From: Ejbca S. <ejb...@pr...> - 2006-05-19 07:58:07
|
I though it was a bit confusing that the entered value was not displayed = in the=20 CA configuration page. When I entered 0 as issue interval, it displayed 2= 4,=20 which was the CRL period. So I changed the implementation a bit, so that = in=20 CA.java it always returns the configured value (CA is only a data bearing= class,=20 no bussiness logic). I then changed CreateCRLSessionBean to implement all= logic=20 about when a CRL is issued, this way all the logic is put in one place, w= hich is=20 easier to find in the long term. I added and updated javadoc to explain the new logic. I like the patch, and it will be committed as soon as my tests are finish= ed. Thanks for the patch Javier! Cheers, Tomas Ejbca Support wrote: > Javier Aparicio Conesa wrote: >> Yes, when the value is 0 the method returns the CRLPeriod to mantain= =20 >> the previous definitions of the old CA's. >> >> The "getCRLIssueInterval()" allways return a positive value between 1=20 >> and CRLPeriod, maybe I should explian it at javadoc, sorry... >=20 > Yup, javadoc is important. I can add that. >=20 >> You say: "X509CA should also get a new version and it should be=20 >> upgraded with the new entry in the upgrade() method. " >> If there are no structural changes, why upgrade the version? >=20 > But isn't there a structural change? > -- data.put(CRLISSUEINTERVAL, new Integer(crlIssueInterval) > This adds a completely new field to the data structure. For future=20 > maintainability it's good that the field is added to the structure, eve= n=20 > if it's the default value. >=20 > Cheers, > Tomas >=20 >=20 >> >> Thanks, >> Javier >> >> Ejbca Support escribi=F3: >>> >>> Hi Javier, it looks mostly pretty good. A few comments. >>> >>> The default CRLISSUEPERIOD of 0 should mean that a new CRL should be=20 >>> issued when the old one expires, just like today. >>> >>> Looking at the code: >>> ----- >>> CRLInfo crlinfo =3D store.getLastCRLInfo(admin,cainfo.getSubjectDN())= ; >>> long nextUpdate =3D crlinfo.getCreateDate().getTime() = +=20 >>> (cainfo.getCRLIssueInterval() * 60 * 60 * 1000); >>> if ((currenttime.getTime() + crloverlaptime) >=3D nextUpdate) { >>> this.run(admin, cainfo.getSubjectDN()); >>> createdcrls++; >>> } >>> ---- >>> >>> It looks as if CRLIssueInterval is 0, nextUpdate will be the=20 >>> createDate of the CRL, which means that currenttime will always be=20 >>> greater than this time and the expire date is ignored. >>> >>> But...then I see that there is logic in CA.java to handle this.=20 >>> CA.java is a data bean, and I think that we should keep this advanced= =20 >>> logic out of the data bean and keep the logic in the session bean. It= =20 >>> seems to me that with this code we can not read the true value of=20 >>> CRLIssueInterval if it is 0 right? because it will return the=20 >>> CRLPeriod instead is CRLIssueInterval is 0? >>> >>> X509CA should also get a new version and it should be upgraded with=20 >>> the new entry in the upgrade() method. >>> >>> Cheers, >>> Tomas >>> >>> >>> Javier Aparicio Conesa wrote: >>>> Hi Philip, >>>> I send you the patched files for your review. >>>> >>>> Cheers, >>>> Javier >>>> --=20 >>>> >>>> Autoridad de Certificaci=F3n de la Comunidad Valenciana=20 >>>> <http://www.accv.es> >>>> >>>> *Javier Aparicio* >>>> >>>> c/Col=F3n, 66 1=AA Planta - 46004 Valencia >>>> >>>> jap...@ac... <mailto:jap...@ac...>=20 >>>> <mailto:jap...@ac...> >>>> >>>> Tel: 961961168 >>>> >>> >>> >>> >>> ------------------------------------------------------- >>> Using Tomcat but need to do more? Need to support web services,=20 >>> security? >>> Get stuff done quickly with pre-integrated technology to make your=20 >>> job easier >>> Download IBM WebSphere Application Server v.1.0.1 based on Apache=20 >>> Geronimo >>> http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=120709&bid&3057&dat=12164= 2=20 >>> <http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=120709&bid&3057&dat=1216= 42> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li...=20 >>> <mailto:Ejb...@li...> >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >>> >> >> --=20 >> >> Autoridad de Certificaci=F3n de la Comunidad Valenciana=20 >> <http://www.accv.es> >> >> *Javier Aparicio* >> >> c/Col=F3n, 66 1=AA Planta - 46004 Valencia >> >> jap...@ac... <mailto:jap...@ac...> >> >> Tel: 961961168 >> >=20 >=20 >=20 > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, securit= y? > Get stuff done quickly with pre-integrated technology to make your job=20 > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geron= imo > http://sel.as-us.falkag.net/sel?cmd____________________________________= ___________=20 >=20 > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |