From c7ae619f8a11c83ce542944a35520f139f928b62 Mon Sep 17 00:00:00 2001
From: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Tue, 16 Mar 2010 18:37:00 +0000
Subject: BZ Bug 565842 - CA Clone instance configuration throws errors

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1019 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../com/netscape/certsrv/request/IRequestQueue.java  |  7 -------
 .../com/netscape/cms/servlet/csadmin/CertUtil.java   |  2 +-
 .../netscape/cms/servlet/csadmin/DatabasePanel.java  |  4 ++++
 .../cms/servlet/csadmin/UpdateNumberRange.java       | 12 +++++++++---
 .../src/com/netscape/cmscore/apps/CMSEngine.java     | 20 ++++++++++++++++++++
 .../com/netscape/cmscore/request/ARequestQueue.java  | 13 +------------
 6 files changed, 35 insertions(+), 23 deletions(-)

(limited to 'pki/base/common/src')

diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
index 31763ef60..cfbea225f 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
@@ -56,13 +56,6 @@ public interface IRequestQueue {
     public IRequest newRequest(String requestType)
         throws EBaseException;
 
-    /**
-     *  same as newRequest, only to take serial number. 
-     *  To be solely used during root CA installation
-     */
-    public IRequest newRequest(String requestType, String serialNum)
-        throws EBaseException;
-
     /**
      * Clones a request object. A new request id is assigned 
      * and all attributes of the request is copied to cloned request, 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 08f0686c3..258c36b62 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -192,7 +192,7 @@ public class CertUtil {
         // just need a request, no need to get into a queue
 //        IRequest r = new EnrollmentRequest(rid);
         CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum);
-        IRequest req = queue.newRequest("enrollment", serialNum);
+        IRequest req = queue.newRequest("enrollment");
         CMS.debug("certUtil: newRequest called");
         req.setExtData("profile", "true");
         req.setExtData("requestversion", "1.0.0");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index 1c71780dc..cbc509a89 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -984,8 +984,12 @@ public class DatabasePanel extends WizardPanelBase {
 
             try {
                 CMS.reinit(IDBSubsystem.SUB_ID);
+                String type = cs.getString("cs.type", "");
+                if (type.equals("CA"))
+                    CMS.reinit(ICertificateAuthority.ID);
                 CMS.reinit(IAuthSubsystem.ID);
                 CMS.reinit(IAuthzSubsystem.ID);
+                CMS.reinit(IUGSubsystem.ID);
             } catch (Exception e) {
             }
         }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 01126e228..890d6dfb1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -151,6 +151,14 @@ public class UpdateNumberRange extends CMSServlet {
                     repo = ca.getReplicaRepository();
                 }
             }
+
+            // checkRanges for replicaID - we do this each time a replica is created.
+            // This needs to be done beforehand to ensure that we always have enough 
+            // replica numbers
+            if (type.equals("replicaId")) {
+               CMS.debug("Checking replica number ranges");
+               repo.checkRanges();
+            }
                
             if (type.equals("request")) {
                 radix = 10;
@@ -222,10 +230,8 @@ public class UpdateNumberRange extends CMSServlet {
                 return;
             }
 
-            // checkRanges for replicaID - we do this each time a replica is created.
-            // Also enable serial number management in master for certs and requests
+            // Enable serial number management in master for certs and requests
             if (type.equals("replicaId")) {
-               repo.checkRanges();
                repo.setEnableSerialMgmt(true);
             }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
index 54684e1f1..72d80284f 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
@@ -64,6 +64,7 @@ import com.netscape.certsrv.dbs.crldb.*;
 import com.netscape.certsrv.dbs.repository.*;
 import com.netscape.certsrv.ca.*;
 import com.netscape.certsrv.ra.*;
+import com.netscape.certsrv.kra.*;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.common.*;
 import com.netscape.certsrv.apps.*;
@@ -870,6 +871,25 @@ public class CMSEngine implements ICMSEngine {
             System.out.println(Constants.SERVER_STARTUP_WARNING_MESSAGE + mWarning);
         }
 
+        // check serial number ranges if a CA/KRA
+        ICertificateAuthority ca = (ICertificateAuthority) getSubsystem("ca");
+        if ((ca != null) && !isPreOpMode()) {
+            CMS.debug("CMSEngine: checking request serial number ranges for the CA");
+            ca.getRequestQueue().getRequestRepository().checkRanges();
+
+            CMS.debug("CMSEngine: checking certificate serial number ranges");
+            ca.getCertificateRepository().checkRanges();
+        } 
+
+        IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) getSubsystem("kra");
+        if ((kra != null) && !isPreOpMode()) {
+            CMS.debug("CMSEngine: checking request serial number ranges for the KRA");
+            kra.getRequestQueue().getRequestRepository().checkRanges();
+
+            CMS.debug("CMSEngine: checking key serial number ranges");
+            kra.getKeyRepository().checkRanges();
+        }
+
         /*LogDoc
          *
          * @phase server startup
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
index d41454c5e..922478596 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -238,22 +238,11 @@ public abstract class ARequestQueue
      * @see IRequestQueue#newRequest
      */
     public IRequest newRequest(String requestType)
-        throws EBaseException {
-        return newRequest(requestType, null);
-    }
-
-    public IRequest newRequest(String requestType, String serialNum)
         throws EBaseException {
         if (requestType == null) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_REQUEST_TYPE", "null"));
         }
-        RequestId rId = null;
-        if (serialNum == null) {
-            rId = newRequestId();
-        } else {
-            rId = new RequestId(serialNum);
-        }
-
+        RequestId rId = newRequestId();
         IRequest r = createRequest(rId, requestType);
 
         // Commented out the lock call because unlock is never called.
-- 
cgit