Modify pki-server ca-range-generator-* to ca-id-generator-*

dogtagpki · Oct 21, 2024 · da9f148 · da9f148
1 parent 26e8c1b
commit da9f148
Show file tree

Hide file tree

Showing 18 changed files with 343 additions and 213 deletions.
diff --git a/.github/workflows/ca-clone-sequential-test.yml b/.github/workflows/ca-clone-sequential-test.yml
@@ -989,18 +989,53 @@ jobs:
       # have gaps when range is updated
       #
       # It should work like the legacy but with correct range.
-      - name: Switch primary to legacy2
+      - name: Stop the CAs
         run: |
           docker exec primary pki-server stop
-          docker exec primary pki-server ca-range-generator-update --type request legacy2
-          docker exec primary pki-server ca-range-generator-update --type cert legacy2
-          docker exec primary pki-server start --wait
+          docker exec secondary pki-server stop
+
+      - name: Switch primary to legacy2
+        run: |
+          docker exec primary pki-server ca-id-generator-update --type request legacy2
+          docker exec primary pki-server ca-id-generator-update --type cert legacy2
+
+      - name: Check request range objects
+        run: |
+          tests/ca/bin/ca-request-range-objects.sh primaryds | tee output
+
+          # request ranges should remain the same
+          cat > expected << EOF
+          SecurePort: 8443
+          beginRange: 11
+          endRange: 20
+          host: primary.example.com
+
+          SecurePort: 8443
+          beginRange: 21
+          endRange: 30
+          host: secondary.example.com
+
+          EOF
+
+          diff expected output
+
+      - name: Check request next range
+        run: |
+          tests/ca/bin/ca-request-next-range.sh primaryds | tee output
+
+          # request nextRange should remain the same
+          cat > expected << EOF
+          nextRange: 31
+          EOF
+
+          diff expected output
 
       - name: Check cert range objects
         run: |
           tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output
 
-          # cert ranges should remain the same
+          # cert ranges should remain the same but converted from hex to decimal
+          # the range value for the primary move from 13-30 (hex) to 19-48 (dec) 
           cat > expected << EOF
           SecurePort: 8443
           beginRange: 31
@@ -1029,9 +1064,12 @@ jobs:
 
       - name: Switch secondary to legacy2
         run: |
-          docker exec secondary pki-server stop
-          docker exec secondary pki-server ca-range-generator-update --type request legacy2
-          docker exec secondary pki-server ca-range-generator-update --type cert legacy2
+          docker exec secondary pki-server ca-id-generator-update --type request legacy2
+          docker exec secondary pki-server ca-id-generator-update --type cert legacy2
+
+      - name: Start the CAs
+        run: |
+          docker exec primary pki-server start --wait
           docker exec secondary pki-server start --wait
 
       - name: Check request range config in primary CA
@@ -1062,6 +1100,22 @@ jobs:
 
           diff expected output
 
+      - name: Check the radix for the new generator in all CAs
+        run: |
+          docker exec primary pki-server ca-config-show dbs.request.id.radix | tee output
+          docker exec secondary pki-server ca-config-show dbs.request.id.radix | tee -a output
+          docker exec primary pki-server ca-config-show dbs.cert.id.radix | tee -a output
+          docker exec secondary pki-server ca-config-show dbs.cert.id.radix | tee -a output
+
+          cat > expected <<EOF                                                                                                                                                                                                                                 
+          10
+          10
+          16
+          16
+          EOF
+
+          diff expected output
+          
       - name: Check cert range config in primary CA
         run: |
           tests/ca/bin/ca-cert-range-config.sh primary | tee output
@@ -1123,7 +1177,9 @@ jobs:
         run: |
           tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output
 
-          # cert ranges should remain the same
+          # cert ranges should remain the same but in dec.
+          # the range value for the primary move from 13-30 (hex) to 19-48 (dec)
+          # the range value for the secondary move from 31-48 (hex) to 49-72 (dec)          
           cat > expected << EOF
           SecurePort: 8443
           beginRange: 19

diff --git a/.github/workflows/ca-sequential-test.yml b/.github/workflows/ca-sequential-test.yml
@@ -1151,8 +1151,8 @@ jobs:
       - name: Switch to legacy2
         run: |
           docker exec pki pki-server stop
-          docker exec pki pki-server ca-range-generator-update --type request legacy2
-          docker exec pki pki-server ca-range-generator-update --type cert legacy2
+          docker exec pki pki-server ca-id-generator-update --type request legacy2
+          docker exec pki pki-server ca-id-generator-update --type cert legacy2
           docker exec pki pki-server start --wait
           
 
@@ -1184,6 +1184,18 @@ jobs:
 
           diff expected output
 
+      - name: Check the radix in for the new generator
+        run: |
+          docker exec pki pki-server ca-config-show dbs.request.id.radix | tee output
+          docker exec pki pki-server ca-config-show dbs.cert.id.radix | tee -a output
+
+          cat > expected <<EOF                                                                                                                                                                                                                                 
+          10
+          16
+          EOF
+
+          diff expected output
+
       - name: Check request repository
         run: |
           tests/ca/bin/ca-request-next-range.sh ds | tee output
@@ -1239,7 +1251,9 @@ jobs:
         run: |
           tests/ca/bin/ca-cert-range-objects.sh ds | tee output
 
-          # new cert range should be 27 - 42 decimal (total: 16)
+          # new cert range should be the same but converted to decimal
+          # first range move from 19-36 (hex) to 25-54 (dec)
+          # second range move from 37-54 (hex) to 55-84 (dec)
           cat > expected << EOF
           SecurePort: 8443
           beginRange: 25

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACLI.java b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CACLI.java
@@ -36,6 +36,7 @@ public CACLI(CLI parent) {
         addModule(new SubsystemGroupCLI(this));
         addModule(new CAProfileCLI(this));
         addModule(new CARangeCLI(this));
+        addModule(new CAIdCLI(this));
         addModule(new SubsystemUserCLI(this));
         addModule(new SDCLI(this));
     }

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CAIdCLI.java b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CAIdCLI.java
@@ -0,0 +1,19 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ca.cli;
+
+import org.dogtagpki.cli.CLI;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+public class CAIdCLI extends CLI {
+    public CAIdCLI(CLI parent) {
+        super("id", "CA id generator management commands", parent);
+
+        addModule(new CAIdGeneratorCLI(this));
+    }
+}
diff --git a/...ki/server/ca/cli/CARangeGeneratorCLI.java → ...agpki/server/ca/cli/CAIdGeneratorCLI.java b/...ki/server/ca/cli/CARangeGeneratorCLI.java → ...agpki/server/ca/cli/CAIdGeneratorCLI.java
@@ -10,12 +10,12 @@
 /**
  * @author Marco Fargetta {@literal <mfargett@redhat.com>}
  */
-public class CARangeGeneratorCLI extends CLI {
+public class CAIdGeneratorCLI extends CLI {
 
-    public CARangeGeneratorCLI(CLI parent) {
-        super("generator", "CA range generator commands", parent);
+    public CAIdGeneratorCLI(CLI parent) {
+        super("generator", "CA id generator commands", parent);
 
-        addModule(new CARangeGeneratorUpdateCLI(this));
+        addModule(new CAIdGeneratorUpdateCLI(this));
     }
 
 }
diff --git a/...ver/ca/cli/CARangeGeneratorUpdateCLI.java → ...server/ca/cli/CAIdGeneratorUpdateCLI.java b/...ver/ca/cli/CARangeGeneratorUpdateCLI.java → ...server/ca/cli/CAIdGeneratorUpdateCLI.java
@@ -5,7 +5,6 @@
 //
 package org.dogtagpki.server.ca.cli;
 
-import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cmscore.apps.DatabaseConfig;
 import com.netscape.cmscore.dbs.CertificateRepository;
 import com.netscape.cmscore.dbs.Repository;
@@ -14,17 +13,17 @@
 import com.netscape.cmscore.ldapconn.LdapConnInfo;
 import com.netscape.cmscore.ldapconn.PKISocketFactory;
 import org.dogtagpki.cli.CLI;
-import org.dogtagpki.server.cli.SubsystemRangeGeneratorUpdateCLI;
+import org.dogtagpki.server.cli.SubsystemIdGeneratorUpdateCLI;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * @author Marco Fargetta {@literal <mfargett@redhat.com>}
  */
-public class CARangeGeneratorUpdateCLI extends SubsystemRangeGeneratorUpdateCLI {
-    private static final Logger logger = LoggerFactory.getLogger(CARangeGeneratorUpdateCLI.class);
+public class CAIdGeneratorUpdateCLI extends SubsystemIdGeneratorUpdateCLI {
+    private static final Logger logger = LoggerFactory.getLogger(CAIdGeneratorUpdateCLI.class);
 
-    public CARangeGeneratorUpdateCLI(CLI parent) {
+    public CAIdGeneratorUpdateCLI(CLI parent) {
         super(parent);
     }
 
@@ -44,6 +43,7 @@ protected void updateSerialNumberRangeGenerator(PKISocketFactory socketFactory,
         }
         if (newGenerator == IDGenerator.LEGACY_2 && idGenerator == IDGenerator.LEGACY) {
             dbConfig.put(CertificateRepository.PROP_CERT_ID_GENERATOR, newGenerator.toString());
+            dbConfig.put(CertificateRepository.PROP_CERT_ID_RADIX, Integer.toString(Repository.HEX));
         }
 
         super.updateSerialNumberRangeGenerator(socketFactory, connInfo, authInfo, dbConfig, baseDN, newGenerator, hostName, securePort);

diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CARangeCLI.java b/base/ca/src/main/java/org/dogtagpki/server/ca/cli/CARangeCLI.java
@@ -16,6 +16,5 @@ public CARangeCLI(CLI parent) {
         super("range", "CA range management commands", parent);
 
         addModule(new CARangeUpdateCLI(this));
-        addModule(new CARangeGeneratorCLI(this));
     }
 }
diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/cli/KRACLI.java b/base/kra/src/main/java/org/dogtagpki/server/kra/cli/KRACLI.java
@@ -35,6 +35,7 @@ public KRACLI(CLI parent) {
         addModule(new SubsystemDBCLI(this));
         addModule(new SubsystemGroupCLI(this));
         addModule(new KRARangeCLI(this));
+        addModule(new KRAIdCLI(this));
         addModule(new SubsystemUserCLI(this));
         addModule(new SDCLI(this));
     }

diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/cli/KRAIdCLI.java b/base/kra/src/main/java/org/dogtagpki/server/kra/cli/KRAIdCLI.java
@@ -0,0 +1,19 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.kra.cli;
+
+import org.dogtagpki.cli.CLI;
+
+/**
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
+ */
+public class KRAIdCLI extends CLI {
+    public KRAIdCLI(CLI parent) {
+        super("id", "CA id generator management commands", parent);
+
+        addModule(new KRAIdGeneratorCLI(this));
+    }
+}
diff --git a/.../server/kra/cli/KRARangeGeneratorCLI.java → ...pki/server/kra/cli/KRAIdGeneratorCLI.java b/.../server/kra/cli/KRARangeGeneratorCLI.java → ...pki/server/kra/cli/KRAIdGeneratorCLI.java
@@ -9,10 +9,10 @@
 /**
  * @author Marco Fargetta {@literal <mfargett@redhat.com>}
  */
-public class KRARangeGeneratorCLI extends CLI {
-    public KRARangeGeneratorCLI(CLI parent) {
+public class KRAIdGeneratorCLI extends CLI {
+    public KRAIdGeneratorCLI(CLI parent) {
         super("generator", "kra range generator commands", parent);
 
-        addModule(new kraRangeGeneratorUpdateCLI(this));
+        addModule(new kraIdGeneratorUpdateCLI(this));
     }
 }
diff --git a/base/kra/src/main/java/org/dogtagpki/server/kra/cli/KRARangeCLI.java b/base/kra/src/main/java/org/dogtagpki/server/kra/cli/KRARangeCLI.java
@@ -16,6 +16,5 @@ public KRARangeCLI(CLI parent) {
         super("range", "KRA range management commands", parent);
 
         addModule(new KRARangeUpdateCLI(this));
-        addModule(new KRARangeGeneratorCLI(this));
     }
 }
diff --git a/...r/kra/cli/kraRangeGeneratorUpdateCLI.java → ...rver/kra/cli/kraIdGeneratorUpdateCLI.java b/...r/kra/cli/kraRangeGeneratorUpdateCLI.java → ...rver/kra/cli/kraIdGeneratorUpdateCLI.java
@@ -12,15 +12,14 @@
 import com.netscape.cmscore.ldapconn.LdapConnInfo;
 import com.netscape.cmscore.ldapconn.PKISocketFactory;
 import org.dogtagpki.cli.CLI;
-import org.dogtagpki.server.cli.SubsystemRangeGeneratorUpdateCLI;
+import org.dogtagpki.server.cli.SubsystemIdGeneratorUpdateCLI;
 
 /**
- *
- * @author mfargetta
+ * @author Marco Fargetta {@literal <mfargett@redhat.com>}
  */
-public class kraRangeGeneratorUpdateCLI extends SubsystemRangeGeneratorUpdateCLI {
+public class kraIdGeneratorUpdateCLI extends SubsystemIdGeneratorUpdateCLI {
 
-    public kraRangeGeneratorUpdateCLI(CLI parent) {
+    public kraIdGeneratorUpdateCLI(CLI parent) {
         super(parent);
     }
 
@@ -38,6 +37,7 @@ protected void updateSerialNumberRangeGenerator(PKISocketFactory socketFactory,
         }
         if (newGenerator == Repository.IDGenerator.LEGACY_2 && idGenerator == Repository.IDGenerator.LEGACY) {
             dbConfig.put(KeyRepository.PROP_KEY_ID_GENERATOR, newGenerator.toString());
+            dbConfig.put(KeyRepository.PROP_KEY_ID_RADIX, Integer.toString(Repository.HEX));
         }
 
         super.updateSerialNumberRangeGenerator(socketFactory, connInfo, authInfo, dbConfig, baseDN, newGenerator, hostName, securePort);

diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py
@@ -36,6 +36,7 @@
 import pki.server.cli.config
 import pki.server.cli.db
 import pki.server.cli.group
+import pki.server.cli.id
 import pki.server.cli.range
 import pki.server.cli.subsystem
 import pki.server.cli.user
@@ -61,6 +62,7 @@ def __init__(self):
         self.add_module(pki.server.cli.group.GroupCLI(self))
         self.add_module(CAProfileCLI())
         self.add_module(pki.server.cli.range.RangeCLI(self))
+        self.add_module(pki.server.cli.id.IdCLI(self))
         self.add_module(pki.server.cli.user.UserCLI(self))