From 0890a9d351144f7933e587f34de54f1f8588bc78 Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Thu, 10 Oct 2024 12:06:06 +0200 Subject: [PATCH] Add newLegacy id generator support in pkispawn --- .../cmscore/dbs/CertificateRepository.java | 6 +++-- .../netscape/cmscore/dbs/KeyRepository.java | 6 +++-- .../python/pki/server/deployment/__init__.py | 24 +++++++++++-------- base/server/python/pki/server/subsystem.py | 6 ++--- .../cmscore/request/RequestRepository.java | 6 +++-- 5 files changed, 29 insertions(+), 19 deletions(-) diff --git a/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java b/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java index d2938bf6364..b9a75d9f2bd 100644 --- a/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java +++ b/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java @@ -138,10 +138,12 @@ protected void initNewLegacyGenerator() throws EBaseException { rangeDN = mDBConfig.getSerialRangeDN() + "," + dbSubsystem.getBaseDN(); logger.debug("CertificateRepository: - range DN: " + rangeDN); - mMinSerialNo = mDBConfig.getBigInteger(DatabaseConfig.MIN_SERIAL_NUMBER, null); + minSerialName = DatabaseConfig.MIN_SERIAL_NUMBER; + mMinSerialNo = mDBConfig.getBigInteger(minSerialName, null); logger.debug("CertificateRepository: - min serial: " + mMinSerialNo); - mMaxSerialNo = mDBConfig.getBigInteger(DatabaseConfig.MAX_SERIAL_NUMBER, null); + maxSerialName = DatabaseConfig.MAX_SERIAL_NUMBER; + mMaxSerialNo = mDBConfig.getBigInteger(maxSerialName, null); logger.debug("CertificateRepository: - max serial: " + mMaxSerialNo); nextMinSerialName = DatabaseConfig.NEXT_MIN_SERIAL_NUMBER; diff --git a/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java b/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java index e2f86b19ee8..f13b3109d53 100644 --- a/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java +++ b/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java @@ -175,10 +175,12 @@ protected void initNewLegacyGenerator() throws EBaseException { rangeDN = dbConfig.getSerialRangeDN() + "," + dbSubsystem.getBaseDN(); logger.debug("KeyRepository: - range DN: " + rangeDN); - mMinSerialNo = dbConfig.getBigInteger(DatabaseConfig.MIN_SERIAL_NUMBER, null); + minSerialName = DatabaseConfig.MIN_SERIAL_NUMBER; + mMinSerialNo = dbConfig.getBigInteger(minSerialName, null); logger.debug("KeyRepository: - min serial: " + mMinSerialNo); - mMaxSerialNo = dbConfig.getBigInteger(DatabaseConfig.MAX_SERIAL_NUMBER, null); + maxSerialName = DatabaseConfig.MAX_SERIAL_NUMBER; + mMaxSerialNo = dbConfig.getBigInteger(maxSerialName, null); logger.debug("KeyRepository: - max serial: " + mMaxSerialNo); nextMinSerialName = DatabaseConfig.NEXT_MIN_SERIAL_NUMBER; diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py index 2929ad4e4da..7ec81f72c20 100644 --- a/base/server/python/pki/server/deployment/__init__.py +++ b/base/server/python/pki/server/deployment/__init__.py @@ -1175,8 +1175,9 @@ def configure_ca(self, subsystem): request_id_generator = self.mdict['pki_request_id_generator'] + subsystem.set_config('dbs.request.id.generator', request_id_generator) + if request_id_generator == 'random': - subsystem.set_config('dbs.request.id.generator', request_id_generator) subsystem.set_config('dbs.request.id.length', self.mdict['pki_request_id_length']) else: # legacy @@ -1209,8 +1210,9 @@ def configure_ca(self, subsystem): cert_id_generator = self.mdict['pki_cert_id_generator'] + subsystem.set_config('dbs.cert.id.generator', cert_id_generator) + if cert_id_generator == 'random': - subsystem.set_config('dbs.cert.id.generator', cert_id_generator) subsystem.set_config('dbs.cert.id.length', self.mdict['pki_cert_id_length']) else: # legacy @@ -1264,8 +1266,9 @@ def configure_kra(self, subsystem): request_id_generator = self.mdict['pki_request_id_generator'] + subsystem.set_config('dbs.request.id.generator', request_id_generator) + if request_id_generator == 'random': - subsystem.set_config('dbs.request.id.generator', request_id_generator) subsystem.set_config('dbs.request.id.length', self.mdict['pki_request_id_length']) else: # legacy @@ -1278,8 +1281,9 @@ def configure_kra(self, subsystem): key_id_generator = self.mdict['pki_key_id_generator'] + subsystem.set_config('dbs.key.id.generator', key_id_generator) + if key_id_generator == 'random': - subsystem.set_config('dbs.key.id.generator', key_id_generator) subsystem.set_config('dbs.key.id.length', self.mdict['pki_key_id_length']) else: # legacy @@ -1862,7 +1866,7 @@ def is_using_legacy_id_generator(self, subsystem): request_id_generator = subsystem.config.get('dbs.request.id.generator', 'legacy') logger.info('Request ID generator: %s', request_id_generator) - if request_id_generator == 'legacy': + if request_id_generator != 'random': return True if subsystem.type == 'CA': @@ -1870,7 +1874,7 @@ def is_using_legacy_id_generator(self, subsystem): cert_id_generator = subsystem.config.get('dbs.cert.id.generator', 'legacy') logger.info('Certificate ID generator: %s', cert_id_generator) - if cert_id_generator == 'legacy': + if cert_id_generator != 'random': return True elif subsystem.type == 'KRA': @@ -1878,7 +1882,7 @@ def is_using_legacy_id_generator(self, subsystem): key_id_generator = subsystem.config.get('dbs.key.id.generator', 'legacy') logger.info('Key ID generator: %s', key_id_generator) - if key_id_generator == 'legacy': + if key_id_generator != 'random': return True return False @@ -2876,7 +2880,7 @@ def import_cert_request(self, subsystem, tag, request): request_id_generator = subsystem.config.get('dbs.request.id.generator', 'legacy') - if request_id_generator == 'legacy': + if request_id_generator != 'random': # call the server to generate legacy request ID logger.info('Creating request ID for %s cert', tag) request.systemCert.requestID = self.client.createRequestID(request) @@ -2895,7 +2899,7 @@ def import_cert_request(self, subsystem, tag, request): dns_names=request.systemCert.dnsNames, adjust_validity=request.systemCert.adjustValidity) - if request_id_generator != 'legacy': + if request_id_generator == 'random': # get the request ID generated by pki-server ca-cert-request-import request.systemCert.requestID = result['requestID'] logger.info('- request ID: %s', request.systemCert.requestID) @@ -3347,7 +3351,7 @@ def create_cert_id(self, subsystem, tag, request): cert_id_generator = subsystem.config.get('dbs.cert.id.generator', 'legacy') - if cert_id_generator == 'legacy': + if cert_id_generator != 'random': # call the server to generate legacy cert ID logger.info('Creating cert ID for %s cert', tag) cert_id = self.client.createCertID(request) diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index 9ca4516110f..6691555ac6b 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -1515,7 +1515,7 @@ def request_ranges(self, master_url, session_id=None, install_token=None): # request cert/key request ID range if it uses legacy generator if self.type in ['CA', 'KRA'] and \ - self.config.get('dbs.request.id.generator', 'legacy') == 'legacy': + self.config.get('dbs.request.id.generator', 'legacy') != 'random': logger.info('Requesting request ID range') @@ -1527,9 +1527,9 @@ def request_ranges(self, master_url, session_id=None, install_token=None): # request cert/key ID range if it uses legacy generator if self.type == 'CA' and \ - self.config.get('dbs.cert.id.generator', 'legacy') == 'legacy' or \ + self.config.get('dbs.cert.id.generator', 'legacy') != 'random' or \ self.type == 'KRA' \ - and self.config.get('dbs.key.id.generator', 'legacy') == 'legacy': + and self.config.get('dbs.key.id.generator', 'legacy') != 'random': logger.info('Requesting serial number range') diff --git a/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java b/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java index ebec4428f6d..787fccd1357 100644 --- a/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java +++ b/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java @@ -119,10 +119,12 @@ protected void initNewLegacyGenerator() throws EBaseException { rangeDN = dbConfig.getRequestRangeDN() + "," + dbSubsystem.getBaseDN(); logger.debug("RequestRepository: - range DN: " + rangeDN); - mMinSerialNo = dbConfig.getBigInteger(DatabaseConfig.MIN_REQUEST_NUMBER, null); + minSerialName = DatabaseConfig.MIN_REQUEST_NUMBER; + mMinSerialNo = dbConfig.getBigInteger(minSerialName, null); logger.debug("RequestRepository: - min serial: " + mMinSerialNo); - mMaxSerialNo = dbConfig.getBigInteger(DatabaseConfig.MAX_REQUEST_NUMBER, null); + maxSerialName = DatabaseConfig.MAX_REQUEST_NUMBER; + mMaxSerialNo = dbConfig.getBigInteger(maxSerialName, null); logger.debug("RequestRepository: - max serial: " + mMaxSerialNo); nextMinSerialName = DatabaseConfig.NEXT_MIN_REQUEST_NUMBER;