diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-03-31 12:51:18 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-04-14 16:07:16 +1000 |
commit | 908c75dcefcb5030b2e3328835c506bf4c53704f (patch) | |
tree | 5e1ac38ba02d19f5e37103793e5cd9fb678bf434 /base/ca/src | |
parent | 6d72a9c7fc067df42a3259fc5ea87b65e94f76ad (diff) | |
download | pki-908c75dcefcb5030b2e3328835c506bf4c53704f.tar.gz pki-908c75dcefcb5030b2e3328835c506bf4c53704f.tar.xz pki-908c75dcefcb5030b2e3328835c506bf4c53704f.zip |
Lightweight CAs: use static db connection factory
Use a static database connection factory that is initialised by the
host authority and used by all CertificateAuthority instances.
Part of: https://fedorahosted.org/pki/ticket/1625
Diffstat (limited to 'base/ca/src')
-rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index b087f26b6..a44482a77 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -183,6 +183,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2"); + /* The static conn factory is initialised by the host authority's + * 'init' method, before any lightweight CAs are instantiated + */ + private static ILdapConnFactory dbFactory = null; + private static final Map<AuthorityID, ICertificateAuthority> caMap = Collections.synchronizedSortedMap(new TreeMap<AuthorityID, ICertificateAuthority>()); protected CertificateAuthority hostCA = null; @@ -426,6 +431,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori mOwner = owner; mConfig = config; + if (isHostAuthority()) { + dbFactory = CMS.getLdapBoundConnFactory("CertificateAuthority"); + dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); + } + // init cert & crl database initCertDatabase(); initCrlDatabase(); @@ -1972,8 +1982,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori * This method must only be called by the host CA. */ private void loadLightweightCAs() throws EBaseException { - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("loadLightweightCAs"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); String searchDN = "ou=authorities,ou=" + getId() @@ -2059,7 +2067,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori } } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } if (haveLightweightCAsContainer && !foundHostAuthority) { @@ -2543,8 +2550,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet); // connect to database - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("createSubCA"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); try { @@ -2612,7 +2617,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new EBaseException("Error adding authority entry to database: " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } return new CertificateAuthority( @@ -2660,8 +2664,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet); // connect to database - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("addHostAuthorityEntry"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); try { @@ -2670,7 +2672,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new ELdapException("Error adding host authority entry to database: " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } this.authorityID = aid; @@ -2729,8 +2730,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori + getId() + "," + getDBSubsystem().getBaseDN(); // connect to database - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); try { conn.modify(dn, mods); @@ -2738,7 +2737,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new EBaseException("Error adding authority entry to database: " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } // update was successful; update CA's state @@ -2769,8 +2767,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori shutdown(); // delete ldap entry - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); String dn = "cn=" + authorityID.toString() + ",ou=authorities,ou=" + getId() + "," + getDBSubsystem().getBaseDN(); @@ -2780,7 +2776,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new ELdapException("Error deleting authority entry '" + dn + "': " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } CryptoManager cryptoManager; |