From eb6f10eaf9445324a85fd69db34ba5c9dc792cad Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 31 Mar 2016 12:51:18 +1100 Subject: [PATCH 88/97] Lightweight CAs: use static db connection factory Use a static database connection factory that is initialised by the host authority and used by all CertificateAuthority instances. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../src/com/netscape/ca/CertificateAuthority.java | 25 +++++++++------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 5bad49d4b1688c4512a65d2b6b7209be045bbf5e..508bbf6a35fa47023871e2cd0a075770fc30bc09 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -182,6 +182,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2"); + /* The static conn factory is initialised by the host authority's + * 'init' method, before any lightweight CAs are instantiated + */ + private static ILdapConnFactory dbFactory = null; + private static final Map caMap = Collections.synchronizedSortedMap(new TreeMap()); protected CertificateAuthority hostCA = null; @@ -424,6 +429,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori mOwner = owner; mConfig = config; + if (isHostAuthority()) { + dbFactory = CMS.getLdapBoundConnFactory("CertificateAuthority"); + dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); + } + // init cert & crl database initCertDatabase(); initCrlDatabase(); @@ -1964,8 +1974,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori * This method must only be called by the host CA. */ private void loadLightweightCAs() throws EBaseException { - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("loadLightweightCAs"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); String searchDN = "ou=authorities,ou=" + getId() @@ -2051,7 +2059,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori } } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } if (haveLightweightCAsContainer && !foundHostAuthority) { @@ -2535,8 +2542,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet); // connect to database - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("createSubCA"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); try { @@ -2604,7 +2609,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new EBaseException("Error adding authority entry to database: " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } return new CertificateAuthority( @@ -2652,8 +2656,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet); // connect to database - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("addHostAuthorityEntry"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); try { @@ -2662,7 +2664,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new ELdapException("Error adding host authority entry to database: " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } this.authorityID = aid; @@ -2721,8 +2722,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori + getId() + "," + getDBSubsystem().getBaseDN(); // connect to database - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); try { conn.modify(dn, mods); @@ -2730,7 +2729,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new EBaseException("Error adding authority entry to database: " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } // update was successful; update CA's state @@ -2761,8 +2759,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori shutdown(); // delete ldap entry - ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority"); - dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); String dn = "cn=" + authorityID.toString() + ",ou=authorities,ou=" + getId() + "," + getDBSubsystem().getBaseDN(); @@ -2772,7 +2768,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori throw new ELdapException("Error deleting authority entry '" + dn + "': " + e); } finally { dbFactory.returnConn(conn); - dbFactory.reset(); } CryptoManager cryptoManager; -- 2.5.5