CryptoManagerSync.java revision af53bf9d654793177a14fb00231c6da12707e407
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2007 Sun Microsystems, Inc.
*/
/**
* This class defines an object that synchronizes certificates from the admin
* data branch into the trust store backend, and synchronizes secret-key entries
* from the admin data branch to the crypto manager secret-key cache.
*/
public class CryptoManagerSync
{
/**
* The debug log tracer for this object.
*/
// The DN of the administration suffix.
private DN adminSuffixDN;
// The DN of the instance keys container within the admin suffix.
private DN instanceKeysDN;
// The DN of the secret keys container within the admin suffix.
private DN secretKeysDN;
// The DN of the trust store root.
private DN trustStoreRootDN;
// The attribute type that is used to specify a server instance certificate.
// The attribute type that holds a server certificate identifier.
// The attribute type that holds the time a key was compromised.
// A filter on object class to select key entries.
private SearchFilter keySearchFilter;
// The instance key objectclass.
private ObjectClass ocInstanceKey;
// The cipher key objectclass.
private ObjectClass ocCipherKey;
// The mac key objectclass.
private ObjectClass ocMacKey;
/**
* Creates a new instance of this trust store synchronization thread.
*
* @throws InitializationException in case an exception occurs during
* initialization, such as a failure to publish the instance-key-pair
* public-key-certificate in ADS.
*/
public CryptoManagerSync()
throws InitializationException
{
try {
}
catch (CryptoManagerException ex) {
}
try
{
")");
}
catch (DirectoryException e)
{
//
}
OC_CRYPTO_INSTANCE_KEY, true);
OC_CRYPTO_CIPHER_KEY, true);
OC_CRYPTO_MAC_KEY, true);
ConfigConstants.ATTR_CRYPTO_KEY_ID, true);
{
}
}
private void searchAdminSuffix()
{
0, 0,
false, keySearchFilter, attributes,
null);
{
}
{
try
{
}
catch (DirectoryException e)
{
if (debugEnabled())
{
}
}
}
}
/**
* {@inheritDoc}
*/
{
{
{
{
}
}
}
}
/**
* {@inheritDoc}
*/
{
// No implementation required.
}
throws DirectoryException
{
{
}
else
{
try
{
{
}
{
}
}
catch (CryptoManagerException e)
{
throw new DirectoryException(
}
}
}
throws DirectoryException
{
// Only process the entry if it has the expected form of RDN.
if (!srcRDN.isMultiValued() &&
{
// Extract any change notification control.
try
{
{
{
}
}
}
catch (LDAPException e)
{
// ignore
}
// Get any existing local trust store entry.
{
// The entry was deleted so we should remove it from the local trust
// store.
{
}
}
{
// The key was compromised so we should remove it from the local
// trust store.
{
}
}
else
{
// The entry was added or modified.
{
}
else
{
}
}
}
}
/**
* Modify an entry in the local trust store if it differs from an entry in
* the ADS branch.
* @param srcEntry The instance key entry in the ADS branch.
* @param dstEntry The local trust store entry.
*/
{
// Check for changes to the certificate value.
boolean differ = false;
{
{
differ = true;
}
}
{
differ = true;
}
{
differ = true;
}
else
{
{
differ = true;
}
}
if (differ)
{
// The trust store backend does not implement modify so we need to
// delete then add.
}
}
/**
* Delete an entry from the local trust store.
* @param dstDN The DN of the entry to be deleted in the local trust store.
*/
{
{
}
}
/**
* Add an entry to the local trust store.
* @param srcEntry The instance key entry in the ADS branch.
* @param dstDN The DN of the entry to be added in the local trust store.
*/
{
{
}
{
}
{
}
}
/**
* {@inheritDoc}
*/
{
{
}
{
try
{
{
}
{
}
}
catch (CryptoManagerException e)
{
e.getMessage());
}
}
}
{
// Only process the entry if it has the expected form of RDN.
if (!srcRDN.isMultiValued() &&
{
{
}
}
}
/**
* {@inheritDoc}
*/
{
{
return;
}
// Only process the entry if it has the expected form of RDN.
if (!srcRDN.isMultiValued() &&
{
}
}
/**
* {@inheritDoc}
*/
{
{
}
{
try
{
{
}
{
}
}
catch (CryptoManagerException e)
{
e.getMessage());
}
}
}
{
// Only process the entry if it has the expected form of RDN.
if (!srcRDN.isMultiValued() &&
{
// Get any existing local trust store entry.
try
{
}
catch (DirectoryException e)
{
// ignore
}
{
// The key was compromised so we should remove it from the local
// trust store.
{
}
}
else
{
{
}
else
{
}
}
}
}
/**
* {@inheritDoc}
*/
public void handleModifyDNOperation(
{
// No implementation required.
}
}