Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key repository free vlv #4755

Merged
merged 3 commits into from
May 29, 2024
Merged

Key repository free vlv #4755

merged 3 commits into from
May 29, 2024

Conversation

fmarco76
Copy link
Member

No description provided.

@fmarco76 fmarco76 requested a review from edewata May 27, 2024 11:16
edewata
edewata approved these changes May 28, 2024
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have one question, but if it works properly feel free to merge.

base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java Outdated

if (serial_low_bound == null
|| serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
return null;
}

String ldapfilter = "(" + "serialno" + "=*" + ")";
String ldapfilter = "(&(" + "serialno" + "=*" + ")(" + KeyRecord.ATTR_ID + "<="+serial_upper_bound+"))";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the (serialno=*) is no longer needed since all key records have serialno (it was probably added since the filter can't be empty), but it's fine to leave it there.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use serialno or keySerialNumber in this filter? I'm not too familiar with this area, but sometimes the filter needs to be defined using the record attributes (e.g keySerialNumber) and sometimes it needs to be defined using the actual LDAP attributes (.e.g serialno). The mapping is defined here:
https://github.com/dogtagpki/pki/blob/master/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java#L101-L103

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case it is OK to use serialno because it is the name of the attribute stored in the DS entry and it has to collect everything. The keySerialNumber is derived from serialno and contain the real serial number to use (the value stored in the DS has a special format which allow to order by serialno even it is a string).
Nevertheless, I totally agree that we can remove this condition since it is always valid. I have done some test without and it is OK.

fmarco76 added 3 commits May 29, 2024 11:00
@fmarco76
Update KeyRepository to Paged Search
9293463 
Methods to find keys using VLV indexes have been deprecated.
All their usage inside the KeyRepository have been replaced with
paged search based query.
@fmarco76
Fix CertificateRepository wrong method id debug log
1516d24
@fmarco76
Fix filter for lastSerial in KeyRepository and tidyup
58a2dc4 
The filter can be simplified removing the first condition in the and
('&') since it always true for all the records.

Additionally, some tidyup fixing log format, array designators and other
minor improvements.
@fmarco76 fmarco76 force-pushed the KeyRepositoryFreeVLV branch from 8930207 to 58a2dc4 Compare May 29, 2024 10:36
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@fmarco76
Copy link
Member Author

@edewata Python test is failing: https://github.com/dogtagpki/pki/actions/runs/9284603772/job/25547705011?pr=4755
It is not related to this PR since there is no change in python code. It is possible an update on the tools for checking. We have to investigate in future PRs.

@fmarco76 fmarco76 merged commit 90154c7 into dogtagpki:master May 29, 2024
137 of 148 checks passed
@fmarco76
Copy link
Member Author

@edewata Thanks! I have updated as for the above comment

@fmarco76 fmarco76 deleted the KeyRepositoryFreeVLV branch May 29, 2024 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edewata edewata edewata approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fmarco76 @edewata