Rename enableOCSP to enableRevocationCheck

Since verification with CRL-DP is introduced and it is enabled using this parameter the name is modified to be not related only to OCSP. The parameter enableOCSP is still present for compatibility and it is an alias of the new parameter.
dogtagpki · Apr 15, 2024 · cc9bf8a · cc9bf8a
1 parent 1b7a495
commit cc9bf8a
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 22 deletions.
diff --git a/core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java b/core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
@@ -75,7 +75,7 @@ public class TomcatJSS implements SSLSocketListener {
     boolean requireClientAuth;
     boolean wantClientAuth;
 
-    boolean enableOCSP;
+    boolean enableRevocationCheck;
     String ocspResponderURL;
     String ocspResponderCertNickname;
     int ocspCacheSize = 1000; // entries
@@ -170,12 +170,12 @@ public boolean getWantClientAuth() {
         return wantClientAuth;
     }
 
-    public boolean getEnableOCSP() {
-        return enableOCSP;
+    public boolean getEnableRevocationCheck() {
+        return enableRevocationCheck;
     }
 
-    public void setEnableOCSP(boolean enableOCSP) {
-        this.enableOCSP = enableOCSP;
+    public void setEnableRevocationCheck(boolean enableRevocationCheck) {
+        this.enableRevocationCheck = enableRevocationCheck;
     }
 
     public String getOcspResponderURL() {
@@ -255,7 +255,7 @@ public void loadJSSConfig(Properties config) throws Exception {
 
         String enableOCSP = config.getProperty("enableOCSP");
         if (enableOCSP != null)
-            setEnableOCSP(Boolean.parseBoolean(enableOCSP));
+            setEnableRevocationCheck((Boolean.parseBoolean(enableOCSP)));
 
         String ocspResponderURL = config.getProperty("ocspResponderURL");
         if (ocspResponderURL != null)
@@ -306,31 +306,35 @@ public void loadTomcatConfig(Document document) throws Exception {
                 document, XPathConstants.NODE);
 
         String certDb = connector.getAttribute("certdbDir");
-        if (certDb != null)
+        if (StringUtils.isNotEmpty(certDb))
             setCertdbDir(certDb);
 
         String passwordClass = connector.getAttribute("passwordClass");
-        if (passwordClass != null)
+        if (StringUtils.isNotEmpty(passwordClass))
             setPasswordClass(passwordClass);
 
         String passwordFile = connector.getAttribute("passwordFile");
-        if (passwordFile != null)
+        if (StringUtils.isNotEmpty(passwordFile))
             setPasswordFile(passwordFile);
 
         String serverCertNickFile = connector.getAttribute("serverCertNickFile");
-        if (serverCertNickFile != null)
+        if (StringUtils.isNotEmpty(serverCertNickFile))
             setServerCertNickFile(serverCertNickFile);
 
         String enableOCSP = connector.getAttribute("enableOCSP");
-        if (enableOCSP != null)
-            setEnableOCSP(Boolean.parseBoolean(enableOCSP));
+        if (StringUtils.isNotEmpty(enableOCSP))
+            setEnableRevocationCheck(Boolean.parseBoolean(enableOCSP));
+
+        String enableRevocationCheck = connector.getAttribute("enableRevocationCheck");
+        if (StringUtils.isNotEmpty(enableRevocationCheck))
+            setEnableRevocationCheck(Boolean.parseBoolean(enableRevocationCheck));
 
         String ocspResponderURL = connector.getAttribute("ocspResponderURL");
-        if (ocspResponderURL != null)
+        if (StringUtils.isNotEmpty(ocspResponderURL))
             setOcspResponderURL(ocspResponderURL);
 
         String ocspResponderCertNickname = connector.getAttribute("ocspResponderCertNickname");
-        if (ocspResponderCertNickname != null)
+        if (StringUtils.isNotEmpty(ocspResponderCertNickname))
             setOcspResponderCertNickname(ocspResponderCertNickname);
 
         String ocspCacheSize = connector.getAttribute("ocspCacheSize");
@@ -440,7 +444,7 @@ public void init() throws Exception {
         logger.debug("wantClientAuth: " + wantClientAuth);
 
         if (requireClientAuth || wantClientAuth) {
-            configureOCSP();
+            configureRevocationCheck();
         }
 
         // 12 hours = 43200 seconds
@@ -522,12 +526,12 @@ public CryptoToken getToken(String tag) throws Exception {
         return null;
     }
 
-    public void configureOCSP() throws Exception {
+    public void configureRevocationCheck() throws Exception {
 
-        logger.info("configuring OCSP");
+        logger.info("configuring Revocation Check");
 
-        logger.debug("enableOCSP: " + enableOCSP);
-        if (!enableOCSP) {
+        logger.debug("enableRevocationCheck: " + enableRevocationCheck);
+        if (!enableRevocationCheck) {
             return;
         }
 

diff --git a/core/src/main/java/org/dogtagpki/tomcat/Http11NioProtocol.java b/core/src/main/java/org/dogtagpki/tomcat/Http11NioProtocol.java
@@ -74,12 +74,20 @@ public void setServerCertNickFile(String serverCertNickFile) {
         tomcatjss.setServerCertNickFile(serverCertNickFile);
     }
 
-    public boolean getEnabledOCSP() {
-        return tomcatjss.getEnableOCSP();
+    public boolean getEnableOCSP() {
+        return tomcatjss.getEnableRevocationCheck();
     }
 
     public void setEnableOCSP(boolean enableOCSP) {
-        tomcatjss.setEnableOCSP(enableOCSP);
+        tomcatjss.setEnableRevocationCheck(enableOCSP);
+    }
+
+    public boolean getEnableRevocationCheck() {
+        return tomcatjss.getEnableRevocationCheck();
+    }
+
+    public void setEnableRevocationCheck(boolean enableRevocationCheck) {
+        tomcatjss.setEnableRevocationCheck(enableRevocationCheck);
     }
 
     public String getOcspResponderURL() {