Move the callback to PKISocketFactory and fix startup

Moving the callback to `PKISocketFactory` there is no need to have store
it in a static variable. However, only OCSPEngine instances have a valid
value so no other instances are used.

The startup order has been fixed.

base/ocsp/src/main/java/com/netscape/cms/ocsp/LDAPStore.java

@@ -28,6 +28,7 @@
 import java.util.Locale;
 import java.util.Vector;
 
+import org.dogtagpki.server.ocsp.OCSPEngine;
 import org.mozilla.jss.asn1.GeneralizedTime;
 import org.mozilla.jss.asn1.INTEGER;
 import org.mozilla.jss.netscape.security.x509.RevokedCertificate;
@@ -41,7 +42,6 @@
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.ocsp.IDefStore;
 import com.netscape.cmscore.apps.CMS;
-import com.netscape.cmscore.apps.CMSEngine;
 import com.netscape.cmscore.base.ConfigStore;
 import com.netscape.cmscore.dbs.CRLIssuingPointRecord;
 import com.netscape.cmscore.dbs.DBSubsystem;
@@ -286,8 +286,8 @@ public void startup() throws EBaseException {
 
             updater.start();
         }
-        if(mValidateConnection) {
-            CMSEngine.setApprovalCallback(new CRLLdapValidator(this));
+        if(mValidateConnection && OCSPEngine.getInstance() != null) {
+            OCSPEngine.getInstance().setApprovalCallback(new CRLLdapValidator(this));
         }
     }
 

base/ocsp/src/main/java/org/dogtagpki/server/ocsp/OCSPEngine.java

@@ -37,9 +37,14 @@
 import com.netscape.certsrv.base.Subsystem;
 import com.netscape.cms.ocsp.LDAPStore;
 import com.netscape.cmscore.apps.CMSEngine;
+import com.netscape.cmscore.apps.DatabaseConfig;
 import com.netscape.cmscore.base.ConfigStorage;
 import com.netscape.cmscore.base.ConfigStore;
 import com.netscape.cmscore.dbs.CRLIssuingPointRecord;
+import com.netscape.cmscore.dbs.DBSubsystem;
+import com.netscape.cmscore.ldapconn.LDAPConfig;
+import com.netscape.cmscore.ldapconn.PKISocketConfig;
+import com.netscape.cmsutil.password.PasswordStore;
 import com.netscape.ocsp.OCSPAuthority;
 
 public class OCSPEngine extends CMSEngine {
@@ -69,6 +74,13 @@ public OCSPAuthority getOCSP() {
         return (OCSPAuthority) getSubsystem(OCSPAuthority.ID);
     }
 
+    @Override
+    public void initDBSubsystem() throws Exception {
+
+        dbSubsystem = new DBSubsystem();
+        dbSubsystem.setCMSEngine(this);
+        dbSubsystem.setEngineConfig(config);
+    }
     @Override
     public void initSubsystem(Subsystem subsystem, ConfigStore subsystemConfig) throws Exception {
 
@@ -88,8 +100,14 @@ protected void startupSubsystems() throws Exception {
 
         for (Subsystem subsystem : subsystems.values()) {
             logger.info("CMSEngine: Starting " + subsystem.getId() + " subsystem");
-            if (!(subsystem instanceof OCSPAuthority))
+            if (!(subsystem instanceof OCSPAuthority)) {
+                DatabaseConfig dbConfig = config.getDatabaseConfig();
+                LDAPConfig ldapConfig = dbConfig.getLDAPConfig();
+                PKISocketConfig socketConfig = config.getSocketConfig();
+                PasswordStore passwordStore = getPasswordStore();
+                dbSubsystem.init(dbConfig, ldapConfig, socketConfig, passwordStore);
                 subsystem.startup();
+            }
         }
 
         // global admin servlet. (anywhere else more fit for this ?)

base/server/src/main/java/com/netscape/cmscore/apps/CMSEngine.java

@@ -185,7 +185,7 @@ public class CMSEngine {
     private static final int PW_CANNOT_CONNECT = 3;
     private static final int PW_MAX_ATTEMPTS = 3;
 
-    protected static SSLCertificateApprovalCallback approvalCallback;
+    protected SSLCertificateApprovalCallback approvalCallback;
 
     public CMSEngine(String name) {
         this.id = name.toLowerCase();
@@ -194,12 +194,12 @@ public CMSEngine(String name) {
         logger.info("Creating " + name + " engine");
     }
 
-    public static SSLCertificateApprovalCallback getApprovalCallback() {
+    public SSLCertificateApprovalCallback getApprovalCallback() {
         return approvalCallback;
     }
 
-    public static void setApprovalCallback(SSLCertificateApprovalCallback approvalCallback) {
-        CMSEngine.approvalCallback = approvalCallback;
+    public void setApprovalCallback(SSLCertificateApprovalCallback approvalCallback) {
+        this.approvalCallback = approvalCallback;
     }
 
     public String getID() {

base/server/src/main/java/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java

@@ -296,6 +296,7 @@ private LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapE
             if (engine != null) {
                 socketFactory.setAuditor(engine.getAuditor());
                 socketFactory.addSocketListener(engine.getClientSocketListener());
+                socketFactory.setApprovalCallback(engine.getApprovalCallback());
             }
             socketFactory.setSecure(mConnInfo.getSecure());
             if (mAuthInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) {

base/server/src/main/java/com/netscape/cmscore/ldapconn/PKISocketFactory.java

@@ -26,6 +26,7 @@
 import java.util.List;
 import java.util.Vector;
 
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
 import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
 import org.mozilla.jss.ssl.SSLHandshakeCompletedListener;
@@ -34,7 +35,6 @@
 
 import com.netscape.certsrv.logging.SignedAuditEvent;
 import com.netscape.certsrv.logging.event.ClientAccessSessionEstablishEvent;
-import com.netscape.cmscore.apps.CMSEngine;
 import com.netscape.cmscore.logging.Auditor;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
@@ -56,7 +56,7 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
     private boolean mClientAuth = false;
     private boolean keepAlive = true;
     private String mClientCiphers = null;
-
+    private SSLCertificateApprovalCallback approvalCallback;
     protected List<SSLSocketListener> socketListeners = new ArrayList<>();
 
     /*
@@ -119,6 +119,14 @@ public void removeSocketListener(SSLSocketListener socketListener) {
         socketListeners.remove(socketListener);
     }
 
+    public SSLCertificateApprovalCallback getApprovalCallback() {
+        return approvalCallback;
+    }
+
+    public void setApprovalCallback(SSLCertificateApprovalCallback approvalCallback) {
+        this.approvalCallback = approvalCallback;
+    }
+
     public void init() {
         init(null);
     }
@@ -176,7 +184,7 @@ public SSLSocket makeSSLSocket(String host, int port) throws UnknownHostExceptio
         SSLSocket s;
 
         if (clientCertNickname == null) {
-            s = new SSLSocket(host, port, null, 0, CMSEngine.getApprovalCallback(), null);
+            s = new SSLSocket(host, port, null, 0, approvalCallback, null);
         } else {
             // Let's create a selection callback in the case the client auth
             // No longer manually set the cert name.
@@ -185,14 +193,15 @@ public SSLSocket makeSSLSocket(String host, int port) throws UnknownHostExceptio
 
             Socket js = new Socket(InetAddress.getByName(host), port);
             s = new SSLSocket(js, host,
-                    CMSEngine.getApprovalCallback(),
+                    approvalCallback,
                     new SSLClientCertificateSelectionCB(clientCertNickname));
         }
 
         s.setUseClientMode(true);
         s.enableV2CompatibleHello(false);
 
         for (SSLSocketListener socketListener : socketListeners) {
+            logger.error("Add listener!!! " + socketListener.toString());
             s.addSocketListener(socketListener);
         }