mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 46209c | patch | commitdiff
david_page
23.32.2007 ac23ff6abad732aa7893afb76d2778b2b6433a93
refs
author david_page <david_page@localhost>
Thursday, August 23, 2007 20:32 +0200
committer david_page <david_page@localhost>
Thursday, August 23, 2007 20:32 +0200
commitac23ff6abad732aa7893afb76d2778b2b6433a93
tree f5c37e8ecda63f064052ac9916b297b2168f5da1 tree | zip | gz
parent 46209c35182807de753f0e7c0a9def162dfbdd78 view | diff 
Issue 466 preparation.

As part of https://opends.dev.java.net/issues/show_bug.cgi?id=466 org.opends.admin.ads.ADSContext#registerServer will add an entry for the instance key public-key certificate under 'cn=instance keys,cn=admin data'.

Conversely, the ADSContext#unregisterServer method will deprecate the instance key public-key certificate (i.e., add ds-cfg-key-deprecation-time to the key entry under cn=instance keys,cn=admin data) associated with the server.

Adding or deprecating a instance key public-key certificate entry in ADS has side effects across the ADS domain hosts. In particular, if the instance is an ADS host, each shared secret (encryption) key is wrapped in the instance's public key certificate, so on an addition, the keys are wrapped and added to ADS, while on a certificate deprecation, the keys wrapped with that certificate are deleted.

In the current implementation of org.opends.quicksetup.installer.Installer#updateADS , if the installer detects an ADS entry for the to-be-registered server, it calls ADSContext.unregisterServer then ADSContext.registerServer.  To avoid the perturbation in the ADS-based key distribution, I have replaced the unregister-register sequence with a call to ADSContext.updateServer (which does an LDAP modify replace for the attribute values in the server attribute map). This change was accomplished by calling ADSContext.registerOrUpdateServer.

The changes also include some minor code cleanup, comments, and tidying to eliminate IDEA warnings in ADSContext.

Tests:

I have run the precommit target and done some simple tests to ensure a 1) a remote standalone instance can be promoted to an ADS during an new instance creation; 2) an instance can be created as an ADS and another new instance can be created and added to that ADS; and 3) an instance already in ADS can be destroyed (without unregistering) and recreated and re-added to the ADS (the updateServer scenario). The message for that case is now:

Aug 23, 2007 11:04:05 AM org.opends.quicksetup.installer.Installer updateADS
WARNING: Server was already registered. Updating server registration.
2 files modified
171 ■■■■ changed files
opendj-sdk/opends/src/ads/org/opends/admin/ads/ADSContext.java 62 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java 109 ●●●● diff | view | raw | blame | history