[Pki-devel] cloning improvement
Andrew Wnuk
awnuk at redhat.com
Thu Apr 25 18:35:02 UTC 2013
This patch improves cloning in regards to configuration of random
certificate serial numbers.
Bug: 922121.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130425/8bcce4db/attachment.htm>
-------------- next part --------------
Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (revision 2580)
+++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (working copy)
@@ -359,7 +359,7 @@
} else {
c = s;
}
- CMS.debug("CertificateRepository: getInRangeCounter: c=" + c + ((t != null)?(" t="+t):"null"));
+ CMS.debug("CertificateRepository: getInRangeCounter: c="+c+" t="+((t != null)?t:"null"));
BigInteger counter = new BigInteger(c);
BigInteger count = BigInteger.ZERO;
@@ -407,17 +407,22 @@
mMaxCollisionRecoveryRegenerations = mDBConfig.getInteger(PROP_COLLISION_RECOVERY_REGENERATIONS, 3);
boolean modeChange = (mEnableRandomSerialNumbers && crMode != null && crMode.equals(PROP_SEQUENTIAL_MODE)) ||
((!mEnableRandomSerialNumbers) && crMode != null && crMode.equals(PROP_RANDOM_MODE));
+ boolean enableRsnAtConfig = mEnableRandomSerialNumbers && CMS.isPreOpMode() &&
+ (crMode == null || crMode.length() == 0);
CMS.debug("CertificateRepository: getLastSerialNumberInRange"+
" mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers+
" mMinRandomBitLength="+mMinRandomBitLength+
" CollisionRecovery="+mMaxCollisionRecoveryRegenerations+","+mMaxCollisionRecoverySteps);
CMS.debug("CertificateRepository: getLastSerialNumberInRange modeChange="+modeChange+
- " mForceModeChange="+mForceModeChange+((crMode != null)?(" mode="+crMode):""));
- if (modeChange) {
- if (mForceModeChange) {
+ " enableRsnAtConfig="+enableRsnAtConfig+" mForceModeChange="+mForceModeChange+
+ ((crMode != null)?" mode="+crMode:""));
+ if (modeChange || enableRsnAtConfig) {
+ if (mForceModeChange || enableRsnAtConfig) {
setCertificateRepositoryMode((mEnableRandomSerialNumbers)? PROP_RANDOM_MODE: PROP_SEQUENTIAL_MODE);
- mForceModeChange = false;
- mDBConfig.remove(PROP_FORCE_MODE_CHANGE);
+ if (mForceModeChange) {
+ mForceModeChange = false;
+ mDBConfig.remove(PROP_FORCE_MODE_CHANGE);
+ }
} else {
mEnableRandomSerialNumbers = !mEnableRandomSerialNumbers;
mDBConfig.putBoolean(PROP_ENABLE_RANDOM_SERIAL_NUMBERS, mEnableRandomSerialNumbers);
More information about the Pki-devel
mailing list