[Pki-devel] [Patch] CA clone restart during configuration change
Andrew Wnuk
awnuk at redhat.com
Thu Apr 4 18:27:20 UTC 2013
This patch provides ability to restart CA clone during configuration
change to random serial numbers.
Bug: 922264.
-------------- next part --------------
Index: pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
===================================================================
--- pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java (revision 2550)
+++ pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java (working copy)
@@ -1563,7 +1563,7 @@
mCA.getDBSubsystem().setEnableSerialMgmt(Boolean.valueOf(value));
//mCA.getCertificateRepository().setEnableSerialMgmt(Boolean.valueOf(value));
} else if (key.equals(Constants.PR_RANDOM_SN)) {
- mCA.getCertificateRepository().setEnableRandomSerialNumbers(Boolean.valueOf(value), true);
+ mCA.getCertificateRepository().setEnableRandomSerialNumbers(Boolean.valueOf(value), true, false);
}
}
Index: pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java (revision 2550)
+++ pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java (working copy)
@@ -532,8 +532,9 @@
*
* @param random "true" sets random serial number management, "false" sequential
* @param updateMode "true" updates "description" attribute in certificate repository
+ * @param forceModeChange "true" forces certificate repository mode change
*/
- public void setEnableRandomSerialNumbers(boolean random, boolean updateMode);
+ public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange);
public void shutdown();
}
Index: pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/dbs/Repository.java (revision 2550)
+++ pki/base/common/src/com/netscape/cmscore/dbs/Repository.java (working copy)
@@ -418,10 +418,12 @@
// check if we have reached the end of the range
// if so, move to next range
BigInteger randomLimit = null;
+ BigInteger rangeLength = null;
if ((this instanceof ICertificateRepository) &&
mDB.getEnableSerialMgmt() && mEnableRandomSerialNumbers) {
- randomLimit = mMaxSerialNo.subtract(mMinSerialNo).add(BigInteger.ONE);
- randomLimit = randomLimit.subtract(mLowWaterMarkNo.shiftRight(1));
+ rangeLength = mMaxSerialNo.subtract(mMinSerialNo).add(BigInteger.ONE);
+ randomLimit = rangeLength.subtract(mLowWaterMarkNo.shiftRight(1));
+ CMS.debug("Repository: checkRange rangeLength="+rangeLength);
CMS.debug("Repository: checkRange randomLimit="+randomLimit);
}
CMS.debug("Repository: checkRange mLastSerialNo="+mLastSerialNo);
@@ -430,15 +432,20 @@
if (mDB.getEnableSerialMgmt()) {
CMS.debug("Reached the end of the range. Attempting to move to next range");
+ if ((mNextMinSerialNo == null) || (mNextMaxSerialNo == null)) {
+ if (rangeLength != null && mCounter.compareTo(rangeLength) < 0) {
+ return;
+ } else {
+ throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED",
+ mLastSerialNo.toString()));
+ }
+ }
mMinSerialNo = mNextMinSerialNo;
mMaxSerialNo = mNextMaxSerialNo;
mLastSerialNo = mMinSerialNo;
mNextMinSerialNo = null;
mNextMaxSerialNo = null;
- if ((mMaxSerialNo == null) || (mMinSerialNo == null)) {
- throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED",
- mLastSerialNo.toString()));
- }
+ mCounter = BigInteger.ZERO;
// persist the changes
mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString(mRadix));
Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (revision 2550)
+++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (working copy)
@@ -106,8 +106,9 @@
return mEnableRandomSerialNumbers;
}
- public void setEnableRandomSerialNumbers(boolean random, boolean updateMode) {
- if (mEnableRandomSerialNumbers ^ random) {
+ public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange) {
+ CMS.debug("CertificateRepository: setEnableRandomSerialNumbers random="+random+" updateMode="+updateMode);
+ if (mEnableRandomSerialNumbers ^ random || forceModeChange) {
mEnableRandomSerialNumbers = random;
CMS.debug("CertificateRepository: setEnableRandomSerialNumbers switching to " +
((random)?PROP_RANDOM_MODE:PROP_SEQUENTIAL_MODE) + " mode");
@@ -294,12 +295,14 @@
boolean modeChange = (mEnableRandomSerialNumbers && crMode != null && crMode.equals(PROP_SEQUENTIAL_MODE)) ||
((!mEnableRandomSerialNumbers) && crMode != null && crMode.equals(PROP_RANDOM_MODE));
+ CMS.debug("CertificateRepository: updateCounter mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers);
+ CMS.debug("CertificateRepository: updateCounter CertificateRepositoryMode ="+crMode);
CMS.debug("CertificateRepository: updateCounter modeChange="+modeChange);
if (modeChange) {
if (mForceModeChange) {
- setEnableRandomSerialNumbers(mEnableRandomSerialNumbers, true);
+ setEnableRandomSerialNumbers(mEnableRandomSerialNumbers, true, mForceModeChange);
} else {
- setEnableRandomSerialNumbers(!mEnableRandomSerialNumbers, false);
+ setEnableRandomSerialNumbers(!mEnableRandomSerialNumbers, false, mForceModeChange);
}
} else if (mEnableRandomSerialNumbers && mCounter != null &&
mCounter.compareTo(BigInteger.ZERO) >= 0) {
@@ -476,6 +479,10 @@
((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) ))
{
CMS.debug("getLastSerialNumberInRange returning: " + serial);
+ if (modeChange && mEnableRandomSerialNumbers) {
+ mCounter = serial.subtract(serial_low_bound).add(BigInteger.ONE);
+ CMS.debug("getLastSerialNumberInRange mCounter: " + mCounter);
+ }
return serial;
}
} else {
@@ -489,6 +496,10 @@
ret = ret.subtract(BigInteger.ONE);
CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret);
+ if (modeChange && mEnableRandomSerialNumbers) {
+ mCounter = BigInteger.ZERO;
+ CMS.debug("getLastSerialNumberInRange mCounter: " + mCounter);
+ }
return ret;
}
More information about the Pki-devel
mailing list