
- RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason));
- if (revReason == null) revReason = RevocationReason.UNSPECIFIED;
+ RevocationReason revReason = RevocationReason.fromInt(Integer
+ .parseInt(reason));
+ if (revReason == null)
+ revReason = RevocationReason.UNSPECIFIED;
crlReasonExtn = new CRLReasonExtension(revReason);
} catch (Exception e) {
- CMS.debug("Invalid revocation reason: "+reason);
+ CMS.debug("Invalid revocation reason: " + reason);
}
}
@@ -228,15 +227,16 @@ public class UpdateCRL extends CMSServlet {
Date invalidityDate = null;
try {
long backInTime = Long.parseLong(invalidity);
- invalidityDate = new Date(now-(backInTime*60000));
+ invalidityDate = new Date(now - (backInTime * 60000));
} catch (Exception e) {
- CMS.debug("Invalid invalidity time offset: "+invalidity);
+ CMS.debug("Invalid invalidity time offset: " + invalidity);
}
if (invalidityDate != null) {
try {
- invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
+ invalidityDateExtn = new InvalidityDateExtension(
+ invalidityDate);
} catch (Exception e) {
- CMS.debug("Error creating invalidity extension: "+e);
+ CMS.debug("Error creating invalidity extension: " + e);
}
}
}
@@ -245,7 +245,8 @@ public class UpdateCRL extends CMSServlet {
try {
entryExts.set(crlReasonExtn.getName(), crlReasonExtn);
} catch (Exception e) {
- CMS.debug("Error adding revocation reason extension to entry extensions: "+e);
+ CMS.debug("Error adding revocation reason extension to entry extensions: "
+ + e);
}
}
@@ -253,14 +254,16 @@ public class UpdateCRL extends CMSServlet {
try {
entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn);
} catch (Exception e) {
- CMS.debug("Error adding invalidity date extension to entry extensions: "+e);
+ CMS.debug("Error adding invalidity date extension to entry extensions: "
+ + e);
}
}
return entryExts;
}
- private void addInfo(CMSTemplateParams argSet, ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) {
+ private void addInfo(CMSTemplateParams argSet,
+ ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) {
IArgBlock rarg = CMS.createArgBlock();
rarg.addLongValue("cacheUpdate", cacheUpdate);
@@ -292,18 +295,12 @@ public class UpdateCRL extends CMSServlet {
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String signatureAlgorithm,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req, HttpServletResponse resp,
+ String signatureAlgorithm, Locale locale) throws EBaseException {
long startTime = CMS.getCurrentDate().getTime();
- String waitForUpdate =
- req.getParameter("waitForUpdate");
- String clearCache =
- req.getParameter("clearCRLCache");
- String crlIssuingPointId =
- req.getParameter("crlIssuingPoint");
+ String waitForUpdate = req.getParameter("waitForUpdate");
+ String clearCache = req.getParameter("clearCRLCache");
+ String crlIssuingPointId = req.getParameter("crlIssuingPoint");
String test = req.getParameter("test");
String add = req.getParameter("add");
String from = req.getParameter("from");
@@ -321,40 +318,41 @@ public class UpdateCRL extends CMSServlet {
if (crlIssuingPointId.equals(ip.getId())) {
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
if (crlIssuingPointId == null) {
crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL;
}
- ICRLIssuingPoint crlIssuingPoint =
- mCA.getCRLIssuingPoint(crlIssuingPointId);
+ ICRLIssuingPoint crlIssuingPoint = mCA
+ .getCRLIssuingPoint(crlIssuingPointId);
header.addStringValue("crlIssuingPoint", crlIssuingPointId);
IPublisherProcessor lpm = mCA.getPublisherProcessor();
if (crlIssuingPoint != null) {
- if (clearCache != null && clearCache.equals("true") &&
- crlIssuingPoint.isCRLGenerationEnabled() &&
- crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
- crlIssuingPoint.isCRLIssuingPointInitialized()
- == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (clearCache != null
+ && clearCache.equals("true")
+ && crlIssuingPoint.isCRLGenerationEnabled()
+ && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE
+ && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
crlIssuingPoint.clearCRLCache();
}
- if (waitForUpdate != null && waitForUpdate.equals("true") &&
- crlIssuingPoint.isCRLGenerationEnabled() &&
- crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
- crlIssuingPoint.isCRLIssuingPointInitialized()
- == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
- if (test != null && test.equals("true") &&
- crlIssuingPoint.isCRLCacheTestingEnabled() &&
- (!mTesting.contains(crlIssuingPointId))) {
+ if (waitForUpdate != null
+ && waitForUpdate.equals("true")
+ && crlIssuingPoint.isCRLGenerationEnabled()
+ && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE
+ && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (test != null && test.equals("true")
+ && crlIssuingPoint.isCRLCacheTestingEnabled()
+ && (!mTesting.contains(crlIssuingPointId))) {
CMS.debug("CRL test started.");
mTesting.add(crlIssuingPointId);
BigInteger addLen = null;
BigInteger startFrom = null;
- if (add != null && add.length() > 0 &&
- from != null && from.length() > 0) {
+ if (add != null && add.length() > 0 && from != null
+ && from.length() > 0) {
try {
addLen = new BigInteger(add);
startFrom = new BigInteger(from);
@@ -365,7 +363,8 @@ public class UpdateCRL extends CMSServlet {
Date revocationDate = CMS.getCurrentDate();
String err = null;
- CRLExtensions entryExts = crlEntryExtensions (reason, invalidity);
+ CRLExtensions entryExts = crlEntryExtensions(reason,
+ invalidity);
BigInteger serialNumber = startFrom;
BigInteger counter = addLen;
@@ -379,22 +378,25 @@ public class UpdateCRL extends CMSServlet {
long t1 = System.currentTimeMillis();
long t2 = 0;
-
+
while (counter.compareTo(BigInteger.ZERO) > 0) {
- RevokedCertImpl revokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExts);
- crlIssuingPoint.addRevokedCert(serialNumber, revokedCert);
+ RevokedCertImpl revokedCert = new RevokedCertImpl(
+ serialNumber, revocationDate, entryExts);
+ crlIssuingPoint.addRevokedCert(serialNumber,
+ revokedCert);
serialNumber = serialNumber.add(BigInteger.ONE);
counter = counter.subtract(BigInteger.ONE);
- if ((counter.compareTo(BigInteger.ZERO) == 0) ||
- (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
+ if ((counter.compareTo(BigInteger.ZERO) == 0)
+ || (stepBy != null && ((counter.mod(stepBy))
+ .compareTo(BigInteger.ZERO) == 0))) {
t2 = System.currentTimeMillis();
long t0 = t2 - t1;
t1 = t2;
try {
if (signatureAlgorithm != null) {
- crlIssuingPoint.updateCRLNow(signatureAlgorithm);
+ crlIssuingPoint
+ .updateCRLNow(signatureAlgorithm);
} else {
crlIssuingPoint.updateCRLNow();
}
@@ -420,12 +422,12 @@ public class UpdateCRL extends CMSServlet {
mTesting.remove(crlIssuingPointId);
CMS.debug("CRL test finished.");
- } else if (test != null && test.equals("true") &&
- crlIssuingPoint.isCRLCacheTestingEnabled() &&
- mTesting.contains(crlIssuingPointId)) {
+ } else if (test != null && test.equals("true")
+ && crlIssuingPoint.isCRLCacheTestingEnabled()
+ && mTesting.contains(crlIssuingPointId)) {
header.addStringValue("crlUpdate", "testingInProgress");
- } else if (test != null && test.equals("true") &&
- (!crlIssuingPoint.isCRLCacheTestingEnabled())) {
+ } else if (test != null && test.equals("true")
+ && (!crlIssuingPoint.isCRLCacheTestingEnabled())) {
header.addStringValue("crlUpdate", "testingNotEnabled");
} else {
try {
@@ -435,7 +437,8 @@ public class UpdateCRL extends CMSServlet {
long now1 = System.currentTimeMillis();
if (signatureAlgorithm != null) {
- crlIssuingPoint.updateCRLNow(signatureAlgorithm);
+ crlIssuingPoint
+ .updateCRLNow(signatureAlgorithm);
} else {
crlIssuingPoint.updateCRLNow();
}
@@ -448,60 +451,80 @@ public class UpdateCRL extends CMSServlet {
}
if (lpm != null && lpm.enabled()) {
- Enumeration rules = lpm.getRules(IPublisherProcessor.PROP_LOCAL_CRL);
+ Enumeration rules = lpm
+ .getRules(IPublisherProcessor.PROP_LOCAL_CRL);
if (rules != null && rules.hasMoreElements()) {
if (publishError != null) {
- header.addStringValue("crlPublished", "Failure");
- header.addStringValue("error", publishError.toString(locale));
+ header.addStringValue("crlPublished",
+ "Failure");
+ header.addStringValue("error",
+ publishError.toString(locale));
} else {
- header.addStringValue("crlPublished", "Success");
+ header.addStringValue("crlPublished",
+ "Success");
}
}
}
// for audit log
SessionContext sContext = SessionContext.getContext();
- String agentId = (String) sContext.get(SessionContext.USER_ID);
- IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN);
+ String agentId = (String) sContext
+ .get(SessionContext.USER_ID);
+ IAuthToken authToken = (IAuthToken) sContext
+ .get(SessionContext.AUTH_TOKEN);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
long endTime = CMS.getCurrentDate().getTime();
if (crlIssuingPoint.getNextUpdate() != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.CRLUPDATEFORMAT,
- new Object[] {
- AuditFormat.FROMAGENT + " agentID: " + agentId,
- authMgr,
- "completed",
- crlIssuingPoint.getId(),
- crlIssuingPoint.getCRLNumber(),
- crlIssuingPoint.getLastUpdate(),
- crlIssuingPoint.getNextUpdate(),
- Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
- );
- }else {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.CRLUPDATEFORMAT,
- new Object[] {
- AuditFormat.FROMAGENT + " agentID: " + agentId,
- authMgr,
- "completed",
- crlIssuingPoint.getId(),
- crlIssuingPoint.getCRLNumber(),
- crlIssuingPoint.getLastUpdate(),
- "not set",
- Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.CRLUPDATEFORMAT,
+ new Object[] {
+ AuditFormat.FROMAGENT
+ + " agentID: " + agentId,
+ authMgr,
+ "completed",
+ crlIssuingPoint.getId(),
+ crlIssuingPoint.getCRLNumber(),
+ crlIssuingPoint.getLastUpdate(),
+ crlIssuingPoint.getNextUpdate(),
+ Long.toString(crlIssuingPoint
+ .getCRLSize())
+ + " time: "
+ + (endTime - startTime) });
+ } else {
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.CRLUPDATEFORMAT,
+ new Object[] {
+ AuditFormat.FROMAGENT
+ + " agentID: " + agentId,
+ authMgr,
+ "completed",
+ crlIssuingPoint.getId(),
+ crlIssuingPoint.getCRLNumber(),
+ crlIssuingPoint.getLastUpdate(),
+ "not set",
+ Long.toString(crlIssuingPoint
+ .getCRLSize())
+ + " time: "
+ + (endTime - startTime) });
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString()));
- if ((lpm != null) && lpm.enabled() && (e instanceof ELdapException)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL",
+ e.toString()));
+ if ((lpm != null) && lpm.enabled()
+ && (e instanceof ELdapException)) {
header.addStringValue("crlPublished", "Failure");
header.addStringValue("error", e.toString(locale));
} else {
@@ -510,12 +533,10 @@ public class UpdateCRL extends CMSServlet {
}
}
} else {
- if (crlIssuingPoint.isCRLIssuingPointInitialized()
- != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
header.addStringValue("crlUpdate", "notInitialized");
- } else if (crlIssuingPoint.isCRLUpdateInProgress()
- != ICRLIssuingPoint.CRL_UPDATE_DONE ||
- crlIssuingPoint.isManualUpdateSet()) {
+ } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE
+ || crlIssuingPoint.isManualUpdateSet()) {
header.addStringValue("crlUpdate", "inProgress");
} else if (!crlIssuingPoint.isCRLGenerationEnabled()) {
header.addStringValue("crlUpdate", "Disabled");
generated by cgit (git 2.34.1) at 2024-05-05 13:41:34 +0000