BZ472006 Serial number management

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@168 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

4 files changed, 99 insertions, 10 deletions

diff --git a/pki/base/ca/shared/conf/CS.cfg b/pki/base/ca/shared/conf/CS.cfg
index 7d8fd4140..f97af9022 100644
--- a/pki/base/ca/shared/conf/CS.cfg
+++ b/pki/base/ca/shared/conf/CS.cfg
@@ -638,12 +638,28 @@ cms.version=
 cmsgateway.enableAdminEnroll=false
 https.port=8443
 http.port=8080
+dbs.enableSerialManagement=false
 dbs.beginRequestNumber=1
 dbs.endRequestNumber=10000000
-dbs.requestNumber.increment=10000000
+dbs.requestIncrement=10000000
+dbs.requestLowWaterMark=2000000
+dbs.requestCloneTransferNumber=10000
+dbs.requestDN=ou=ca, ou=requests
+dbs.requestRangeDN=ou=requests, ou=ranges
 dbs.beginSerialNumber=1
 dbs.endSerialNumber=10000000
-dbs.serialNumber.increment=10000000
+dbs.serialIncrement=10000000
+dbs.serialLowWaterMark=2000000
+dbs.serialCloneTransferNumber=10000
+dbs.serialDN=ou=certificateRepository, ou=ca
+dbs.serialRangeDN=ou=certificateRepository, ou=ranges
+dbs.beginReplicaNumber=1
+dbs.endReplicaNumber=100
+dbs.replicaIncrement=100
+dbs.replicaLowWaterMark=20
+dbs.replicaCloneTransferNumber=5
+dbs.replicaDN=ou=replica
+dbs.replicaRangeDN=ou=replica, ou=ranges
 dbs.ldap=internaldb
 dbs.newSchemaEntryAdded=true
 debug.append=true
diff --git a/pki/base/ca/shared/conf/db.ldif b/pki/base/ca/shared/conf/db.ldif
index 72f5b8e17..ee71cc32f 100644
--- a/pki/base/ca/shared/conf/db.ldif
+++ b/pki/base/ca/shared/conf/db.ldif
@@ -132,3 +132,32 @@ objectClass: top
 objectClass: repository
 ou: ca
 serialno: 010
+
+dn: ou=replica,{rootSuffix}
+objectClass: top
+objectClass: repository
+ou: replica
+serialno: 010
+nextRange: 1000
+
+dn: ou=ranges,{rootSuffix}
+objectClass: top
+objectClass: organizationalUnit
+ou: ranges
+
+dn: ou=replica, ou=ranges,{rootSuffix}
+objectClass: top
+objectClass: organizationalUnit
+ou: replica
+
+dn: ou=requests, ou=ranges,{rootSuffix}
+objectClass: top
+objectClass: organizationalUnit
+ou: requests
+
+dn: ou=certificateRepository, ou=ranges,{rootSuffix}
+objectClass: top
+objectClass: organizationalUnit
+ou: certificateRepository
+
+
diff --git a/pki/base/ca/shared/conf/schema.ldif b/pki/base/ca/shared/conf/schema.ldif
index 7331749ce..823543dcf 100644
--- a/pki/base/ca/shared/conf/schema.ldif
+++ b/pki/base/ca/shared/conf/schema.ldif
@@ -301,6 +301,21 @@ attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNT
 dn: cn=schema
 changetype: modify
 add: attributeTypes
+attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
 attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
 
 dn: cn=schema
@@ -376,7 +391,7 @@ objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top S
 dn: cn=schema
 changetype: modify
 add: objectClasses
-objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description ) X-ORIGIN 'user defined' )
+objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange ) X-ORIGIN 'user defined' )
 
 dn: cn=schema
 changetype: modify
@@ -428,4 +443,8 @@ changetype: modify
 add: objectClasses
 objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager ) X-ORIGIN 'user defined' ) 
 
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) 
 
diff --git a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 151b15ccf..4f459ee4a 100644
--- a/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -44,6 +44,7 @@ import com.netscape.certsrv.dbs.*;
 import com.netscape.certsrv.dbs.repository.*;
 import com.netscape.cmscore.dbs.*;
 import com.netscape.certsrv.dbs.certdb.*;
+import com.netscape.certsrv.dbs.replicadb.*;
 import com.netscape.certsrv.dbs.crldb.*;
 import com.netscape.certsrv.dbs.crldb.ICRLRepository;
 import com.netscape.certsrv.apps.*;
@@ -104,6 +105,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
 
     protected CertificateRepository mCertRepot = null;
     protected CRLRepository mCRLRepot = null;
+    protected ReplicaIDRepository mReplicaRepot = null;
 
     protected CertificateChain mCACertChain = null;
     protected CertificateChain mOCSPCertChain = null;
@@ -144,6 +146,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
 
     protected static final String PROP_CERT_REPOS_DN = "CertificateRepositoryDN";
     protected static final String PROP_REPOS_DN = "RepositoryDN";
+    protected static final String PROP_REPLICAID_DN = "dbs.replicadn";
 
     // for the notification listeners
 
@@ -267,21 +270,23 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         // init default CA attributes like cert version, validity.
         initDefCaAttrs();
 
+        // init web gateway.
+        initWebGateway();
+
+        // init request queue and related modules.
+        CMS.debug("CertificateAuthority init: initRequestQueue");
+        initRequestQueue();
+
         // set certificate status to 10 minutes
         mCertRepot.setCertStatusUpdateInterval(
+            mRequestQueue.getRequestRepository(),
             mConfig.getInteger("certStatusUpdateInterval", 10 * 60),
             mConfig.getBoolean("listenToCloneModifications", false));
         mCertRepot.setConsistencyCheck(
             mConfig.getBoolean("ConsistencyCheck", false));
         mCertRepot.setSkipIfInConsistent(
             mConfig.getBoolean("SkipIfInConsistent", false));
-
-        // init web gateway.
-        initWebGateway();
-
-        // init request queue and related modules.
-        CMS.debug("CertificateAuthority init: initRequestQueue");
-        initRequestQueue();
+ 
         mService.init(config.getSubStore("connector"));
 
         initMiscellaneousListeners();
@@ -569,6 +574,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
     public ICertificateRepository getCertificateRepository() {
         return mCertRepot;
     }
+ 
+    /**
+     * Retrieves replica repository.
+     * <P>
+     *
+     * @return replica repository
+     */
+    public IReplicaIDRepository getReplicaRepository() {
+        return mReplicaRepot;
+    }
+
 
     /**
      * Retrieves CRL repository.
@@ -1317,6 +1333,15 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
                     "ou=crlIssuingPoints, ou=" + getId() + ", " +
                     getDBSubsystem().getBaseDN());
         CMS.debug("CRL Repot inited");
+
+        String replicaReposDN = mConfig.getString(PROP_REPLICAID_DN, null);
+        if (replicaReposDN == null) {
+           replicaReposDN = "ou=Replica," + getDBSubsystem().getBaseDN();
+        }
+        mReplicaRepot = new ReplicaIDRepository(
+            DBSubsystem.getInstance(), 1, replicaReposDN);
+        CMS.debug("Replica Repot inited");
+
     }
 
     /**