Attached are some patches to fix the activity logs for token certificate
revocations. The code had to be refactored to reduce the complexity.
--
Endi S. Dewata
>From 27659dae3a1fb34ae71d5f8d1038bdcc9a821f21 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 22 Apr 2016 01:37:37 +0200
Subject: [PATCH] Added TPSCertRecord.getSerialNumberInBigInteger().
The code that parses the token certificate serial number has been
refactored into a new method in TPSCertRecord.
---
.../src/org/dogtagpki/server/tps/TPSTokendb.java | 27 ++++++++--------------
.../dogtagpki/server/tps/dbs/TPSCertRecord.java | 13 +++++++++++
2 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
index 4142bab4fe1cedcd55102f5bd88bec0a0876da02..dcb3bc1c221ecd3b31cf8af72df3787870bbcbf7 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
@@ -509,24 +509,15 @@ public class TPSTokendb {
}
}
- CARemoteRequestHandler caRH = null;
- caRH = new CARemoteRequestHandler(connID);
- String hexSerial = cert.getSerialNumber();
- if (hexSerial.length() >= 3 && hexSerial.startsWith("0x")) {
- String serial = hexSerial.substring(2); // skip over the '0x'
- BigInteger bInt = new BigInteger(serial, 16);
- String serialStr = bInt.toString();
- CMS.debug(method + ": found cert hex serial: " + serial +
- " dec serial:" + serialStr);
- CARevokeCertResponse response =
- caRH.revokeCertificate(isRevoke, serialStr, cert.getCertificate(),
- revokeReason);
- CMS.debug(method + ": response status =" + response.getStatus());
- } else {
- logMsg = "mulformed hex serial number :" + hexSerial;
- CMS.debug(method + ": " + logMsg);
- throw new Exception(logMsg);
- }
+ CARemoteRequestHandler caRH = new CARemoteRequestHandler(connID);
+ BigInteger bInt = cert.getSerialNumberInBigInteger();
+ String serialStr = bInt.toString();
+ CMS.debug(method + ": found cert hex serial: " + cert.getSerialNumber() +
+ " dec serial: " + serialStr);
+ CARevokeCertResponse response =
+ caRH.revokeCertificate(isRevoke, serialStr, cert.getCertificate(),
+ revokeReason);
+ CMS.debug(method + ": response status: " + response.getStatus());
// update certificate status
if (isRevoke) {
diff --git a/base/tps/src/org/dogtagpki/server/tps/dbs/TPSCertRecord.java b/base/tps/src/org/dogtagpki/server/tps/dbs/TPSCertRecord.java
index 288f25f53518d713500fdb01ca802d7d6d74a8b0..0f846c6ded6297dffed3d007c9ac8b96ae232599 100644
--- a/base/tps/src/org/dogtagpki/server/tps/dbs/TPSCertRecord.java
+++ b/base/tps/src/org/dogtagpki/server/tps/dbs/TPSCertRecord.java
@@ -18,6 +18,7 @@
package org.dogtagpki.server.tps.dbs;
+import java.math.BigInteger;
import java.util.Date;
import com.netscape.cmscore.dbs.DBAttribute;
@@ -68,6 +69,18 @@ public class TPSCertRecord extends DBRecord {
this.serialNumber = serialNumber;
}
+ public BigInteger getSerialNumberInBigInteger() {
+
+ if (serialNumber == null) return null;
+
+ if (serialNumber.length() < 3 || !serialNumber.startsWith("0x")) {
+ throw new NumberFormatException("Malformed hex serial number: " + serialNumber);
+ }
+
+ String value = serialNumber.substring(2); // skip over the '0x'
+ return new BigInteger(value, 16);
+ }
+
@DBAttribute("tokenSubject")
public String getSubject() {
return subject;
--
2.5.5
>From 15f0af6401f9b3f00e69f5e6371ebc491c5fdbcb Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 22 Apr 2016 02:48:01 +0200
Subject: [PATCH] Moved TPSTokendb.tdbGetTokenEntry() invocations.
The TPSTokendb.tdbGetTokenEntry() invocations in shouldRevoke()
have been moved into revokeCertsByCUID().
---
.../src/org/dogtagpki/server/tps/TPSTokendb.java | 30 ++++++++++++++--------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
index dcb3bc1c221ecd3b31cf8af72df3787870bbcbf7..f50fd46f41ce4f24795e48fd660be031ead10e9f 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
@@ -379,7 +379,7 @@ public class TPSTokendb {
return true;
}
- private boolean shouldRevoke(TPSCertRecord cert, String cuid, String tokenReason,
+ private boolean shouldRevoke(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
String ipAddress, String remoteUser) throws Exception {
IConfigStore configStore = CMS.getConfigStore();
String method = "TPStokendb.shouldRevoke";
@@ -402,7 +402,7 @@ public class TPSTokendb {
", keyType: " + keyType +
", state: " + tokenReason;
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tdbGetTokenEntry(cuid),
+ tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
ipAddress, activityMsg, "success", remoteUser);
return false;
@@ -418,13 +418,13 @@ public class TPSTokendb {
Date now = new Date();
if (now.after(notAfter)) {
activityMsg = "revocation not enabled for expired cert: " + cert.getSerialNumber();
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tdbGetTokenEntry(cuid),
+ tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
ipAddress, activityMsg, "success", remoteUser);
return false;
}
if (now.before(notBefore)) {
activityMsg = "revocation not enabled for cert that is not yet valid: " + cert.getSerialNumber();
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tdbGetTokenEntry(cuid),
+ tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
ipAddress, activityMsg, "success", remoteUser);
return false;
}
@@ -435,11 +435,11 @@ public class TPSTokendb {
tokenReason + ".holdRevocationUntilLastCredential";
boolean holdRevocation = configStore.getBoolean(config, false);
if (holdRevocation) {
- if (!isLastActiveSharedCert(cert.getSerialNumber(), cert.getIssuedBy(), cuid)) {
+ if (!isLastActiveSharedCert(cert.getSerialNumber(), cert.getIssuedBy(), tokenRecord.getId())) {
activityMsg = "revocation not permitted as certificate " + cert.getSerialNumber() +
" is shared by anothr active token";
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tdbGetTokenEntry(cuid),
+ tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
ipAddress, activityMsg, "success", remoteUser);
return false;
@@ -458,10 +458,16 @@ public class TPSTokendb {
private void revokeCertsByCUID(boolean isRevoke, String cuid, String tokenReason,
String ipAddress, String remoteUser) throws Exception {
String method = "TPSTokendb.revokeCertsByCUID";
- if (cuid == null)
- throw new TPSException(method + ": cuid null");
String logMsg;
- IConfigStore configStore = CMS.getConfigStore();
+
+ if (cuid == null) {
+ logMsg = "Missing token CUID";
+ CMS.debug(method + ": " + logMsg);
+ throw new TPSException(logMsg);
+ }
+
+ TokenRecord tokenRecord = tdbGetTokenEntry(cuid);
+
Collection<TPSCertRecord> certRecords = tps.getTokendb().tdbGetCertRecordsByCUID(cuid);
if (tokenReason != null) {
if (!tokenReason.equalsIgnoreCase("onHold") &&
@@ -472,8 +478,10 @@ public class TPSTokendb {
CMS.debug(method + ":" + logMsg);
throw new Exception(method + ":" + logMsg);
}
-
}
+
+ IConfigStore configStore = CMS.getConfigStore();
+
for (TPSCertRecord cert : certRecords) {
// get conn id
String config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() + ".ca.conn";
@@ -484,7 +492,7 @@ public class TPSTokendb {
if (isRevoke) {
logMsg = "called to revoke";
CMS.debug(method + ":" + logMsg);
- boolean revokeCert = shouldRevoke(cert, cuid, tokenReason, ipAddress, remoteUser);
+ boolean revokeCert = shouldRevoke(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
if (!revokeCert) {
logMsg = "cert not to be revoked:" + cert.getSerialNumber();
--
2.5.5
>From 7ef3f5a05d0bfb50846dea12b9c0e5ab6eb1b92a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 22 Apr 2016 01:45:29 +0200
Subject: [PATCH] Added TPSTokendb.revokeCert() and unrevokeCert().
The code in TPSTokendb.revokeCertsByCUID() has been split into
revokeCert() and unrevokeCert() to allow handling each operation
separately.
---
.../src/org/dogtagpki/server/tps/TPSTokendb.java | 176 ++++++++++++++-------
1 file changed, 121 insertions(+), 55 deletions(-)
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
index f50fd46f41ce4f24795e48fd660be031ead10e9f..0d05453227fd4385ef9955b2a4a45410a5019122 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
@@ -379,6 +379,125 @@ public class TPSTokendb {
return true;
}
+ private void revokeCert(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
+ String ipAddress, String remoteUser) {
+
+ String method = "TPSTokendb.revokeCert";
+ String logMsg;
+
+ try {
+
+ IConfigStore configStore = CMS.getConfigStore();
+
+ // get conn ID
+ String config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() + ".ca.conn";
+ String connID = configStore.getString(config);
+
+ RevocationReason revokeReason = RevocationReason.UNSPECIFIED;
+
+ logMsg = "called to revoke";
+ CMS.debug(method + ": " + logMsg);
+ boolean revokeCert = shouldRevoke(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
+
+ if (!revokeCert) {
+ logMsg = "certificate not to be revoked:" + cert.getSerialNumber();
+ CMS.debug(method + ":" + logMsg);
+ return;
+ }
+
+ logMsg = "certificate to be revoked:" + cert.getSerialNumber();
+ CMS.debug(method + ": " + logMsg);
+
+ // get revoke reason
+ config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() +
+ ".recovery." + tokenReason + ".revokeCert.reason";
+ int reasonInt = configStore.getInteger(config, 0);
+ revokeReason = RevocationReason.fromInt(reasonInt);
+
+ CARemoteRequestHandler caRH = new CARemoteRequestHandler(connID);
+ BigInteger bInt = cert.getSerialNumberInBigInteger();
+ String serialStr = bInt.toString();
+ CMS.debug(method + ": found cert hex serial: " + cert.getSerialNumber() +
+ " dec serial: " + serialStr);
+ CARevokeCertResponse response =
+ caRH.revokeCertificate(true, serialStr, cert.getCertificate(),
+ revokeReason);
+ CMS.debug(method + ": response status: " + response.getStatus());
+
+ // update certificate status
+ if (revokeReason == RevocationReason.CERTIFICATE_HOLD) {
+ updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "revoked_on_hold");
+ } else {
+ updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "revoked");
+ }
+
+ logMsg = "certificate revoked: " + cert.getSerialNumber();
+ CMS.debug(method + ": " + logMsg);
+
+ //TODO: tdbActivity
+
+ } catch (Exception e) {
+ logMsg = "certificate not revoked: " + cert.getSerialNumber() + ": " + e;
+ CMS.debug(method + ": " + logMsg);
+
+ //TODO: tdbActivity
+
+ // continue revoking the next certificate
+ }
+ }
+
+ private void unrevokeCert(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
+ String ipAddress, String remoteUser) {
+
+ String method = "TPSTokendb.unrevokeCert";
+ String logMsg;
+
+ try {
+ IConfigStore configStore = CMS.getConfigStore();
+
+ // get conn ID
+ String config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() + ".ca.conn";
+ String connID = configStore.getString(config);
+
+ RevocationReason revokeReason = RevocationReason.UNSPECIFIED;
+
+ logMsg = "called to unrevoke";
+ CMS.debug(method + ": " + logMsg);
+
+ if (!cert.getStatus().equalsIgnoreCase("revoked_on_hold")) {
+ logMsg = "certificate record current status is not revoked_on_hold; cannot unrevoke";
+ CMS.debug(method + ": " + logMsg);
+ return; // TODO: continue or bail?
+ }
+
+ CARemoteRequestHandler caRH = new CARemoteRequestHandler(connID);
+ BigInteger bInt = cert.getSerialNumberInBigInteger();
+ String serialStr = bInt.toString();
+ CMS.debug(method + ": found cert hex serial: " + cert.getSerialNumber() +
+ " dec serial: " + serialStr);
+ CARevokeCertResponse response =
+ caRH.revokeCertificate(false, serialStr, cert.getCertificate(),
+ revokeReason);
+ CMS.debug(method + ": response status: " + response.getStatus());
+
+ // update certificate status
+ updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "active");
+
+ logMsg = "certificate unrevoked: " + cert.getSerialNumber();
+ CMS.debug(method + ": " + logMsg);
+
+ //TODO: tdbActivity
+
+ } catch (Exception e) {
+ logMsg = "certificate not unrevoked: " + cert.getSerialNumber() + " : " + e;
+ CMS.debug(method + ": " + logMsg);
+
+ //TODO: tdbActivity
+
+ // continue unrevoking the next certificate
+ }
+ }
+
private boolean shouldRevoke(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
String ipAddress, String remoteUser) throws Exception {
IConfigStore configStore = CMS.getConfigStore();
@@ -483,64 +602,11 @@ public class TPSTokendb {
IConfigStore configStore = CMS.getConfigStore();
for (TPSCertRecord cert : certRecords) {
- // get conn id
- String config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() + ".ca.conn";
- String connID = configStore.getString(config);
-
- RevocationReason revokeReason = RevocationReason.UNSPECIFIED;
-
if (isRevoke) {
- logMsg = "called to revoke";
- CMS.debug(method + ":" + logMsg);
- boolean revokeCert = shouldRevoke(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
-
- if (!revokeCert) {
- logMsg = "cert not to be revoked:" + cert.getSerialNumber();
- CMS.debug(method + ":" + logMsg);
- continue;
- }
- logMsg = "cert to be revoked:" + cert.getSerialNumber();
- CMS.debug(method + ":" + logMsg);
-
- // get revoke reason
- config = "op.enroll." + cert.getType() + ".keyGen." + cert.getKeyType() +
- ".recovery." + tokenReason + ".revokeCert.reason";
- int reasonInt = configStore.getInteger(config, 0);
- revokeReason = RevocationReason.fromInt(reasonInt);
- } else { // is unrevoke
- logMsg = "called to unrevoke";
- CMS.debug(method + ":" + logMsg);
- if (!cert.getStatus().equalsIgnoreCase("revoked_on_hold")) {
- logMsg = "cert record current status is not revoked_on_hold; cannot unrevoke";
- CMS.debug(method + ":" + logMsg);
- continue;// TODO: continue or bail?
- }
- }
-
- CARemoteRequestHandler caRH = new CARemoteRequestHandler(connID);
- BigInteger bInt = cert.getSerialNumberInBigInteger();
- String serialStr = bInt.toString();
- CMS.debug(method + ": found cert hex serial: " + cert.getSerialNumber() +
- " dec serial: " + serialStr);
- CARevokeCertResponse response =
- caRH.revokeCertificate(isRevoke, serialStr, cert.getCertificate(),
- revokeReason);
- CMS.debug(method + ": response status: " + response.getStatus());
-
- // update certificate status
- if (isRevoke) {
- if (revokeReason == RevocationReason.CERTIFICATE_HOLD) {
- updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "revoked_on_hold");
- } else {
- updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "revoked");
- }
+ revokeCert(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
} else {
- updateCertsStatus(cert.getSerialNumber(), cert.getIssuedBy(), "active");
+ unrevokeCert(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
}
-
- logMsg = "cert (un)revoked:" + cert.getSerialNumber();
- CMS.debug(method + ":" + logMsg);
- //TODO: tdbActivity
}
}
--
2.5.5
>From 882db20fbdc593f13bcd4bd8a9e5d50b3e3cc21a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Fri, 22 Apr 2016 02:42:24 +0200
Subject: [PATCH] Fixed activity logs for certificate revocations.
The TPSTokendb.shouldRevoke() has been modified such that it
throws an exception instead of returning boolean. The method
has also been renamed to checkRevocation(). The revokeCert()
and unrevokeCert() have been modified to catch the exception
and log the failed operation.
---
.../src/org/dogtagpki/server/tps/TPSTokendb.java | 60 ++++++++--------------
.../dogtagpki/server/tps/dbs/ActivityDatabase.java | 3 ++
2 files changed, 25 insertions(+), 38 deletions(-)
diff --git a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
index 0d05453227fd4385ef9955b2a4a45410a5019122..b673ed2ff269d61639d05e9b31bf59355b9ef97d 100644
--- a/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
+++ b/base/tps/src/org/dogtagpki/server/tps/TPSTokendb.java
@@ -397,13 +397,8 @@ public class TPSTokendb {
logMsg = "called to revoke";
CMS.debug(method + ": " + logMsg);
- boolean revokeCert = shouldRevoke(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
- if (!revokeCert) {
- logMsg = "certificate not to be revoked:" + cert.getSerialNumber();
- CMS.debug(method + ":" + logMsg);
- return;
- }
+ checkRevocation(tokenRecord, cert, tokenReason, ipAddress, remoteUser);
logMsg = "certificate to be revoked:" + cert.getSerialNumber();
CMS.debug(method + ": " + logMsg);
@@ -434,13 +429,15 @@ public class TPSTokendb {
logMsg = "certificate revoked: " + cert.getSerialNumber();
CMS.debug(method + ": " + logMsg);
- //TODO: tdbActivity
+ tdbActivity(ActivityDatabase.OP_CERT_REVOCATION, tokenRecord,
+ ipAddress, logMsg, "success", remoteUser);
} catch (Exception e) {
logMsg = "certificate not revoked: " + cert.getSerialNumber() + ": " + e;
CMS.debug(method + ": " + logMsg);
- //TODO: tdbActivity
+ tdbActivity(ActivityDatabase.OP_CERT_REVOCATION, tokenRecord,
+ ipAddress, e.getMessage(), "failure", remoteUser);
// continue revoking the next certificate
}
@@ -486,26 +483,27 @@ public class TPSTokendb {
logMsg = "certificate unrevoked: " + cert.getSerialNumber();
CMS.debug(method + ": " + logMsg);
- //TODO: tdbActivity
+ tdbActivity(ActivityDatabase.OP_CERT_UNREVOCATION, tokenRecord,
+ ipAddress, logMsg, "success", remoteUser);
} catch (Exception e) {
logMsg = "certificate not unrevoked: " + cert.getSerialNumber() + " : " + e;
CMS.debug(method + ": " + logMsg);
- //TODO: tdbActivity
+ tdbActivity(ActivityDatabase.OP_CERT_UNREVOCATION, tokenRecord,
+ ipAddress, e.getMessage(), "failure", remoteUser);
// continue unrevoking the next certificate
}
}
- private boolean shouldRevoke(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
+ private void checkRevocation(TokenRecord tokenRecord, TPSCertRecord cert, String tokenReason,
String ipAddress, String remoteUser) throws Exception {
+
IConfigStore configStore = CMS.getConfigStore();
- String method = "TPStokendb.shouldRevoke";
- String activityMsg;
if (cert == null) {
- throw new TPSException(method + ": cert null");
+ throw new TPSException("Missing token certificate");
}
String tokenType = cert.getType();
@@ -516,15 +514,11 @@ public class TPSTokendb {
".recovery." + tokenReason + ".revokeCert";
boolean revokeCerts = configStore.getBoolean(config, true);
if (!revokeCerts) {
- activityMsg = "certificate revocation (serial " + cert.getSerialNumber() +
+ throw new TPSException(
+ "certificate revocation (serial " + cert.getSerialNumber() +
") not enabled for tokenType: " + tokenType +
", keyType: " + keyType +
- ", state: " + tokenReason;
-
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
- ipAddress, activityMsg, "success", remoteUser);
-
- return false;
+ ", state: " + tokenReason);
}
// check if expired certificates should be revoked.
@@ -536,16 +530,12 @@ public class TPSTokendb {
Date notAfter = cert.getValidNotAfter();
Date now = new Date();
if (now.after(notAfter)) {
- activityMsg = "revocation not enabled for expired cert: " + cert.getSerialNumber();
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
- ipAddress, activityMsg, "success", remoteUser);
- return false;
+ throw new TPSException(
+ "revocation not enabled for expired cert: " + cert.getSerialNumber());
}
if (now.before(notBefore)) {
- activityMsg = "revocation not enabled for cert that is not yet valid: " + cert.getSerialNumber();
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
- ipAddress, activityMsg, "success", remoteUser);
- return false;
+ throw new TPSException(
+ "revocation not enabled for cert that is not yet valid: " + cert.getSerialNumber());
}
}
@@ -555,17 +545,11 @@ public class TPSTokendb {
boolean holdRevocation = configStore.getBoolean(config, false);
if (holdRevocation) {
if (!isLastActiveSharedCert(cert.getSerialNumber(), cert.getIssuedBy(), tokenRecord.getId())) {
- activityMsg = "revocation not permitted as certificate " + cert.getSerialNumber() +
- " is shared by anothr active token";
-
- tdbActivity(ActivityDatabase.OP_TOKEN_MODIFY, tokenRecord,
- ipAddress, activityMsg, "success", remoteUser);
-
- return false;
+ throw new TPSException(
+ "revocation not permitted as certificate " + cert.getSerialNumber() +
+ " is shared by another active token");
}
}
-
- return true;
}
/*
diff --git a/base/tps/src/org/dogtagpki/server/tps/dbs/ActivityDatabase.java b/base/tps/src/org/dogtagpki/server/tps/dbs/ActivityDatabase.java
index 3382836993fbd95418cbe7227dba57164c42a429..fdcd4eaff757e5f2dba4ca394fde06e7ffa74687 100644
--- a/base/tps/src/org/dogtagpki/server/tps/dbs/ActivityDatabase.java
+++ b/base/tps/src/org/dogtagpki/server/tps/dbs/ActivityDatabase.java
@@ -49,6 +49,9 @@ public class ActivityDatabase extends LDAPDatabase<ActivityRecord> {
public final static String OP_TOKEN_MODIFY = "token_modify";
public final static String OP_TOKEN_STATUS_CHANGE = "token_status_change";
+ public final static String OP_CERT_REVOCATION = "cert_revocation";
+ public final static String OP_CERT_UNREVOCATION = "cert_unrevocation";
+
public ActivityDatabase(IDBSubsystem dbSubsystem, String baseDN) throws EBaseException {
super("Activity", dbSubsystem, baseDN, ActivityRecord.class);
}
--
2.5.5
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
