try {
if (log.isDebugEnabled()) {
log.debug("Checking to see if CA '"+cainfo.getName()+"' ("+cainfo.getCAId()+") needs CRL generation.");
}
final String certSubjectDN = CertTools.getSubjectDN(cacert);
CRLInfo crlinfo = crlSession.getLastCRLInfo(admin,certSubjectDN,false);
if (log.isDebugEnabled()) {
if (crlinfo == null) {
log.debug("Crlinfo was null");
} else {
log.debug("Read crlinfo for CA: "+cainfo.getName()+", lastNumber="+crlinfo.getLastCRLNumber()+", expireDate="+crlinfo.getExpireDate());
}
}
long crlissueinterval = cainfo.getCRLIssueInterval();
if (log.isDebugEnabled()) {
log.debug("crlissueinterval="+crlissueinterval);
log.debug("crloverlaptime="+cainfo.getCRLOverlapTime());
}
long overlap = cainfo.getCRLOverlapTime() + addtocrloverlaptime; // Overlaptime is in minutes, default if crlissueinterval == 0
long nextUpdate = 0; // if crlinfo == 0, we will issue a crl now
if (crlinfo != null) {
// CRL issueinterval in hours. If this is 0, we should only issue a CRL when
// the old one is about to expire, i.e. when currenttime + overlaptime > expiredate
// if isseuinterval is > 0 we will issue a new CRL when currenttime > createtime + issueinterval
nextUpdate = crlinfo.getExpireDate().getTime(); // Default if crlissueinterval == 0
if (crlissueinterval > 0) {
long u = crlinfo.getCreateDate().getTime() + crlissueinterval;
// If this period for some reason (we missed to issue some?) is larger than when the CRL expires,
// we need to issue one when the CRL expires
if ((u + overlap) < nextUpdate) {
nextUpdate = u;
// When we issue CRLs before the real expiration date we don't use overlap