mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: b562bb | patch | commitdiff
Fabio Pistolesi
22.30.2016 1a2cdfb5cf5f89348e8fee7ceeaa699d4aa54cea
refs
author Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Monday, February 22, 2016 14:30 +0100
committer Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Thursday, April 21, 2016 17:17 +0200
commit1a2cdfb5cf5f89348e8fee7ceeaa699d4aa54cea
tree 3381ec25a5b096151271d7f80fe50065e8446d68 tree | zip | gz
parent b562bb7b23759b1ba50c4618eb35010054965226 view | diff 
OPENDJ-2616 Support protection of pluggable backend data at rest

Allow for encryption of entries in ID2Entry, via a new backend option.
Encryption reuses the existing Cryptomanager for generating and maintaining keys.
Besides the entry themselves, EntryIDSets are also encrypted in substring indexes, with the same cipher as for ID2Entry. A new format is introduced to distinguish clear text vs. cipher text values: cipher text starts with a zero, the only
value not used by standard encoding.
Equality indexes have their keys reduced to a 6 bytes hash, using SHA-1.
Substring indexes encrypt with the same cipher transformation as ID2Entry their values instead.
26 files modified
1 files added
1132 ■■■■ changed files
opendj-core/src/main/java/org/forgerock/opendj/ldap/ByteSequenceReader.java 13 ●●●● diff | view | raw | blame | history
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/BackendIndexConfiguration.xml 34 ●●●●● diff | view | raw | blame | history
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/PluggableBackendConfiguration.xml 91 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/resource/schema/02-config.ldif 12 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/AttributeIndex.java 169 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/BackendStat.java 10 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DataConfig.java 108 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DefaultIndex.java 31 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DnKeyFormat.java 2 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java 85 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryIDSet.java 66 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/ExportJob.java 11 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/ID2Entry.java 210 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/Index.java 4 ●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexBuffer.java 12 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexQueryFactoryImpl.java 33 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/OnDiskMergeImporter.java 8 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/RootContainer.java 2 ●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/VerifyJob.java 2 ●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java 7 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java 8 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java 6 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoSuite.java 176 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/server/types/CryptoManager.java 12 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/messages/org/opends/messages/backend.properties 10 ●●●●● diff | view | raw | blame | history
opendj-server-legacy/src/messages/org/opends/messages/core.properties 1 ●●●● diff | view | raw | blame | history
opendj-server-legacy/src/test/java/org/opends/server/backends/pluggable/TestDnKeyFormat.java 9 ●●●●● diff | view | raw | blame | history