From: Ejbca S. <ejb...@pr...> - 2006-05-19 06:59:33
|
Javier Aparicio Conesa wrote: > Yes, when the value is 0 the method returns the CRLPeriod to mantain=20 > the previous definitions of the old CA's. >=20 > The "getCRLIssueInterval()" allways return a positive value between 1=20 > and CRLPeriod, maybe I should explian it at javadoc, sorry... Yup, javadoc is important. I can add that. > You say: "X509CA should also get a new version and it should be upgrade= d=20 > with the new entry in the upgrade() method. " > If there are no structural changes, why upgrade the version? But isn't there a structural change? -- data.put(CRLISSUEINTERVAL, new Integer(crlIssueInterval) This adds a completely new field to the data structure. For future=20 maintainability it's good that the field is added to the structure, even = if it's=20 the default value. Cheers, Tomas >=20 > Thanks, > Javier >=20 > Ejbca Support escribi=F3: >> >> Hi Javier, it looks mostly pretty good. A few comments. >> >> The default CRLISSUEPERIOD of 0 should mean that a new CRL should be=20 >> issued when the old one expires, just like today. >> >> Looking at the code: >> ----- >> CRLInfo crlinfo =3D store.getLastCRLInfo(admin,cainfo.getSubjectDN()); >> =20 >> long nextUpdate =3D crlinfo.getCreateDate().getTime() +=20 >> (cainfo.getCRLIssueInterval() * 60 * 60 * 1000); >> if ((currenttime.getTime() + crloverlaptime) >=3D nextUpdate) { >> this.run(admin, cainfo.getSubjectDN()); >> createdcrls++; >> } >> ---- >> >> It looks as if CRLIssueInterval is 0, nextUpdate will be the=20 >> createDate of the CRL, which means that currenttime will always be=20 >> greater than this time and the expire date is ignored. >> >> But...then I see that there is logic in CA.java to handle this.=20 >> CA.java is a data bean, and I think that we should keep this advanced=20 >> logic out of the data bean and keep the logic in the session bean. It=20 >> seems to me that with this code we can not read the true value of=20 >> CRLIssueInterval if it is 0 right? because it will return the=20 >> CRLPeriod instead is CRLIssueInterval is 0? >> >> X509CA should also get a new version and it should be upgraded with=20 >> the new entry in the upgrade() method. >> >> Cheers, >> Tomas >> >> >> Javier Aparicio Conesa wrote: >>> Hi Philip, >>> I send you the patched files for your review. >>> >>> Cheers, >>> Javier >>> --=20 >>> >>> Autoridad de Certificaci=F3n de la Comunidad Valenciana=20 >>> <http://www.accv.es> >>> >>> *Javier Aparicio* >>> >>> c/Col=F3n, 66 1=AA Planta - 46004 Valencia >>> >>> jap...@ac... <mailto:jap...@ac...>=20 >>> <mailto:jap...@ac...> >>> >>> Tel: 961961168 >>> >> >> >> >> ------------------------------------------------------- >> Using Tomcat but need to do more? Need to support web services, securi= ty? >> Get stuff done quickly with pre-integrated technology to make your job= =20 >> easier >> Download IBM WebSphere Application Server v.1.0.1 based on Apache=20 >> Geronimo >> http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=120709&bid&3057&dat=121642= =20 >> <http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=120709&bid&3057&dat=12164= 2> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li...=20 >> <mailto:Ejb...@li...> >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> >=20 > --=20 >=20 > Autoridad de Certificaci=F3n de la Comunidad Valenciana <http://www.acc= v.es> >=20 > *Javier Aparicio* >=20 > c/Col=F3n, 66 1=AA Planta - 46004 Valencia >=20 > jap...@ac... <mailto:jap...@ac...> >=20 > Tel: 961961168 >=20 |