diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-07-07 19:36:56 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-08 04:52:44 +0200 |
| commit | 2dc3c84777dcd8fe20611511ed5fc422c8b05541 (patch) | |
| tree | 9ea2ab1b14f752b7df665b2b83a6f469431edbcb | |
| parent | eb08fba8a15e044802e9fa32ba0d4ed6c8eb31bc (diff) | |
| download | pki-2dc3c84777dcd8fe20611511ed5fc422c8b05541.tar.gz pki-2dc3c84777dcd8fe20611511ed5fc422c8b05541.tar.xz pki-2dc3c84777dcd8fe20611511ed5fc422c8b05541.zip | |
Refactored ConfigurationUtils.updateCloneConfig().
The ConfigurationUtils.updateCloneConfig() invocation has been
modified such that it will only be executed once.
https://pagure.io/dogtagpki/issue/2280
Change-Id: I1d42acb8cf7c7ffedcd109fcd5252a03fb9622e7
5 files changed, 55 insertions, 29 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index b8f771238..cca753404 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -2946,15 +2946,20 @@ public class ConfigurationUtils { return 0; } - public static void updateCloneConfig() - throws EBaseException, IOException { + public static void updateCloneConfig() throws EBaseException, IOException { + IConfigStore config = CMS.getConfigStore(); String cstype = config.getString("cs.type", null); cstype = cstype.toLowerCase(); + if (cstype.equals("kra")) { + String token = config.getString("preop.module.token"); + if (!CryptoUtil.isInternalToken(token)) { + CMS.debug("ConfigurationUtils: updating configuration for KRA clone with hardware token"); + String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); @@ -2962,22 +2967,23 @@ public class ConfigurationUtils { config.putString(subsystem + ".storageUnit.hardware", token); config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname); config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname); + config.commit(false); + } else { // software token // parameters already set } } // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!CryptoUtil.isInternalToken(audit_tk)) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + String nickname = config.getString(cstype + ".audit_signing.nickname", ""); + String token = config.getString(cstype + ".audit_signing.tokenname", ""); + + if (!CryptoUtil.isInternalToken(token)) { + nickname = token + ":" + nickname; } + + config.putString("log.instance.SignedAudit.signedAuditCertNickname", nickname); } public static void loadCertRequest(IConfigStore config, String tag, Cert cert) throws Exception { diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 87cf963d9..a92d04ae9 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -399,6 +399,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } ConfigurationUtils.updateServerCertNickConf(); + + if (request.isClone()) { + ConfigurationUtils.updateCloneConfig(); + } } public void processCert( @@ -524,10 +528,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou ConfigurationUtils.generateCertRequest(cs, tag, cert); } - if (request.isClone()) { - ConfigurationUtils.updateCloneConfig(); - } - if (request.isExternal() && tag.equals("signing")) { // external/existing CA CMS.debug("SystemConfigService: External CA has signing cert"); hasSigningCert.setValue(true); diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java index 50c07af25..4950cf775 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/DBSubsystem.java @@ -405,7 +405,9 @@ public class DBSubsystem implements IDBSubsystem { String dn = h.get(PROP_BASEDN) + "," + mBaseDN; String rangeDN = h.get(PROP_RANGE_DN) + "," + mBaseDN; + CMS.debug("DBSubsystem: retrieving " + dn); LDAPEntry entry = conn.read(dn); + LDAPAttribute attr = entry.getAttribute(PROP_NEXT_RANGE); if (attr == null) { throw new Exception("Missing Attribute" + PROP_NEXT_RANGE + "in Entry " + dn); @@ -414,12 +416,17 @@ public class DBSubsystem implements IDBSubsystem { BigInteger nextRangeNo = new BigInteger(nextRange); BigInteger incrementNo = new BigInteger(h.get(PROP_INCREMENT)); + String newNextRange = nextRangeNo.add(incrementNo).toString(); + // To make sure attrNextRange always increments, first delete the current value and then // increment. Two operations in the same transaction - LDAPAttribute attrNextRange = new LDAPAttribute(PROP_NEXT_RANGE, nextRangeNo.add(incrementNo).toString()); + LDAPAttribute attrNextRange = new LDAPAttribute(PROP_NEXT_RANGE, newNextRange); LDAPModification[] mods = { new LDAPModification(LDAPModification.DELETE, attr), new LDAPModification(LDAPModification.ADD, attrNextRange) }; + + CMS.debug("DBSubsystem: updating " + PROP_NEXT_RANGE + " from " + nextRange + " to " + newNextRange); + conn.modify(dn, mods); // Add new range object @@ -434,13 +441,18 @@ public class DBSubsystem implements IDBSubsystem { attrs.add(new LDAPAttribute("securePort", CMS.getEESSLPort())); String dn2 = "cn=" + nextRange + "," + rangeDN; LDAPEntry rangeEntry = new LDAPEntry(dn2, attrs); + + CMS.debug("DBSubsystem: adding new range object: " + dn2); + conn.add(rangeEntry); + CMS.debug("DBSubsystem: getNextRange Next range has been added: " + nextRange + " - " + endRange); + } catch (Exception e) { - CMS.debug("DBSubsystem: getNextRange. Unable to provide next range :" + e); - e.printStackTrace(); + CMS.debug(e); nextRange = null; + } finally { try { if ((conn != null) && (mLdapConnFactory != null)) { @@ -451,6 +463,7 @@ public class DBSubsystem implements IDBSubsystem { CMS.debug("Error releasing the ldap connection" + e.toString()); } } + return nextRange; } diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRepository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRepository.java index 88028d798..49b530223 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRepository.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/KeyRepository.java @@ -194,7 +194,7 @@ public class KeyRepository extends Repository implements IKeyRepository { CMS.debug("request checkRanges done"); } catch (Exception e) { - CMS.debug("key checkRanges done: " + e.toString()); + CMS.debug(e); } } diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java index 371f8f641..afe901361 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java @@ -448,11 +448,11 @@ public abstract class Repository implements IRepository { */ public void checkRanges() throws EBaseException { if (!mDB.getEnableSerialMgmt()) { - CMS.debug("Serial Management not enabled. Returning .. "); + CMS.debug("Repository: Serial Management not enabled. Returning .. "); return; } if (CMS.getEESSLPort() == null) { - CMS.debug("Server not completely started. Returning .."); + CMS.debug("Repository: Server not completely started. Returning .."); return; } @@ -466,27 +466,34 @@ public abstract class Repository implements IRepository { } else { numsInRange = mMaxSerialNo.subtract(mLastSerialNo); } + + CMS.debug("Repository: Serial numbers left in range: " + numsInRange); + CMS.debug("Repository: Last serial number: " + mLastSerialNo); + BigInteger numsInNextRange = null; BigInteger numsAvail = null; - CMS.debug("Serial numbers left in range: " + numsInRange.toString()); - CMS.debug("Last Serial Number: " + mLastSerialNo.toString()); + if ((mNextMaxSerialNo != null) && (mNextMinSerialNo != null)) { numsInNextRange = mNextMaxSerialNo.subtract(mNextMinSerialNo).add(BigInteger.ONE); numsAvail = numsInRange.add(numsInNextRange); - CMS.debug("Serial Numbers in next range: " + numsInNextRange.toString()); - CMS.debug("Serial Numbers available: " + numsAvail.toString()); + CMS.debug("Repository: Serial numbers in next range: " + numsInNextRange.toString()); } else { numsAvail = numsInRange; - CMS.debug("Serial Numbers available: " + numsAvail.toString()); } + CMS.debug("Repository: Serial numbers available: " + numsAvail); + CMS.debug("Repository: Low water mark: " + mLowWaterMarkNo); + if ((numsAvail.compareTo(mLowWaterMarkNo) < 0) && (!CMS.isPreOpMode())) { - CMS.debug("Low water mark reached. Requesting next range"); - mNextMinSerialNo = new BigInteger(mDB.getNextRange(mRepo), mRadix); + CMS.debug("Repository: Requesting next range"); + String nextRange = mDB.getNextRange(mRepo); + CMS.debug("Repository: next range: " + nextRange); + + mNextMinSerialNo = new BigInteger(nextRange, mRadix); if (mNextMinSerialNo == null) { - CMS.debug("Next Range not available"); + CMS.debug("Repository: Next range not available"); } else { - CMS.debug("nNextMinSerialNo has been set to " + mNextMinSerialNo.toString(mRadix)); + CMS.debug("Repository: Next min serial number: " + mNextMinSerialNo.toString(mRadix)); mNextMaxSerialNo = mNextMinSerialNo.add(mIncrementNo).subtract(BigInteger.ONE); numsAvail = numsAvail.add(mIncrementNo); mDB.setNextMinSerialConfig(mRepo, mNextMinSerialNo.toString(mRadix)); |