New legacy id generator #4875
Open
New legacy id generator #4875
Commits on Oct 17, 2024
-
Add option for decimal range numbers
With legacy serial ID, request and replica ranges are expressed in decimal while serial in hex. However, there is a problem in the hex management which create gaps in the sequences every time a new range is allocated. Since gaps could create problems to third party software it has been introduced a new parameter in CS.cfg to set the same format for all ranges: dbs.numberRangeRadix If this is not present or negative then the current default is adopted and nothing change. If this is set to 10 all the values are handled as decimal and the ranges work properly. If set to different values than 10 (e.g. 16 for hex) the gap problem is still present. This new parameter is not update during the update to avoid creating problem to running instances which do not have problem with range gaps. In case to move the value to 10 and solve the gaps problem then the CS.cfg serial range has to be fixed considering the current value as hex. Also the nextRange in the following DS node has to fixed accordingly: ou=certificateRepository,ou=ca,<prefix>
-
-
Make serial range operation in DS not radix dependent
Range information in DS will be stored in decimal format so all the related operation do not need radix to be read.
-
-
-
-
Add test for newLegacy id generator
The test convert from legacy generator to newLegacy and verify that not gaps are present when new ranges are created
-
-
Add new pki-server ca-range-generator-* commands
This include 2 command: - "show" to get the id generator configured - "update" to change the generator. It is possible to move from legacy to legacy2 and from legacy or legacy2 to random
-
Update sequential test to use command for generator update
The generator are updated with the new command: pki-server ca-range-generator-update --type <generator_type> <generator_namne>
Commits on Oct 18, 2024
-
Split the redix options beteween request and cert
The just introduced option `dbs.numberRangeRadix` has been splitted in: - `dbs.cert.id.radix` - `dbs.request.id.radix` If they are not present the default value of 16 for cert and 10 for request will be used.
-
Update all ranges when move from legacy to legacy2
In legacy serial number ranges are stored as hex for cert and decimal for request. The legacy2 is using decimal for all the values stored in DS. The update command is converting stored ranges to decimal to match with the new format and avoid problems.
-
-
Commits on Oct 21, 2024
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.