From 88b5935e25fae6d6b65e4a43e151a546d0bc8787 Mon Sep 17 00:00:00 2001
From: david_page <david_page@localhost>
Date: Wed, 10 Oct 2007 16:38:28 +0000
Subject: [PATCH] issue 466 (partial) remove redundant server property BACKUP_PROPERTY_CIPHER_ALGORITHM The cipher algorithm used is encoded in the backup data prologue.
---
opends/src/messages/messages/config.properties | 7 +--
opends/src/messages/messages/backend.properties | 7 +--
opends/src/server/org/opends/server/extensions/ConfigFileHandler.java | 16 +-------
opends/src/messages/messages/jeb.properties | 2
opends/src/server/org/opends/server/backends/jeb/BackupManager.java | 21 +++-------
opends/src/server/org/opends/server/backends/SchemaBackend.java | 19 ++-------
opends/src/server/org/opends/server/types/CryptoManager.java | 26 ++++---------
opends/src/server/org/opends/server/util/ServerConstants.java | 9 ----
8 files changed, 25 insertions(+), 82 deletions(-)
diff --git a/opends/src/messages/messages/backend.properties b/opends/src/messages/messages/backend.properties
index fa08abe..e1aa9c3 100644
--- a/opends/src/messages/messages/backend.properties
+++ b/opends/src/messages/messages/backend.properties
@@ -205,7 +205,7 @@
SEVERE_ERR_SCHEMA_BACKUP_CANNOT_CREATE_ARCHIVE_FILE_58=An error occurred \
while trying to create the schema archive file %s in directory %s: %s
SEVERE_ERR_SCHEMA_BACKUP_CANNOT_GET_CIPHER_59=An error occurred while \
- attempting to obtain the %s cipher to use to encrypt the backup: %s
+ attempting to obtain the cipher to use to encrypt the backup: %s
SEVERE_ERR_SCHEMA_BACKUP_ZIP_COMMENT_60=%s schema backup %s
SEVERE_ERR_SCHEMA_BACKUP_CANNOT_LIST_SCHEMA_FILES_61=An error occurred while \
attempting to obtain a list of the files in directory %s to include in the \
@@ -242,12 +242,9 @@
SEVERE_ERR_SCHEMA_RESTORE_CANNOT_OPEN_BACKUP_FILE_73=Unable to restore or \
verify schema backup %s because an error occurred while attempting to open \
the backup archive file %s: %s
-SEVERE_ERR_SCHEMA_RESTORE_UNKNOWN_CIPHER_74=Unable to restore or verify \
- schema backup %s because it is encrypted but the server cannot determine the \
- cipher used to perform this encryption
SEVERE_ERR_SCHEMA_RESTORE_CANNOT_GET_CIPHER_75=Unable to restore or verify \
schema backup %s because it is encrypted using an unknown or unsupported \
- cipher of %s
+ cipher: %s
SEVERE_ERR_SCHEMA_RESTORE_CANNOT_RENAME_CURRENT_DIRECTORY_76=Unable to \
restore schema backup %s because an error occurred while attempting to rename \
the current schema directory from %s to %s: %s
diff --git a/opends/src/messages/messages/config.properties b/opends/src/messages/messages/config.properties
index 35dd834..156c3f7 100644
--- a/opends/src/messages/messages/config.properties
+++ b/opends/src/messages/messages/config.properties
@@ -1083,7 +1083,7 @@
SEVERE_ERR_CONFIG_BACKUP_CANNOT_CREATE_ARCHIVE_FILE_388=An error occurred \
while trying to create the config archive file %s in directory %s: %s
SEVERE_ERR_CONFIG_BACKUP_CANNOT_GET_CIPHER_389=An error occurred while \
- attempting to obtain the %s cipher to use to encrypt the backup: %s
+ attempting to obtain the cipher to use to encrypt the backup: %s
SEVERE_ERR_CONFIG_BACKUP_ZIP_COMMENT_390=%s config backup %s
SEVERE_ERR_CONFIG_BACKUP_CANNOT_DETERMINE_CONFIG_FILE_LOCATION_391=An error \
occurred while attempting to determine the path to the Directory Server \
@@ -1124,12 +1124,9 @@
SEVERE_ERR_CONFIG_RESTORE_CANNOT_OPEN_BACKUP_FILE_404=Unable to restore or \
verify configuration backup %s because an error occurred while attempting to \
open the backup archive file %s: %s
-SEVERE_ERR_CONFIG_RESTORE_UNKNOWN_CIPHER_405=Unable to restore or verify \
- configuration backup %s because it is encrypted but the server cannot \
- determine the cipher used to perform this encryption
SEVERE_ERR_CONFIG_RESTORE_CANNOT_GET_CIPHER_406=Unable to restore or verify \
configuration backup %s because it is encrypted using an unknown or \
- unsupported cipher of %s
+ unsupported cipher: %s
SEVERE_ERR_CONFIG_RESTORE_CANNOT_BACKUP_EXISTING_CONFIG_407=Unable to restore \
configuration backup %s because an error occurred while attempting to \
temporarily back up the current configuration files from %s to %s: %s
diff --git a/opends/src/messages/messages/jeb.properties b/opends/src/messages/messages/jeb.properties
index f6d39f1..0e322aa 100644
--- a/opends/src/messages/messages/jeb.properties
+++ b/opends/src/messages/messages/jeb.properties
@@ -139,7 +139,7 @@
SEVERE_ERR_JEB_BACKUP_CANNOT_CREATE_ARCHIVE_FILE_65=An error occurred while \
trying to create the database archive file %s in directory %s: %s
SEVERE_ERR_JEB_BACKUP_CANNOT_GET_CIPHER_66=An error occurred while attempting \
- to obtain the %s cipher to use to encrypt the backup: %s
+ to obtain the cipher to use to encrypt the backup: %s
SEVERE_ERR_JEB_BACKUP_ZIP_COMMENT_67=%s backup %s of backend %s
SEVERE_ERR_JEB_BACKUP_CANNOT_LIST_LOG_FILES_68=An error occurred while \
attempting to obtain a list of the files in directory %s to include in the \
diff --git a/opends/src/server/org/opends/server/backends/SchemaBackend.java b/opends/src/server/org/opends/server/backends/SchemaBackend.java
index 7a35a9f..50ec617 100644
--- a/opends/src/server/org/opends/server/backends/SchemaBackend.java
+++ b/opends/src/server/org/opends/server/backends/SchemaBackend.java
@@ -4244,14 +4244,12 @@
// output stream.
if (encrypt)
{
- String cipherAlgorithm = cryptoManager.getPreferredCipherTransformation();
- backupProperties.put(BACKUP_PROPERTY_CIPHER_ALGORITHM, cipherAlgorithm);
try
{
outputStream
= cryptoManager.getCipherOutputStream(outputStream);
}
- catch (Exception e)
+ catch (CryptoManager.CryptoManagerException e)
{
if (debugEnabled())
{
@@ -4259,7 +4257,7 @@
}
Message message = ERR_SCHEMA_BACKUP_CANNOT_GET_CIPHER.get(
- cipherAlgorithm, stackTraceToSingleLineString(e));
+ e.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
@@ -4619,24 +4617,15 @@
// in a cipher input stream.
if (backupInfo.isEncrypted())
{
- String cipherAlgorithm =
- backupInfo.getBackupProperty(BACKUP_PROPERTY_CIPHER_ALGORITHM);
- if (cipherAlgorithm == null)
- {
- Message message = ERR_SCHEMA_RESTORE_UNKNOWN_CIPHER.get(backupID);
- throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
- message);
- }
-
try
{
inputStream = DirectoryServer.getCryptoManager()
.getCipherInputStream(inputStream);
}
- catch (Exception e)
+ catch (CryptoManager.CryptoManagerException e)
{
Message message = ERR_SCHEMA_RESTORE_CANNOT_GET_CIPHER.
- get(cipherAlgorithm, backupFile.getPath());
+ get(backupFile.getPath(), e.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
diff --git a/opends/src/server/org/opends/server/backends/jeb/BackupManager.java b/opends/src/server/org/opends/server/backends/jeb/BackupManager.java
index ff97b2f..24afa97 100644
--- a/opends/src/server/org/opends/server/backends/jeb/BackupManager.java
+++ b/opends/src/server/org/opends/server/backends/jeb/BackupManager.java
@@ -342,15 +342,12 @@
// output stream.
if (encrypt)
{
- String cipherAlgorithm = cryptoManager.getPreferredCipherTransformation();
- backupProperties.put(BACKUP_PROPERTY_CIPHER_ALGORITHM, cipherAlgorithm);
-
try
{
outputStream
= cryptoManager.getCipherOutputStream(outputStream);
}
- catch (Exception e)
+ catch (CryptoManager.CryptoManagerException e)
{
if (debugEnabled())
{
@@ -358,7 +355,7 @@
}
Message message = ERR_JEB_BACKUP_CANNOT_GET_CIPHER.get(
- cipherAlgorithm, stackTraceToSingleLineString(e));
+ e.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
@@ -975,14 +972,11 @@
// input stream.
if (encrypt)
{
- String cipherAlgorithm =
- backupProperties.get(BACKUP_PROPERTY_CIPHER_ALGORITHM);
-
try
{
inputStream = cryptoManager.getCipherInputStream(inputStream);
}
- catch (Exception e)
+ catch (CryptoManager.CryptoManagerException e)
{
if (debugEnabled())
{
@@ -990,7 +984,7 @@
}
Message message = ERR_JEB_BACKUP_CANNOT_GET_CIPHER.get(
- cipherAlgorithm, stackTraceToSingleLineString(e));
+ e.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
@@ -1307,14 +1301,11 @@
// input stream.
if (encrypt)
{
- String cipherAlgorithm =
- backupProperties.get(BACKUP_PROPERTY_CIPHER_ALGORITHM);
-
try
{
inputStream = cryptoManager.getCipherInputStream(inputStream);
}
- catch (Exception e)
+ catch (CryptoManager.CryptoManagerException e)
{
if (debugEnabled())
{
@@ -1322,7 +1313,7 @@
}
Message message = ERR_JEB_BACKUP_CANNOT_GET_CIPHER.get(
- cipherAlgorithm, stackTraceToSingleLineString(e));
+ e.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
diff --git a/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java b/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java
index 25c0244..51897bd 100644
--- a/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java
+++ b/opends/src/server/org/opends/server/extensions/ConfigFileHandler.java
@@ -2745,9 +2745,6 @@
// output stream.
if (encrypt)
{
- String cipherAlgorithm = cryptoManager.getPreferredCipherTransformation();
- backupProperties.put(BACKUP_PROPERTY_CIPHER_ALGORITHM, cipherAlgorithm);
-
try
{
outputStream
@@ -2761,7 +2758,7 @@
}
Message message = ERR_CONFIG_BACKUP_CANNOT_GET_CIPHER.get(
- cipherAlgorithm, stackTraceToSingleLineString(e));
+ e.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
@@ -3161,15 +3158,6 @@
// in a cipher input stream.
if (backupInfo.isEncrypted())
{
- String cipherAlgorithm =
- backupInfo.getBackupProperty(BACKUP_PROPERTY_CIPHER_ALGORITHM);
- if (cipherAlgorithm == null)
- {
- Message message = ERR_CONFIG_RESTORE_UNKNOWN_CIPHER.get(backupID);
- throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
- message);
- }
-
try
{
inputStream = DirectoryServer.getCryptoManager()
@@ -3178,7 +3166,7 @@
catch (Exception e)
{
Message message = ERR_CONFIG_RESTORE_CANNOT_GET_CIPHER.
- get(backupFile.getPath(), cipherAlgorithm);
+ get(e.getMessage(), backupFile.getPath());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
message, e);
}
diff --git a/opends/src/server/org/opends/server/types/CryptoManager.java b/opends/src/server/org/opends/server/types/CryptoManager.java
index a679325..2278b96 100644
--- a/opends/src/server/org/opends/server/types/CryptoManager.java
+++ b/opends/src/server/org/opends/server/types/CryptoManager.java
@@ -307,11 +307,11 @@
getExceptionMessage(ex)), ex);
}
-
// Preferred secret key wrapping cipher and validation. Depends
- // on MAC cipher for secret key. Note that the TrustStoreBackend
- // not available at this point, hence a "dummy" certificate must
- // be used to validate the choice of secret key wrapping cipher.
+ // on MAC cipher for a candidate secret key. Note that the
+ // TrustStoreBackend not available at this point, hence a "dummy"
+ // certificate must be used to validate the choice of secret key
+ // wrapping cipher.
// TODO: Trying OAEPWITHSHA-512ANDMGF1PADDING throws an exception
// "Key too small...".
preferredKeyWrappingTransformation
@@ -364,7 +364,7 @@
* @throws CryptoManagerException If the certificate cannot be
* retrieved.
*/
- public byte[] getInstanceKeyCertificateFromLocalTruststore()
+ public static byte[] getInstanceKeyCertificateFromLocalTruststore()
throws CryptoManagerException {
// Construct the key entry DN.
final AttributeValue distinguishedValue = new AttributeValue(
@@ -519,7 +519,7 @@
#registerInstanceKeyCertificate(
java.util.Map, javax.naming.ldap.LdapName)
*/
- public void publishInstanceKeyEntryInADS()
+ public static void publishInstanceKeyEntryInADS()
throws CryptoManagerException {
final byte[] instanceKeyCertificate
= getInstanceKeyCertificateFromLocalTruststore();
@@ -1182,16 +1182,6 @@
return mac;
}
- /**
- * Retrieves the name of the preferred cipher algorithm.
- *
- * @return The name of the preferred cipher algorithm
- */
- public String getPreferredCipherTransformation()
- {
- return preferredCipherTransformation;
- }
-
/**
* This method produces an initialized Cipher based on the supplied
@@ -2517,7 +2507,7 @@
// Need to add our own instance certificate.
byte[] instanceKeyCertificate =
- cryptoManager.getInstanceKeyCertificateFromLocalTruststore();
+ CryptoManager.getInstanceKeyCertificateFromLocalTruststore();
trustedCerts.put(getInstanceKeyID(instanceKeyCertificate),
instanceKeyCertificate);
@@ -2996,7 +2986,7 @@
// Need to add our own instance certificate.
byte[] instanceKeyCertificate =
- cryptoManager.getInstanceKeyCertificateFromLocalTruststore();
+ CryptoManager.getInstanceKeyCertificateFromLocalTruststore();
trustedCerts.put(getInstanceKeyID(instanceKeyCertificate),
instanceKeyCertificate);
diff --git a/opends/src/server/org/opends/server/util/ServerConstants.java b/opends/src/server/org/opends/server/util/ServerConstants.java
index b8706bb..d91894a 100644
--- a/opends/src/server/org/opends/server/util/ServerConstants.java
+++ b/opends/src/server/org/opends/server/util/ServerConstants.java
@@ -2247,15 +2247,6 @@
/**
- * The name of the backup property that holds the name of the cipher algorithm
- * used to perform the encryption for the backup.
- */
- public static final String BACKUP_PROPERTY_CIPHER_ALGORITHM =
- "cipher_algorithm";
-
-
-
- /**
* The name of the backup property that holds the name of the digest algorithm
* used to generate the hash of a backup.
*/
--
Gitblit v1.10.0