summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-03-16 18:37:00 +0000
committeralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-03-16 18:37:00 +0000
commitc7ae619f8a11c83ce542944a35520f139f928b62 (patch)
tree842323fde0e94c6f9f2705a2ab2f154d7bdf08b8
parent5783c736a8402eb23812189a286f023286dec675 (diff)
downloadpki-c7ae619f8a11c83ce542944a35520f139f928b62.tar.gz
pki-c7ae619f8a11c83ce542944a35520f139f928b62.tar.xz
pki-c7ae619f8a11c83ce542944a35520f139f928b62.zip
BZ Bug 565842 - CA Clone instance configuration throws errors
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1019 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat
-rw-r--r--pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java12
-rw-r--r--pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java20
-rw-r--r--pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java13
6 files changed, 35 insertions, 23 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
index 31763ef6..cfbea225 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
@@ -57,13 +57,6 @@ public interface IRequestQueue {
throws EBaseException;
/**
- * same as newRequest, only to take serial number.
- * To be solely used during root CA installation
- */
- public IRequest newRequest(String requestType, String serialNum)
- throws EBaseException;
-
- /**
* Clones a request object. A new request id is assigned
* and all attributes of the request is copied to cloned request,
* except for the sourceID of the original request
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 08f0686c..258c36b6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -192,7 +192,7 @@ public class CertUtil {
// just need a request, no need to get into a queue
// IRequest r = new EnrollmentRequest(rid);
CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum);
- IRequest req = queue.newRequest("enrollment", serialNum);
+ IRequest req = queue.newRequest("enrollment");
CMS.debug("certUtil: newRequest called");
req.setExtData("profile", "true");
req.setExtData("requestversion", "1.0.0");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index 1c71780d..cbc509a8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -984,8 +984,12 @@ public class DatabasePanel extends WizardPanelBase {
try {
CMS.reinit(IDBSubsystem.SUB_ID);
+ String type = cs.getString("cs.type", "");
+ if (type.equals("CA"))
+ CMS.reinit(ICertificateAuthority.ID);
CMS.reinit(IAuthSubsystem.ID);
CMS.reinit(IAuthzSubsystem.ID);
+ CMS.reinit(IUGSubsystem.ID);
} catch (Exception e) {
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 01126e22..890d6dfb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -151,6 +151,14 @@ public class UpdateNumberRange extends CMSServlet {
repo = ca.getReplicaRepository();
}
}
+
+ // checkRanges for replicaID - we do this each time a replica is created.
+ // This needs to be done beforehand to ensure that we always have enough
+ // replica numbers
+ if (type.equals("replicaId")) {
+ CMS.debug("Checking replica number ranges");
+ repo.checkRanges();
+ }
if (type.equals("request")) {
radix = 10;
@@ -222,10 +230,8 @@ public class UpdateNumberRange extends CMSServlet {
return;
}
- // checkRanges for replicaID - we do this each time a replica is created.
- // Also enable serial number management in master for certs and requests
+ // Enable serial number management in master for certs and requests
if (type.equals("replicaId")) {
- repo.checkRanges();
repo.setEnableSerialMgmt(true);
}
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
index 54684e1f..72d80284 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
@@ -64,6 +64,7 @@ import com.netscape.certsrv.dbs.crldb.*;
import com.netscape.certsrv.dbs.repository.*;
import com.netscape.certsrv.ca.*;
import com.netscape.certsrv.ra.*;
+import com.netscape.certsrv.kra.*;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.common.*;
import com.netscape.certsrv.apps.*;
@@ -870,6 +871,25 @@ public class CMSEngine implements ICMSEngine {
System.out.println(Constants.SERVER_STARTUP_WARNING_MESSAGE + mWarning);
}
+ // check serial number ranges if a CA/KRA
+ ICertificateAuthority ca = (ICertificateAuthority) getSubsystem("ca");
+ if ((ca != null) && !isPreOpMode()) {
+ CMS.debug("CMSEngine: checking request serial number ranges for the CA");
+ ca.getRequestQueue().getRequestRepository().checkRanges();
+
+ CMS.debug("CMSEngine: checking certificate serial number ranges");
+ ca.getCertificateRepository().checkRanges();
+ }
+
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) getSubsystem("kra");
+ if ((kra != null) && !isPreOpMode()) {
+ CMS.debug("CMSEngine: checking request serial number ranges for the KRA");
+ kra.getRequestQueue().getRequestRepository().checkRanges();
+
+ CMS.debug("CMSEngine: checking key serial number ranges");
+ kra.getKeyRepository().checkRanges();
+ }
+
/*LogDoc
*
* @phase server startup
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
index d41454c5..92247859 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -239,21 +239,10 @@ public abstract class ARequestQueue
*/
public IRequest newRequest(String requestType)
throws EBaseException {
- return newRequest(requestType, null);
- }
-
- public IRequest newRequest(String requestType, String serialNum)
- throws EBaseException {
if (requestType == null) {
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_REQUEST_TYPE", "null"));
}
- RequestId rId = null;
- if (serialNum == null) {
- rId = newRequestId();
- } else {
- rId = new RequestId(serialNum);
- }
-
+ RequestId rId = newRequestId();
IRequest r = createRequest(rId, requestType);
// Commented out the lock call because unlock is never called.
generated by cgit (git 2.34.1) at 2024-06-01 22:27:44 +0000