Transaction support for signing and timed service

Author: 3keyroman

signserver/modules/SignServer-Common/src/main/java/org/signserver/common/SignServerConstants.java

@@ -89,6 +89,9 @@ public class SignServerConstants {
      */
     public static final String KEYUSAGELIMIT = "KEYUSAGELIMIT";
     public static String DISABLEKEYUSAGECOUNTER = "DISABLEKEYUSAGECOUNTER";
+
+    public static String PROCESSINTRANSACTION = "PROCESSINTRANSACTION";
+
     /**
      * Constant used to set the default value of configuration property to NULL if not setting property means property value is NULL.
      * 

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/BaseWorker.java

@@ -209,4 +209,8 @@ public WorkerType getWorkerType() {
         }
         return type;
     }
+
+    public boolean requiresTransaction(final IServices services) {
+        return false;
+    }
 }

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/IWorker.java

@@ -68,4 +68,11 @@ public interface IWorker {
      * @return a WorkerStatus object.
      */
     WorkerStatusInfo getStatus(final List<String> additionalFatalErrors, final IServices services);
+
+    /**
+     * If worker requires a database transaction when using this crypto token.
+     *
+     * @return True or false
+     */
+    boolean requiresTransaction(final IServices services);
 }

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/UnloadableWorker.java

@@ -129,6 +129,11 @@ public boolean isSingleton() {
         return false;
     }
 
+    @Override
+    public boolean requiresTransaction(final IServices services) {
+        return false;
+    }
+
     /**
      * @return No log types
      */

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/cryptotokens/BaseCryptoToken.java

@@ -27,4 +27,9 @@ public boolean isNoCertificatesRequired() {
         return false;
     }
 
+    @Override
+    public boolean requiresTransactionForSigning() {
+        return false;
+    }
+
 }

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/cryptotokens/ICryptoTokenV4.java

@@ -279,4 +279,11 @@ boolean removeKey(String alias, IServices services) throws CryptoTokenOfflineExc
      * @return True or false
      */
     boolean isNoCertificatesRequired();
+
+    /**
+     * If worker requires a database transaction for signing operation.
+     *
+     * @return True or false
+     */
+    boolean requiresTransactionForSigning();
 }

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/signers/BaseSigner.java

@@ -234,6 +234,19 @@ public WorkerStatusInfo getStatus(final List<String> additionalFatalErrors, fina
                                     completeEntries, config);
     }
 
+    public boolean requiresTransaction(final IServices services) {
+        try {
+            ICryptoTokenV4 cryptoToken = super.getCryptoToken(services);
+            if (cryptoToken == null) {
+                return false;
+            }
+            return cryptoToken.requiresTransactionForSigning();
+        } catch (Exception e) {
+            LOG.warn("Unable to determine whether a worker requires a transaction. Defaulting to False.", e);
+            return false;
+        }
+    }
+
     @Override
     protected List<String> getFatalErrors(IServices services) {
         final LinkedList<String> errors = new LinkedList<>(super.getFatalErrors(services));

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/timedservices/BaseTimedService.java

@@ -142,6 +142,11 @@ public boolean isSingleton() {
         return active.trim().equalsIgnoreCase("TRUE");
     }
 
+    @Override
+    public boolean requiresTransaction(final IServices services) {
+        return false;
+    }
+
     @Override
     public WorkerStatusInfo getStatus(final List<String> additionalFatalErrors, final IServices services) {
         final List<String> fatalErrorsIncludingAdditionalErrors = new LinkedList<>(additionalFatalErrors);

signserver/modules/SignServer-Server/src/main/java/org/signserver/server/timedservices/ITimedService.java

@@ -14,6 +14,7 @@
 
 import java.util.Set;
 import org.signserver.common.ServiceContext;
+import org.signserver.server.IServices;
 import org.signserver.server.IWorker;
 import org.signserver.server.ServiceExecutionFailedException;
 
@@ -62,7 +63,12 @@ public interface ITimedService extends IWorker {
      * the time, of false if it should be run on all nodes simultaneously.
      */
     boolean isSingleton();
-    
+
+    /**
+     * @return true if the service requires a transaction to be executed successfully
+     */
+    boolean requiresTransaction(final IServices services);
+
     /**
      * Get log types for logging work invocations.
      * 

signserver/modules/SignServer-ejb/src/main/java/org/signserver/ejb/DispatcherProcessSessionBean.java

@@ -139,7 +139,7 @@ public Response process(final AdminInfo adminInfo, final WorkerIdentifier wi,
             throws IllegalRequestException, CryptoTokenOfflineException,
             SignServerException {
         requestContext.setServices(servicesImpl);
-        if (SessionUtils.needsTransaction(workerManagerSession, wi)) {
+        if (SessionUtils.needsTransaction(workerManagerSession, wi, servicesImpl)) {
             // use separate transaction bean to avoid deadlock
             return dispatcherProcessTransSession.processWithTransaction(adminInfo, wi, request, requestContext);
         } else {