From 18ed063edde8608f2ef30f62c118e24b835f1d83 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 31 Mar 2016 13:35:49 +1100 Subject: [PATCH 90/96] Lightweight CAs: move host authority creation out of load method To reduce the amount of code that would be run in the persistent search thread, extract the host authority entry creation out of the 'loadLightweightCAs' method, into 'CertificateAuthority.init'. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../src/com/netscape/ca/CertificateAuthority.java | 42 +++++++++++++--------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 951521d04d8a80dd719264b6f285e3fdbb75d696..6afcc1037647312aa435bbb8187b7c0df0be3405 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -292,6 +292,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori private boolean mUseNonces = true; private int mMaxNonces = 100; + private static boolean foundHostAuthority = false; + /** * Constructs a CA subsystem. */ @@ -514,9 +516,17 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori // being functional. initCRL(); - if (isHostAuthority()) + if (isHostAuthority() && haveLightweightCAsContainer()) { loadLightweightCAs(); + if (!foundHostAuthority) { + CMS.debug("loadLightweightCAs: no entry for host authority"); + CMS.debug("loadLightweightCAs: adding entry for host authority"); + caMap.put(addHostAuthorityEntry(), this); + } + + CMS.debug("CertificateAuthority: finished init of host authority"); + } } catch (EBaseException e) { if (CMS.isPreOpMode()) return; @@ -530,6 +540,19 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori + "," + getDBSubsystem().getBaseDN(); } + private boolean haveLightweightCAsContainer() throws ELdapException { + LDAPConnection conn = dbFactory.getConn(); + try { + LDAPSearchResults results = conn.search( + authorityBaseDN(), LDAPConnection.SCOPE_BASE, null, null, false); + return results != null; + } catch (LDAPException e) { + return false; + } finally { + dbFactory.returnConn(conn); + } + } + private void initCRLPublisher() throws EBaseException { // instantiate CRL publisher if (!isHostAuthority()) { @@ -1990,8 +2013,6 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori LDAPConnection conn = dbFactory.getConn(); LDAPSearchResults results = null; - boolean foundHostAuthority = false; - boolean haveLightweightCAsContainer = true; try { results = conn.search( authorityBaseDN(), LDAPConnection.SCOPE_ONE, @@ -2060,23 +2081,10 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori caMap.put(aid, ca); } } catch (LDAPException e) { - if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { - CMS.debug( - "Missing lightweight CAs container '" + authorityBaseDN() - + "'. Disabling lightweight CAs."); - haveLightweightCAsContainer = false; - } else { - throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e); - } + throw new ECAException("Failed to execute LDAP search for lightweight CAs: " + e); } finally { dbFactory.returnConn(conn); } - - if (haveLightweightCAsContainer && !foundHostAuthority) { - CMS.debug("loadLightweightCAs: no entry for host authority"); - CMS.debug("loadLightweightCAs: adding entry for host authority"); - caMap.put(addHostAuthorityEntry(), this); - } } public String getOfficialName() { -- 2.5.5