Add CAEngine.getAuthorityRecord()

The code that loads the authority record from an LDAP entry in CAEngine.readAuthority() has been moved into getAuthorityRecord().
dogtagpki · Oct 5, 2023 · cfac403 · cfac403
1 parent 5b9607f
commit cfac403
Showing 1 changed file with 108 additions and 73 deletions.
diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java b/base/ca/src/main/java/org/dogtagpki/server/ca/CAEngine.java
@@ -72,6 +72,7 @@
 import com.netscape.certsrv.ca.ECAException;
 import com.netscape.certsrv.ca.IssuerUnavailableException;
 import com.netscape.certsrv.connector.ConnectorsConfig;
+import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.profile.EProfileException;
 import com.netscape.certsrv.publish.CRLPublisher;
@@ -973,6 +974,88 @@ public boolean haveAuthorityContainer() throws EBaseException {
         }
     }
 
+    public AuthorityRecord getAuthorityRecord(LDAPEntry entry) throws Exception {
+
+        logger.info("CAEngine: Loading " + entry.getDN());
+
+        AuthorityRecord record = new AuthorityRecord();
+
+        LDAPAttribute authorityIDAttr = entry.getAttribute("authorityID");
+        if (authorityIDAttr == null) {
+            throw new Exception("Missing authorityID attribute: " + entry.getDN());
+        }
+
+        AuthorityID authorityID = new AuthorityID(authorityIDAttr.getStringValues().nextElement());
+        record.setAuthorityID(authorityID);
+
+        LDAPAttribute authorityDNAttr = entry.getAttribute("authorityDN");
+        if (authorityDNAttr == null) {
+            throw new Exception("Missing authorityDN attribute: " + entry.getDN());
+        }
+
+        X500Name authorityDN = new X500Name(authorityDNAttr.getStringValues().nextElement());
+        record.setAuthorityDN(authorityDN);
+
+        LDAPAttribute parentIDAttr = entry.getAttribute("authorityParentID");
+        if (parentIDAttr != null) {
+            AuthorityID parentID = new AuthorityID(parentIDAttr.getStringValues().nextElement());
+            record.setParentID(parentID);
+        }
+
+        LDAPAttribute parentDNAttr = entry.getAttribute("authorityParentDN");
+        if (parentDNAttr != null) {
+            X500Name parentDN = new X500Name(parentDNAttr.getStringValues().nextElement());
+            record.setParentDN(parentDN);
+        }
+
+        LDAPAttribute descriptionAttr = entry.getAttribute("description");
+        if (descriptionAttr != null) {
+            String description = descriptionAttr.getStringValues().nextElement();
+            record.setDescription(description);
+        }
+
+        LDAPAttribute enabledAttr = entry.getAttribute("authorityEnabled");
+        if (enabledAttr != null) {
+            String enabledString = enabledAttr.getStringValues().nextElement();
+            record.setEnabled(enabledString.equalsIgnoreCase("TRUE"));
+        }
+
+        LDAPAttribute serialAttr = entry.getAttribute("authoritySerial");
+        if (serialAttr != null) {
+            CertId certID = new CertId(new BigInteger(serialAttr.getStringValueArray()[0]));
+            record.setSerialNumber(certID);
+        }
+
+        LDAPAttribute keyNicknameAttr = entry.getAttribute("authorityKeyNickname");
+        if (keyNicknameAttr == null) {
+            throw new Exception("Missing authorityKeyNickname attribute: " + entry.getDN());
+        }
+
+        String keyNickname = keyNicknameAttr.getStringValues().nextElement();
+        record.setKeyNickname(keyNickname);
+
+        Collection<String> keyHosts;
+        LDAPAttribute keyHostAttr = entry.getAttribute("authorityKeyHost");
+        if (keyHostAttr == null) {
+            keyHosts = Collections.emptyList();
+        } else {
+            Enumeration<String> keyHostsEnum = keyHostAttr.getStringValues();
+            keyHosts = Collections.list(keyHostsEnum);
+        }
+        record.setKeyHosts(keyHosts);
+
+        String nsUniqueID = entry.getAttribute("nsUniqueId").getStringValueArray()[0];
+        record.setNSUniqueID(nsUniqueID);
+
+        LDAPAttribute entryUSNAttr = entry.getAttribute("entryUSN");
+        if (entryUSNAttr != null) {
+            BigInteger entryUSN = new BigInteger(entryUSNAttr.getStringValueArray()[0]);
+            record.setEntryUSN(entryUSN);
+        }
+
+        return record;
+    }
+
     /**
      * Returns the main/host CA.
      */
@@ -1307,50 +1390,34 @@ public synchronized void deleteAuthorityEntry(AuthorityID aid) throws EBaseExcep
 
     public synchronized void readAuthority(LDAPEntry entry) throws Exception {
 
-        CertificateAuthority hostCA = getCA();
-
-        String nsUniqueId = entry.getAttribute("nsUniqueId").getStringValueArray()[0];
-        if (authorityMonitor.deletedNsUniqueIds.contains(nsUniqueId)) {
-            logger.warn("CAEngine: ignoring entry with nsUniqueId '"
-                    + nsUniqueId + "' due to deletion");
-            return;
-        }
-
         logger.info("CAEngine: Loading authority record " + entry.getDN());
 
-        LDAPAttribute aidAttr = entry.getAttribute("authorityID");
-        LDAPAttribute nickAttr = entry.getAttribute("authorityKeyNickname");
-        LDAPAttribute keyHostsAttr = entry.getAttribute("authorityKeyHost");
-        LDAPAttribute dnAttr = entry.getAttribute("authorityDN");
-        LDAPAttribute parentAIDAttr = entry.getAttribute("authorityParentID");
-        LDAPAttribute parentDNAttr = entry.getAttribute("authorityParentDN");
-        LDAPAttribute serialAttr = entry.getAttribute("authoritySerial");
-
-        if (aidAttr == null || nickAttr == null || dnAttr == null) {
-            logger.warn("Malformed authority object; required attribute(s) missing: " + entry.getDN());
+        AuthorityRecord record;
+        try {
+            record = getAuthorityRecord(entry);
+        } catch (Exception e) {
+            logger.warn("Unable to load authority record: " + e.getMessage(), e);
             return;
         }
 
-        AuthorityID aid = new AuthorityID(aidAttr.getStringValues().nextElement());
-
-        X500Name dn = null;
-        try {
-            dn = new X500Name(dnAttr.getStringValues().nextElement());
-        } catch (IOException e) {
-            logger.warn("Malformed authority object; invalid authorityDN: " + entry.getDN() + ": " + e.getMessage(), e);
+        String nsUniqueId = record.getNSUniqueID();
+        if (authorityMonitor.deletedNsUniqueIds.contains(nsUniqueId)) {
+            logger.warn("CAEngine: ignoring entry with nsUniqueId '"
+                    + nsUniqueId + "' due to deletion");
+            return;
         }
 
-        String desc = null;
-        LDAPAttribute descAttr = entry.getAttribute("description");
-        if (descAttr != null) {
-            desc = descAttr.getStringValues().nextElement();
-        }
+        AuthorityID aid = record.getAuthorityID();
+        X500Name dn = record.getAuthorityDN();
+        String desc = record.getDescription();
 
         // Determine if it is the host authority's entry, by
         // comparing DNs.  DNs must be serialized in case different
         // encodings are used for AVA values, e.g. PrintableString
         // from LDAP vs UTF8String in certificate.
 
+        CertificateAuthority hostCA = getCA();
+
         if (dn.toString().equals(hostCA.getX500Name().toString())) {
             logger.info("CAEngine: Updating host CA");
             authorityMonitor.foundHostCA = true;
@@ -1366,27 +1433,23 @@ public synchronized void readAuthority(LDAPEntry entry) throws Exception {
             return;
         }
 
-        BigInteger newEntryUSN = null;
-        LDAPAttribute entryUSNAttr = entry.getAttribute("entryUSN");
+        BigInteger newEntryUSN = record.getEntryUSN();
+        logger.debug("CAEngine: new entryUSN: " + newEntryUSN);
 
-        if (entryUSNAttr == null) {
+        if (newEntryUSN == null) {
             logger.debug("CAEngine: no entryUSN");
             if (!entryUSNPluginEnabled()) {
                 logger.warn("CAEngine: dirsrv USN plugin is not enabled; skipping entry");
                 logger.warn("Lightweight authority entry has no"
                         + " entryUSN attribute and USN plugin not enabled;"
                         + " skipping.  Enable dirsrv USN plugin.");
                 return;
-
             }
+
             logger.debug("CAEngine: dirsrv USN plugin is enabled; continuing");
             // entryUSN plugin is enabled, but no entryUSN attribute. We
             // can proceed because future modifications will result in the
             // entryUSN attribute being added.
-
-        } else {
-            newEntryUSN = new BigInteger(entryUSNAttr.getStringValueArray()[0]);
-            logger.debug("CAEngine: new entryUSN: " + newEntryUSN);
         }
 
         BigInteger knownEntryUSN = authorityMonitor.entryUSNs.get(aid);
@@ -1398,43 +1461,15 @@ public synchronized void readAuthority(LDAPEntry entry) throws Exception {
             }
         }
 
-        @SuppressWarnings("unused")
-        X500Name parentDN = null;
-        if (parentDNAttr != null) {
-            try {
-                parentDN = new X500Name(parentDNAttr.getStringValues().nextElement());
-            } catch (IOException e) {
-                logger.warn("Malformed authority object; invalid authorityParentDN: " + entry.getDN() + ": " + e.getMessage(), e);
-                return;
-            }
-        }
-
-        String keyNick = nickAttr.getStringValues().nextElement();
-
-        Collection<String> keyHosts;
-        if (keyHostsAttr == null) {
-            keyHosts = Collections.emptyList();
-        } else {
-            Enumeration<String> keyHostsEnum = keyHostsAttr.getStringValues();
-            keyHosts = Collections.list(keyHostsEnum);
-        }
+        String keyNick = record.getKeyNickname();
+        Collection<String> keyHosts = record.getKeyHosts();
 
-        AuthorityID parentAID = null;
-        if (parentAIDAttr != null) {
-            parentAID = new AuthorityID(parentAIDAttr.getStringValues().nextElement());
-        }
+        AuthorityID parentAID = record.getParentID();
 
-        BigInteger serial = null;
-        if (serialAttr != null) {
-            serial = new BigInteger(serialAttr.getStringValueArray()[0]);
-        }
+        CertId certID = record.getSerialNumber();
+        BigInteger serial = certID == null ? null : certID.toBigInteger();
 
-        boolean enabled = true;
-        LDAPAttribute enabledAttr = entry.getAttribute("authorityEnabled");
-        if (enabledAttr != null) {
-            String enabledString = enabledAttr.getStringValues().nextElement();
-            enabled = enabledString.equalsIgnoreCase("TRUE");
-        }
+        boolean enabled = record.getEnabled();
 
         try {
             CertificateAuthority ca = new CertificateAuthority(