Refactor CertificateAuthority.signOCSPResponse()

edewata · Feb 1, 2024 · dc66e80 · dc66e80
1 parent 4c0aa7c
commit dc66e80
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 16 deletions.
diff --git a/base/ca/src/main/java/com/netscape/ca/CertificateAuthority.java b/base/ca/src/main/java/com/netscape/ca/CertificateAuthority.java
@@ -28,7 +28,6 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.Signature;
-import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
 import java.security.interfaces.RSAKey;
@@ -39,7 +38,6 @@
 import java.util.List;
 
 import org.dogtagpki.server.ca.CAConfig;
-import org.dogtagpki.server.ca.CAEngine;
 import org.mozilla.jss.CryptoManager;
 import org.mozilla.jss.NotInitializedException;
 import org.mozilla.jss.asn1.ASN1Util;
@@ -905,13 +903,10 @@ public ResponseData buildOCSPResponse(
         return new ResponseData(rid, new GeneralizedTime(new Date()), certStatus, nonce);
     }
 
-    public BasicOCSPResponse signOCSPResponse(ResponseData rd) throws EBaseException {
+    public BasicOCSPResponse signOCSPResponse(ResponseData rd) throws Exception {
 
         long signStartTime = new Date().getTime();
 
-        CAEngine engine = CAEngine.getInstance();
-        ensureReady();
-
         String algname = mOCSPSigningUnit.getDefaultAlgorithm();
 
         try (DerOutputStream out = new DerOutputStream()) {
@@ -947,15 +942,6 @@ public BasicOCSPResponse signOCSPResponse(ResponseData rd) throws EBaseException
             logger.error(CMS.getLogMessage("OPERATION_ERROR", e.toString()), e);
             throw new ECAException(CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname), e);
 
-        } catch (SignatureException e) {
-            logger.error(CMS.getUserMessage("CMS_CA_SIGNING_OPERATION_FAILED", e.toString()), e);
-            engine.checkForAndAutoShutdown();
-            throw new EBaseException(e);
-
-        } catch (Exception e) {
-            logger.error(CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGN", e.toString()), e);
-            throw new EBaseException(e);
-
         } finally {
             long signEndTime = new Date().getTime();
             mSignTime += signEndTime - signStartTime;

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java
@@ -2759,6 +2759,30 @@ public OCSPResponse validate(
         return validate(ca, tbsRequest);
     }
 
+    public BasicOCSPResponse signOCSPResponse(
+            CertificateAuthority ca,
+            ResponseData rd)
+            throws EBaseException {
+
+        ca.ensureReady();
+
+        try {
+            return ca.signOCSPResponse(rd);
+
+        } catch (ECAException e) {
+            throw e;
+
+        } catch (SignatureException e) {
+            logger.error(CMS.getUserMessage("CMS_CA_SIGNING_OPERATION_FAILED", e.toString()), e);
+            checkForAndAutoShutdown();
+            throw new EBaseException(e);
+
+        } catch (Exception e) {
+            logger.error(CMS.getLogMessage("CMSCORE_CA_CA_OCSP_SIGN", e.toString()), e);
+            throw new EBaseException(e);
+        }
+    }
+
     public OCSPResponse validate(
             CertificateAuthority ca,
             TBSRequest tbsRequest)
@@ -2796,7 +2820,7 @@ public OCSPResponse validate(
                 statsSub.startTiming("signing");
             }
 
-            BasicOCSPResponse basicResponse = ca.signOCSPResponse(rd);
+            BasicOCSPResponse basicResponse = signOCSPResponse(ca, rd);
 
             if (statsSub != null) {
                 statsSub.endTiming("signing");