From 095a48192016becfc9f8dace14b4fcabb64a066d Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 15 Jan 2024 10:31:47 +0700
Subject: [PATCH] Add default ID length for RSNv3

The Repository classes have been modified to generate 128-bit
IDs for RSNv3 if the *.id.length param is not specified.
---
 .github/workflows/ca-rsnv1-test.yml                           | 2 --
 .github/workflows/ca-sequential-test.yml                      | 2 --
 .github/workflows/kra-sequential-test.yml                     | 4 ----
 .../java/com/netscape/cmscore/dbs/CertificateRepository.java  | 3 ++-
 .../src/main/java/com/netscape/cmscore/dbs/KeyRepository.java | 3 ++-
 .../java/com/netscape/cmscore/request/RequestRepository.java  | 3 ++-
 6 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ca-rsnv1-test.yml b/.github/workflows/ca-rsnv1-test.yml
index 196640adbf0..e5116a64041 100644
--- a/.github/workflows/ca-rsnv1-test.yml
+++ b/.github/workflows/ca-rsnv1-test.yml
@@ -88,7 +88,6 @@ jobs:
           docker exec pki pki-server ca-config-unset dbs.requestRangeDN
 
           docker exec pki pki-server ca-config-set dbs.request.id.generator random
-          docker exec pki pki-server ca-config-set dbs.request.id.length 128
 
           # switch cert ID generator to RSNv3
           docker exec pki pki-server ca-config-unset dbs.beginSerialNumber
@@ -101,7 +100,6 @@ jobs:
           docker exec pki pki-server ca-config-unset dbs.randomSerialNumberCounter
 
           docker exec pki pki-server ca-config-set dbs.cert.id.generator random
-          docker exec pki pki-server ca-config-set dbs.cert.id.length 128
 
           # restart CA subsystem
           docker exec pki pki-server ca-redeploy --wait
diff --git a/.github/workflows/ca-sequential-test.yml b/.github/workflows/ca-sequential-test.yml
index 8cb321fb7a6..8c8489ececb 100644
--- a/.github/workflows/ca-sequential-test.yml
+++ b/.github/workflows/ca-sequential-test.yml
@@ -86,7 +86,6 @@ jobs:
           docker exec pki pki-server ca-config-unset dbs.requestRangeDN
 
           docker exec pki pki-server ca-config-set dbs.request.id.generator random
-          docker exec pki pki-server ca-config-set dbs.request.id.length 128
 
           # switch cert ID generator to RSNv3
           docker exec pki pki-server ca-config-unset dbs.beginSerialNumber
@@ -97,7 +96,6 @@ jobs:
           docker exec pki pki-server ca-config-unset dbs.serialRangeDN
 
           docker exec pki pki-server ca-config-set dbs.cert.id.generator random
-          docker exec pki pki-server ca-config-set dbs.cert.id.length 128
 
           # restart CA subsystem
           docker exec pki pki-server ca-redeploy --wait
diff --git a/.github/workflows/kra-sequential-test.yml b/.github/workflows/kra-sequential-test.yml
index fdb9503d490..862f213b7f8 100644
--- a/.github/workflows/kra-sequential-test.yml
+++ b/.github/workflows/kra-sequential-test.yml
@@ -103,7 +103,6 @@ jobs:
           docker exec pki pki-server ca-config-unset dbs.requestRangeDN
 
           docker exec pki pki-server ca-config-set dbs.request.id.generator random
-          docker exec pki pki-server ca-config-set dbs.request.id.length 128
 
           # switch cert ID generator to RSNv3
           docker exec pki pki-server ca-config-unset dbs.beginSerialNumber
@@ -114,7 +113,6 @@ jobs:
           docker exec pki pki-server ca-config-unset dbs.serialRangeDN
 
           docker exec pki pki-server ca-config-set dbs.cert.id.generator random
-          docker exec pki pki-server ca-config-set dbs.cert.id.length 128
 
           # switch key request ID generator to RSNv3
           docker exec pki pki-server kra-config-unset dbs.beginRequestNumber
@@ -125,7 +123,6 @@ jobs:
           docker exec pki pki-server kra-config-unset dbs.requestRangeDN
 
           docker exec pki pki-server kra-config-set dbs.request.id.generator random
-          docker exec pki pki-server kra-config-set dbs.request.id.length 128
 
           # switch key ID generator to RSNv3
           docker exec pki pki-server kra-config-unset dbs.beginSerialNumber
@@ -136,7 +133,6 @@ jobs:
           docker exec pki pki-server kra-config-unset dbs.serialRangeDN
 
           docker exec pki pki-server kra-config-set dbs.key.id.generator random
-          docker exec pki pki-server kra-config-set dbs.key.id.length 128
 
           # restart PKI server
           docker exec pki pki-server start --wait
diff --git a/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java b/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java
index 1e98d1d27fb..3432a129b6b 100644
--- a/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java
+++ b/base/ca/src/main/java/com/netscape/cmscore/dbs/CertificateRepository.java
@@ -83,6 +83,7 @@ public class CertificateRepository extends Repository {
     public static final String DEFAULT_CERT_ID_GENERATOR = "legacy";
 
     public static final String PROP_CERT_ID_LENGTH = "cert.id.length";
+    public static final int DEFAULT_CERT_ID_LENGTH = 128;
 
     private boolean mConsistencyCheck = false;
 
@@ -123,7 +124,7 @@ public void init() throws Exception {
 
         if (idGenerator == IDGenerator.RANDOM) {
 
-            idLength = mDBConfig.getInteger(PROP_CERT_ID_LENGTH);
+            idLength = mDBConfig.getInteger(PROP_CERT_ID_LENGTH, DEFAULT_CERT_ID_LENGTH);
             logger.debug("CertificateRepository: - cert ID length: " + idLength);
 
         } else {
diff --git a/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java b/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java
index cde7893d75e..6fc2139c18d 100644
--- a/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java
+++ b/base/kra/src/main/java/com/netscape/cmscore/dbs/KeyRepository.java
@@ -45,6 +45,7 @@ public class KeyRepository extends Repository {
     public static final String DEFAULT_KEY_ID_GENERATOR = "legacy";
 
     public static final String PROP_KEY_ID_LENGTH = "key.id.length";
+    public static final int DEFAULT_KEY_ID_LENGTH = 128;
 
     /**
      * Constructs a key repository. It checks if the key repository
@@ -79,7 +80,7 @@ public void init() throws Exception {
 
         if (idGenerator == IDGenerator.RANDOM) {
 
-            idLength = dbConfig.getInteger(PROP_KEY_ID_LENGTH);
+            idLength = dbConfig.getInteger(PROP_KEY_ID_LENGTH, DEFAULT_KEY_ID_LENGTH);
             logger.info("KeyRepository: - key ID length: " + idLength);
 
         } else {
diff --git a/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java b/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java
index f4d401d7dec..518d43c901c 100644
--- a/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java
+++ b/base/server/src/main/java/com/netscape/cmscore/request/RequestRepository.java
@@ -58,6 +58,7 @@ public class RequestRepository extends Repository {
     public static final String DEFAULT_REQUEST_ID_GENERATOR = "legacy";
 
     public static final String PROP_REQUEST_ID_LENGTH = "request.id.length";
+    public static final int DEFAULT_REQUEST_ID_LENGTH = 128;
 
     protected String filter;
 
@@ -96,7 +97,7 @@ public void init() throws Exception {
 
         if (idGenerator == IDGenerator.RANDOM) {
 
-            idLength = dbConfig.getInteger(PROP_REQUEST_ID_LENGTH);
+            idLength = dbConfig.getInteger(PROP_REQUEST_ID_LENGTH, DEFAULT_REQUEST_ID_LENGTH);
             logger.debug("RequestRepository: - request ID length: " + idLength);
 
         } else {