From dc85d3be1d993e170e6a2f0af6544ab3ee0b7d76 Mon Sep 17 00:00:00 2001
From: Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Date: Wed, 08 Jun 2016 14:26:19 +0000
Subject: [PATCH] OPENDJ-3086 Acquire and distribute encryption keys when applying config changes to backends

---
 opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java |   40 +++++++++++++++++++++++++++++-----------
 1 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
index cac8f8a..82f78e8 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
@@ -2362,22 +2362,40 @@
   @Override
   public boolean isConfigurationChangeAcceptable(PluggableBackendCfg cfg, List<LocalizableMessage> unacceptableReasons)
   {
-    StringBuilder builder = new StringBuilder();
-    for (AttributeIndex attributeIndex : attrIndexMap.values())
+    if (cfg.isConfidentialityEnabled())
     {
-      if (attributeIndex.isConfidentialityEnabled() && !cfg.isConfidentialityEnabled())
+      final String cipherTransformation = cfg.getCipherTransformation();
+      final int keyLength = cfg.getCipherKeyLength();
+
+      try
       {
-        if (builder.length() > 0)
-        {
-          builder.append(", ");
-        }
-        builder.append(attributeIndex.getAttributeType().getNameOrOID());
+        serverContext.getCryptoManager().ensureCipherKeyIsAvailable(cipherTransformation, keyLength);
+      }
+      catch (Exception e)
+      {
+        unacceptableReasons.add(ERR_BACKEND_FAULTY_CRYPTO_TRANSFORMATION.get(cipherTransformation, keyLength, e));
+        return false;
       }
     }
-    if (builder.length() > 0)
+    else
     {
-      unacceptableReasons.add(ERR_BACKEND_CANNOT_CHANGE_CONFIDENTIALITY.get(getBaseDN(), builder.toString()));
-      return false;
+      StringBuilder builder = new StringBuilder();
+      for (AttributeIndex attributeIndex : attrIndexMap.values())
+      {
+        if (attributeIndex.isConfidentialityEnabled())
+        {
+          if (builder.length() > 0)
+          {
+            builder.append(", ");
+          }
+          builder.append(attributeIndex.getAttributeType().getNameOrOID());
+        }
+      }
+      if (builder.length() > 0)
+      {
+        unacceptableReasons.add(ERR_BACKEND_CANNOT_CHANGE_CONFIDENTIALITY.get(getBaseDN(), builder.toString()));
+        return false;
+      }
     }
     return true;
   }

--
Gitblit v1.10.0