From d8ecac31301960d58a6dc856939a97d709e82773 Mon Sep 17 00:00:00 2001
From: Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Date: Tue, 03 May 2016 09:43:02 +0000
Subject: [PATCH] OPENDJ-2617 Add confidentiality (encryption) option for replication changelog

---
 opendj-server-legacy/src/main/java/org/opends/server/replication/server/ReplicationServer.java |   20 +++++++++++++++++++-
 1 files changed, 19 insertions(+), 1 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/replication/server/ReplicationServer.java b/opendj-server-legacy/src/main/java/org/opends/server/replication/server/ReplicationServer.java
index f58a2c0..01377c6 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/replication/server/ReplicationServer.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/replication/server/ReplicationServer.java
@@ -53,6 +53,7 @@
 import org.opends.server.api.VirtualAttributeProvider;
 import org.opends.server.backends.ChangelogBackend;
 import org.opends.server.core.DirectoryServer;
+import org.opends.server.crypto.CryptoSuite;
 import org.opends.server.replication.common.CSN;
 import org.opends.server.replication.common.MultiDomainServerState;
 import org.opends.server.replication.common.ServerState;
@@ -129,6 +130,8 @@
    */
   private static final List<ReplicationServer> allInstances = new ArrayList<>();
 
+  private final CryptoSuite cryptoSuite;
+
   /**
    * Creates a new Replication server using the provided configuration entry.
    *
@@ -170,7 +173,10 @@
     this.domainPredicate = predicate;
 
     enableExternalChangeLog();
-    this.changelogDB = new FileChangelogDB(this, config.getReplicationDBDirectory());
+    cryptoSuite = DirectoryServer.getInstance().getServerContext().getCryptoManager().
+        newCryptoSuite(cfg.getCipherTransformation(), cfg.getCipherKeyLength(), cfg.isConfidentialityEnabled());
+
+    this.changelogDB = new FileChangelogDB(this, config.getReplicationDBDirectory(), cryptoSuite);
 
     replSessionSecurity = new ReplSessionSecurity();
     initialize();
@@ -871,6 +877,9 @@
       }
     }
 
+    cryptoSuite.newParameters(config.getCipherTransformation(), config.getCipherKeyLength(),
+        config.isConfidentialityEnabled());
+
     // changing the listen port requires to stop the listen thread
     // and restart it.
     if (getReplicationPort() != oldConfig.getReplicationPort())
@@ -1337,6 +1346,15 @@
     return MultimasterReplication.isECLEnabled();
   }
 
+  /**
+   * Return whether change-log records should be encrypted.
+   * @return trus if change-log records should be encrypted
+   */
+  public boolean isEncrypted()
+  {
+    return config.isConfidentialityEnabled();
+  }
+
   @Override
   public String toString()
   {

--
Gitblit v1.10.0