Update all ranges when move from legacy to legacy2

In legacy serial number ranges are stored as hex for cert and decimal
for request. The legacy2 is using decimal for all the values stored in
DS. The update command is converting stored ranges to decimal to match
with the new format and avoid problems.

base/ca/src/main/java/org/dogtagpki/server/ca/cli/CARangeGeneratorUpdateCLI.java

@@ -30,7 +30,7 @@ public CARangeGeneratorUpdateCLI(CLI parent) {
 
  @Override
  protected void updateSerialNumberRangeGenerator(PKISocketFactory socketFactory, LdapConnInfo connInfo,
- LdapAuthInfo authInfo, DatabaseConfig dbConfig, String baseDN, IDGenerator newGenerator) throws Exception {
+ LdapAuthInfo authInfo, DatabaseConfig dbConfig, String baseDN, IDGenerator newGenerator, String hostName, String securePort) throws Exception {
  String value = dbConfig.getString(
  CertificateRepository.PROP_CERT_ID_GENERATOR,
  CertificateRepository.DEFAULT_CERT_ID_GENERATOR);
@@ -46,7 +46,7 @@ protected void updateSerialNumberRangeGenerator(PKISocketFactory socketFactory,
  dbConfig.put(CertificateRepository.PROP_CERT_ID_GENERATOR, newGenerator.toString());
  }
 
- super.updateSerialNumberRangeGenerator(socketFactory, connInfo, authInfo, dbConfig, baseDN, newGenerator);
+ super.updateSerialNumberRangeGenerator(socketFactory, connInfo, authInfo, dbConfig, baseDN, newGenerator, hostName, securePort);
  }
 
 

base/server/src/main/java/org/dogtagpki/server/cli/SubsystemCLI.java

@@ -16,6 +16,7 @@
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cmscore.apps.CMS;
 import com.netscape.cmscore.apps.EngineConfig;
+import com.netscape.cmscore.apps.ServerConfig;
 import com.netscape.cmscore.base.ConfigStorage;
 import com.netscape.cmscore.base.FileConfigStorage;
 import com.netscape.cmscore.ldapconn.LDAPAuthenticationConfig;
@@ -30,6 +31,7 @@
 public abstract class SubsystemCLI extends CommandCLI {
 
  public static final Logger logger = LoggerFactory.getLogger(SubsystemCLI.class);
+ private static final String SERVER_XML = "server.xml";
 
  protected SubsystemCLI(String name, String description, CLI parent) {
  super(name, description, parent);
@@ -64,4 +66,18 @@ protected LdapAuthInfo getAuthInfo(PasswordStore passwordStore, LdapConnInfo con
  connInfo.getSecure());
  return authInfo;
  }
+
+ protected String getSecurePort(EngineConfig config) throws Exception {
+
+ String path = CMS.getInstanceDir() + File.separator + "conf" + File.separator + SERVER_XML;
+
+ ServerConfig serverConfig = ServerConfig.load(path);
+ String securePort = serverConfig.getSecurePort();
+
+ String port = config.getString("proxy.securePort", "");
+ if (!port.equals("")) {
+ securePort = port;
+ }
+ return securePort;
+ }
 }

base/server/src/main/java/org/dogtagpki/server/cli/SubsystemRangeGeneratorUpdateCLI.java

@@ -24,6 +24,7 @@
 import com.netscape.cmsutil.password.PasswordStoreConfig;
 import java.math.BigInteger;
 import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPAttributeSet;
 import netscape.ldap.LDAPEntry;
 import netscape.ldap.LDAPModification;
 import netscape.ldap.LDAPSearchResults;
@@ -115,7 +116,9 @@ public void execute(CommandLine cmd) throws Exception {
  authInfo,
  dbConfig,
  baseDN,
- generator);
+ generator,
+ cs.getHostname(),
+ getSecurePort(cs));
  cs.commit(false);
  } else if (generatorType.equals("request")) {
  updateRequestNumberRangeGenerator(
@@ -132,7 +135,8 @@ public void execute(CommandLine cmd) throws Exception {
  }
 
  protected void updateSerialNumberRangeGenerator(PKISocketFactory socketFactory, LdapConnInfo connInfo,
- LdapAuthInfo authInfo, DatabaseConfig dbConfig, String baseDN, IDGenerator newGenerator) throws Exception {
+ LdapAuthInfo authInfo, DatabaseConfig dbConfig, String baseDN, IDGenerator newGenerator,
+ String hostName, String securePort) throws Exception {
 
  if (newGenerator == IDGenerator.RANDOM && idGenerator != IDGenerator.RANDOM) {
  logger.debug("Remove serial ranges from configuration");
@@ -184,29 +188,7 @@ protected void updateSerialNumberRangeGenerator(PKISocketFactory socketFactory,
  dbConfig.setNextEndSerialNumber("0x" + nextEndSerial);
  }
 
- LDAPSearchResults results = conn.search(rangeDN, LDAPv3.SCOPE_SUB, "(objectClass=pkiRange)", null, false);
-
- BigInteger lastUsedSerial = BigInteger.ZERO;
- while (results.hasMoreElements()) {
- LDAPEntry entry = results.next();
- String endRange = entry.getAttribute("endRange").getStringValues().nextElement();
- BigInteger next = new BigInteger(endRange, 16);
- if (lastUsedSerial.compareTo(next) < 0) {
- lastUsedSerial = next;
- }
- }
-
- if (lastUsedSerial == BigInteger.ZERO) {
- lastUsedSerial = new BigInteger(endSerialNumber, 16);
- }
- BigInteger nextSerialNumber = lastUsedSerial.add(BigInteger.ONE);
- String serialDN = dbConfig.getSerialDN() + "," + baseDN;
- // store nextRange as decimal
- LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", nextSerialNumber.toString());
-
- LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
-
- conn.modify(serialDN, serialmod);
+ updateRanges(dbConfig, conn, baseDN, rangeDN, endSerialNumber, hostName, securePort);
  } finally {
  conn.disconnect();
  }
@@ -241,4 +223,69 @@ protected void updateRequestNumberRangeGenerator(PKISocketFactory socketFactory,
  }
  throw new EBaseException("Update to " + newGenerator + " not supported");
  }
+
+ private void updateRanges(DatabaseConfig dbConfig, LdapBoundConnection conn, String baseDN, String rangeDN, String defaultEndSerialNumber,
+ String hostName, String securePort) throws Exception{
+
+ LDAPSearchResults ranges = conn.search(rangeDN, LDAPv3.SCOPE_SUB, "(objectClass=pkiRange)", null, false);
+
+ BigInteger lastUsedSerial = BigInteger.ZERO;
+ boolean nextRangeToUpdate = true;
+ while (ranges.hasMoreElements()) {
+ LDAPEntry entry = ranges.next();
+ String endRange = entry.getAttribute("endRange").getStringValues().nextElement();
+ String host = entry.getAttribute("host").getStringValues().nextElement();
+ String port = entry.getAttribute("securePort").getStringValues().nextElement();
+ BigInteger next = new BigInteger(endRange, 16);
+ if (lastUsedSerial.compareTo(next) < 0) {
+ lastUsedSerial = next;
+ nextRangeToUpdate = host.equals(hostName) && port.equals(securePort);
+
+ }
+ }
+
+ if (nextRangeToUpdate) {
+ if (lastUsedSerial == BigInteger.ZERO) {
+ lastUsedSerial = new BigInteger(defaultEndSerialNumber, 16);
+ }
+ BigInteger nextSerialNumber = lastUsedSerial.add(BigInteger.ONE);
+ String serialDN = dbConfig.getSerialDN() + "," + baseDN;
+ // store nextRange as decimal
+ LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", nextSerialNumber.toString());
+
+ LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
+
+ conn.modify(serialDN, serialmod);
+ }
+
+ LDAPSearchResults instanceRanges = conn.search(rangeDN, LDAPv3.SCOPE_SUB, "(&(objectClass=pkiRange)(host= " +
+ hostName + ")(SecurePort=" + securePort + "))", null, false);
+ while (instanceRanges.hasMoreElements()) {
+ LDAPEntry entry = instanceRanges.next();
+ String beginRange = entry.getAttribute("beginRange").getStringValues().nextElement();
+ BigInteger beginRangeNo = new BigInteger(beginRange, 16);
+ String endRange = entry.getAttribute("endRange").getStringValues().nextElement();
+ BigInteger endRangeNo = new BigInteger(endRange, 16);
+ LDAPAttributeSet attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectClass", "top"));
+ attrs.add(new LDAPAttribute("objectClass", "pkiRange"));
+
+ // store beginRange as decimal
+ attrs.add(new LDAPAttribute("beginRange", beginRangeNo.toString()));
+
+ // store endRange as decimal
+ attrs.add(new LDAPAttribute("endRange", endRangeNo.toString()));
+
+ attrs.add(new LDAPAttribute("cn", beginRangeNo.toString()));
+ attrs.add(new LDAPAttribute("host", hostName));
+ attrs.add(new LDAPAttribute("securePort", securePort));
+
+ String dn = "cn=" + beginRangeNo.toString() + "," + rangeDN;
+ LDAPEntry rangeEntry = new LDAPEntry(dn, attrs);
+ logger.info("SubsystemRangeGeneratorUpdateCLI.updateRanges: Remove entry " + entry.getDN());
+ conn.delete(entry.getDN());
+ logger.info("SubsystemRangeGeneratorUpdateCLI.updateRanges: Adding entry " + dn);
+ conn.add(rangeEntry);
+ }
+ }
 }