CryptoManagerSync.java revision 5a92d951296cae7ad72e45f84c92d40a6d41ad40
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * CDDL HEADER START
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms of the
3371be256ea01dd6e09b2d28c64b495c3d43e32bMark de Reeper * Common Development and Distribution License, Version 1.0 only
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the "License"). You may not use this file except in compliance
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
3371be256ea01dd6e09b2d28c64b495c3d43e32bMark de Reeper * or http://forgerock.org/license/CDDLv1.0.html.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing permissions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL HEADER in each
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * file and include the License file at legal-notices/CDDLv1_0.txt.
3371be256ea01dd6e09b2d28c64b495c3d43e32bMark de Reeper * If applicable, add the following below this CDDL HEADER, with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * fields enclosed by brackets "[]" replaced with your own identifying
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Portions Copyright [yyyy] [name of copyright owner]
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * CDDL HEADER END
3371be256ea01dd6e09b2d28c64b495c3d43e32bMark de Reeper * Copyright 2008-2010 Sun Microsystems, Inc.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Portions Copyright 2014-2015 ForgeRock AS
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.messages.CoreMessages.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.api.plugin.PluginType.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.config.ConfigConstants.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.core.DirectoryServer.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.protocols.internal.InternalClientConnection.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.protocols.internal.Requests.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.util.ServerConstants.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.opends.server.util.StaticUtils.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.i18n.slf4j.LocalizedLogger;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.api.BackendInitializationListener;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.api.plugin.InternalDirectoryServerPlugin;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.api.plugin.PluginResult.PostResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.config.ConfigConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.controls.EntryChangeNotificationControl;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.controls.PersistentSearchChangeType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.protocols.internal.InternalClientConnection;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.protocols.internal.InternalSearchOperation;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.protocols.internal.SearchRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.protocols.ldap.LDAPControl;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.CryptoManagerException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.DirectoryException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.InitializationException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.SearchResultEntry;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.operation.PostResponseAddOperation;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.operation.PostResponseDeleteOperation;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.opends.server.types.operation.PostResponseModifyOperation;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class defines an object that synchronizes certificates from the admin
fdd3077db2228482076ca7f288c80761f311ea0eMark de Reeper * data branch into the trust store backend, and synchronizes secret-key entries
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from the admin data branch to the crypto manager secret-key cache.
fdd3077db2228482076ca7f288c80761f311ea0eMark de Reeperpublic class CryptoManagerSync extends InternalDirectoryServerPlugin
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The debug log tracer for this object. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The DN of the administration suffix. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The DN of the instance keys container within the admin suffix. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The DN of the secret keys container within the admin suffix. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The DN of the trust store root. */
fdd3077db2228482076ca7f288c80761f311ea0eMark de Reeper /** The attribute type that is used to specify a server instance certificate. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The attribute type that holds a server certificate identifier. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** The attribute type that holds the time a key was compromised. */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private final AttributeType attrCompromisedTime;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /** A filter on object class to select key entries. */
catch (DirectoryException e)
catch (DirectoryException e)
throw new RuntimeException(e);
private void searchAdminSuffix()
SearchRequest request = newSearchRequest(adminSuffixDN, SearchScope.WHOLE_SUBTREE, keySearchFilter);
catch (DirectoryException e)
throws DirectoryException
catch (CryptoManagerException e)
throw new DirectoryException(
throws DirectoryException
if (c instanceof LDAPControl)
catch (DirectoryException e)
boolean differ = false;
differ = true;
differ = true;
if (differ)
catch (CryptoManagerException e)
catch (CryptoManagerException e)
catch (DirectoryException e)