📄 createcrlsessionbean.java
字号:
Collection revcerts = store.listRevokedCertificates(admin, issuerdn); debug("Found "+revcerts.size()+" revoked certificates."); // Go through them and create a CRL, at the same time archive expired certificates Date now = new Date(); // crlperiod is hours = crlperiod*60*60*1000 milliseconds now.setTime(now.getTime() - (crlperiod * 60 * 60 * 1000)); Vector certs = new Vector(); Iterator iter = revcerts.iterator(); while (iter.hasNext()) { CertificateDataPK pk = new CertificateDataPK((String)iter.next()); CertificateDataLocal data = certHome.findByPrimaryKey(pk); // We want to include certificates that was revoked after the last CRL was issued, but before this one // so the revoked certs are included in ONE CRL at least. if ( (data.getStatus() == CertificateDataBean.CERT_REVOKED) && (data.getExpireDate() < now.getTime()) ) { data.setStatus(CertificateDataBean.CERT_ARCHIVED); } else { if (data.getRevocationDate() == -1) data.setRevocationDate((new Date()).getTime()); RevokedCertInfo certinfo = new RevokedCertInfo(new BigInteger(data.getSerialNumber()),new Date(data.getRevocationDate()), data.getRevocationReason()); certs.add(certinfo); } } ISignSessionLocal sign = signHome.create(); byte[] crlBytes = sign.createCRL(admin, caid, certs); // This is logged in the database by SignSession String msg = intres.getLocalizedMessage("createcrl.createdcrl", cainfo.getName(), cainfo.getSubjectDN()); log.info(msg); if (log.isDebugEnabled()) { X509CRL crl = CertTools.getCRLfromByteArray(crlBytes); debug("Created CRL with expire date: "+crl.getNextUpdate());// FileOutputStream fos = new FileOutputStream("c:\\java\\srvtestcrl.der");// fos.write(crl.getEncoded());// fos.close(); } } catch (CATokenOfflineException e) { throw e; } catch (Exception e) { String msg = intres.getLocalizedMessage("createcrl.errorcreate", new Integer(caid)); log.error(msg, e); logsession.log(admin, caid, LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CREATECRL, msg, e); throw new EJBException(e); } debug("<run()"); } /** * Method that checks if there are any CRLs needed to be updated and then creates their * CRLs. No overlap is used. This method can be called by a scheduler or a service. * * @param admin administrator performing the task * * @return the number of crls created. * @throws EJBException om ett kommunikations eller systemfel intr?ffar. * @ejb.interface-method */ public int createCRLs(Admin admin) { return createCRLs(admin, 0); } /** * Method that checks if there are any CRLs needed to be updated and then creates their * CRLs. A CRL is created: * 1. if the current CRL expires within the crloverlaptime (milliseconds) * 2. if a crl issue interval is defined (>0) a CRL is issued when this interval has passed, even if the current CRL is still valid * * This method can be called by a scheduler or a service. * * @param admin administrator performing the task * @param addtocrloverlaptime given in milliseconds and added to the CRL overlap time, if set to how often this method is run (poll time), it can be used to issue a new CRL if the current one expires within * the CRL overlap time (configured in CA) and the poll time. The used CRL overlap time will be (crloverlaptime + addtocrloverlaptime) * * @return the number of crls created. * @throws EJBException om ett kommunikations eller systemfel intr?ffar. * @ejb.interface-method */ public int createCRLs(Admin admin, long addtocrloverlaptime) { int createdcrls = 0; try { Date currenttime = new Date(); ICAAdminSessionLocal caadmin = caadminHome.create(); ICertificateStoreSessionLocal store = storeHome.create(); Iterator iter = caadmin.getAvailableCAs(admin).iterator(); while(iter.hasNext()){ int caid = ((Integer) iter.next()).intValue(); log.debug("createCRLs for caid: "+caid); try { CAInfo cainfo = caadmin.getCAInfo(admin, caid); if (cainfo instanceof X509CAInfo) { if (cainfo.getStatus() == SecConst.CA_OFFLINE ) { String msg = intres.getLocalizedMessage("createcrl.caoffline", cainfo.getName(), new Integer(caid)); log.error(msg); logsession.log(admin, caid, LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CREATECRL, msg); } else { try { if (log.isDebugEnabled()) { log.debug("Checking to see if CA '"+cainfo.getName()+"' needs CRL generation."); } CRLInfo crlinfo = store.getLastCRLInfo(admin,cainfo.getSubjectDN()); if (log.isDebugEnabled()) { if (crlinfo == null) { log.debug("Crlinfo was null"); } else { log.debug("Read crlinfo for CA: "+cainfo.getName()+", lastNumber="+crlinfo.getLastCRLNumber()+", expireDate="+crlinfo.getExpireDate()); } } int crlissueinterval = cainfo.getCRLIssueInterval(); if (log.isDebugEnabled()) { log.debug("crlissueinterval="+crlissueinterval); log.debug("crloverlaptime="+cainfo.getCRLOverlapTime()); } long overlap = (cainfo.getCRLOverlapTime() * 60 * 1000) + addtocrloverlaptime; // Overlaptime is in minutes, default if crlissueinterval == 0 long nextUpdate = 0; // if crlinfo == 0, we will issue a crl now if (crlinfo != null) { // CRL issueinterval in hours. If this is 0, we should only issue a CRL when // the old one is about to expire, i.e. when currenttime + overlaptime > expiredate // if isseuinterval is > 0 we will issue a new CRL when currenttime > createtime + issueinterval nextUpdate = crlinfo.getExpireDate().getTime(); // Default if crlissueinterval == 0 if (crlissueinterval > 0) { long crlissueintervalmillisec = ((long)crlissueinterval) * 60 * 60 * 1000; if (log.isDebugEnabled()) { log.debug("crlissueinterval milliseconds: "+crlissueintervalmillisec); } long u = crlinfo.getCreateDate().getTime() + (crlissueintervalmillisec); // If this period for some reason (we missed to issue some?) is larger than when the CRL expires, // we need to issue one when the CRL expires if ((u + overlap) < nextUpdate) { nextUpdate = u; // When we issue CRLs before the real expiration date we don't use overlap overlap = 0; } } log.debug("Calculated nextUpdate to "+nextUpdate); } else { String msg = intres.getLocalizedMessage("createcrl.crlinfonull"); log.info(msg); } if ((currenttime.getTime() + overlap) >= nextUpdate) { if (log.isDebugEnabled()) { log.debug("Creating CRL for CA, because:"+currenttime.getTime()+overlap+" >= "+nextUpdate); } this.run(admin, cainfo.getSubjectDN()); createdcrls++; } } catch (CATokenOfflineException e) { String msg = intres.getLocalizedMessage("createcrl.caoffline", cainfo.getName(), new Integer(caid)); log.error(msg); logsession.log(admin, caid, LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CREATECRL, msg); } } } } catch(Exception e) { String msg = intres.getLocalizedMessage("createcrl.generalerror", new Integer(caid)); error(msg, e); logsession.log(admin, caid, LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CREATECRL,msg,e); if (e instanceof EJBException) { throw (EJBException)e; } throw new EJBException(e); } } } catch (Exception e) { String msg = intres.getLocalizedMessage("createcrl.erroravailcas"); error(msg, e); logsession.log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_CREATECRL,msg,e); if (e instanceof EJBException) { throw (EJBException)e; } throw new EJBException(e); } return createdcrls; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -