[Pki-devel] [PATCH] CA system certificates with random serial numbers

Andrew Wnuk awnuk at redhat.com
Thu Feb 21 01:40:48 UTC 2013


This patch adds support for CA system certificates with random serial 
numbers.

Bug 913313  (updates bug 912554).
-------------- next part --------------
Index: pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java	(revision 2524)
+++ pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java	(working copy)
@@ -41,6 +41,16 @@
 public interface ICertificateRepository extends IRepository {
 
     /**
+     * Retrieves the next certificate serial number, and also increases 
+     * the serial number by one in case of sequential number assignmen.
+     *
+     * @return serial number
+     * @exception EBaseException failed to retrieve next serial number
+     */
+    public BigInteger getNextSerialNumber()
+        throws EBaseException;
+
+    /**
      * Adds a certificate record to the repository. Each certificate
      * record contains four parts: certificate, meta-attributes,
      * issue information and reovcation information.
Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java	(revision 2524)
+++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java	(working copy)
@@ -242,6 +242,7 @@
         BigInteger randomNumber = null;
 
         synchronized (nextSerialNumberMonitor) {
+            super.initCacheIfNeeded();
             CMS.debug("CertificateRepository: getNextSerialNumber  mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers);
 
             if (mEnableRandomSerialNumbers) {


More information about the Pki-devel mailing list