Address Bug 1462291 - CRL autoupdate from CS.cfg (dogtagpki#503)

This fix allows the admin to request that a change to this crl CS.cfg setting:

ca.crl.MasterCRL.autoUpdateInterval=xxx

This fix will allow the system to attempt to use the new value of auto update
immediately. The previous longstanding behavior was to have the new interval take affect,
AFTER the currently scheduled nextUpdate time.

What this fix does is allow the use of a new CS.cfg parameter:

ca.crl.MasterCRL.autoUpdateInterval.effectiveAtStart=true

This parameter must be inserted before a restart to allow this behavior to take place at all.
Without the param everything should be working as normal.

After changing the CS.cfg value, the server must be restarted.

At this point the delay time for the next update will be calculated based on the new auto update interval.

Previously the code would simply ignore the new calculated value and take whatever is already encoded into the
"nextUpdate" field of the crl.

This fix allows the new value to be accepted. Here are some caveats on how this thing behaves:

1. If the autoUpdate interval is made smaller , this thing works as expected, having the next update take place
in roughly the amount of time in the new interval.

2. If making the interval smaller, makes the calculated next update in the past, the update will occur now and then the
nextUpdate will be calculated with the new schedule..

3. If the admin makes the autoUpdate interval larger, the behavior is a little different.
Due to the fact that the calculations made with the new interval, is based off of starting with the time stamp
for "yesterday" or the very first daily update from yesterday, the new nextUPdate time calculated may be less
than simply adding the the new interval to the last update.

This fix was coded by allowing the current very comnplicated algorithm to calculate the nextUpdate do it's thing
while at the end of the process, this code simply chooses what is calculated instead of what is already encoded within
the crl's nextUpdate field.

Therefore if the new param is never set, nothing changes. This param should be used with care.

If the agent goes to the display crl page, the new value can easily be viewed as well as the debug log.

4. After the operation takes place the flag inside the server will be cleared and this feature will no longer
be attempted while the server is running.

5. The admin must clear the schedulUpdated setting before the restart to assure normal operation after the next restart.

Co-authored-by: Jack Magne <[email protected]>

Author: jmagne

base/ca/src/com/netscape/ca/CRLIssuingPoint.java

@@ -359,6 +359,13 @@ public class CRLIssuingPoint implements ICRLIssuingPoint, Runnable {
 
     private boolean mSaveMemory = false;
 
+    /**
+     * One time config flag that we have an updated schedule and we want it
+     * followed immediately after startup.
+     */
+
+    private boolean mAutoUpdateIntervalEffectiveAtStart = false;
+
     /**
      * Constructs a CRL issuing point from instantiating from class name.
      * CRL Issuing point must be followed by method call init(CA, id, config);
@@ -797,6 +804,9 @@ protected void initConfig(CRLIssuingPointConfig config) throws EBaseException {
                     CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1",
                             PROP_END_SERIAL, "BigInteger", "positive number"));
         }
+
+        mAutoUpdateIntervalEffectiveAtStart = config.getAutoUpdateIntervalEffectiveAtStart();
+        logger.debug("CRLIssuingPoint.initConfig : mAutoUpdateIntervalEffectiveAtStart: " +  mAutoUpdateIntervalEffectiveAtStart);
     }
 
     /**
@@ -860,6 +870,9 @@ private void initCRL() throws EBaseException {
             mLastFullUpdate = null;
 
             mNextUpdate = crlRecord.getNextUpdate();
+
+            logger.debug("CRLIssuingPoint.initCRL: mNextUpdate: " + mNextUpdate);
+
             if (isDeltaCRLEnabled()) {
                 mNextDeltaUpdate = (mNextUpdate != null) ? new Date(mNextUpdate.getTime()) : null;
             }
@@ -1603,7 +1616,10 @@ private long findNextUpdate(boolean fromLastUpdate, boolean delta) {
         long next = 0L;
         long nextUpdate = 0L;
 
-        logger.debug("findNextUpdate:  fromLastUpdate: " + fromLastUpdate + "  delta: " + delta);
+        logger.debug("CRLIssuingPoint.findNextUpdate: mLastUpdate: " + mLastUpdate);
+        logger.debug("CRLIssuingPoint.findNextUpdate: mNextUpdate: " + mNextUpdate);
+        logger.debug("CRLIssuingPoint.findNextUpdate: mAutoUpdateInterval: " + mAutoUpdateInterval / 60000);
+        logger.debug("CRLIssuingPOint.findNextUpdate: lastUpdate: " + new Date(lastUpdate));
 
         int numberOfDays = (int) ((startOfToday - lastUpdateDay) / oneDay);
         if (numberOfDays > 0 && mDailyUpdates.size() > 1 &&
@@ -1767,8 +1783,33 @@ private long findNextUpdate(boolean fromLastUpdate, boolean delta) {
             }
         }
 
+        logger.debug("CRLIssuingPoint.findNextUpdate: nextUpdate : " + new Date(nextUpdate) + " next: " + new Date(next));
+
         if (fromLastUpdate && nextUpdate > 0 && (nextUpdate < next || nextUpdate >= now)) {
-            next = nextUpdate;
+            // We have the one time schedule updated flag set in CS.cfg, which means
+            // we want the schedule adhered to now instead of waiting for the next update for it
+            // to take effect.
+            // Here the variable "next" has the newly calculated nextUpdate value
+            // Here the variable "nextUpdate" contains the nextUpdate value from the previous schedule
+            if (mAutoUpdateIntervalEffectiveAtStart) {
+                // Check and see if the new schedule has taken us into the past:
+                if(next <= now ) {
+                    mNextUpdate = new Date(now);
+                    logger.debug("CRLIssuingPoint.findNextUpdate: schedule updated to the past. Making mNextUpdate now: " +  mNextUpdate);
+                    next = now;
+                }  else {
+                    //alter the value of the nextUpdate to be the time calculated from the new schedule
+                    mNextUpdate = new Date(next);
+                }
+
+                logger.debug("CRLIssuingPoint.findNextUpdate: taking updated schedule value: " + mNextUpdate);
+                // Now clear it since we only want this once upon startup.
+                mAutoUpdateIntervalEffectiveAtStart = false;
+            } else {
+                logger.debug("CRLIssuingPoint.findNextUpdate: taking current schedule's nextUpdate value: " + new Date(nextUpdate));
+                //Normal behavior where the previous or current shedule's nextUpdate time is observed.
+                next = nextUpdate;
+            }
         }
 
         logger.debug("findNextUpdate:  "
@@ -2830,6 +2871,8 @@ void generateFullCRL(
             Date thisUpdate,
             Date nextUpdate) throws EBaseException {
 
+        logger.debug("generateFullCRL: thisUpdate: " + thisUpdate + " nextUpdate: " + nextUpdate);
+
         mSplits[6] -= System.currentTimeMillis();
         if (mNextDeltaCRLNumber.compareTo(mNextCRLNumber) > 0) {
             mNextCRLNumber = mNextDeltaCRLNumber;

base/ca/src/com/netscape/ca/CRLIssuingPointConfig.java

@@ -293,4 +293,12 @@ public BigInteger getCRLEndSerialNo() throws EBaseException {
     public void setCRLEndSerialNo(BigInteger crlEndSerialNo) {
         putBigInteger("crlEndSerialNo", crlEndSerialNo);
     }
+
+    public boolean getAutoUpdateIntervalEffectiveAtStart()  throws EBaseException {
+        return getBoolean("autoUpdateInterval.effectiveAtStart",false);
+    }
+
+    public void setAutoUpdateIntervalEffectiveAtStart(Boolean updated) {
+        putBoolean("autoUpdateInterval.effectiveAtStart",updated);
+    }
 }