From a5854ac0e7dfb3eada1cfd37bbd593f06d6e3903 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 31 Mar 2016 13:35:49 +1100 Subject: [PATCH 90/97] Lightweight CAs: move host authority creation out of load method To reduce the amount of code that would be run in the persistent search thread, extract the host authority entry creation out of the 'loadLightweightCAs' method, into 'CertificateAuthority.init'. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../src/com/netscape/ca/CertificateAuthority.java | 42 +++++++++++++--------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 38bcc24eb5733e1744d0a9e10091131a9c837c0a..02677e4769a3e049aebc9f28dd959e9d4152494a 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -290,6 +290,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori private boolean mUseNonces = true; private int mMaxNonces = 100; + private static boolean foundHostAuthority = false; + /** * Constructs a CA subsystem. */ @@ -512,9 +514,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // being functional. initCRL(); - if (isHostAuthority()) + if (isHostAuthority() && haveLightweightCAsContainer()) { loadLightweightCAs(); + if (!foundHostAuthority) { + CMS.debug("loadLightweightCAs: no entry for host authority"); + CMS.debug("loadLightweightCAs: adding entry for host authority"); + caMap.put(addHostAuthorityEntry(), this); + } + + CMS.debug("CertificateAuthority: finished init of host authority"); + } } catch (EBaseException e) { if (CMS.isPreOpMode()) return; @@ -528,6 +538,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori + "," + getDBSubsystem().getBaseDN(); } + private boolean haveLightweightCAsContainer() throws ELdapException { + LDAPConnection conn = dbFactory.getConn(); + try { + LDAPSearchResults results = conn.search( + authorityBaseDN(), LDAPConnection.SCOPE_BASE, null, null, false); + return results != null; + } catch (LDAPException e) { + return false; + } finally { + dbFactory.returnConn(conn); + } + } + private void initCRLPublisher() throws EBaseException { // instantiate CRL publisher if (!isHostAuthority()) { @@ -1982,8 +2005,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPConnection conn = dbFactory.getConn(); LDAPSearchResults results = null; - boolean foundHostAuthority = false; - boolean haveLightweightCAsContainer = true; try { results = conn.search( authorityBaseDN(), LDAPConnection.SCOPE_ONE, @@ -2052,23 +2073,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori caMap.put(aid, ca); } } catch (LDAPException e) { - if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { - CMS.debug( - "Missing lightweight CAs container '" + authorityBaseDN() - + "'. Disabling lightweight CAs."); - haveLightweightCAsContainer = false; - } else { - throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e); - } + throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e); } finally { dbFactory.returnConn(conn); } - - if (haveLightweightCAsContainer && !foundHostAuthority) { - CMS.debug("loadLightweightCAs: no entry for host authority"); - CMS.debug("loadLightweightCAs: adding entry for host authority"); - caMap.put(addHostAuthorityEntry(), this); - } } public String getOfficialName() { -- 2.5.5