[Pki-devel] [PATCH] CA system certificates with random serial numbers
Andrew Wnuk
awnuk at redhat.com
Thu Feb 21 01:40:48 UTC 2013
This patch adds support for CA system certificates with random serial
numbers.
Bug 913313 (updates bug 912554).
-------------- next part --------------
Index: pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java (revision 2524)
+++ pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java (working copy)
@@ -41,6 +41,16 @@
public interface ICertificateRepository extends IRepository {
/**
+ * Retrieves the next certificate serial number, and also increases
+ * the serial number by one in case of sequential number assignmen.
+ *
+ * @return serial number
+ * @exception EBaseException failed to retrieve next serial number
+ */
+ public BigInteger getNextSerialNumber()
+ throws EBaseException;
+
+ /**
* Adds a certificate record to the repository. Each certificate
* record contains four parts: certificate, meta-attributes,
* issue information and reovcation information.
Index: pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
===================================================================
--- pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (revision 2524)
+++ pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java (working copy)
@@ -242,6 +242,7 @@
BigInteger randomNumber = null;
synchronized (nextSerialNumberMonitor) {
+ super.initCacheIfNeeded();
CMS.debug("CertificateRepository: getNextSerialNumber mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers);
if (mEnableRandomSerialNumbers) {
More information about the Pki-devel
mailing list