From eb6f10eaf9445324a85fd69db34ba5c9dc792cad Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 31 Mar 2016 12:51:18 +1100
Subject: [PATCH 88/97] Lightweight CAs: use static db connection factory

Use a static database connection factory that is initialised by the
host authority and used by all CertificateAuthority instances.

Part of: https://fedorahosted.org/pki/ticket/1625
---
 .../src/com/netscape/ca/CertificateAuthority.java  | 25 +++++++++-------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index 5bad49d4b1688c4512a65d2b6b7209be045bbf5e..508bbf6a35fa47023871e2cd0a075770fc30bc09 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -182,6 +182,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
 
     public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2");
 
+    /* The static conn factory is initialised by the host authority's
+     * 'init' method, before any lightweight CAs are instantiated
+     */
+    private static ILdapConnFactory dbFactory = null;
+
     private static final Map<AuthorityID, ICertificateAuthority> caMap =
         Collections.synchronizedSortedMap(new TreeMap<AuthorityID, ICertificateAuthority>());
     protected CertificateAuthority hostCA = null;
@@ -424,6 +429,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             mOwner = owner;
             mConfig = config;
 
+            if (isHostAuthority()) {
+                dbFactory = CMS.getLdapBoundConnFactory("CertificateAuthority");
+                dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
+            }
+
             // init cert & crl database
             initCertDatabase();
             initCrlDatabase();
@@ -1964,8 +1974,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
      * This method must only be called by the host CA.
      */
     private void loadLightweightCAs() throws EBaseException {
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("loadLightweightCAs");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
 
         String searchDN = "ou=authorities,ou=" + getId()
@@ -2051,7 +2059,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             }
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         if (haveLightweightCAsContainer && !foundHostAuthority) {
@@ -2535,8 +2542,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet);
 
         // connect to database
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("createSubCA");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
 
         try {
@@ -2604,7 +2609,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             throw new EBaseException("Error adding authority entry to database: " + e);
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         return new CertificateAuthority(
@@ -2652,8 +2656,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet);
 
         // connect to database
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("addHostAuthorityEntry");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
 
         try {
@@ -2662,7 +2664,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             throw new ELdapException("Error adding host authority entry to database: " + e);
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         this.authorityID = aid;
@@ -2721,8 +2722,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
                 + getId() + "," + getDBSubsystem().getBaseDN();
 
             // connect to database
-            ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority");
-            dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
             LDAPConnection conn = dbFactory.getConn();
             try {
                 conn.modify(dn, mods);
@@ -2730,7 +2729,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
                 throw new EBaseException("Error adding authority entry to database: " + e);
             } finally {
                 dbFactory.returnConn(conn);
-                dbFactory.reset();
             }
 
             // update was successful; update CA's state
@@ -2761,8 +2759,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         shutdown();
 
         // delete ldap entry
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
         String dn = "cn=" + authorityID.toString() + ",ou=authorities,ou="
             + getId() + "," + getDBSubsystem().getBaseDN();
@@ -2772,7 +2768,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             throw new ELdapException("Error deleting authority entry '" + dn + "': " + e);
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         CryptoManager cryptoManager;
-- 
2.5.5