Add CertificateAuthority.crlIssuingPoint

edewata · Feb 1, 2024 · d5863ab · d5863ab
1 parent 4bd6e53
commit d5863ab
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 11 deletions.
diff --git a/base/ca/src/main/java/com/netscape/ca/CertificateAuthority.java b/base/ca/src/main/java/com/netscape/ca/CertificateAuthority.java
@@ -181,6 +181,7 @@ public class CertificateAuthority extends Subsystem implements IAuthority, IOCSP
     protected boolean ocspResponderByName;
 
     protected CertificateRepository certRepository;
+    protected CRLIssuingPoint crlIssuingPoint;
 
     protected CASigningUnit mSigningUnit;
     protected CASigningUnit mOCSPSigningUnit;
@@ -381,6 +382,14 @@ public void setCertRepository(CertificateRepository certRepository) {
         this.certRepository = certRepository;
     }
 
+    public CRLIssuingPoint getCRLIssuingPoint() {
+        return crlIssuingPoint;
+    }
+
+    public void setCRLIssuingPoint(CRLIssuingPoint crlIssuingPoint) {
+        this.crlIssuingPoint = crlIssuingPoint;
+    }
+
     /**
      * Retrieves the default signature algorithm of this certificate authority.
      *
@@ -1044,17 +1053,7 @@ public SingleResponse getCertStatusFromDB(Request request) {
 
     public SingleResponse getCertStatusFromCRL(Request request) throws EBaseException {
 
-        boolean ocspUseCache = mConfig.getOCSPUseCache();
-
-        if (!ocspUseCache) {
-            return null;
-        }
-
-        CAEngine engine = CAEngine.getInstance();
-        String issuingPointId = mConfig.getOCSPUseCacheIssuingPointId();
-        CRLIssuingPoint crlIssuingPoint = engine.getCRLIssuingPoint(issuingPointId);
-
-        if (!crlIssuingPoint.isCRLCacheEnabled()) {
+        if (crlIssuingPoint == null || !crlIssuingPoint.isCRLCacheEnabled()) {
             return null;
         }
 

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java
@@ -792,6 +792,17 @@ public void initCRLIssuingPoints() throws Exception {
 
             crlIssuingPoints.put(id, issuingPoint);
         }
+
+        boolean ocspUseCache = caConfig.getOCSPUseCache();
+        if (ocspUseCache) {
+
+            String issuingPointID = caConfig.getOCSPUseCacheIssuingPointId();
+            CRLIssuingPoint crlIssuingPoint = crlIssuingPoints.get(issuingPointID);
+
+            for (CertificateAuthority ca : getCAs()) {
+                ca.setCRLIssuingPoint(crlIssuingPoint);
+            }
+        }
     }
 
     /**