// Go through them and create a CRL, at the same time archive expired certificates
Date now = new Date();
Date check = new Date(now.getTime() - crlperiod);
Iterator<RevokedCertInfo> iter = revcerts.iterator();
while (iter.hasNext()) {
RevokedCertInfo data = iter.next();
// We want to include certificates that was revoked after the last CRL was issued, but before this one
// so the revoked certs are included in ONE CRL at least. See RFC5280 section 3.3.
if ( data.getExpireDate().before(check) ) {
// Certificate has expired, set status to archived in the database
certificateStoreSession.setArchivedStatus(Admin.getInternalAdmin(), data.getCertificateFingerprint());
} else {
Date revDate = data.getRevocationDate();
if (revDate == null) {
data.setRevocationDate(now);
CertificateData certdata = CertificateData.findByFingerprint(entityManager, data.getCertificateFingerprint());
if (certdata == null) {
throw new FinderException("No certificate with fingerprint " + data.getCertificateFingerprint());
}
// Set revocation date in the database
certdata.setRevocationDate(now);
}
}