[Pki-devel] [Patch] CA removal
Andrew Wnuk
awnuk at redhat.com
Tue Jul 17 22:07:45 UTC 2012
This patch provides fix to OCSP agent inability of removing a CA from
the List of Certificate Authorities in some circumstances.
Bug: 837124.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120717/cddcf312/attachment.htm>
-------------- next part --------------
Index: pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
===================================================================
--- pki/base/common/src/com/netscape/cms/ocsp/DefStore.java (revision 2439)
+++ pki/base/common/src/com/netscape/cms/ocsp/DefStore.java (working copy)
@@ -212,6 +212,14 @@
}
public void deleteOldCRLsInCA(String caName) throws EBaseException {
+ deleteCRLsInCA (caName, true);
+ }
+
+ public void deleteAllCRLsInCA(String caName) throws EBaseException {
+ deleteCRLsInCA (caName, false);
+ }
+
+ public void deleteCRLsInCA(String caName, boolean oldCRLs) throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
@@ -224,10 +232,8 @@
return; // nothing to do
String thisUpdate = Long.toString(
cp.getThisUpdate().getTime());
- Enumeration e = searchRepository(
- caName,
- "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" +
- thisUpdate + ")");
+ String filter = (oldCRLs)? "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" + thisUpdate + ")": "ou=*";
+ Enumeration e = searchRepository( caName, filter);
while (e != null && e.hasMoreElements()) {
IRepositoryRecord r = (IRepositoryRecord)
@@ -629,7 +635,10 @@
s = mDBService.createSession();
String name = "cn=" + transformDN(id) + "," + getBaseDN();
CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name);
- if (s != null) s.delete(name);
+ if (s != null) {
+ deleteAllCRLsInCA(id);
+ s.delete(name);
+ }
} finally {
if (s != null) s.close();
}
More information about the Pki-devel
mailing list