Skip to content

Commit

Permalink
Add SerialNumberUpdateJob
Browse files Browse the repository at this point in the history
The SerialNumberUpdateJob has been added to update the ranges
for sequential serial numbers, similar to SerialNumberUpdateTask.
The job can be scheduled to run automatically at specific times,
or can be run immediately by calling pki ca-job-start, whereas
the task only supports a fixed interval.

An upgrade script has been added to add the default config params
for SerialNumberUpdateJob into existing instances. In the future
it might be possible to replace SerialNumberUpdateTask with
SerialNumberUpdateJob automatically.

https://github.com/dogtagpki/pki/wiki/Configuring-SerialNumberUpdateJob
  • Loading branch information
edewata committed Oct 8, 2024
1 parent 76267d9 commit 4e474ac
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 0 deletions.
3 changes: 3 additions & 0 deletions base/ca/shared/conf/CS.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -705,6 +705,7 @@ jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNot
jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob
jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
jobsScheduler.impl.PruningJob.class=org.dogtagpki.server.ca.job.PruningJob
jobsScheduler.impl.SerialNumberUpdateJob.class=org.dogtagpki.server.ca.job.SerialNumberUpdateJob
jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5
jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification
jobsScheduler.job.certRenewalNotifier.emailTemplate=[pki_instance_path]/ca/emails/rnJob1.txt
Expand Down Expand Up @@ -748,6 +749,8 @@ jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail=
jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail=
jobsScheduler.job.pruning.enabled=false
jobsScheduler.job.pruning.pluginName=PruningJob
jobsScheduler.job.serialNumberUpdate.enabled=false
jobsScheduler.job.serialNumberUpdate.pluginName=SerialNumberUpdateJob
jss._000=##
jss._001=## JSS
jss._002=##
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
//
// Copyright Red Hat, Inc.
//
// SPDX-License-Identifier: GPL-2.0-or-later
//
package org.dogtagpki.server.ca.job;

import java.util.Calendar;
import java.util.Date;

import org.dogtagpki.server.ca.CAEngine;

import com.netscape.certsrv.base.IExtendedPluginInfo;
import com.netscape.cms.jobs.Job;

public class SerialNumberUpdateJob extends Job implements IExtendedPluginInfo {

public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(SerialNumberUpdateJob.class);

public SerialNumberUpdateJob() {
}

@Override
public String[] getConfigParams() {
return null;
}

@Override
public String[] getExtendedPluginInfo() {
return null;
}

@Override
public void run() {
Calendar calendar = Calendar.getInstance();
Date time = calendar.getTime();
logger.info("SerialNumberUpdateJob: Running " + mId + " job at " + time);

try {
CAEngine engine = (CAEngine) super.engine;
engine.updateSerialNumbers();
} catch (Exception e) {
logger.warn("SerialNumberUpdateJob: " + e.getMessage(), e);
}
}
}
36 changes: 36 additions & 0 deletions base/server/upgrade/11.6.0/02-AddSerialNumberUpdateJob.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
#
# Copyright Red Hat, Inc.
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
import pki.server.upgrade


class AddSerialNumberUpdateJob(pki.server.upgrade.PKIServerUpgradeScriptlet):

def __init__(self):
super().__init__()
self.message = 'Add SerialNumberUpdateJob'

def upgrade_subsystem(self, instance, subsystem):

if subsystem.name != 'ca':
return

self.backup(subsystem.cs_conf)

class_name = subsystem.config.get('jobsScheduler.impl.SerialNumberUpdateJob.class')
if class_name is None:
subsystem.config['jobsScheduler.impl.SerialNumberUpdateJob.class'] = \
'org.dogtagpki.server.ca.job.SerialNumberUpdateJob'

enabled = subsystem.config.get('jobsScheduler.job.serialNumberUpdate.enabled')
if enabled is None:
subsystem.config['jobsScheduler.job.serialNumberUpdate.enabled'] = 'false'

plugin_name = subsystem.config.get('jobsScheduler.job.serialNumberUpdate.pluginName')
if plugin_name is None:
subsystem.config['jobsScheduler.job.serialNumberUpdate.pluginName'] = \
'SerialNumberUpdateJob'

subsystem.save()

0 comments on commit 4e474ac

Please sign in to comment.