From 4e474aceeacadbc67cfcb445db5ca7e1cceb4a8f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 4 Oct 2024 14:45:33 -0500
Subject: [PATCH] Add SerialNumberUpdateJob

The SerialNumberUpdateJob has been added to update the ranges
for sequential serial numbers, similar to SerialNumberUpdateTask.
The job can be scheduled to run automatically at specific times,
or can be run immediately by calling pki ca-job-start, whereas
the task only supports a fixed interval.

An upgrade script has been added to add the default config params
for SerialNumberUpdateJob into existing instances. In the future
it might be possible to replace SerialNumberUpdateTask with
SerialNumberUpdateJob automatically.

https://github.com/dogtagpki/pki/wiki/Configuring-SerialNumberUpdateJob
---
 base/ca/shared/conf/CS.cfg                    |  3 ++
 .../server/ca/job/SerialNumberUpdateJob.java  | 46 +++++++++++++++++++
 .../11.6.0/02-AddSerialNumberUpdateJob.py     | 36 +++++++++++++++
 3 files changed, 85 insertions(+)
 create mode 100644 base/ca/src/main/java/org/dogtagpki/server/ca/job/SerialNumberUpdateJob.java
 create mode 100644 base/server/upgrade/11.6.0/02-AddSerialNumberUpdateJob.py

diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index 0a33b7558f8..bfb798c0939 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -705,6 +705,7 @@ jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNot
 jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob
 jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
 jobsScheduler.impl.PruningJob.class=org.dogtagpki.server.ca.job.PruningJob
+jobsScheduler.impl.SerialNumberUpdateJob.class=org.dogtagpki.server.ca.job.SerialNumberUpdateJob
 jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5
 jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification
 jobsScheduler.job.certRenewalNotifier.emailTemplate=[pki_instance_path]/ca/emails/rnJob1.txt
@@ -748,6 +749,8 @@ jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail=
 jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail=
 jobsScheduler.job.pruning.enabled=false
 jobsScheduler.job.pruning.pluginName=PruningJob
+jobsScheduler.job.serialNumberUpdate.enabled=false
+jobsScheduler.job.serialNumberUpdate.pluginName=SerialNumberUpdateJob
 jss._000=##
 jss._001=## JSS
 jss._002=##
diff --git a/base/ca/src/main/java/org/dogtagpki/server/ca/job/SerialNumberUpdateJob.java b/base/ca/src/main/java/org/dogtagpki/server/ca/job/SerialNumberUpdateJob.java
new file mode 100644
index 00000000000..4a2beb85878
--- /dev/null
+++ b/base/ca/src/main/java/org/dogtagpki/server/ca/job/SerialNumberUpdateJob.java
@@ -0,0 +1,46 @@
+//
+// Copyright Red Hat, Inc.
+//
+// SPDX-License-Identifier: GPL-2.0-or-later
+//
+package org.dogtagpki.server.ca.job;
+
+import java.util.Calendar;
+import java.util.Date;
+
+import org.dogtagpki.server.ca.CAEngine;
+
+import com.netscape.certsrv.base.IExtendedPluginInfo;
+import com.netscape.cms.jobs.Job;
+
+public class SerialNumberUpdateJob extends Job implements IExtendedPluginInfo {
+
+    public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(SerialNumberUpdateJob.class);
+
+    public SerialNumberUpdateJob() {
+    }
+
+    @Override
+    public String[] getConfigParams() {
+        return null;
+    }
+
+    @Override
+    public String[] getExtendedPluginInfo() {
+        return null;
+    }
+
+    @Override
+    public void run() {
+        Calendar calendar = Calendar.getInstance();
+        Date time = calendar.getTime();
+        logger.info("SerialNumberUpdateJob: Running " + mId + " job at " + time);
+
+        try {
+            CAEngine engine = (CAEngine) super.engine;
+            engine.updateSerialNumbers();
+        } catch (Exception e) {
+            logger.warn("SerialNumberUpdateJob: " + e.getMessage(), e);
+        }
+    }
+}
diff --git a/base/server/upgrade/11.6.0/02-AddSerialNumberUpdateJob.py b/base/server/upgrade/11.6.0/02-AddSerialNumberUpdateJob.py
new file mode 100644
index 00000000000..c9aa990316a
--- /dev/null
+++ b/base/server/upgrade/11.6.0/02-AddSerialNumberUpdateJob.py
@@ -0,0 +1,36 @@
+#
+# Copyright Red Hat, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+import pki.server.upgrade
+
+
+class AddSerialNumberUpdateJob(pki.server.upgrade.PKIServerUpgradeScriptlet):
+
+    def __init__(self):
+        super().__init__()
+        self.message = 'Add SerialNumberUpdateJob'
+
+    def upgrade_subsystem(self, instance, subsystem):
+
+        if subsystem.name != 'ca':
+            return
+
+        self.backup(subsystem.cs_conf)
+
+        class_name = subsystem.config.get('jobsScheduler.impl.SerialNumberUpdateJob.class')
+        if class_name is None:
+            subsystem.config['jobsScheduler.impl.SerialNumberUpdateJob.class'] = \
+                'org.dogtagpki.server.ca.job.SerialNumberUpdateJob'
+
+        enabled = subsystem.config.get('jobsScheduler.job.serialNumberUpdate.enabled')
+        if enabled is None:
+            subsystem.config['jobsScheduler.job.serialNumberUpdate.enabled'] = 'false'
+
+        plugin_name = subsystem.config.get('jobsScheduler.job.serialNumberUpdate.pluginName')
+        if plugin_name is None:
+            subsystem.config['jobsScheduler.job.serialNumberUpdate.pluginName'] = \
+                'SerialNumberUpdateJob'
+
+        subsystem.save()