public String toString(boolean verbose) { StringBuilder sb = new StringBuilder(xipkiCertsetIncluded ? "included" : "not included"); if (xipkiCertsetIncluded) { sb.append("\t\tinclude cert: ").append(xipkiCertsetCertIncluded); } String xipkiCertSetStr = sb.toString(); sb = new StringBuilder("generate CRL "); if (intervalDayTime != null) { sb.append("at ").append(intervalDayTime); } else { sb.append("every ").append(intervalMinutes).append(" minutes"); } String intervalStr = sb.toString(); return StringUtil.concatObjects(" update mode: ", updateMode, "\n include expired certificates: ", includeExpiredCerts, "\n full CRL intervals: ", fullCrlIntervals, "\n delta CRL intervals: ", deltaCrlIntervals, "\n overlap: ", overlapMinutes, " minutes", "\n use extended nextUpdate: ", extendedNextUpdate, "\n only user certificates: ", onlyContainsUserCerts, "\n only CA certificates: ", onlyContainsCaCerts, "\n exclude reason: ", excludeReason, "\n invalidity date mode: ", invalidityDateMode, "\n interval: ", intervalStr, "\n XiPKI CertSet: ", xipkiCertSetStr, (verbose ? "\n encoded: " : ""), (verbose ? getConf() : "")); }
this.includeExpiredCerts = getBoolean(props, KEY_EXPIRED_CERTS_INCLUDED, false); this.xipkiCertsetIncluded = getBoolean(props, KEY_XIPKI_CERTSET, false); this.xipkiCertsetCertIncluded = getBoolean(props, KEY_XIPKI_CERTSET_CERTS, true); this.onlyContainsCaCerts = getBoolean(props, KEY_ONLY_CONTAINS_CACERTS, false); this.onlyContainsUserCerts = getBoolean(props, KEY_ONLY_CONTAINS_USERCERTS, false); this.excludeReason = getBoolean(props, KEY_EXCLUDE_REASON, false); this.fullCrlIntervals = getInteger(props, KEY_FULLCRL_INTERVALS, 1); this.deltaCrlIntervals = getInteger(props, KEY_DELTACRL_INTERVALS, 0); this.extendedNextUpdate = getBoolean(props, KEY_FULLCRL_EXTENDED_NEXTUPDATE, false); this.overlapMinutes = getInteger(props, KEY_OVERLAP_MINUTES, 60); str = props.value(KEY_INTERVAL_TIME); if (str != null) { int minutes = getInteger(props, KEY_INTERVAL_MINUTES, 0); if (minutes < this.overlapMinutes + 30) { throw new InvalidConfException("invalid " + KEY_INTERVAL_MINUTES + ": '" validate();
private Date getCrlNextUpdate(Date thisUpdate) { Args.notNull(thisUpdate, "thisUpdate"); CrlControl control = caInfo.getCrlControl(); if (control.getUpdateMode() != UpdateMode.INTERVAL) { return null; if (i % control.getFullCrlIntervals() == 0) { intervalsTillNextCrl = i; break; } else if (!control.isExtendedNextUpdate() && control.getDeltaCrlIntervals() > 0) { if (i % control.getDeltaCrlIntervals() == 0) { intervalsTillNextCrl = i; break; if (control.getIntervalMinutes() != null) { int minutesTillNextUpdate = intervalsTillNextCrl * control.getIntervalMinutes() + control.getOverlapMinutes(); nextUpdate = new Date(MS_PER_SECOND * (thisUpdate.getTime() / MS_PER_SECOND / 60 + minutesTillNextUpdate) * 60); cal.setTime(thisUpdate); cal.add(Calendar.DAY_OF_YEAR, intervalsTillNextCrl); cal.set(Calendar.HOUR_OF_DAY, control.getIntervalDayTime().getHour()); cal.set(Calendar.MINUTE, control.getIntervalDayTime().getMinute()); cal.add(Calendar.MINUTE, control.getOverlapMinutes()); cal.set(Calendar.SECOND, 0); cal.set(Calendar.MILLISECOND, 0);
private boolean shouldPublishToDeltaCrlCache() { CrlControl control = caInfo.getCrlControl(); if (control == null) { return false; } if (control.getUpdateMode() == UpdateMode.ONDEMAND) { return false; } int deltaCrlInterval = control.getDeltaCrlIntervals(); return deltaCrlInterval != 0 && deltaCrlInterval < control.getFullCrlIntervals(); } // method shouldPublishToDeltaCrlCache
if (control.isIncludeExpiredCerts()) { notExpireAt = new Date(0); } else { if (deltaCrl) { revInfos = certstore.getCertsForDeltaCrl(caIdent, startId, numEntries, control.isOnlyContainsCaCerts(), control.isOnlyContainsUserCerts()); } else { revInfos = certstore.getRevokedCerts(caIdent, notExpireAt, startId, numEntries, control.isOnlyContainsCaCerts(), control.isOnlyContainsUserCerts()); if (crlControl.isExcludeReason() && reason != CrlReason.REMOVE_FROM_CRL) { reason = CrlReason.UNSPECIFIED; switch (crlControl.getInvalidityDateMode()) { case forbidden: invalidityTime = null; default: throw new IllegalStateException( "unknown TripleState " + crlControl.getInvalidityDateMode()); boolean onlyUserCerts = crlControl.isOnlyContainsUserCerts(); boolean onlyCaCerts = crlControl.isOnlyContainsCaCerts(); if (onlyUserCerts && onlyCaCerts) { throw new IllegalStateException( if (control.getDeltaCrlIntervals() > 0 && CollectionUtil.isNonEmpty(deltaCrlUris)) { CRLDistPoint cdp = CaUtil.createCrlDistributionPoints(deltaCrlUris, pci.getX500Subject(),
if (StringUtil.isNotBlank(crlcontrol)) { try { entry.setCrlControl(new CrlControl(crlcontrol)); } catch (InvalidConfException ex) { throw new CaMgmtException("invalid CRL_CONTROL: " + crlcontrol, ex);
entry.setCrlControl(new CrlControl(crlControl));
if (control.getIntervalMinutes() != null && control.getIntervalMinutes() > 0) { long intervalMin = control.getIntervalMinutes(); interval = (int) (minSinceCrlBaseTime / intervalMin); } else if (control.getIntervalDayTime() != null) { HourMinute hm = control.getIntervalDayTime(); Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC")); cal.setTime(thisUpdate); if (interval % control.getFullCrlIntervals() == 0) { deltaCrl = false; } else if (control.getDeltaCrlIntervals() > 0 && interval % control.getDeltaCrlIntervals() == 0) { deltaCrl = true; } else { if (i % control.getFullCrlIntervals() == 0) { nextFullCrlInterval = i; break; if (nextDeltaCrlInterval != 0 && control.getDeltaCrlIntervals() != 0 && i % control.getDeltaCrlIntervals() == 0) { nextDeltaCrlInterval = i; intervalOfNextUpdate = nextFullCrlInterval; } else { intervalOfNextUpdate = control.isExtendedNextUpdate() ? nextFullCrlInterval : Math.min(nextFullCrlInterval, nextDeltaCrlInterval);
rv.setCrlControl(new CrlControl(crlControl));
ps.setString(idx++, (crlControl == null ? null : crlControl.getConf()));
caEntry.setCrlControl(new CrlControl( new ConfPairs(ci.getCrlControl()).getEncoded()));
new HashMap<>(new ConfPairs(entry.getCrlControl().getConf()).asMap()));
crlControl = caEntry.getCrlControl().getConf();