OPENDJ-2341: dsreplication initialize-all task fails with STOPPED_BY_ERROR.

Yannick Lecaillez

15.02.2015 9802403bc29dc60acb41df7b1b3ece57f05d2034

OPENDJ-2341: dsreplication initialize-all task fails with STOPPED_BY_ERROR.

Due to current limitation in CryptoManager, it's not possible for a server instance declared in the
ADS to have two public keys. Since this is required for EC to works (to perform the client authentication),
the EC support has been removed from the replication.

 opendj-server-legacy/resource/config/config.ldif

@@ -105,7 +105,6 @@
objectClass: ds-cfg-crypto-manager
cn: Crypto Manager
ds-cfg-ssl-cert-nickname: ads-certificate
ds-cfg-ssl-cert-nickname: ads-certificate-ec
ds-cfg-ssl-encryption: false

dn: cn=Account Status Notification Handlers,cn=config

 opendj-server-legacy/src/main/java/org/opends/server/backends/TrustStoreBackend.java

@@ -1454,42 +1454,34 @@
   * @throws InitializationException If an error occurs while interacting with
   *                                 the key store.
   */
  private void generateInstanceCertificateIfAbsent()
       throws InitializationException
  private void generateInstanceCertificateIfAbsent() throws InitializationException
  {
    final String certAliases[] = { ADS_CERTIFICATE_ALIAS, ADS_CERTIFICATE_EC_ALIAS };

    for (String certAlias : certAliases)
    final String certAlias = ADS_CERTIFICATE_ALIAS;
    try
    {
      try
      if (certificateManager.aliasInUse(certAlias))
      {
        if (certificateManager.aliasInUse(certAlias))
        {
          continue;
        }
        return;
      }
      catch (Exception e)
      {
        LocalizableMessage message = ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(
            certAlias, trustStoreFile, getExceptionMessage(e));
       throw new InitializationException(message, e);
      }
    }
    catch (Exception e)
    {
      LocalizableMessage message =
          ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(certAlias, trustStoreFile, getExceptionMessage(e));
      throw new InitializationException(message, e);
    }

      try
      {
        final KeyType keyType = KeyType.getTypeOrDefault(certAlias);
        certificateManager.generateSelfSignedCertificate(
            keyType,
            certAlias,
            getADSCertificateSubjectDN(keyType),
            getADSCertificateValidity());
      }
      catch (Exception e)
      {
        LocalizableMessage message = ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(
            certAlias, trustStoreFile, getExceptionMessage(e));
       throw new InitializationException(message, e);
      }
    try
    {
      final KeyType keyType = KeyType.getTypeOrDefault(certAlias);
      certificateManager.generateSelfSignedCertificate(keyType, certAlias, getADSCertificateSubjectDN(keyType),
          getADSCertificateValidity());
    }
    catch (Exception e)
    {
      LocalizableMessage message =
          ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(certAlias, trustStoreFile, getExceptionMessage(e));
      throw new InitializationException(message, e);
    }
  }
}

 opendj-server-legacy/src/main/java/org/opends/server/config/ConfigConstants.java

@@ -2822,12 +2822,6 @@
  public static final String ADS_CERTIFICATE_ALIAS = "ads-certificate";

  /**
   * Alias of the local instance certificate in the ADS keystore using elliptic curve.
   */
  public static final String ADS_CERTIFICATE_EC_ALIAS = ADS_CERTIFICATE_ALIAS + "-ec";


  /**
   * The DN of the entry that will serve as the base for local ADS trust store
   * information.
   */