BZ472006 Serial number management

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@168 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

7 files changed, 213 insertions, 13 deletions

diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
index 311a7891b..a828a69bf 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
@@ -34,6 +34,7 @@ import com.netscape.certsrv.security.*;
 import com.netscape.certsrv.publish.*;
 import com.netscape.certsrv.dbs.certdb.*;
 import com.netscape.certsrv.dbs.crldb.*;
+import com.netscape.certsrv.dbs.replicadb.*;
 
 
 /**
@@ -243,6 +244,13 @@ public interface ICertificateAuthority extends ISubsystem {
     public ICRLRepository getCRLRepository();
 
     /**
+     * Retrieves the Replica ID repository.
+     *
+     * @return CA's Replica ID repository
+     */
+    public IReplicaIDRepository getReplicaRepository();
+
+    /**
      * Retrieves the request in queue listener.
      *
      * @return the request in queue listener
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
index e3914427f..933fd607c 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
@@ -37,6 +37,13 @@ public interface IDBSubsystem extends ISubsystem {
 
     public static final String SUB_ID = "dbs";
 
+
+    // values for repos
+    public static final int CERTS = 0;
+    public static final int REQUESTS = 1;
+    public static final int REPLICA_ID = 2;
+    public static final int NUM_REPOS = 3;
+
     /**
      * Retrieves the base DN.
      *
@@ -85,25 +92,118 @@ public interface IDBSubsystem extends ISubsystem {
      * Records maximum serial number limit in config file
      *
      * @param serial max serial number
+     * @param repo   repo identifier 
+     * @exception EBaseException failed to set 
+     */
+    public void setMaxSerialConfig(int repo, String serial) throws EBaseException;
+
+    /**
+     * Records minimum serial number limit in config file
+     *
+     * @param serial min serial number
+     * @param repo   repo identifier 
+     * @exception EBaseException failed to set 
+     */
+    public void setMinSerialConfig(int repo, String serial) throws EBaseException;
+
+    /**
+     * Records maximum serial number limit for the next range in config file
+     *
+     * @param serial max serial number
+     * @param repo   repo identifier 
      * @exception EBaseException failed to set 
      */
-    public void setMaxSerialConfig(String serial) throws EBaseException;
+    public void setNextMaxSerialConfig(int repo, String serial) throws EBaseException;
 
+    /**
+     * Records minimum serial number limit for the next range in config file
+     *
+     * @param serial min serial number
+     * @param repo   repo identifier 
+     * @exception EBaseException failed to set 
+     */
+    public void setNextMinSerialConfig(int repo, String serial) throws EBaseException;
 
-    public String getMinSerialConfig();
+    /**
+     * Gets minimum serial number limit in config file
+     *
+     * @param repo   repo identifier 
+     * @return min serial number
+     */
+    public String getMinSerialConfig(int repo);
 
     /**
      * Gets the maximum serial number limit in config file
      *
+     * @param repo   repo identifier 
      * @return max serial number
      */
-    public String getMaxSerialConfig();
+    public String getMaxSerialConfig(int repo);
 
+    /**
+     * Gets the maximum serial number limit for next range in config file
+     *
+     * @param repo   repo identifier 
+     * @return max serial number
+     */
+    public String getNextMaxSerialConfig(int repo);
 
-    public String getMinRequestConfig();
+    /**
+     * Gets minimum serial number limit for next range in config file
+     *
+     * @param repo   repo identifier 
+     * @return min serial number
+     */
+    public String getNextMinSerialConfig(int repo);
+    
+    /**
+     * Gets low water mark limit in config file
+     *
+     * @param repo   repo identifier 
+     * @return low water mark
+     */
+    public String getLowWaterMarkConfig(int repo);
  
-    public String getMaxRequestConfig();
+    /**
+     * Gets range increment limit for next range in config file
+     *
+     * @param repo   repo identifier 
+     * @return range increment
+     */
+    public String getIncrementConfig(int repo);
+  
+    /**
+     * Gets number corresponding to start of next range from database
+     *
+     * @param repo   repo identifier 
+     * @return start of next range
+     */
+    public String getNextRange(int repo);
 
+    /**
+     * Determines if a range conflict has been observed in database
+     *
+     * @param repo   repo identifier 
+     * @return true if range conflict, false otherwise
+     */
+    public boolean hasRangeConflict(int repo);
+
+    /**
+     * Determines if serial number management has been enabled
+     *
+     * @param repo   repo identifier 
+     * @return true if enabled, false otherwise
+     */
+    public boolean getEnableSerialMgmt();
+
+   /**
+     * Sets whether serial number management is enabled for certs
+     * and requests. 
+     *
+     * @param value   true/false 
+     * @exception EBaseException failed to set 
+     */
+    public void setEnableSerialMgmt(boolean value) throws EBaseException;
 
     /**
      * Returns LDAP connection to connection pool.
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
index 3b76bbbf3..4b89650ee 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
@@ -76,10 +76,12 @@ public interface ICertificateRepository extends IRepository {
     /**
      * Sets certificate status update internal
      *
+     * @param requestRepo request repository
      * @param interval update interval
      * @param listenToCloneModifications enable listening to clone modifications
      */
-    public void setCertStatusUpdateInterval(int interval,
+    public void setCertStatusUpdateInterval(IRepository requestRepo, 
+        int interval,
         boolean listenToCloneModifications);
 
     /**
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
new file mode 100644
index 000000000..6448e8d3a
--- /dev/null
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
@@ -0,0 +1,32 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.dbs.replicadb;
+
+import com.netscape.certsrv.dbs.*;
+import com.netscape.certsrv.dbs.repository.*;
+
+
+/**
+ * An interface represents a ReplicaID Repository. 
+ * It provides unique managed replica IDs.
+ * <P>
+ *
+ * @version $Revision: 14561 $, $Date: 2008-11-18 10:28:56 -0700 (Tue, 18 Nov 2008) $
+ */
+public interface IReplicaIDRepository extends IRepository {
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
index 15162e77e..aed6a5482 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
@@ -34,17 +34,59 @@ import com.netscape.certsrv.dbs.*;
  */
 public interface IRepository {
 
-	/**
-	 * Retrieves the next serial number, and also increase the
-	 * serial number by one.
-	 *
-	 * @return serial number
+    /**
+     * Retrieves the next serial number, and also increase the
+     * serial number by one.
+     *
+     * @return serial number
      * @exception EBaseException failed to retrieve next serial number
-	 */
-	public BigInteger getNextSerialNumber() throws EBaseException;
+     */
+    public BigInteger getNextSerialNumber() throws EBaseException;
 
     /**
      * Resets serial number.
      */
     public void resetSerialNumber(BigInteger serial) throws EBaseException;
+
+    /**
+     * Retrieves the next serial number without increasing the serial number.
+     * 
+     * @return serial number
+     * @exception EBaseException failed to retrieve next serial number
+     */
+    public BigInteger getTheSerialNumber() throws EBaseException;
+
+    /**
+     * Set the maximum serial number.
+     * 
+     * @param serial maximum number
+     * @exception EBaseException failed to set maximum serial number
+     */
+    public void setMaxSerial (String serial) throws EBaseException;
+   
+    /**
+     * Set the maximum serial number in next range.
+     * 
+     * @param serial maximum number
+     * @exception EBaseException failed to set maximum serial number in next range
+     */
+    public void setNextMaxSerial(String serial) throws EBaseException;
+
+    /**
+     * Checks to see if a new range is needed, or if we have reached the end of the 
+     * current range, or if a range conflict has occurred.
+     * 
+     * @exception EBaseException failed to check next range for conflicts
+     */
+    public void checkRanges() throws EBaseException;
+
+     /**
+     * Sets whether serial number management is enabled for certs
+     * and requests. 
+     *
+     * @param value   true/false 
+     * @exception EBaseException failed to set 
+     */
+    public void setEnableSerialMgmt(boolean value) throws EBaseException;
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
index 40e8831ce..a2174d7cd 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
@@ -28,6 +28,7 @@ import com.netscape.certsrv.logging.*;
 import com.netscape.certsrv.base.*;
 import com.netscape.certsrv.dbs.*;
 import com.netscape.certsrv.dbs.keydb.*;
+import com.netscape.certsrv.dbs.replicadb.*;
 import com.netscape.certsrv.request.*;
 import com.netscape.certsrv.policy.*;
 import com.netscape.certsrv.security.*;
@@ -87,6 +88,13 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     public IKeyRepository getKeyRepository();
 
     /**
+     * Retrieves the Replica ID repository.
+     *
+     * @return KRA's Replica ID repository
+     */
+    public IReplicaIDRepository getReplicaRepository();
+
+    /**
      * Enables the auto recovery state. Once KRA is in the auto 
      * recovery state, no recovery agents need to be present for
      * providing credentials. This feature is for enabling
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
index f37421ffd..cfbea225f 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
@@ -19,6 +19,7 @@ package com.netscape.certsrv.request;
 
 import java.math.*;
 import java.util.Enumeration;
+import com.netscape.certsrv.dbs.repository.IRepository;
 
 import com.netscape.certsrv.base.EBaseException;
 
@@ -399,4 +400,11 @@ public interface IRequestQueue {
      * Removes all objects with this repository.
      */
     public void removeAllObjects() throws EBaseException;
+
+    /**
+     * Gets request repository.
+     *
+     * @return request repository
+     */
+    public IRepository getRequestRepository();
 }