From af76a3750288d90c006022829887c92601a4737c Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Mon, 24 Jun 2013 11:56:44 +0000
Subject: [PATCH] OPENDJ-885 - Replication replay may lose changes if it can't acquire a writeLock

---
 opends/src/server/org/opends/server/extensions/SubjectEqualsDNCertificateMapper.java |   35 ++++++++++-------------------------
 1 files changed, 10 insertions(+), 25 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/SubjectEqualsDNCertificateMapper.java b/opends/src/server/org/opends/server/extensions/SubjectEqualsDNCertificateMapper.java
index 07b5dad..934d522 100644
--- a/opends/src/server/org/opends/server/extensions/SubjectEqualsDNCertificateMapper.java
+++ b/opends/src/server/org/opends/server/extensions/SubjectEqualsDNCertificateMapper.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2006-2008 Sun Microsystems, Inc.
+ *      Portions Copyright 2013 ForgeRock AS
  */
 package org.opends.server.extensions;
 
@@ -30,29 +31,22 @@
 
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import javax.security.auth.x500.X500Principal;
 import java.util.concurrent.locks.Lock;
 
+import javax.security.auth.x500.X500Principal;
+
 import org.opends.messages.Message;
 import org.opends.server.admin.std.server.SubjectEqualsDNCertificateMapperCfg;
 import org.opends.server.api.CertificateMapper;
 import org.opends.server.config.ConfigException;
 import org.opends.server.core.DirectoryServer;
 import org.opends.server.loggers.debug.DebugTracer;
-import org.opends.server.types.DebugLogLevel;
-import org.opends.server.types.DirectoryException;
-import org.opends.server.types.DN;
-import org.opends.server.types.Entry;
-import org.opends.server.types.InitializationException;
-import org.opends.server.types.LockManager;
-import org.opends.server.types.ResultCode;
+import org.opends.server.types.*;
 
-import static org.opends.server.loggers.debug.DebugLogger.*;
 import static org.opends.messages.ExtensionMessages.*;
+import static org.opends.server.loggers.debug.DebugLogger.*;
 import static org.opends.server.util.StaticUtils.*;
 
-
-
 /**
  * This class implements a very simple Directory Server certificate mapper that
  * will map a certificate to a user only if the subject of the peer certificate
@@ -74,7 +68,6 @@
   public SubjectEqualsDNCertificateMapper()
   {
     super();
-
   }
 
 
@@ -82,6 +75,7 @@
   /**
    * {@inheritDoc}
    */
+  @Override
   public void initializeCertificateMapper(SubjectEqualsDNCertificateMapperCfg
                                                configuration)
          throws ConfigException, InitializationException
@@ -111,6 +105,7 @@
    *                              error message should be returned to the
    *                              client.
    */
+  @Override
   public Entry mapCertificateToUser(Certificate[] certificateChain)
          throws DirectoryException
   {
@@ -163,21 +158,11 @@
 
     // Acquire a read lock on the user entry.  If this fails, then so will the
     // certificate mapping.
-    Lock readLock = null;
-    for (int i=0; i < 3; i++)
-    {
-      readLock = LockManager.lockRead(subjectDN);
-      if (readLock != null)
-      {
-        break;
-      }
-    }
-
+    final Lock readLock = LockManager.lockRead(subjectDN);
     if (readLock == null)
     {
-      Message message =
-          ERR_SEDCM_CANNOT_LOCK_ENTRY.get(String.valueOf(subjectDN));
-      throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message);
+      throw new DirectoryException(ResultCode.BUSY, ERR_SEDCM_CANNOT_LOCK_ENTRY
+          .get(String.valueOf(subjectDN)));
     }
 
 

--
Gitblit v1.10.0