From 06d9386d15395b6e9e99e539d4f4af796cbf1664 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 31 Mar 2016 13:08:48 +1100 Subject: [PATCH 89/96] Lightweight CAs: avoid repeat definition of authorities DN Part of: https://fedorahosted.org/pki/ticket/1625 --- .../src/com/netscape/ca/CertificateAuthority.java | 23 +++++++++++----------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 26ddc0501fd768d6261931e3a02434cce13d33c7..8d9d8936c5a09f79d9725027aaff80aaa332a03f 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -523,6 +523,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori } } + private String authorityBaseDN() { + return "ou=authorities,ou=" + getId() + + "," + getDBSubsystem().getBaseDN(); + } + private void initCRLPublisher() throws EBaseException { // instantiate CRL publisher if (!isHostAuthority()) { @@ -1976,14 +1981,12 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori private void loadLightweightCAs() throws EBaseException { LDAPConnection conn = dbFactory.getConn(); - String searchDN = "ou=authorities,ou=" + getId() - + "," + getDBSubsystem().getBaseDN(); LDAPSearchResults results = null; boolean foundHostAuthority = false; boolean haveLightweightCAsContainer = true; try { results = conn.search( - searchDN, LDAPConnection.SCOPE_ONE, + authorityBaseDN(), LDAPConnection.SCOPE_ONE, "(objectclass=authority)", null, false); while (results.hasMoreElements()) { @@ -2051,7 +2054,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { CMS.debug( - "Missing lightweight CAs container '" + searchDN + "Missing lightweight CAs container '" + authorityBaseDN() + "'. Disabling lightweight CAs."); haveLightweightCAsContainer = false; } else { @@ -2514,8 +2517,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori String nickname = hostCA.getNickname() + " " + aidString; // build database entry - String dn = "cn=" + aidString + ",ou=authorities,ou=" - + getId() + "," + getDBSubsystem().getBaseDN(); + String dn = "cn=" + aidString + "," + authorityBaseDN(); CMS.debug("createSubCA: DN = " + dn); String parentDNString = null; try { @@ -2633,8 +2635,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori String aidString = aid.toString(); // build database entry - String dn = "cn=" + aidString + ",ou=authorities,ou=" - + getId() + "," + getDBSubsystem().getBaseDN(); + String dn = "cn=" + aidString + "," + authorityBaseDN(); String dnString = null; try { dnString = mName.toLdapDNString(); @@ -2718,8 +2719,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori } if (mods.size() > 0) { - String dn = "cn=" + authorityID.toString() + ",ou=authorities,ou=" - + getId() + "," + getDBSubsystem().getBaseDN(); + String dn = "cn=" + authorityID.toString() + "," + authorityBaseDN(); // connect to database LDAPConnection conn = dbFactory.getConn(); @@ -2760,8 +2760,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // delete ldap entry LDAPConnection conn = dbFactory.getConn(); - String dn = "cn=" + authorityID.toString() + ",ou=authorities,ou=" - + getId() + "," + getDBSubsystem().getBaseDN(); + String dn = "cn=" + authorityID.toString() + "," + authorityBaseDN(); try { conn.delete(dn); } catch (LDAPException e) { -- 2.5.5