[Pki-devel] certificate counter improvement
Andrew Wnuk
awnuk at redhat.com
Wed Apr 10 22:37:59 UTC 2013
This patch includes system certificates with random serial numbers in
the certificate counter.
Bug: 922121.
-------------- next part --------------
Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (revision 2551)
+++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (working copy)
@@ -370,16 +370,25 @@
} else {
c = s;
}
- CMS.debug("CertificateRepository: getInRangeCounter: c=" + c + ((t != null)?(" t="+t):""));
+ CMS.debug("CertificateRepository: getInRangeCounter: c=" + c + ((t != null)?(" t="+t):"null"));
BigInteger counter = new BigInteger(c);
BigInteger count = BigInteger.ZERO;
- if (t != null) {
+ if (CMS.isPreOpMode()) {
+ CMS.debug("CertificateRepository: getInRangeCounter: CMS.isPreOpMode");
+ counter = new BigInteger("-2");
+ mDBConfig.putString(PROP_RANDOM_SERIAL_NUMBER_COUNTER, "-2");
+ try {
+ CMS.getConfigStore().commit(false);
+ } catch (Exception e) {
+ CMS.debug("CertificateRepository: updateCounter Exception committing ConfigStore="+e.getMessage());
+ }
+ } else if (t != null) {
count = getInRangeCount(t, minSerialNo, maxSerialNo);
if (count.compareTo(BigInteger.ZERO) > 0) {
counter = counter.add(count);
}
- } else if (s.equals("-2") || (c.equals("-1") && CMS.isPreOpMode())) {
+ } else if (s.equals("-2")) {
count = getInRangeCount(t, minSerialNo, maxSerialNo);
if (count.compareTo(BigInteger.ZERO) >= 0) {
counter = count;
More information about the Pki-devel
mailing list