From 10200496ea15187db6a4abee3db2b9499be86382 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 3 Oct 2023 11:46:40 -0500
Subject: [PATCH] Move CAEngine.readAuthority() to AuthorityMonitor

---
 .../com/netscape/ca/AuthorityMonitor.java     | 97 ++++++++++++++++++-
 .../org/dogtagpki/server/ca/CAEngine.java     | 85 ----------------
 2 files changed, 93 insertions(+), 89 deletions(-)

diff --git a/base/ca/src/main/java/com/netscape/ca/AuthorityMonitor.java b/base/ca/src/main/java/com/netscape/ca/AuthorityMonitor.java
index bf128b53fdd..0dc7e260e33 100644
--- a/base/ca/src/main/java/com/netscape/ca/AuthorityMonitor.java
+++ b/base/ca/src/main/java/com/netscape/ca/AuthorityMonitor.java
@@ -24,7 +24,9 @@
 import java.util.TreeMap;
 import java.util.TreeSet;
 
+import org.dogtagpki.server.ca.AuthorityRecord;
 import org.dogtagpki.server.ca.CAEngine;
+import org.mozilla.jss.netscape.security.x509.X500Name;
 
 import com.netscape.certsrv.ca.AuthorityID;
 import com.netscape.certsrv.ca.ECAException;
@@ -161,7 +163,7 @@ public void run() {
                         switch (changeType) {
                         case LDAPPersistSearchControl.ADD:
                             logger.debug("AuthorityMonitor: ADD");
-                            engine.readAuthority(entry);
+                            readAuthority(entry);
                             break;
                         case LDAPPersistSearchControl.DELETE:
                             logger.debug("AuthorityMonitor: DELETE");
@@ -170,7 +172,7 @@ public void run() {
                         case LDAPPersistSearchControl.MODIFY:
                             logger.debug("AuthorityMonitor: MODIFY");
                             // TODO how do we handle authorityID change?
-                            engine.readAuthority(entry);
+                            readAuthority(entry);
                             break;
                         case LDAPPersistSearchControl.MODDN:
                             logger.debug("AuthorityMonitor: MODDN");
@@ -183,7 +185,7 @@ public void run() {
 
                     } else {
                         logger.debug("AuthorityMonitor: immediate result");
-                        engine.readAuthority(entry);
+                        readAuthority(entry);
                         loader.increment();
                     }
                 }
@@ -238,7 +240,7 @@ private synchronized void handleMODDN(DN oldDN, LDAPEntry entry) throws Exceptio
             }
 
         } else if (!wasMonitored && isMonitored) {
-            engine.readAuthority(entry);
+            readAuthority(entry);
         }
     }
 
@@ -279,6 +281,93 @@ private synchronized void handleDELETE(LDAPEntry entry) {
         }
     }
 
+    public synchronized void readAuthority(LDAPEntry entry) throws Exception {
+
+        logger.info("AuthorityMonitor: Loading authority record " + entry.getDN());
+
+        CAEngine engine = CAEngine.getInstance();
+        AuthorityRecord record;
+        try {
+            record = engine.getAuthorityRecord(entry);
+        } catch (Exception e) {
+            logger.warn("Unable to load authority record: " + e.getMessage(), e);
+            return;
+        }
+
+        String nsUniqueID = record.getNSUniqueID();
+        if (deletedNsUniqueIds.contains(nsUniqueID)) {
+            logger.warn("AuthorityMonitor: ignoring entry with nsUniqueId '"
+                    + nsUniqueID + "' due to deletion");
+            return;
+        }
+
+        AuthorityID authorityID = record.getAuthorityID();
+        X500Name authorityDN = record.getAuthorityDN();
+        String description = record.getDescription();
+
+        // Determine if it is the host authority's entry, by
+        // comparing DNs.  DNs must be serialized in case different
+        // encodings are used for AVA values, e.g. PrintableString
+        // from LDAP vs UTF8String in certificate.
+
+        CertificateAuthority hostCA = engine.getCA();
+
+        if (authorityDN.toString().equals(hostCA.getX500Name().toString())) {
+            logger.info("AuthorityMonitor: Updating host CA");
+            foundHostCA = true;
+
+            logger.info("AuthorityMonitor: - ID: " + authorityID);
+            hostCA.setAuthorityID(authorityID);
+
+            logger.info("AuthorityMonitor: - description: " + description);
+            hostCA.setAuthorityDescription(description);
+
+            addCA(authorityID, hostCA);
+
+            return;
+        }
+
+        BigInteger newEntryUSN = record.getEntryUSN();
+        logger.debug("AuthorityMonitor: new entryUSN: " + newEntryUSN);
+
+        if (newEntryUSN == null) {
+            logger.debug("AuthorityMonitor: no entryUSN");
+            if (!engine.entryUSNPluginEnabled()) {
+                logger.warn("AuthorityMonitor: dirsrv USN plugin is not enabled; skipping entry");
+                logger.warn("Lightweight authority entry has no"
+                        + " entryUSN attribute and USN plugin not enabled;"
+                        + " skipping.  Enable dirsrv USN plugin.");
+                return;
+
+            }
+
+            logger.debug("AuthorityMonitor: dirsrv USN plugin is enabled; continuing");
+            // entryUSN plugin is enabled, but no entryUSN attribute. We
+            // can proceed because future modifications will result in the
+            // entryUSN attribute being added.
+        }
+
+        BigInteger knownEntryUSN = entryUSNs.get(authorityID);
+        if (newEntryUSN != null && knownEntryUSN != null) {
+            logger.debug("AuthorityMonitor: known entryUSN: " + knownEntryUSN);
+            if (newEntryUSN.compareTo(knownEntryUSN) <= 0) {
+                logger.debug("AuthorityMonitor: data is current");
+                return;
+            }
+        }
+
+        try {
+            CertificateAuthority ca = engine.createCA(record);
+
+            addCA(authorityID, ca);
+            entryUSNs.put(authorityID, newEntryUSN);
+            nsUniqueIds.put(authorityID, nsUniqueID);
+
+        } catch (Exception e) {
+            logger.warn("AuthorityMonitor: Error initializing lightweight CA: " + e.getMessage(), e);
+        }
+    }
+
     public void addCA(AuthorityID aid, CertificateAuthority ca) {
         authorities.put(aid, ca);
     }
diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java
index 16a4bb3444c..ad4ab45c79d 100644
--- a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java
+++ b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java
@@ -1406,91 +1406,6 @@ public synchronized void deleteAuthorityEntry(AuthorityID aid) throws EBaseExcep
         authorityMonitor.removeCA(aid);
     }
 
-    public synchronized void readAuthority(LDAPEntry entry) throws Exception {
-
-        logger.info("CAEngine: Loading authority record " + entry.getDN());
-
-        AuthorityRecord record;
-        try {
-            record = getAuthorityRecord(entry);
-        } catch (Exception e) {
-            logger.warn("Unable to load authority record: " + e.getMessage(), e);
-            return;
-        }
-
-        String nsUniqueId = record.getNSUniqueID();
-        if (authorityMonitor.deletedNsUniqueIds.contains(nsUniqueId)) {
-            logger.warn("CAEngine: ignoring entry with nsUniqueId '"
-                    + nsUniqueId + "' due to deletion");
-            return;
-        }
-
-        AuthorityID aid = record.getAuthorityID();
-        X500Name dn = record.getAuthorityDN();
-        String desc = record.getDescription();
-
-        // Determine if it is the host authority's entry, by
-        // comparing DNs.  DNs must be serialized in case different
-        // encodings are used for AVA values, e.g. PrintableString
-        // from LDAP vs UTF8String in certificate.
-
-        CertificateAuthority hostCA = getCA();
-
-        if (dn.toString().equals(hostCA.getX500Name().toString())) {
-            logger.info("CAEngine: Updating host CA");
-            authorityMonitor.foundHostCA = true;
-
-            logger.info("CAEngine: - ID: " + aid);
-            hostCA.setAuthorityID(aid);
-
-            logger.info("CAEngine: - description: " + desc);
-            hostCA.setAuthorityDescription(desc);
-
-            authorityMonitor.addCA(aid, hostCA);
-
-            return;
-        }
-
-        BigInteger newEntryUSN = record.getEntryUSN();
-        logger.debug("CAEngine: new entryUSN: " + newEntryUSN);
-
-        if (newEntryUSN == null) {
-            logger.debug("CAEngine: no entryUSN");
-            if (!entryUSNPluginEnabled()) {
-                logger.warn("CAEngine: dirsrv USN plugin is not enabled; skipping entry");
-                logger.warn("Lightweight authority entry has no"
-                        + " entryUSN attribute and USN plugin not enabled;"
-                        + " skipping.  Enable dirsrv USN plugin.");
-                return;
-            }
-
-            logger.debug("CAEngine: dirsrv USN plugin is enabled; continuing");
-            // entryUSN plugin is enabled, but no entryUSN attribute. We
-            // can proceed because future modifications will result in the
-            // entryUSN attribute being added.
-        }
-
-        BigInteger knownEntryUSN = authorityMonitor.entryUSNs.get(aid);
-        if (newEntryUSN != null && knownEntryUSN != null) {
-            logger.debug("CAEngine: known entryUSN: " + knownEntryUSN);
-            if (newEntryUSN.compareTo(knownEntryUSN) <= 0) {
-                logger.debug("CAEngine: data is current");
-                return;
-            }
-        }
-
-        try {
-            CertificateAuthority ca = createCA(record);
-
-            authorityMonitor.addCA(aid, ca);
-            authorityMonitor.entryUSNs.put(aid, newEntryUSN);
-            authorityMonitor.nsUniqueIds.put(aid, nsUniqueId);
-
-        } catch (Exception e) {
-            logger.warn("CAEngine: Error initializing lightweight CA: " + e.getMessage(), e);
-        }
-    }
-
     /**
      * Add an LDAP entry for the host authority.
      *