[Pki-devel] [PATCH] 537 Added rangeUnit property to certificate profiles.
Fraser Tweedale
ftweedal at redhat.com
Mon Dec 15 05:02:48 UTC 2014
On Thu, Dec 11, 2014 at 06:43:35AM +0700, Endi Sukma Dewata wrote:
> A new optional property has been added to certificate profiles to
> specify the range unit. The default range unit is 'day'. The code
> has been modified to use the Calendar API to calculate the end of
> validity range based on the range unit.
>
> https://fedorahosted.org/pki/ticket/1226
>
Ack.
> --
> Endi S. Dewata
> From 899b820eee7b581710131276eab55ed927ee6da4 Mon Sep 17 00:00:00 2001
> From: "Endi S. Dewata" <edewata at redhat.com>
> Date: Tue, 2 Dec 2014 17:25:55 -0500
> Subject: [PATCH] Added rangeUnit property to certificate profiles.
>
> A new optional property has been added to certificate profiles to
> specify the range unit. The default range unit is 'day'. The code
> has been modified to use the Calendar API to calculate the end of
> validity range based on the range unit.
>
> https://fedorahosted.org/pki/ticket/1226
> ---
> .../org/dogtagpki/server/ca/rest/CertService.java | 5 +-
> .../cms/profile/constraint/EnrollConstraint.java | 34 +++++++---
> .../cms/profile/constraint/ValidityConstraint.java | 72 +++++++++++++++++----
> .../netscape/cms/profile/def/EnrollDefault.java | 33 ++++++++--
> .../netscape/cms/profile/def/ValidityDefault.java | 73 +++++++++++++++++++---
> .../cms/servlet/admin/CMSAdminServlet.java | 6 +-
> base/server/cmsbundle/src/UserMessages.properties | 6 +-
> .../src/com/netscape/cmscore/apps/CMSEngine.java | 1 +
> .../src/com/netscape/cmscore/cert/CertUtils.java | 10 ++-
> .../src/com/netscape/cmscore/dbs/DBRegistry.java | 2 +-
> .../src/com/netscape/cmscore/dbs/DBSubsystem.java | 15 +++--
> .../src/com/netscape/cmscore/dbs/LDAPDatabase.java | 3 +
> .../src/com/netscape/cmscore/dbs/Repository.java | 10 +--
> 13 files changed, 214 insertions(+), 56 deletions(-)
>
> diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
> index 6b5ea2ca4ac4b03f255f92dc825c34dabcdcde6b..ee974d446b689b089221bbaf2c7b6a5780c2f6bb 100644
> --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
> +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
> @@ -487,8 +487,9 @@ public class CertService extends PKIService implements CertResource {
> infos.addLink(new Link("next", uri));
> }
>
> - } catch (Exception e1) {
> - throw new PKIException("Error searching certs in CertService.searchCerts!", e1);
> + } catch (Exception e) {
> + CMS.debug(e);
> + throw new PKIException("Unable to search certificates: " + e, e);
> }
>
> return createOKResponse(infos);
> diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
> index eb3eb14f67a6dff5bcd8b048eba316daf6223cb4..96b29d669992f36b4b849eac68b2af8695c46ce8 100644
> --- a/base/server/cms/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
> +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
> @@ -88,18 +88,36 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
> }
>
> public String getConfig(String name) {
> + return getConfig(name, "");
> + }
> +
> + /**
> + * Get constraint parameter in profile configuration.
> + *
> + * @param name parameter name
> + * @param defval default value if parameter does not exist
> + * @return parameter value if exists, defval if does not exist, or null if error occured
> + */
> + public String getConfig(String name, String defval) {
> +
> + if (mConfig == null) {
> + CMS.debug("Error: Missing profile configuration");
> + return null;
> + }
> +
> + IConfigStore params = mConfig.getSubStore("params");
> + if (params == null) {
> + CMS.debug("Error: Missing constraint parameters");
> + return null;
> + }
> +
> try {
> - if (mConfig == null)
> - return null;
> - if (mConfig.getSubStore("params") != null) {
> - String val = mConfig.getSubStore("params").getString(name);
> + return params.getString(name, defval);
>
> - return val;
> - }
> } catch (EBaseException e) {
> - CMS.debug(e.toString());
> + CMS.debug(e);
> + return null;
> }
> - return "";
> }
>
> public void init(IProfile profile, IConfigStore config)
> diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
> index accbd9d2dfb0ddb5c52c001a8e4563baef290dea..eaf0b3bbfd7d1584263ef53a12faac37ff62b3c5 100644
> --- a/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
> +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
> @@ -18,6 +18,7 @@
> package com.netscape.cms.profile.constraint;
>
> import java.io.IOException;
> +import java.util.Calendar;
> import java.util.Date;
> import java.util.Locale;
>
> @@ -50,6 +51,7 @@ import com.netscape.cms.profile.def.ValidityDefault;
> public class ValidityConstraint extends EnrollConstraint {
>
> public static final String CONFIG_RANGE = "range";
> + public static final String CONFIG_RANGE_UNIT = "rangeUnit";
> public static final String CONFIG_NOT_BEFORE_GRACE_PERIOD = "notBeforeGracePeriod";
> public static final String CONFIG_CHECK_NOT_BEFORE = "notBeforeCheck";
> public static final String CONFIG_CHECK_NOT_AFTER = "notAfterCheck";
> @@ -58,6 +60,7 @@ public class ValidityConstraint extends EnrollConstraint {
> public ValidityConstraint() {
> super();
> addConfigName(CONFIG_RANGE);
> + addConfigName(CONFIG_RANGE_UNIT);
> addConfigName(CONFIG_NOT_BEFORE_GRACE_PERIOD);
> addConfigName(CONFIG_CHECK_NOT_BEFORE);
> addConfigName(CONFIG_CHECK_NOT_AFTER);
> @@ -86,6 +89,9 @@ public class ValidityConstraint extends EnrollConstraint {
> if (name.equals(CONFIG_RANGE)) {
> return new Descriptor(IDescriptor.INTEGER, null, "365",
> CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
> + } else if (name.equals(CONFIG_RANGE_UNIT)) {
> + return new Descriptor(IDescriptor.STRING, null, "day",
> + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE_UNIT"));
> } else if (name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
> return new Descriptor(IDescriptor.INTEGER, null, "0",
> CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD"));
> @@ -99,33 +105,57 @@ public class ValidityConstraint extends EnrollConstraint {
> return null;
> }
>
> + public int convertRangeUnit(String unit) throws Exception {
> +
> + if (unit.equals("year")) {
> + return Calendar.YEAR;
> +
> + } else if (unit.equals("month")) {
> + return Calendar.MONTH;
> +
> + } else if (unit.equals("day")) {
> + return Calendar.DAY_OF_YEAR;
> +
> + } else if (unit.equals("hour")) {
> + return Calendar.HOUR_OF_DAY;
> +
> + } else if (unit.equals("minute")) {
> + return Calendar.MINUTE;
> +
> + } else {
> + throw new Exception("Invalid range unit: " + unit);
> + }
> + }
> +
> /**
> * Validates the request. The request is not modified
> * during the validation.
> */
> public void validate(IRequest request, X509CertInfo info)
> throws ERejectException {
> - CertificateValidity v = null;
>
> + CertificateValidity v;
> try {
> v = (CertificateValidity) info.get(X509CertInfo.VALIDITY);
> } catch (Exception e) {
> throw new ERejectException(CMS.getUserMessage(getLocale(request),
> "CMS_PROFILE_VALIDITY_NOT_FOUND"));
> }
> - Date notBefore = null;
>
> + Date notBefore;
> try {
> notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE);
> + CMS.debug("ValidityConstraint: not before: " + notBefore);
> } catch (IOException e) {
> CMS.debug("ValidityConstraint: not before not found");
> throw new ERejectException(CMS.getUserMessage(getLocale(request),
> "CMS_PROFILE_VALIDITY_NOT_FOUND"));
> }
> - Date notAfter = null;
>
> + Date notAfter;
> try {
> notAfter = (Date) v.get(CertificateValidity.NOT_AFTER);
> + CMS.debug("ValidityConstraint: not after: " + notAfter);
> } catch (IOException e) {
> CMS.debug("ValidityConstraint: not after not found");
> throw new ERejectException(CMS.getUserMessage(getLocale(request),
> @@ -138,18 +168,34 @@ public class ValidityConstraint extends EnrollConstraint {
> "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE"));
> }
>
> - long millisDiff = notAfter.getTime() - notBefore.getTime();
> - CMS.debug("ValidityConstraint: millisDiff="
> - + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime());
> - long long_days = (millisDiff / 1000) / 86400;
> - CMS.debug("ValidityConstraint: long_days: " + long_days);
> - int days = (int) long_days;
> - CMS.debug("ValidityConstraint: days: " + days);
> -
> - if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) {
> + String rangeStr = getConfig(CONFIG_RANGE, "365");
> + CMS.debug("ValidityConstraint: range: " + rangeStr);
> + int range = Integer.parseInt(rangeStr);
> +
> + String rangeUnitStr = getConfig(CONFIG_RANGE_UNIT, "day");
> + CMS.debug("ValidityConstraint: range unit: " + rangeUnitStr);
> +
> + int rangeUnit;
> + try {
> + rangeUnit = convertRangeUnit(rangeUnitStr);
> + } catch (Exception e) {
> + throw new ERejectException(CMS.getUserMessage(getLocale(request),
> + "CMS_PROFILE_VALIDITY_INVALID_RANGE_UNIT",
> + rangeUnitStr));
> + }
> +
> + // calculate the end of validity range
> + Calendar date = Calendar.getInstance();
> + date.setTime(notBefore);
> + date.add(rangeUnit, range);
> +
> + Date limit = date.getTime();
> + CMS.debug("ValidityConstraint: limit: " + limit);
> +
> + if (notAfter.after(limit)) {
> throw new ERejectException(CMS.getUserMessage(getLocale(request),
> "CMS_PROFILE_VALIDITY_OUT_OF_RANGE",
> - Integer.toString(days)));
> + notAfter.toString(), limit.toString()));
> }
>
> // 613828
> diff --git a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
> index 417f78123881508afbf9a78e2ab31c4507e28bfb..5c2029a0f008c2a01bffdd655913008be3138c33 100644
> --- a/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
> +++ b/base/server/cms/src/com/netscape/cms/profile/def/EnrollDefault.java
> @@ -107,15 +107,36 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
> }
>
> public String getConfig(String name) {
> + return getConfig(name, "");
> + }
> +
> + /**
> + * Get constraint parameter in profile configuration.
> + *
> + * @param name parameter name
> + * @param defval default value if parameter does not exist
> + * @return parameter value if exists, defval if does not exist, or null if error occured
> + */
> + public String getConfig(String name, String defval) {
> +
> + if (mConfig == null) {
> + CMS.debug("Error: Missing profile configuration");
> + return null;
> + }
> +
> + IConfigStore params = mConfig.getSubStore("params");
> + if (params == null) {
> + CMS.debug("Error: Missing constraint parameters");
> + return null;
> + }
> +
> try {
> - if (mConfig == null)
> - return null;
> - if (mConfig.getSubStore("params") != null) {
> - return mConfig.getSubStore("params").getString(name);
> - }
> + return params.getString(name, defval);
> +
> } catch (EBaseException e) {
> + CMS.debug(e);
> + return null;
> }
> - return "";
> }
>
> public void init(IProfile profile, IConfigStore config)
> diff --git a/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java
> index b649c7076727494ceb23417add5910b540cadc69..02807346fbddc4ffc4d0a36d49fcb6262de231ad 100644
> --- a/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java
> +++ b/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java
> @@ -20,6 +20,7 @@ package com.netscape.cms.profile.def;
> import java.io.IOException;
> import java.text.ParsePosition;
> import java.text.SimpleDateFormat;
> +import java.util.Calendar;
> import java.util.Date;
> import java.util.Locale;
>
> @@ -44,6 +45,7 @@ import com.netscape.certsrv.request.IRequest;
> */
> public class ValidityDefault extends EnrollDefault {
> public static final String CONFIG_RANGE = "range";
> + public static final String CONFIG_RANGE_UNIT = "rangeUnit";
> public static final String CONFIG_START_TIME = "startTime";
>
> public static final String VAL_NOT_BEFORE = "notBefore";
> @@ -51,11 +53,10 @@ public class ValidityDefault extends EnrollDefault {
>
> public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
>
> - private long mDefault = 86400000; // 1 days
> -
> public ValidityDefault() {
> super();
> addConfigName(CONFIG_RANGE);
> + addConfigName(CONFIG_RANGE_UNIT);
> addConfigName(CONFIG_START_TIME);
> addValueName(VAL_NOT_BEFORE);
> addValueName(VAL_NOT_AFTER);
> @@ -93,6 +94,12 @@ public class ValidityDefault extends EnrollDefault {
> "7305",
> CMS.getUserMessage(locale,
> "CMS_PROFILE_VALIDITY_RANGE"));
> + } else if (name.equals(CONFIG_RANGE_UNIT)) {
> + return new Descriptor(IDescriptor.STRING,
> + null,
> + "day",
> + CMS.getUserMessage(locale,
> + "CMS_PROFILE_VALIDITY_RANGE_UNIT"));
> } else if (name.equals(CONFIG_START_TIME)) {
> return new Descriptor(IDescriptor.STRING,
> null,
> @@ -216,13 +223,37 @@ public class ValidityDefault extends EnrollDefault {
> getConfig(CONFIG_RANGE));
> }
>
> + public int convertRangeUnit(String unit) throws Exception {
> +
> + if (unit.equals("year")) {
> + return Calendar.YEAR;
> +
> + } else if (unit.equals("month")) {
> + return Calendar.MONTH;
> +
> + } else if (unit.equals("day")) {
> + return Calendar.DAY_OF_YEAR;
> +
> + } else if (unit.equals("hour")) {
> + return Calendar.HOUR_OF_DAY;
> +
> + } else if (unit.equals("minute")) {
> + return Calendar.MINUTE;
> +
> + } else {
> + throw new Exception("Invalid range unit: " + unit);
> + }
> + }
> +
> /**
> * Populates the request with this policy default.
> */
> public void populate(IRequest request, X509CertInfo info)
> throws EProfileException {
> +
> // always + 60 seconds
> String startTimeStr = getConfig(CONFIG_START_TIME);
> + CMS.debug("ValidityDefault: start time: " + startTimeStr);
> try {
> startTimeStr = mapPattern(request, startTimeStr);
> } catch (IOException e) {
> @@ -233,21 +264,43 @@ public class ValidityDefault extends EnrollDefault {
> startTimeStr = "60";
> }
> int startTime = Integer.parseInt(startTimeStr);
> +
> Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime));
> - long notAfterVal = 0;
> + CMS.debug("ValidityDefault: not before: " + notBefore);
>
> + String rangeStr = getConfig(CONFIG_RANGE, "7305");
> + CMS.debug("ValidityDefault: range: " + rangeStr);
> +
> + int range;
> try {
> - String rangeStr = getConfig(CONFIG_RANGE);
> rangeStr = mapPattern(request, rangeStr);
> - notAfterVal = notBefore.getTime() +
> - (mDefault * Integer.parseInt(rangeStr));
> - } catch (Exception e) {
> - // configured value is not correct
> - CMS.debug("ValidityDefault: populate " + e.toString());
> + range = Integer.parseInt(rangeStr);
> + } catch (IOException e) {
> + CMS.debug(e);
> throw new EProfileException(CMS.getUserMessage(
> getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
> }
> - Date notAfter = new Date(notAfterVal);
> +
> + String rangeUnitStr = getConfig(CONFIG_RANGE_UNIT, "day");
> + CMS.debug("ValidityDefault: range unit: " + rangeUnitStr);
> +
> + int rangeUnit;
> + try {
> + rangeUnit = convertRangeUnit(rangeUnitStr);
> + } catch (Exception e) {
> + CMS.debug(e);
> + throw new EProfileException(CMS.getUserMessage(
> + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE_UNIT));
> + }
> +
> + // calculate the end of validity range
> + Calendar date = Calendar.getInstance();
> + date.setTime(notBefore);
> + date.add(rangeUnit, range);
> +
> + Date notAfter = date.getTime();
> + CMS.debug("ValidityDefault: not after: " + notAfter);
> +
> CertificateValidity validity =
> new CertificateValidity(notBefore, notAfter);
>
> diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
> index 74c1a94a608fa3c3188ff4dda8b69a014f3f454e..b8cf27cc5697f5f4b356d49ba679f8f1105b44d5 100644
> --- a/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
> +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
> @@ -1898,6 +1898,8 @@ public final class CMSAdminServlet extends AdminServlet {
> certpath = value;
> }
>
> + CMS.debug("CMSAdminServlet: installCert(" + nickname + ")");
> +
> try {
> if (pkcs == null || pkcs.equals("")) {
> if (certpath == null || certpath.equals("")) {
> @@ -2191,7 +2193,7 @@ public final class CMSAdminServlet extends AdminServlet {
>
> boolean verified = CMS.verifySystemCertByNickname(nickname, null);
> if (verified == true) {
> - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname);
> + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded: " + nickname);
> auditMessage = CMS.getLogMessage(
> LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
> auditSubjectID,
> @@ -2200,7 +2202,7 @@ public final class CMSAdminServlet extends AdminServlet {
>
> audit(auditMessage);
> } else {
> - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname);
> + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed: " + nickname);
> auditMessage = CMS.getLogMessage(
> LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
> auditSubjectID,
> diff --git a/base/server/cmsbundle/src/UserMessages.properties b/base/server/cmsbundle/src/UserMessages.properties
> index fe43094e6b2a0531502570bc626da557fc9061ae..2dc1f268c844d742328c0c9a94c5625b1b5f264b 100644
> --- a/base/server/cmsbundle/src/UserMessages.properties
> +++ b/base/server/cmsbundle/src/UserMessages.properties
> @@ -833,12 +833,14 @@ CMS_PROFILE_GENERAL_NAMES=General Names
> CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE=Check Not Before against current time
> CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER=Check Not After against Not Before
> CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD=Grace period for Not Before being set in the future (in seconds).
> -CMS_PROFILE_VALIDITY_RANGE=Validity Range (in days)
> +CMS_PROFILE_VALIDITY_RANGE=Validity Range
> +CMS_PROFILE_VALIDITY_RANGE_UNIT=Validity Range Unit (default: day)
> CMS_PROFILE_VALIDITY_START_TIME=Relative Start Time (in seconds)
> CMS_PROFILE_NOT_BEFORE_RANDOM_BITS=Not Before Random Bits
> CMS_PROFILE_NOT_AFTER_RANDOM_BITS=Not After Random Bits
> CMS_PROFILE_BYPASS_CA_NOTAFTER=Bypass CA notAfter constraint
> -CMS_PROFILE_VALIDITY_OUT_OF_RANGE=Validity Out of Range {0} days
> +CMS_PROFILE_VALIDITY_INVALID_RANGE_UNIT=Invalid Range Unit: {0}
> +CMS_PROFILE_VALIDITY_OUT_OF_RANGE=Validity Out of Range: {0} is after {1}
> CMS_PROFILE_RENEW_GRACE_BEFORE=Renewal Grace Period Before
> CMS_PROFILE_RENEW_GRACE_AFTER=Renewal Grace Period After
> CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD=Outside of Renewal Grace Period: {0}
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
> index 68c64824e37bcad282a5bbeabf6b943fabf39481..04ff5ec46cab59eaf8e32e709677fcae66a33420 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
> @@ -1420,6 +1420,7 @@ public class CMSEngine implements ICMSEngine {
> }
>
> public boolean verifySystemCertByNickname(String nickname, String certificateUsage) {
> + CMS.debug("CMSEngine: verifySystemCertByNickname(" + nickname + ", " + certificateUsage + ")");
> return CertUtils.verifySystemCertByNickname(nickname, certificateUsage);
> }
>
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
> index 9dc33e541c23736a86a25ece441fbe7723fa1820..244c36dc7e0bbac181ce37d6344cc849a70ba873 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/cert/CertUtils.java
> @@ -831,6 +831,7 @@ public class CertUtils {
> * returns true if it verifies; false if any not
> */
> public static boolean verifySystemCertByNickname(String nickname, String certusage) {
> + CMS.debug("CertUtils: verifySystemCertByNickname(" + nickname + "," + certusage + ")");
> boolean r = true;
> CertificateUsage cu = null;
> cu = getCertificateUsage(certusage);
> @@ -850,9 +851,9 @@ public class CertUtils {
> if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) {
> if (cm.isCertValid(nickname, true, cu)) {
> r = true;
> - CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname);
> + CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname);
> } else {
> - CMS.debug("CertUtils: verifySystemCertByNickname() failed:" + nickname);
> + CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + nickname);
> r = false;
> }
> } else {
> @@ -864,7 +865,7 @@ public class CertUtils {
> CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + nickname);
> } else {
> r = true;
> - CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname);
> + CMS.debug("CertUtils: verifySystemCertByNickname() passed: " + nickname);
>
> if ((ccu & CryptoManager.CertificateUsage.SSLServer.getUsage()) != 0)
> CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServer");
> @@ -905,6 +906,9 @@ public class CertUtils {
> * returns true if it verifies; false if any not
> */
> public static boolean verifySystemCertByTag(String tag) {
> +
> + CMS.debug("CertUtils: verifySystemCertByTag(" + tag + ")");
> +
> String auditMessage = null;
> IConfigStore config = CMS.getConfigStore();
> boolean r = true;
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/DBRegistry.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/DBRegistry.java
> index 653850e02d8a8641bf4420f6198357ce67ef24d2..cd475cd56a8484b1844f06997e5712ac366f6cda 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/DBRegistry.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/DBRegistry.java
> @@ -460,7 +460,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
> throw new EDBException(CMS.getLogMessage("CMS_DBS_MISSING_OBJECT_CLASS"));
> }
>
> - //CMS.debug("createObject: attrs " + attrs.toString());
> + CMS.debug("createObject: attrs " + attrs);
>
> attrs.remove("objectclass");
>
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java
> index be674bfd59ca8d377a0a1919bc8419eb25a8308f..46b83547272874f64ebf5fac3b48c0136a488efd 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java
> @@ -640,6 +640,7 @@ public class DBSubsystem implements IDBSubsystem {
>
> tmpConfig.putString(PROP_BASEDN, mBaseDN);
> } catch (EBaseException e) {
> + CMS.debug(e);
> if (CMS.isPreOpMode())
> return;
> throw e;
> @@ -648,15 +649,18 @@ public class DBSubsystem implements IDBSubsystem {
> try {
> mLdapConnFactory.init(tmpConfig);
> } catch (ELdapServerDownException e) {
> + CMS.debug(e);
> if (CMS.isPreOpMode())
> return;
> throw new EDBNotAvailException(
> CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
> - } catch (ELdapException ex) {
> + } catch (ELdapException e) {
> + CMS.debug(e);
> if (CMS.isPreOpMode())
> return;
> - throw new EDBException(CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_ERROR", ex.toString()));
> + throw new EDBException(CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_ERROR", e.toString()));
> } catch (EBaseException e) {
> + CMS.debug(e);
> if (CMS.isPreOpMode())
> return;
> throw e;
> @@ -767,8 +771,9 @@ public class DBSubsystem implements IDBSubsystem {
> reg.registerAttribute(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, new
> ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_EXPIRED_CERTS));
>
> - if (!reg.isObjectClassRegistered(
> - RepositoryRecord.class.getName())) {
> + boolean registered = reg.isObjectClassRegistered(RepositoryRecord.class.getName());
> + CMS.debug("registered: " + registered);
> + if (!registered) {
> String repRecordOC[] = new String[2];
>
> repRecordOC[0] = RepositorySchema.LDAP_OC_TOP;
> @@ -776,6 +781,7 @@ public class DBSubsystem implements IDBSubsystem {
> reg.registerObjectClass(
> RepositoryRecord.class.getName(), repRecordOC);
> }
> +
> if (!reg.isAttributeRegistered(IRepositoryRecord.ATTR_SERIALNO)) {
> reg.registerAttribute(IRepositoryRecord.ATTR_SERIALNO,
> new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
> @@ -790,6 +796,7 @@ public class DBSubsystem implements IDBSubsystem {
> }
>
> } catch (EBaseException e) {
> + CMS.debug(e);
> if (CMS.isPreOpMode())
> return;
> throw e;
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/LDAPDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/LDAPDatabase.java
> index cfe9588070c29857978817d65a6ffd52947c20d4..0e3ffc13bc13bdbbeb0a2687793770297508a1d1 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/LDAPDatabase.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/LDAPDatabase.java
> @@ -55,6 +55,9 @@ public abstract class LDAPDatabase<E extends IDBObj> extends Database<E> {
> }
>
> public void register(Class<E> recordType) throws EBaseException {
> +
> + CMS.debug("registering " + recordType.getName());
> +
> IDBRegistry dbRegistry = dbSubsystem.getRegistry();
>
> // register object classes
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
> index e6b6e831e4981396902989ecc3e730a6cab6cc28..0d789cc6434a078e7cba4d02b4cbeccb838cd09c 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
> @@ -132,7 +132,7 @@ public abstract class Repository implements IRepository {
> protected BigInteger getSerialNumber() throws EBaseException {
> IDBSSession s = mDB.createSession();
>
> - CMS.debug("Repository: getSerialNumber.");
> + CMS.debug("Repository: getSerialNumber()");
> RepositoryRecord rec = null;
>
> try {
> @@ -327,7 +327,7 @@ public abstract class Repository implements IRepository {
> }
>
> protected void initCacheIfNeeded() throws EBaseException {
> - if (mLastSerialNo == null)
> + if (mLastSerialNo == null)
> initCache();
> }
>
> @@ -401,15 +401,15 @@ public abstract class Repository implements IRepository {
> BigInteger retSerial = new BigInteger(mLastSerialNo.toString());
>
> CMS.debug("Repository: getNextSerialNumber: returning retSerial " + retSerial);
> - return retSerial;
> + return retSerial;
> }
>
> /**
> * Checks to see if range needs to be switched.
> - *
> + *
> * @exception EBaseException thrown when next range is not allocated
> */
> - protected void checkRange() throws EBaseException
> + protected void checkRange() throws EBaseException
> {
> // check if we have reached the end of the range
> // if so, move to next range
> --
> 1.8.4.2
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list