Index: pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java =================================================================== --- pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java (revision 2550) +++ pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java (working copy) @@ -1563,7 +1563,7 @@ mCA.getDBSubsystem().setEnableSerialMgmt(Boolean.valueOf(value)); //mCA.getCertificateRepository().setEnableSerialMgmt(Boolean.valueOf(value)); } else if (key.equals(Constants.PR_RANDOM_SN)) { - mCA.getCertificateRepository().setEnableRandomSerialNumbers(Boolean.valueOf(value), true); + mCA.getCertificateRepository().setEnableRandomSerialNumbers(Boolean.valueOf(value), true, false); } } Index: pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java =================================================================== --- pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java (revision 2550) +++ pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java (working copy) @@ -532,8 +532,9 @@ * * @param random "true" sets random serial number management, "false" sequential * @param updateMode "true" updates "description" attribute in certificate repository + * @param forceModeChange "true" forces certificate repository mode change */ - public void setEnableRandomSerialNumbers(boolean random, boolean updateMode); + public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange); public void shutdown(); } Index: pki/base/common/src/com/netscape/cmscore/dbs/Repository.java =================================================================== --- pki/base/common/src/com/netscape/cmscore/dbs/Repository.java (revision 2550) +++ pki/base/common/src/com/netscape/cmscore/dbs/Repository.java (working copy) @@ -418,10 +418,12 @@ // check if we have reached the end of the range // if so, move to next range BigInteger randomLimit = null; + BigInteger rangeLength = null; if ((this instanceof ICertificateRepository) && mDB.getEnableSerialMgmt() && mEnableRandomSerialNumbers) { - randomLimit = mMaxSerialNo.subtract(mMinSerialNo).add(BigInteger.ONE); - randomLimit = randomLimit.subtract(mLowWaterMarkNo.shiftRight(1)); + rangeLength = mMaxSerialNo.subtract(mMinSerialNo).add(BigInteger.ONE); + randomLimit = rangeLength.subtract(mLowWaterMarkNo.shiftRight(1)); + CMS.debug("Repository: checkRange rangeLength="+rangeLength); CMS.debug("Repository: checkRange randomLimit="+randomLimit); } CMS.debug("Repository: checkRange mLastSerialNo="+mLastSerialNo); @@ -430,15 +432,20 @@ if (mDB.getEnableSerialMgmt()) { CMS.debug("Reached the end of the range. Attempting to move to next range"); + if ((mNextMinSerialNo == null) || (mNextMaxSerialNo == null)) { + if (rangeLength != null && mCounter.compareTo(rangeLength) < 0) { + return; + } else { + throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED", + mLastSerialNo.toString())); + } + } mMinSerialNo = mNextMinSerialNo; mMaxSerialNo = mNextMaxSerialNo; mLastSerialNo = mMinSerialNo; mNextMinSerialNo = null; mNextMaxSerialNo = null; - if ((mMaxSerialNo == null) || (mMinSerialNo == null)) { - throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED", - mLastSerialNo.toString())); - } + mCounter = BigInteger.ZERO; // persist the changes mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString(mRadix)); Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java =================================================================== --- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (revision 2550) +++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (working copy) @@ -106,8 +106,9 @@ return mEnableRandomSerialNumbers; } - public void setEnableRandomSerialNumbers(boolean random, boolean updateMode) { - if (mEnableRandomSerialNumbers ^ random) { + public void setEnableRandomSerialNumbers(boolean random, boolean updateMode, boolean forceModeChange) { + CMS.debug("CertificateRepository: setEnableRandomSerialNumbers random="+random+" updateMode="+updateMode); + if (mEnableRandomSerialNumbers ^ random || forceModeChange) { mEnableRandomSerialNumbers = random; CMS.debug("CertificateRepository: setEnableRandomSerialNumbers switching to " + ((random)?PROP_RANDOM_MODE:PROP_SEQUENTIAL_MODE) + " mode"); @@ -294,12 +295,14 @@ boolean modeChange = (mEnableRandomSerialNumbers && crMode != null && crMode.equals(PROP_SEQUENTIAL_MODE)) || ((!mEnableRandomSerialNumbers) && crMode != null && crMode.equals(PROP_RANDOM_MODE)); + CMS.debug("CertificateRepository: updateCounter mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers); + CMS.debug("CertificateRepository: updateCounter CertificateRepositoryMode ="+crMode); CMS.debug("CertificateRepository: updateCounter modeChange="+modeChange); if (modeChange) { if (mForceModeChange) { - setEnableRandomSerialNumbers(mEnableRandomSerialNumbers, true); + setEnableRandomSerialNumbers(mEnableRandomSerialNumbers, true, mForceModeChange); } else { - setEnableRandomSerialNumbers(!mEnableRandomSerialNumbers, false); + setEnableRandomSerialNumbers(!mEnableRandomSerialNumbers, false, mForceModeChange); } } else if (mEnableRandomSerialNumbers && mCounter != null && mCounter.compareTo(BigInteger.ZERO) >= 0) { @@ -476,6 +479,10 @@ ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) )) { CMS.debug("getLastSerialNumberInRange returning: " + serial); + if (modeChange && mEnableRandomSerialNumbers) { + mCounter = serial.subtract(serial_low_bound).add(BigInteger.ONE); + CMS.debug("getLastSerialNumberInRange mCounter: " + mCounter); + } return serial; } } else { @@ -489,6 +496,10 @@ ret = ret.subtract(BigInteger.ONE); CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret); + if (modeChange && mEnableRandomSerialNumbers) { + mCounter = BigInteger.ZERO; + CMS.debug("getLastSerialNumberInRange mCounter: " + mCounter); + } return ret; }