diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-01-05 16:58:25 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-01-05 16:58:25 +0000 |
commit | 12037cf9cf935bda5259e531b11a876ff2b41098 (patch) | |
tree | 2dd9029e94369398638d8467ddd895acae80cfb3 /pki/base/ca | |
parent | dca02910f6de3f9631589ee3c12c229fa58629c8 (diff) | |
download | pki-12037cf9cf935bda5259e531b11a876ff2b41098.tar.gz pki-12037cf9cf935bda5259e531b11a876ff2b41098.tar.xz pki-12037cf9cf935bda5259e531b11a876ff2b41098.zip |
BZ472006 Serial number management
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@168 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ca')
-rw-r--r-- | pki/base/ca/shared/conf/CS.cfg | 20 | ||||
-rw-r--r-- | pki/base/ca/shared/conf/db.ldif | 29 | ||||
-rw-r--r-- | pki/base/ca/shared/conf/schema.ldif | 21 | ||||
-rw-r--r-- | pki/base/ca/src/com/netscape/ca/CertificateAuthority.java | 39 |
4 files changed, 99 insertions, 10 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg index 7d8fd4140..f97af9022 100644 --- a/pki/base/ca/shared/conf/CS.cfg +++ b/pki/base/ca/shared/conf/CS.cfg @@ -638,12 +638,28 @@ cms.version= cmsgateway.enableAdminEnroll=false https.port=8443 http.port=8080 +dbs.enableSerialManagement=false dbs.beginRequestNumber=1 dbs.endRequestNumber=10000000 -dbs.requestNumber.increment=10000000 +dbs.requestIncrement=10000000 +dbs.requestLowWaterMark=2000000 +dbs.requestCloneTransferNumber=10000 +dbs.requestDN=ou=ca, ou=requests +dbs.requestRangeDN=ou=requests, ou=ranges dbs.beginSerialNumber=1 dbs.endSerialNumber=10000000 -dbs.serialNumber.increment=10000000 +dbs.serialIncrement=10000000 +dbs.serialLowWaterMark=2000000 +dbs.serialCloneTransferNumber=10000 +dbs.serialDN=ou=certificateRepository, ou=ca +dbs.serialRangeDN=ou=certificateRepository, ou=ranges +dbs.beginReplicaNumber=1 +dbs.endReplicaNumber=100 +dbs.replicaIncrement=100 +dbs.replicaLowWaterMark=20 +dbs.replicaCloneTransferNumber=5 +dbs.replicaDN=ou=replica +dbs.replicaRangeDN=ou=replica, ou=ranges dbs.ldap=internaldb dbs.newSchemaEntryAdded=true debug.append=true diff --git a/pki/base/ca/shared/conf/db.ldif b/pki/base/ca/shared/conf/db.ldif index 72f5b8e17..ee71cc32f 100644 --- a/pki/base/ca/shared/conf/db.ldif +++ b/pki/base/ca/shared/conf/db.ldif @@ -132,3 +132,32 @@ objectClass: top objectClass: repository ou: ca serialno: 010 + +dn: ou=replica,{rootSuffix} +objectClass: top +objectClass: repository +ou: replica +serialno: 010 +nextRange: 1000 + +dn: ou=ranges,{rootSuffix} +objectClass: top +objectClass: organizationalUnit +ou: ranges + +dn: ou=replica, ou=ranges,{rootSuffix} +objectClass: top +objectClass: organizationalUnit +ou: replica + +dn: ou=requests, ou=ranges,{rootSuffix} +objectClass: top +objectClass: organizationalUnit +ou: requests + +dn: ou=certificateRepository, ou=ranges,{rootSuffix} +objectClass: top +objectClass: organizationalUnit +ou: certificateRepository + + diff --git a/pki/base/ca/shared/conf/schema.ldif b/pki/base/ca/shared/conf/schema.ldif index 7331749ce..823543dcf 100644 --- a/pki/base/ca/shared/conf/schema.ldif +++ b/pki/base/ca/shared/conf/schema.ldif @@ -301,6 +301,21 @@ attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNT dn: cn=schema changetype: modify add: attributeTypes +attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) dn: cn=schema @@ -376,7 +391,7 @@ objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top S dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description ) X-ORIGIN 'user defined' ) +objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange ) X-ORIGIN 'user defined' ) dn: cn=schema changetype: modify @@ -428,4 +443,8 @@ changetype: modify add: objectClasses objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager ) X-ORIGIN 'user defined' ) +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java index 151b15ccf..4f459ee4a 100644 --- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -44,6 +44,7 @@ import com.netscape.certsrv.dbs.*; import com.netscape.certsrv.dbs.repository.*; import com.netscape.cmscore.dbs.*; import com.netscape.certsrv.dbs.certdb.*; +import com.netscape.certsrv.dbs.replicadb.*; import com.netscape.certsrv.dbs.crldb.*; import com.netscape.certsrv.dbs.crldb.ICRLRepository; import com.netscape.certsrv.apps.*; @@ -104,6 +105,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori protected CertificateRepository mCertRepot = null; protected CRLRepository mCRLRepot = null; + protected ReplicaIDRepository mReplicaRepot = null; protected CertificateChain mCACertChain = null; protected CertificateChain mOCSPCertChain = null; @@ -144,6 +146,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori protected static final String PROP_CERT_REPOS_DN = "CertificateRepositoryDN"; protected static final String PROP_REPOS_DN = "RepositoryDN"; + protected static final String PROP_REPLICAID_DN = "dbs.replicadn"; // for the notification listeners @@ -267,21 +270,23 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // init default CA attributes like cert version, validity. initDefCaAttrs(); + // init web gateway. + initWebGateway(); + + // init request queue and related modules. + CMS.debug("CertificateAuthority init: initRequestQueue"); + initRequestQueue(); + // set certificate status to 10 minutes mCertRepot.setCertStatusUpdateInterval( + mRequestQueue.getRequestRepository(), mConfig.getInteger("certStatusUpdateInterval", 10 * 60), mConfig.getBoolean("listenToCloneModifications", false)); mCertRepot.setConsistencyCheck( mConfig.getBoolean("ConsistencyCheck", false)); mCertRepot.setSkipIfInConsistent( mConfig.getBoolean("SkipIfInConsistent", false)); - - // init web gateway. - initWebGateway(); - - // init request queue and related modules. - CMS.debug("CertificateAuthority init: initRequestQueue"); - initRequestQueue(); + mService.init(config.getSubStore("connector")); initMiscellaneousListeners(); @@ -569,6 +574,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori public ICertificateRepository getCertificateRepository() { return mCertRepot; } + + /** + * Retrieves replica repository. + * <P> + * + * @return replica repository + */ + public IReplicaIDRepository getReplicaRepository() { + return mReplicaRepot; + } + /** * Retrieves CRL repository. @@ -1317,6 +1333,15 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori "ou=crlIssuingPoints, ou=" + getId() + ", " + getDBSubsystem().getBaseDN()); CMS.debug("CRL Repot inited"); + + String replicaReposDN = mConfig.getString(PROP_REPLICAID_DN, null); + if (replicaReposDN == null) { + replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN(); + } + mReplicaRepot = new ReplicaIDRepository( + DBSubsystem.getInstance(), 1, replicaReposDN); + CMS.debug("Replica Repot inited"); + } /** |