random certificate serial numbers

This patch adds support for random certificate serial numbers. Bug 912554.
author: Andrew Wnuk <awnuk@redhat.com> 2013-04-19 22:52:18 -0400
committer: Andrew Wnuk <awnuk@redhat.com> 2013-04-19 22:54:49 -0400
commit: 3f2611881453a5ec995560cad4a073d8f073ea97 (patch)
tree: 0f27b11041b7c689cffb3cf0f261e444768d0037 /base/common/src/com/netscape/certsrv/dbs
parent: 01505048c904d154fe29f5f715f87dec8500e188 (diff)
download: pki-3f2611881453a5ec995560cad4a073d8f073ea97.tar.gz
pki-3f2611881453a5ec995560cad4a073d8f073ea97.tar.xz
pki-3f2611881453a5ec995560cad4a073d8f073ea97.zip
3 files changed, 58 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
index dfa5312e5..de4060e34 100644
--- a/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
+++ b/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
@@ -23,6 +23,7 @@ import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
+import com.netscape.certsrv.base.IConfigStore;
 
 /**
  * An interface represents certificate server
@@ -204,6 +205,32 @@ public interface IDBSubsystem extends ISubsystem {
     public void setEnableSerialMgmt(boolean value) throws EBaseException;
 
     /**
+     * Gets internal DB configuration store
+     *
+     * @return internal DB configuration store
+     */
+    public IConfigStore getConfigStore();
+
+    /**
+     * Gets DB subsystem configuration store
+     *
+     * @return DB subsystem configuration store
+     */
+    public IConfigStore getDBConfigStore();
+
+    /**
+     * Gets attribute value for specified entry
+     *
+     * @param dn            entry's distinguished name 
+     * @param attrName      attribute's name 
+     * @param defaultValue  attribute's default value 
+     * @param errorValue    attribute's error value 
+     * @return attribute value
+     */
+    public String getEntryAttribute(String dn, String attrName,
+                                    String defaultValue, String errorValue);
+
+    /**
      * Returns LDAP connection to connection pool.
      *
      * @param conn connection to be returned
diff --git a/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
index d54cfb353..40d22d614 100644
--- a/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
+++ b/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
@@ -42,6 +42,16 @@ import com.netscape.cmscore.dbs.CertificateRepository.RenewableCertificateCollec
 public interface ICertificateRepository extends IRepository {
 
     /**
+     * Retrieves the next certificate serial number, and also increases
+     * the serial number by one.
+     *
+     * @return serial number
+     * @exception EBaseException failed to retrieve next serial number
+     */
+    public BigInteger getNextSerialNumber()
+            throws EBaseException;
+
+    /**
      * Adds a certificate record to the repository. Each certificate
      * record contains four parts: certificate, meta-attributes,
      * issue information and reovcation information.
@@ -512,5 +522,23 @@ public interface ICertificateRepository extends IRepository {
      */
     public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException;
 
+    /**
+     * Retrieves serial number management mode.
+     *
+     * @return serial number management mode,
+     * "true" indicates random serial number management,
+     * "false" indicates sequential serial number management.
+     */
+    public boolean getEnableRandomSerialNumbers();
+
+    /**
+     * Sets serial number management mode for certificates..
+     *
+     * @param random "true" sets random serial number management, "false" sequential
+     * @param updateMode "true" updates "description" attribute in certificate repository
+     * @param forceModeChange "true" forces certificate repository mode change
+     */
+    public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange);
+
     public void shutdown();
 }
diff --git a/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java b/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
index 12dc71c46..dd5f557ec 100644
--- a/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
+++ b/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
@@ -32,6 +32,7 @@ public interface IRepositoryRecord extends IDBObj {
 
     public final static String ATTR_SERIALNO = "serialNo";
     public final static String ATTR_PUB_STATUS = "publishingStatus";
+    public final static String ATTR_DESCRIPTION = "description";
 
     /**
      * Retrieves serial number.
@@ -41,4 +42,6 @@ public interface IRepositoryRecord extends IDBObj {
     public BigInteger getSerialNumber();
 
     public String getPublishingStatus();
+
+    public String getDescription();
 }
author	Andrew Wnuk <awnuk@redhat.com>	2013-04-19 22:52:18 -0400
committer	Andrew Wnuk <awnuk@redhat.com>	2013-04-19 22:54:49 -0400
commit	3f2611881453a5ec995560cad4a073d8f073ea97 (patch)
tree	0f27b11041b7c689cffb3cf0f261e444768d0037 /base/common/src/com/netscape/certsrv/dbs
parent	01505048c904d154fe29f5f715f87dec8500e188 (diff)
download	pki-3f2611881453a5ec995560cad4a073d8f073ea97.tar.gz pki-3f2611881453a5ec995560cad4a073d8f073ea97.tar.xz pki-3f2611881453a5ec995560cad4a073d8f073ea97.zip