Convert CertStatusUpdate from VLV to paged search #4708
Conversation
Note: the VLV update was done on ordered elements. With the paged search elements are not ordered to avoid extra work since the order it is not relevant for the update.
| Date notBefore = certRecord.getNotBefore(); | ||
| if (notBefore.after(now)) { | ||
| logger.debug("CertStatusUpdateTask: Cert " + certID.toHexString() + " not yet valid"); | ||
| logger.debug("CertStatusUpdateTask: Cert {} not yet valid", certID.toHexString()); | ||
| continue; | ||
| } |
There was a problem hiding this comment.
This is an existing code, but do you think we still need this check? IIUC getInvalidCertsByNotBeforeDate() will return invalid certs that should have been valid at the provided time, so maybe it's not necessary to check again.
| continue; | ||
| } | ||
|
|
||
| logger.debug("CertStatusUpdateTask: Cert " + certID.toHexString() + " has become valid"); | ||
| logger.debug("CertStatusUpdateTask: Cert {} has become valid", certID.toHexString()); | ||
| list.add(certID); |
There was a problem hiding this comment.
This is also an existing code, but instead of storing all cert IDs into a list (which could be large) we probably can just update the cert immediately with this code:
repository.updateStatus(certID, CertRecord.STATUS_VALID);
| if (!certRecIterator.hasNext()) { | ||
| logger.debug("CertStatusUpdateTask: No invalid certs"); | ||
| return; | ||
| } |
There was a problem hiding this comment.
If we don't use a list of certIDs anymore, we won't need this check since the while loop should be sufficient.
| Date notAfter = certRecord.getNotAfter(); | ||
| if (notAfter.after(now)) { | ||
| logger.debug("CertStatusUpdateTask: Cert " + certID.toHexString() + " not yet expired"); | ||
| logger.debug("CertStatusUpdateTask: Cert {} not yet expired", certID.toHexString()); | ||
| continue; | ||
| } |
| continue; | ||
| } | ||
|
|
||
| logger.debug("CertStatusUpdateTask: Cert " + certID.toHexString() + " has become expired"); | ||
| logger.debug("CertStatusUpdateTask: Cert {} has become expired", certID.toHexString()); | ||
| list.add(certID); |
| if (!certRecIterator.hasNext()) { | ||
| logger.debug("CertStatusUpdateTask: No invalid certs"); | ||
| return; | ||
| } |
| Date notAfter = certRecord.getNotAfter(); | ||
| if (notAfter.after(now)) { | ||
| logger.debug("CertStatusUpdateTask: Cert " + certID.toHexString() + " not yet expired"); | ||
| logger.debug("CertStatusUpdateTask: Cert {} not yet expired", certID.toHexString()); | ||
| continue; | ||
| } |
| continue; | ||
| } | ||
|
|
||
| logger.debug("CertStatusUpdateTask: Cert " + certID.toHexString() + " has become expired"); | ||
| logger.debug("CertStatusUpdateTask: Cert {} has become expired", certID.toHexString()); | ||
| list.add(certID); |
There was a problem hiding this comment.
Same as above, but we will need to update the issuing points too:
repository.updateStatus(certID, CertRecord.STATUS_REVOKED_EXPIRED);
for (CRLIssuingPoint issuingPoint : engine.getCRLIssuingPoints()) {
issuingPoint.addExpiredCert(certID.toBigInteger());
}
| if (totalSize <= 0) { | ||
| if (!certRecIterator.hasNext()) { | ||
| logger.debug("CertStatusUpdateTask: No invalid certs"); | ||
| return; | ||
| } |
|
Removing useless temporary lists needed to work with VLV
fmarco76
force-pushed
the
CertStatusUpdateTaskDropVLV
branch
from
9d2dafc
to
2746200
Compare
|
@edewata Thanks! I have updated the |
|
@edewata IPA tests are becoming unstable. They fail in different places but if I try locally they works. Maybe we have a synchronization problem! Not sure when this issue was introduced but I started to observe few weeks ago |
Note: the VLV update was done on ordered elements. With the paged search elements are not ordered to avoid extra work since the order it is not relevant for the update.