Add newLegacy id generator support in pkispawn

base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java

@@ -138,10 +138,12 @@ protected void initNewLegacyGenerator() throws EBaseException {
  rangeDN = mDBConfig.getSerialRangeDN() + "," + dbSubsystem.getBaseDN();
  logger.debug("CertificateRepository: - range DN: " + rangeDN);
 
- mMinSerialNo = mDBConfig.getBigInteger(DatabaseConfig.MIN_SERIAL_NUMBER, null);
+ minSerialName = DatabaseConfig.MIN_SERIAL_NUMBER;
+ mMinSerialNo = mDBConfig.getBigInteger(minSerialName, null);
  logger.debug("CertificateRepository: - min serial: " + mMinSerialNo);
 
- mMaxSerialNo = mDBConfig.getBigInteger(DatabaseConfig.MAX_SERIAL_NUMBER, null);
+ maxSerialName = DatabaseConfig.MAX_SERIAL_NUMBER;
+ mMaxSerialNo = mDBConfig.getBigInteger(maxSerialName, null);
  logger.debug("CertificateRepository: - max serial: " + mMaxSerialNo);
 
  nextMinSerialName = DatabaseConfig.NEXT_MIN_SERIAL_NUMBER;

base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java

@@ -175,10 +175,12 @@ protected void initNewLegacyGenerator() throws EBaseException {
  rangeDN = dbConfig.getSerialRangeDN() + "," + dbSubsystem.getBaseDN();
  logger.debug("KeyRepository: - range DN: " + rangeDN);
 
- mMinSerialNo = dbConfig.getBigInteger(DatabaseConfig.MIN_SERIAL_NUMBER, null);
+ minSerialName = DatabaseConfig.MIN_SERIAL_NUMBER;
+ mMinSerialNo = dbConfig.getBigInteger(minSerialName, null);
  logger.debug("KeyRepository: - min serial: " + mMinSerialNo);
 
- mMaxSerialNo = dbConfig.getBigInteger(DatabaseConfig.MAX_SERIAL_NUMBER, null);
+ maxSerialName = DatabaseConfig.MAX_SERIAL_NUMBER;
+ mMaxSerialNo = dbConfig.getBigInteger(maxSerialName, null);
  logger.debug("KeyRepository: - max serial: " + mMaxSerialNo);
 
  nextMinSerialName = DatabaseConfig.NEXT_MIN_SERIAL_NUMBER;

base/server/python/pki/server/deployment/__init__.py

@@ -1175,8 +1175,9 @@ def configure_ca(self, subsystem):
 
  request_id_generator = self.mdict['pki_request_id_generator']
 
+ subsystem.set_config('dbs.request.id.generator', request_id_generator)
+
  if request_id_generator == 'random':
- subsystem.set_config('dbs.request.id.generator', request_id_generator)
  subsystem.set_config('dbs.request.id.length', self.mdict['pki_request_id_length'])
 
  else: # legacy
@@ -1209,8 +1210,9 @@ def configure_ca(self, subsystem):
 
  cert_id_generator = self.mdict['pki_cert_id_generator']
 
+ subsystem.set_config('dbs.cert.id.generator', cert_id_generator)
+
  if cert_id_generator == 'random':
- subsystem.set_config('dbs.cert.id.generator', cert_id_generator)
  subsystem.set_config('dbs.cert.id.length', self.mdict['pki_cert_id_length'])
 
  else: # legacy
@@ -1264,8 +1266,9 @@ def configure_kra(self, subsystem):
 
  request_id_generator = self.mdict['pki_request_id_generator']
 
+ subsystem.set_config('dbs.request.id.generator', request_id_generator)
+
  if request_id_generator == 'random':
- subsystem.set_config('dbs.request.id.generator', request_id_generator)
  subsystem.set_config('dbs.request.id.length', self.mdict['pki_request_id_length'])
 
  else: # legacy
@@ -1278,8 +1281,9 @@ def configure_kra(self, subsystem):
 
  key_id_generator = self.mdict['pki_key_id_generator']
 
+ subsystem.set_config('dbs.key.id.generator', key_id_generator)
+
  if key_id_generator == 'random':
- subsystem.set_config('dbs.key.id.generator', key_id_generator)
  subsystem.set_config('dbs.key.id.length', self.mdict['pki_key_id_length'])
 
  else: # legacy
@@ -1862,23 +1866,23 @@ def is_using_legacy_id_generator(self, subsystem):
  request_id_generator = subsystem.config.get('dbs.request.id.generator', 'legacy')
  logger.info('Request ID generator: %s', request_id_generator)
 
- if request_id_generator == 'legacy':
+ if request_id_generator != 'random':
  return True
 
  if subsystem.type == 'CA':
 
  cert_id_generator = subsystem.config.get('dbs.cert.id.generator', 'legacy')
  logger.info('Certificate ID generator: %s', cert_id_generator)
 
- if cert_id_generator == 'legacy':
+ if cert_id_generator != 'random':
  return True
 
  elif subsystem.type == 'KRA':
 
  key_id_generator = subsystem.config.get('dbs.key.id.generator', 'legacy')
  logger.info('Key ID generator: %s', key_id_generator)
 
- if key_id_generator == 'legacy':
+ if key_id_generator != 'random':
  return True
 
  return False
@@ -2876,7 +2880,7 @@ def import_cert_request(self, subsystem, tag, request):
 
  request_id_generator = subsystem.config.get('dbs.request.id.generator', 'legacy')
 
- if request_id_generator == 'legacy':
+ if request_id_generator != 'random':
  # call the server to generate legacy request ID
  logger.info('Creating request ID for %s cert', tag)
  request.systemCert.requestID = self.client.createRequestID(request)
@@ -2895,7 +2899,7 @@ def import_cert_request(self, subsystem, tag, request):
  dns_names=request.systemCert.dnsNames,
  adjust_validity=request.systemCert.adjustValidity)
 
- if request_id_generator != 'legacy':
+ if request_id_generator == 'random':
  # get the request ID generated by pki-server ca-cert-request-import
  request.systemCert.requestID = result['requestID']
  logger.info('- request ID: %s', request.systemCert.requestID)
@@ -3347,7 +3351,7 @@ def create_cert_id(self, subsystem, tag, request):
 
  cert_id_generator = subsystem.config.get('dbs.cert.id.generator', 'legacy')
 
- if cert_id_generator == 'legacy':
+ if cert_id_generator != 'random':
  # call the server to generate legacy cert ID
  logger.info('Creating cert ID for %s cert', tag)
  cert_id = self.client.createCertID(request)

base/server/python/pki/server/subsystem.py

@@ -1515,7 +1515,7 @@ def request_ranges(self, master_url, session_id=None, install_token=None):
 
  # request cert/key request ID range if it uses legacy generator
  if self.type in ['CA', 'KRA'] and \
- self.config.get('dbs.request.id.generator', 'legacy') == 'legacy':
+ self.config.get('dbs.request.id.generator', 'legacy') != 'random':
 
  logger.info('Requesting request ID range')
 
@@ -1527,9 +1527,9 @@ def request_ranges(self, master_url, session_id=None, install_token=None):
 
  # request cert/key ID range if it uses legacy generator
  if self.type == 'CA' and \
- self.config.get('dbs.cert.id.generator', 'legacy') == 'legacy' or \
+ self.config.get('dbs.cert.id.generator', 'legacy') != 'random' or \
  self.type == 'KRA' \
- and self.config.get('dbs.key.id.generator', 'legacy') == 'legacy':
+ and self.config.get('dbs.key.id.generator', 'legacy') != 'random':
 
  logger.info('Requesting serial number range')
 

base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java

@@ -119,10 +119,12 @@ protected void initNewLegacyGenerator() throws EBaseException {
  rangeDN = dbConfig.getRequestRangeDN() + "," + dbSubsystem.getBaseDN();
  logger.debug("RequestRepository: - range DN: " + rangeDN);
 
- mMinSerialNo = dbConfig.getBigInteger(DatabaseConfig.MIN_REQUEST_NUMBER, null);
+ minSerialName = DatabaseConfig.MIN_REQUEST_NUMBER;
+ mMinSerialNo = dbConfig.getBigInteger(minSerialName, null);
  logger.debug("RequestRepository: - min serial: " + mMinSerialNo);
 
- mMaxSerialNo = dbConfig.getBigInteger(DatabaseConfig.MAX_REQUEST_NUMBER, null);
+ maxSerialName = DatabaseConfig.MAX_REQUEST_NUMBER;
+ mMaxSerialNo = dbConfig.getBigInteger(maxSerialName, null);
  logger.debug("RequestRepository: - max serial: " + mMaxSerialNo);
 
  nextMinSerialName = DatabaseConfig.NEXT_MIN_REQUEST_NUMBER;