diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-01-05 16:58:25 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-01-05 16:58:25 +0000 |
commit | 12037cf9cf935bda5259e531b11a876ff2b41098 (patch) | |
tree | 2dd9029e94369398638d8467ddd895acae80cfb3 /pki/base/common/src/com/netscape/certsrv | |
parent | dca02910f6de3f9631589ee3c12c229fa58629c8 (diff) | |
download | pki-12037cf9cf935bda5259e531b11a876ff2b41098.tar.gz pki-12037cf9cf935bda5259e531b11a876ff2b41098.tar.xz pki-12037cf9cf935bda5259e531b11a876ff2b41098.zip |
BZ472006 Serial number management
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@168 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv')
7 files changed, 213 insertions, 13 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 311a7891b..a828a69bf 100644 --- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -34,6 +34,7 @@ import com.netscape.certsrv.security.*; import com.netscape.certsrv.publish.*; import com.netscape.certsrv.dbs.certdb.*; import com.netscape.certsrv.dbs.crldb.*; +import com.netscape.certsrv.dbs.replicadb.*; /** @@ -243,6 +244,13 @@ public interface ICertificateAuthority extends ISubsystem { public ICRLRepository getCRLRepository(); /** + * Retrieves the Replica ID repository. + * + * @return CA's Replica ID repository + */ + public IReplicaIDRepository getReplicaRepository(); + + /** * Retrieves the request in queue listener. * * @return the request in queue listener diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java index e3914427f..933fd607c 100644 --- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java +++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java @@ -37,6 +37,13 @@ public interface IDBSubsystem extends ISubsystem { public static final String SUB_ID = "dbs"; + + // values for repos + public static final int CERTS = 0; + public static final int REQUESTS = 1; + public static final int REPLICA_ID = 2; + public static final int NUM_REPOS = 3; + /** * Retrieves the base DN. * @@ -85,25 +92,118 @@ public interface IDBSubsystem extends ISubsystem { * Records maximum serial number limit in config file * * @param serial max serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setMaxSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records minimum serial number limit in config file + * + * @param serial min serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setMinSerialConfig(int repo, String serial) throws EBaseException; + + /** + * Records maximum serial number limit for the next range in config file + * + * @param serial max serial number + * @param repo repo identifier * @exception EBaseException failed to set */ - public void setMaxSerialConfig(String serial) throws EBaseException; + public void setNextMaxSerialConfig(int repo, String serial) throws EBaseException; + /** + * Records minimum serial number limit for the next range in config file + * + * @param serial min serial number + * @param repo repo identifier + * @exception EBaseException failed to set + */ + public void setNextMinSerialConfig(int repo, String serial) throws EBaseException; - public String getMinSerialConfig(); + /** + * Gets minimum serial number limit in config file + * + * @param repo repo identifier + * @return min serial number + */ + public String getMinSerialConfig(int repo); /** * Gets the maximum serial number limit in config file * + * @param repo repo identifier * @return max serial number */ - public String getMaxSerialConfig(); + public String getMaxSerialConfig(int repo); + /** + * Gets the maximum serial number limit for next range in config file + * + * @param repo repo identifier + * @return max serial number + */ + public String getNextMaxSerialConfig(int repo); - public String getMinRequestConfig(); + /** + * Gets minimum serial number limit for next range in config file + * + * @param repo repo identifier + * @return min serial number + */ + public String getNextMinSerialConfig(int repo); + + /** + * Gets low water mark limit in config file + * + * @param repo repo identifier + * @return low water mark + */ + public String getLowWaterMarkConfig(int repo); - public String getMaxRequestConfig(); + /** + * Gets range increment limit for next range in config file + * + * @param repo repo identifier + * @return range increment + */ + public String getIncrementConfig(int repo); + + /** + * Gets number corresponding to start of next range from database + * + * @param repo repo identifier + * @return start of next range + */ + public String getNextRange(int repo); + /** + * Determines if a range conflict has been observed in database + * + * @param repo repo identifier + * @return true if range conflict, false otherwise + */ + public boolean hasRangeConflict(int repo); + + /** + * Determines if serial number management has been enabled + * + * @param repo repo identifier + * @return true if enabled, false otherwise + */ + public boolean getEnableSerialMgmt(); + + /** + * Sets whether serial number management is enabled for certs + * and requests. + * + * @param value true/false + * @exception EBaseException failed to set + */ + public void setEnableSerialMgmt(boolean value) throws EBaseException; /** * Returns LDAP connection to connection pool. diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java index 3b76bbbf3..4b89650ee 100644 --- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java +++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java @@ -76,10 +76,12 @@ public interface ICertificateRepository extends IRepository { /** * Sets certificate status update internal * + * @param requestRepo request repository * @param interval update interval * @param listenToCloneModifications enable listening to clone modifications */ - public void setCertStatusUpdateInterval(int interval, + public void setCertStatusUpdateInterval(IRepository requestRepo, + int interval, boolean listenToCloneModifications); /** diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java new file mode 100644 index 000000000..6448e8d3a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.dbs.replicadb; + +import com.netscape.certsrv.dbs.*; +import com.netscape.certsrv.dbs.repository.*; + + +/** + * An interface represents a ReplicaID Repository. + * It provides unique managed replica IDs. + * <P> + * + * @version $Revision: 14561 $, $Date: 2008-11-18 10:28:56 -0700 (Tue, 18 Nov 2008) $ + */ +public interface IReplicaIDRepository extends IRepository { +} diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java index 15162e77e..aed6a5482 100644 --- a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java +++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java @@ -34,17 +34,59 @@ import com.netscape.certsrv.dbs.*; */ public interface IRepository { - /** - * Retrieves the next serial number, and also increase the - * serial number by one. - * - * @return serial number + /** + * Retrieves the next serial number, and also increase the + * serial number by one. + * + * @return serial number * @exception EBaseException failed to retrieve next serial number - */ - public BigInteger getNextSerialNumber() throws EBaseException; + */ + public BigInteger getNextSerialNumber() throws EBaseException; /** * Resets serial number. */ public void resetSerialNumber(BigInteger serial) throws EBaseException; + + /** + * Retrieves the next serial number without increasing the serial number. + * + * @return serial number + * @exception EBaseException failed to retrieve next serial number + */ + public BigInteger getTheSerialNumber() throws EBaseException; + + /** + * Set the maximum serial number. + * + * @param serial maximum number + * @exception EBaseException failed to set maximum serial number + */ + public void setMaxSerial (String serial) throws EBaseException; + + /** + * Set the maximum serial number in next range. + * + * @param serial maximum number + * @exception EBaseException failed to set maximum serial number in next range + */ + public void setNextMaxSerial(String serial) throws EBaseException; + + /** + * Checks to see if a new range is needed, or if we have reached the end of the + * current range, or if a range conflict has occurred. + * + * @exception EBaseException failed to check next range for conflicts + */ + public void checkRanges() throws EBaseException; + + /** + * Sets whether serial number management is enabled for certs + * and requests. + * + * @param value true/false + * @exception EBaseException failed to set + */ + public void setEnableSerialMgmt(boolean value) throws EBaseException; + } diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java index 40e8831ce..a2174d7cd 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java @@ -28,6 +28,7 @@ import com.netscape.certsrv.logging.*; import com.netscape.certsrv.base.*; import com.netscape.certsrv.dbs.*; import com.netscape.certsrv.dbs.keydb.*; +import com.netscape.certsrv.dbs.replicadb.*; import com.netscape.certsrv.request.*; import com.netscape.certsrv.policy.*; import com.netscape.certsrv.security.*; @@ -87,6 +88,13 @@ public interface IKeyRecoveryAuthority extends ISubsystem { public IKeyRepository getKeyRepository(); /** + * Retrieves the Replica ID repository. + * + * @return KRA's Replica ID repository + */ + public IReplicaIDRepository getReplicaRepository(); + + /** * Enables the auto recovery state. Once KRA is in the auto * recovery state, no recovery agents need to be present for * providing credentials. This feature is for enabling diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java index f37421ffd..cfbea225f 100644 --- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java +++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java @@ -19,6 +19,7 @@ package com.netscape.certsrv.request; import java.math.*; import java.util.Enumeration; +import com.netscape.certsrv.dbs.repository.IRepository; import com.netscape.certsrv.base.EBaseException; @@ -399,4 +400,11 @@ public interface IRequestQueue { * Removes all objects with this repository. */ public void removeAllObjects() throws EBaseException; + + /** + * Gets request repository. + * + * @return request repository + */ + public IRepository getRequestRepository(); } |