From 15c807b311cda0be43a523cd3b91d3fdf94c6b03 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 31 Mar 2016 13:35:49 +1100 Subject: [PATCH 90/96] Lightweight CAs: move host authority creation out of load method To reduce the amount of code that would be run in the persistent search thread, extract the host authority entry creation out of the 'loadLightweightCAs' method, into 'CertificateAuthority.init'. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../src/com/netscape/ca/CertificateAuthority.java | 42 +++++++++++++--------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 8d9d8936c5a09f79d9725027aaff80aaa332a03f..798b310668332bf58e2a656cf948065f0cf25d96 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -290,6 +290,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori private boolean mUseNonces = true; private int mMaxNonces = 100; + private static boolean foundHostAuthority = false; + /** * Constructs a CA subsystem. */ @@ -512,9 +514,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // being functional. initCRL(); - if (isHostAuthority()) + if (isHostAuthority() && haveLightweightCAsContainer()) { loadLightweightCAs(); + if (!foundHostAuthority) { + CMS.debug("loadLightweightCAs: no entry for host authority"); + CMS.debug("loadLightweightCAs: adding entry for host authority"); + caMap.put(addHostAuthorityEntry(), this); + } + + CMS.debug("CertificateAuthority: finished init of host authority"); + } } catch (EBaseException e) { if (CMS.isPreOpMode()) return; @@ -528,6 +538,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori + "," + getDBSubsystem().getBaseDN(); } + private boolean haveLightweightCAsContainer() throws ELdapException { + LDAPConnection conn = dbFactory.getConn(); + try { + LDAPSearchResults results = conn.search( + authorityBaseDN(), LDAPConnection.SCOPE_BASE, null, null, false); + return results != null; + } catch (LDAPException e) { + return false; + } finally { + dbFactory.returnConn(conn); + } + } + private void initCRLPublisher() throws EBaseException { // instantiate CRL publisher if (!isHostAuthority()) { @@ -1982,8 +2005,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPConnection conn = dbFactory.getConn(); LDAPSearchResults results = null; - boolean foundHostAuthority = false; - boolean haveLightweightCAsContainer = true; try { results = conn.search( authorityBaseDN(), LDAPConnection.SCOPE_ONE, @@ -2052,23 +2073,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori caMap.put(aid, ca); } } catch (LDAPException e) { - if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { - CMS.debug( - "Missing lightweight CAs container '" + authorityBaseDN() - + "'. Disabling lightweight CAs."); - haveLightweightCAsContainer = false; - } else { - throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e); - } + throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e); } finally { dbFactory.returnConn(conn); } - - if (haveLightweightCAsContainer && !foundHostAuthority) { - CMS.debug("loadLightweightCAs: no entry for host authority"); - CMS.debug("loadLightweightCAs: adding entry for host authority"); - caMap.put(addHostAuthorityEntry(), this); - } } public String getOfficialName() { -- 2.5.5