From d8ecac31301960d58a6dc856939a97d709e82773 Mon Sep 17 00:00:00 2001
From: Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Date: Tue, 03 May 2016 09:43:02 +0000
Subject: [PATCH] OPENDJ-2617 Add confidentiality (encryption) option for replication changelog

---
 opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java |   35 +++++++++++++++++++++++------------
 1 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
index 8e71e8a..c2bd410 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
@@ -154,6 +154,8 @@
 
   /** The set of attribute indexes. */
   private final Map<AttributeType, AttributeIndex> attrIndexMap = new HashMap<>();
+
+  private final Map<AttributeType, CryptoSuite> attrCryptoMap = new HashMap<>();
   /** The set of VLV (Virtual List View) indexes. */
   private final Map<String, VLVIndex> vlvIndexMap = new HashMap<>();
 
@@ -165,8 +167,6 @@
 
   private final ServerContext serverContext;
 
-  private CryptoSuite cryptoSuite;
-
   /**
    * This class is responsible for managing the configuration for attribute
    * indexes used within this entry container.
@@ -180,7 +180,7 @@
     {
       try
       {
-        newAttributeIndex(cfg);
+        newAttributeIndex(cfg, null);
         return true;
       }
       catch(Exception e)
@@ -196,7 +196,8 @@
       final ConfigChangeResult ccr = new ConfigChangeResult();
       try
       {
-        final AttributeIndex index = newAttributeIndex(cfg);
+        final CryptoSuite cryptoSuite = newCryptoSuite(cfg.isConfidentialityEnabled());
+        final AttributeIndex index = newAttributeIndex(cfg, cryptoSuite);
         storage.write(new WriteOperation()
         {
           @Override
@@ -209,6 +210,7 @@
               ccr.addMessage(NOTE_INDEX_ADD_REQUIRES_REBUILD.get(cfg.getAttribute().getNameOrOID()));
             }
             attrIndexMap.put(cfg.getAttribute(), index);
+            attrCryptoMap.put(cfg.getAttribute(), cryptoSuite);
           }
         });
       }
@@ -242,6 +244,7 @@
           public void run(WriteableTransaction txn) throws Exception
           {
             attrIndexMap.remove(cfg.getAttribute()).closeAndDelete(txn);
+            attrCryptoMap.remove(cfg.getAttribute());
           }
         });
       }
@@ -370,7 +373,13 @@
     config.addBackendVLVIndexDeleteListener(vlvIndexCfgManager);
   }
 
-  private AttributeIndex newAttributeIndex(BackendIndexCfg cfg) throws ConfigException
+  private CryptoSuite newCryptoSuite(boolean confidentiality)
+  {
+    return serverContext.getCryptoManager().newCryptoSuite(config.getCipherTransformation(),
+        config.getCipherKeyLength(), confidentiality);
+  }
+
+  private AttributeIndex newAttributeIndex(BackendIndexCfg cfg, CryptoSuite cryptoSuite) throws ConfigException
   {
     return new AttributeIndex(cfg, state, this, cryptoSuite);
   }
@@ -381,7 +390,8 @@
         .compress(config.isEntriesCompressed())
         .encode(config.isCompactEncoding())
         .encrypt(config.isConfidentialityEnabled())
-        .cryptoSuite(cryptoSuite)
+        .cryptoSuite(serverContext.getCryptoManager().newCryptoSuite(config.getCipherTransformation(),
+            config.getCipherKeyLength(),config.isConfidentialityEnabled()))
         .schema(rootContainer.getCompressedSchema())
         .build();
   }
@@ -404,8 +414,6 @@
     boolean shouldCreate = accessMode.isWriteable();
     try
     {
-      cryptoSuite = serverContext.getCryptoManager().newCryptoSuite(config.getCipherTransformation(),
-          config.getCipherKeyLength());
       id2entry = new ID2Entry(getIndexName(ID2ENTRY_TREE_NAME), newDataConfig(config));
       id2entry.open(txn, shouldCreate);
       id2childrenCount.open(txn, shouldCreate);
@@ -417,13 +425,15 @@
       {
         BackendIndexCfg indexCfg = config.getBackendIndex(idx);
 
-        final AttributeIndex index = newAttributeIndex(indexCfg);
+        CryptoSuite cryptoSuite = newCryptoSuite(indexCfg.isConfidentialityEnabled());
+        final AttributeIndex index = newAttributeIndex(indexCfg, cryptoSuite);
         index.open(txn, shouldCreate);
         if(!index.isTrusted())
         {
           logger.info(NOTE_INDEX_ADD_REQUIRES_REBUILD, index.getName());
         }
         attrIndexMap.put(indexCfg.getAttribute(), index);
+        attrCryptoMap.put(indexCfg.getAttribute(), cryptoSuite);
       }
 
       for (String idx : config.listBackendVLVIndexes())
@@ -2386,13 +2396,14 @@
         @Override
         public void run(WriteableTransaction txn) throws Exception
         {
-          cryptoSuite.setCipherTransformation(cfg.getCipherTransformation());
-          cryptoSuite.setCipherKeyLength(cfg.getCipherKeyLength());
           id2entry.setDataConfig(newDataConfig(cfg));
-
           EntryContainer.this.config = cfg;
         }
       });
+      for (CryptoSuite indexCrypto : attrCryptoMap.values())
+      {
+        indexCrypto.newParameters(cfg.getCipherTransformation(), cfg.getCipherKeyLength(), indexCrypto.isEncrypted());
+      }
     }
     catch (Exception e)
     {

--
Gitblit v1.10.0