Package org.ejbca.core.model.ca.store

Examples of org.ejbca.core.model.ca.store.CertificateInfo


        // Check that the admin has revocation rights.
        if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY)) {
            Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_REVOKEENDENTITY, null);
        }
        // To be fully backwards compatible we just use the first fingerprint found..
        final CertificateInfo info = certificateStoreSession.findFirstCertificateInfo(issuerdn, certserno);
        if (info == null) {
          final String msg = intres.getLocalizedMessage("ra.errorfindentitycert", issuerdn, certserno.toString(16));
            logSession.log(admin, LogConstants.INTERNALCAID, LogConstants.MODULE_RA, new Date(), null, null, LogConstants.EVENT_INFO_REVOKEDENDENTITY, msg);
            throw new FinderException(msg);
        }
        final int caid = info.getIssuerDN().hashCode();
        final String username = info.getUsername();
        assertAuthorizedToCA(admin, caid, username, LogConstants.EVENT_ERROR_REVOKEDENDENTITY);
        int certificateProfileId = info.getCertificateProfileId();
        String userDataDN = info.getSubjectDN();
        final CertReqHistory certReqHistory = certificateStoreSession.getCertReqHistory(admin, certserno, issuerdn);
        UserData data = null;
        if (certReqHistory == null || XkmsConfiguration.getEnabled()) {
          // We could use userdata later, so try to find it
          data = UserData.findByUsername(entityManager, username);
        }
        int endEntityProfileId = -1;
        if (certReqHistory != null) {
            // Get the EEP that was used in the original issuance, if we can find it
          endEntityProfileId = certReqHistory.getUserDataVO().getEndEntityProfileId();
            // Republish with the same user DN that was used in the original publication, if we can find it
            userDataDN = certReqHistory.getUserDataVO().getDN();
            // If for some reason the certificate profile id was not set in the certificate data, try to get it from the certreq history
            if (certificateProfileId == SecConst.CERTPROFILE_NO_PROFILE) {
                certificateProfileId = certReqHistory.getUserDataVO().getCertificateProfileId();
            }
        } else if (data != null) {
          // Get the EEP that is currently used as a fallback, if we can find it
          endEntityProfileId = data.getEndEntityProfileId();
          // Republish with the same user DN that is currently used as a fallback, if we can find it
          userDataDN = data.getSubjectDN();
            // If for some reason the certificate profile id was not set in the certificate data, try to get it from current userdata
            if (certificateProfileId == SecConst.CERTPROFILE_NO_PROFILE) {
                certificateProfileId = data.getCertificateProfileId();
            }
        }
        if (endEntityProfileId != -1) {
          // We can only perform this check if we have a trail of what eep was used..
            if (getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()) {
              assertAuthorizedToEndEntityProfile(admin, endEntityProfileId, AccessRulesConstants.REVOKE_RIGHTS, caid, username, LogConstants.EVENT_ERROR_REVOKEDENDENTITY);
            }
        }
        // Check that unrevocation is not done on anything that can not be unrevoked
        if (reason == RevokedCertInfo.NOT_REVOKED || reason == RevokedCertInfo.REVOCATION_REASON_REMOVEFROMCRL) {
            if (info.getRevocationReason() != RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD) {
              final String msg = intres.getLocalizedMessage("ra.errorunrevokenotonhold", issuerdn, certserno.toString(16));
                logSession.log(admin, caid, LogConstants.MODULE_RA, new Date(), username, null, LogConstants.EVENT_INFO_REVOKEDENDENTITY, msg);
                throw new AlreadyRevokedException(msg);
            }
        } else {
            if (info.getRevocationReason() != RevokedCertInfo.NOT_REVOKED) {
              final String msg = intres.getLocalizedMessage("ra.errorrevocationexists");
                logSession.log(admin, caid, LogConstants.MODULE_RA, new Date(), username, null, LogConstants.EVENT_INFO_REVOKEDENDENTITY, msg);
                throw new AlreadyRevokedException(msg);
            }
        }
View Full Code Here


        if (!certs.isEmpty()) {
          Iterator<Certificate> j = certs.iterator();
          while (j.hasNext()) {
            certificate = j.next();
            String fingerprint = CertTools.getFingerprintAsString(certificate);
            CertificateInfo info = getCertificateInfo(admin, fingerprint);
            if (info != null && info.getStatus() != SecConst.CERT_REVOKED) {
              returnval = false;
              break;
            }
          }
        }
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.ca.store.CertificateInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.