mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: b366de | patch | commitdiff
david_page
23.32.2007 f59ae4ad1461ea286a28405c123f01265655f2f6
refs
author david_page <david_page@localhost>
Thursday, August 23, 2007 20:32 +0200
committer david_page <david_page@localhost>
Thursday, August 23, 2007 20:32 +0200
commitf59ae4ad1461ea286a28405c123f01265655f2f6
tree 0ddce4aa4e3892bee947451f704c207976914b4a tree | zip | gz
parent b366de49e330e1ebd93bb10ee3ebbd1e35d249bb view | diff 
Issue 466 preparation.

As part of https://opends.dev.java.net/issues/show_bug.cgi?id=466 org.opends.admin.ads.ADSContext#registerServer will add an entry for the instance key public-key certificate under 'cn=instance keys,cn=admin data'.

Conversely, the ADSContext#unregisterServer method will deprecate the instance key public-key certificate (i.e., add ds-cfg-key-deprecation-time to the key entry under cn=instance keys,cn=admin data) associated with the server.

Adding or deprecating a instance key public-key certificate entry in ADS has side effects across the ADS domain hosts. In particular, if the instance is an ADS host, each shared secret (encryption) key is wrapped in the instance's public key certificate, so on an addition, the keys are wrapped and added to ADS, while on a certificate deprecation, the keys wrapped with that certificate are deleted.

In the current implementation of org.opends.quicksetup.installer.Installer#updateADS , if the installer detects an ADS entry for the to-be-registered server, it calls ADSContext.unregisterServer then ADSContext.registerServer.  To avoid the perturbation in the ADS-based key distribution, I have replaced the unregister-register sequence with a call to ADSContext.updateServer (which does an LDAP modify replace for the attribute values in the server attribute map). This change was accomplished by calling ADSContext.registerOrUpdateServer.

The changes also include some minor code cleanup, comments, and tidying to eliminate IDEA warnings in ADSContext.

Tests:

I have run the precommit target and done some simple tests to ensure a 1) a remote standalone instance can be promoted to an ADS during an new instance creation; 2) an instance can be created as an ADS and another new instance can be created and added to that ADS; and 3) an instance already in ADS can be destroyed (without unregistering) and recreated and re-added to the ADS (the updateServer scenario). The message for that case is now:

Aug 23, 2007 11:04:05 AM org.opends.quicksetup.installer.Installer updateADS
WARNING: Server was already registered. Updating server registration.
2 files modified
171 ■■■■ changed files
opends/src/ads/org/opends/admin/ads/ADSContext.java 62 ●●●● diff | view | raw | blame | history
opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java 109 ●●●● diff | view | raw | blame | history