From 1a2cdfb5cf5f89348e8fee7ceeaa699d4aa54cea Mon Sep 17 00:00:00 2001
From: Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Date: Thu, 21 Apr 2016 15:17:15 +0000
Subject: [PATCH] OPENDJ-2616 Support protection of pluggable backend data at rest

---
 opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexQueryFactoryImpl.java |   33 +++++++++++++++++++++++++++++----
 1 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexQueryFactoryImpl.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexQueryFactoryImpl.java
index 2fa1329..fdda820 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexQueryFactoryImpl.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/IndexQueryFactoryImpl.java
@@ -23,10 +23,12 @@
 import java.util.ArrayList;
 import java.util.Collection;
 
+import org.forgerock.i18n.LocalizableMessage;
 import org.forgerock.i18n.LocalizableMessageBuilder;
 import org.forgerock.i18n.slf4j.LocalizedLogger;
 import org.forgerock.opendj.ldap.ByteSequence;
 import org.forgerock.opendj.ldap.ByteString;
+import org.forgerock.opendj.ldap.DecodeException;
 import org.forgerock.opendj.ldap.schema.AttributeType;
 import org.forgerock.opendj.ldap.spi.IndexQueryFactory;
 import org.forgerock.opendj.ldap.spi.IndexingOptions;
@@ -169,19 +171,34 @@
   {
     return new IndexQuery()
       {
+
         @Override
         public EntryIDSet evaluate(LocalizableMessageBuilder debugMessage, StringBuilder indexNameOut)
         {
           // Read the tree and get Record for the key.
           // Select the right index to be used.
-          final Index index = attributeIndex.getNameToIndexes().get(indexID);
+          Index index = attributeIndex.getNameToIndexes().get(indexID);
+          ByteSequence indexKey = key;
           if (index == null)
           {
-            appendDisabledIndexType(debugMessage, indexID, attributeIndex.getAttributeType());
-            return createMatchAllQuery().evaluate(debugMessage, indexNameOut);
+            index = attributeIndex.getNameToIndexes().get(indexID + AttributeIndex.PROTECTED_INDEX_ID);
+            if (index == null)
+            {
+              appendDisabledIndexType(debugMessage, indexID, attributeIndex.getAttributeType());
+              return createMatchAllQuery().evaluate(debugMessage, indexNameOut);
+            }
+            try
+            {
+              indexKey = attributeIndex.getCryptoSuite().hash48(key);
+            }
+            catch (DecodeException de)
+            {
+              appendExceptionError(debugMessage, de.getMessageObject());
+              return createMatchAllQuery().evaluate(debugMessage, indexNameOut);
+            }
           }
 
-          final EntryIDSet entrySet = index.get(txn, key);
+          final EntryIDSet entrySet = index.get(txn, indexKey);
           updateStatsForUndefinedResults(debugMessage, entrySet, index);
           return entrySet;
         }
@@ -367,6 +384,14 @@
       };
   }
 
+  private static void appendExceptionError(LocalizableMessageBuilder debugMessage, LocalizableMessage msg)
+  {
+    if (debugMessage != null)
+    {
+      debugMessage.append(msg);
+    }
+  }
+
   private static void appendDisabledIndexType(LocalizableMessageBuilder debugMessage, String indexID,
       AttributeType attrType)
   {

--
Gitblit v1.10.0