From 908c75dcefcb5030b2e3328835c506bf4c53704f Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 31 Mar 2016 12:51:18 +1100
Subject: [PATCH 88/96] Lightweight CAs: use static db connection factory

Use a static database connection factory that is initialised by the
host authority and used by all CertificateAuthority instances.

Part of: https://fedorahosted.org/pki/ticket/1625
---
 .../src/com/netscape/ca/CertificateAuthority.java  | 25 +++++++++-------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
index b087f26b6a43c4806b826e368d14feffdea85e56..a44482a77fdd9b953b832529c85b825b25346da2 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
@@ -183,6 +183,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
 
     public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2");
 
+    /* The static conn factory is initialised by the host authority's
+     * 'init' method, before any lightweight CAs are instantiated
+     */
+    private static ILdapConnFactory dbFactory = null;
+
     private static final Map<AuthorityID, ICertificateAuthority> caMap =
         Collections.synchronizedSortedMap(new TreeMap<AuthorityID, ICertificateAuthority>());
     protected CertificateAuthority hostCA = null;
@@ -426,6 +431,11 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             mOwner = owner;
             mConfig = config;
 
+            if (isHostAuthority()) {
+                dbFactory = CMS.getLdapBoundConnFactory("CertificateAuthority");
+                dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
+            }
+
             // init cert & crl database
             initCertDatabase();
             initCrlDatabase();
@@ -1972,8 +1982,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
      * This method must only be called by the host CA.
      */
     private void loadLightweightCAs() throws EBaseException {
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("loadLightweightCAs");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
 
         String searchDN = "ou=authorities,ou=" + getId()
@@ -2059,7 +2067,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             }
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         if (haveLightweightCAsContainer && !foundHostAuthority) {
@@ -2543,8 +2550,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet);
 
         // connect to database
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("createSubCA");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
 
         try {
@@ -2612,7 +2617,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             throw new EBaseException("Error adding authority entry to database: " + e);
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         return new CertificateAuthority(
@@ -2660,8 +2664,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         LDAPEntry ldapEntry = new LDAPEntry(dn, attrSet);
 
         // connect to database
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("addHostAuthorityEntry");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
 
         try {
@@ -2670,7 +2672,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             throw new ELdapException("Error adding host authority entry to database: " + e);
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         this.authorityID = aid;
@@ -2729,8 +2730,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
                 + getId() + "," + getDBSubsystem().getBaseDN();
 
             // connect to database
-            ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority");
-            dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
             LDAPConnection conn = dbFactory.getConn();
             try {
                 conn.modify(dn, mods);
@@ -2738,7 +2737,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
                 throw new EBaseException("Error adding authority entry to database: " + e);
             } finally {
                 dbFactory.returnConn(conn);
-                dbFactory.reset();
             }
 
             // update was successful; update CA's state
@@ -2769,8 +2767,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
         shutdown();
 
         // delete ldap entry
-        ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("updateAuthority");
-        dbFactory.init(CMS.getConfigStore().getSubStore("internaldb"));
         LDAPConnection conn = dbFactory.getConn();
         String dn = "cn=" + authorityID.toString() + ",ou=authorities,ou="
             + getId() + "," + getDBSubsystem().getBaseDN();
@@ -2780,7 +2776,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
             throw new ELdapException("Error deleting authority entry '" + dn + "': " + e);
         } finally {
             dbFactory.returnConn(conn);
-            dbFactory.reset();
         }
 
         CryptoManager cryptoManager;
-- 
2.5.5