[Pki-devel] cloning improvement

Thu Apr 25 18:35:02 UTC 2013

This patch improves cloning in regards to configuration of random 
certificate serial numbers.

Bug: 922121.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130425/8bcce4db/attachment.htm>
-------------- next part --------------
Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
===================================================================

--- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java	(revision 2580)
+++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java	(working copy)
@@ -359,7 +359,7 @@
         } else {
             c = s;
         }
-        CMS.debug("CertificateRepository: getInRangeCounter:  c=" + c + ((t != null)?("  t="+t):"null"));
+        CMS.debug("CertificateRepository: getInRangeCounter:  c="+c+"  t="+((t != null)?t:"null"));
 
         BigInteger counter = new BigInteger(c);
         BigInteger count = BigInteger.ZERO;
@@ -407,17 +407,22 @@
         mMaxCollisionRecoveryRegenerations = mDBConfig.getInteger(PROP_COLLISION_RECOVERY_REGENERATIONS, 3);
         boolean modeChange = (mEnableRandomSerialNumbers && crMode != null && crMode.equals(PROP_SEQUENTIAL_MODE)) ||
                              ((!mEnableRandomSerialNumbers) && crMode != null && crMode.equals(PROP_RANDOM_MODE));
+        boolean enableRsnAtConfig = mEnableRandomSerialNumbers && CMS.isPreOpMode() &&
+                                    (crMode == null || crMode.length() == 0);
         CMS.debug("CertificateRepository: getLastSerialNumberInRange"+
                   "  mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers+
                   "  mMinRandomBitLength="+mMinRandomBitLength+
                   "  CollisionRecovery="+mMaxCollisionRecoveryRegenerations+","+mMaxCollisionRecoverySteps);
         CMS.debug("CertificateRepository: getLastSerialNumberInRange  modeChange="+modeChange+
-                  "  mForceModeChange="+mForceModeChange+((crMode != null)?("  mode="+crMode):""));
-        if (modeChange) {
-            if (mForceModeChange) {
+                  "  enableRsnAtConfig="+enableRsnAtConfig+"  mForceModeChange="+mForceModeChange+
+                  ((crMode != null)?"  mode="+crMode:""));
+        if (modeChange || enableRsnAtConfig) {
+            if (mForceModeChange || enableRsnAtConfig) {
                 setCertificateRepositoryMode((mEnableRandomSerialNumbers)? PROP_RANDOM_MODE: PROP_SEQUENTIAL_MODE);
-                mForceModeChange = false;
-                mDBConfig.remove(PROP_FORCE_MODE_CHANGE);
+                if (mForceModeChange) {
+                    mForceModeChange = false;
+                    mDBConfig.remove(PROP_FORCE_MODE_CHANGE);
+                }
             } else {
                 mEnableRandomSerialNumbers = !mEnableRandomSerialNumbers;
                 mDBConfig.putBoolean(PROP_ENABLE_RANDOM_SERIAL_NUMBERS, mEnableRandomSerialNumbers);
