org.opends.server.backends

Class TrustStoreBackend

java.lang.Object

org.opends.server.api.Backend<C>

org.opends.server.api.LocalBackend<TrustStoreBackendCfg>

org.opends.server.backends.TrustStoreBackend

All Implemented Interfaces:

ConfigurationChangeListener<TrustStoreBackendCfg>, RequestHandler, HealthStatusProvider

public class TrustStoreBackend
extends LocalBackend<TrustStoreBackendCfg>
implements ConfigurationChangeListener<TrustStoreBackendCfg>

This class defines a backend used to provide an LDAP view of public keys stored in a key store.

Nested Class Summary

Nested classes/interfaces inherited from class org.opends.server.api.LocalBackend

LocalBackend.BackendOperation

Constructor Summary

Constructors

Constructor and Description
TrustStoreBackend() Creates a new backend.

Method Summary

Modifier and Type	Method and Description
void	addEntry(Entry entry, AddOperation addOperation) Adds the provided entry to this backend.
ConfigChangeResult	applyConfigurationChange(TrustStoreBackendCfg cfg) Applies the configuration changes to this change listener.
void	closeBackend() Performs any necessary work to finally close this backend, particularly closing any underlying databases or connections and deregistering any suffixes that it manages with the Directory Server.
void	configureBackend(TrustStoreBackendCfg config, ServerContext serverContext) Configure this backend based on the information in the provided configuration.
void	createBackup(BackupConfig backupConfig) Creates a backup of the contents of this backend in a form that may be restored at a later date if necessary.
static void	createDefaultTrustStorePinFileIfDoesNotExist(Path instanceRoot) Creates the default trust store pin file if it does not already exists.
void	deleteEntry(Dn entryDN, DeleteOperation deleteOperation) Removes the specified entry from this backend.
Set<Dn>	getBaseDNs() Retrieves the set of base-level DNs that may be used within this backend.
Entry	getEntry(Dn entryDN) Retrieves the requested entry from this backend.
long	getEntryCount() Retrieves the total number of entries contained in this backend, if that information is available.
Key	getKey(String alias) Returns the key associated with the given alias, using the trust store pin to recover it.
KeyManager[]	getKeyManagers() Retrieves a set of KeyManager objects that may be used for interactions requiring access to a key manager.
long	getNumberOfChildren(Dn parentDN) Retrieves the number of subordinates immediately below the requested entry.
long	getNumberOfEntriesInBaseDN(Dn baseDN) Retrieves the number of entries for the specified base DN including all entries from the requested entry to the lowest level in the tree.
TrustManager[]	getTrustManagers() Retrieves a set of TrustManager objects that may be used for interactions requiring access to a trust manager.
ConditionResult	hasSubordinates(Dn entryDN) Indicates whether the requested entry has any subordinates.
boolean	isConfigurationChangeAcceptable(TrustStoreBackendCfg configuration, List<LocalizableMessage> unacceptableReasons) Indicates whether the proposed change to the configuration is acceptable to this change listener.
boolean	isIndexed(AttributeType attributeType, IndexType indexType) Indicates whether search operations which target the specified attribute in the indicated manner would be considered indexed in this backend.
boolean	isPublicBackend() Indicates whether the base DNs of this backend should be considered public or private.
void	openBackend() Opens this backend based on the information provided when the backend was configured.
void	removeBackup(BackupDirectory backupDirectory, String backupID) Removes the specified backup if it is possible to do so.
void	renameEntry(Dn currentDN, Entry entry, ModifyDnOperation modifyDNOperation) Moves and/or renames the provided entry in this backend, altering any subordinate entries as necessary.
void	replaceEntry(Entry oldEntry, Entry newEntry, ModifyOperation modifyOperation) Replaces the specified entry with the provided entry in this backend.
void	restoreBackup(RestoreConfig restoreConfig) Restores a backup of the contents of this backend.
void	search(SearchOperation searchOperation) Processes the specified search in this backend.
boolean	supports(LocalBackend.BackendOperation backendOperation) Indicates whether this backend supports the provided backend operation.

Methods inherited from class org.opends.server.api.LocalBackend

deregisterBackendMonitor, entryExists, exportLDIF, finalizeBackend, getLocalBackendMonitor, getPersistentSearches, getWritabilityMode, handle, handlesEntry, handlesEntry, importLDIF, isIndexed, rebuildBackend, registerBackendMonitor, registerPersistentSearch, setWritabilityMode, supportsControl, verifyBackend

Methods inherited from class org.opends.server.api.Backend

getBackendID, getHealthStatus, getSupportedControls, getSupportedFeatures, isConfigurationAcceptable, setBackendID, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

TrustStoreBackend

public TrustStoreBackend()

Creates a new backend. All backend implementations must implement a default constructor that use super() to invoke this constructor.

Method Detail

configureBackend

public void configureBackend(TrustStoreBackendCfg config,
                             ServerContext serverContext)
                      throws ConfigException

Description copied from class: Backend

Configure this backend based on the information in the provided configuration. When the method returns, the backend will have been configured (ready to be opened) but still unable to process operations.

Specified by:

configureBackend in class Backend<TrustStoreBackendCfg>

Parameters:

config - The configuration of this backend.

serverContext - The server context for this instance

Throws:

ConfigException - If there is an error in the configuration.

openBackend

public void openBackend()
                 throws InitializationException

Description copied from class: LocalBackend

Opens this backend based on the information provided when the backend was configured. It also should open any underlying storage and register all suffixes with the server.

Specified by:

openBackend in class LocalBackend<TrustStoreBackendCfg>

Throws:

InitializationException - If a problem occurs during opening that is not related to the server configuration.

See Also:

Backend.configureBackend(C, org.opends.server.core.ServerContext)

isPublicBackend

public boolean isPublicBackend()

Description copied from class: Backend

Indicates whether the base DNs of this backend should be considered public or private.

This method also controls the visibility of the associated naming contexts. i.e. if any base DN of this backend is a naming context, then it will be public or private, based on the value returned by this method.

Reminder: Public naming contexts are returned when querying the root DSE entry.

Specified by:

isPublicBackend in class Backend<TrustStoreBackendCfg>

Returns:

true if this backend's baseDNs could be exposed as a public naming context, false if they must remain private naming contexts.

createDefaultTrustStorePinFileIfDoesNotExist

public static void createDefaultTrustStorePinFileIfDoesNotExist(Path instanceRoot)
                                                         throws InitializationException

Creates the default trust store pin file if it does not already exists.

Parameters:

instanceRoot - The root path of the server instance.

Throws:

InitializationException - If an error occurs while creating the file

closeBackend

public void closeBackend()

Description copied from class: LocalBackend

Performs any necessary work to finally close this backend, particularly closing any underlying databases or connections and deregistering any suffixes that it manages with the Directory Server.

It will be called as final step of finalizeBackend(), so subclasses might override it.

Overrides:

closeBackend in class LocalBackend<TrustStoreBackendCfg>

getBaseDNs

public Set<Dn> getBaseDNs()

Description copied from class: Backend

Retrieves the set of base-level DNs that may be used within this backend.

Specified by:

getBaseDNs in class Backend<TrustStoreBackendCfg>

Returns:

The set of base-level DNs that may be used within this backend.

getEntryCount

public long getEntryCount()

Description copied from class: LocalBackend

Retrieves the total number of entries contained in this backend, if that information is available.

Specified by:

getEntryCount in class LocalBackend<TrustStoreBackendCfg>

Returns:

The total number of entries contained in this backend, or -1 if that information is not available.

isIndexed

public boolean isIndexed(AttributeType attributeType,
                         IndexType indexType)

Description copied from class: LocalBackend

Indicates whether search operations which target the specified attribute in the indicated manner would be considered indexed in this backend. The operation should be considered indexed only if the specified operation can be completed efficiently within the backend.

Note that this method should return a general result that covers all values of the specified attribute. If a the specified attribute is indexed in the indicated manner but some particular values may still be treated as unindexed (e.g., if the number of entries with that attribute value exceeds some threshold), then this method should still return true for the specified attribute and index type.

Specified by:

isIndexed in class LocalBackend<TrustStoreBackendCfg>

Parameters:

attributeType - The attribute type for which to make the determination.

indexType - The index type for which to make the determination.

Returns:

true if search operations targeting the specified attribute in the indicated manner should be considered indexed, or false if not.

getEntry

public Entry getEntry(Dn entryDN)
               throws LdapException

Description copied from class: LocalBackend

Retrieves the requested entry from this backend. The caller is not required to hold any locks on the specified DN.

Specified by:

getEntry in class LocalBackend<TrustStoreBackendCfg>

Parameters:

entryDN - The distinguished name of the entry to retrieve.

Returns:

The requested entry, or null if the entry does not exist.

Throws:

LdapException - If a problem occurs while trying to retrieve the entry.

addEntry

public void addEntry(Entry entry,
                     AddOperation addOperation)
              throws LdapException

Description copied from class: LocalBackend

Adds the provided entry to this backend. This method must ensure that the entry is appropriate for the backend and that no entry already exists with the same DN. The caller must hold a write lock on the DN of the provided entry.

Specified by:

addEntry in class LocalBackend<TrustStoreBackendCfg>

Parameters:

entry - The entry to add to this backend.

addOperation - The add operation with which the new entry is associated. This may be null for adds performed internally.

Throws:

LdapException - If a problem occurs while trying to add the entry.

CancelledResultException - If this backend noticed and reacted to a request to cancel or abandon the add operation.

deleteEntry

public void deleteEntry(Dn entryDN,
                        DeleteOperation deleteOperation)
                 throws LdapException

Description copied from class: LocalBackend

Removes the specified entry from this backend. This method must ensure that the entry exists and that it does not have any subordinate entries (unless the backend supports a subtree delete operation and the client included the appropriate information in the request). The caller must hold a write lock on the provided entry DN.

Specified by:

deleteEntry in class LocalBackend<TrustStoreBackendCfg>

Parameters:

entryDN - The DN of the entry to remove from this backend.

deleteOperation - The delete operation with which this action is associated. This may be null for deletes performed internally.

Throws:

LdapException - If a problem occurs while trying to remove the entry.

CancelledResultException - If this backend noticed and reacted to a request to cancel or abandon the delete operation.

replaceEntry

public void replaceEntry(Entry oldEntry,
                         Entry newEntry,
                         ModifyOperation modifyOperation)
                  throws LdapException

Description copied from class: LocalBackend

Replaces the specified entry with the provided entry in this backend. The backend must ensure that an entry already exists with the same DN as the provided entry. The caller must hold a write lock on the DN of the provided entry.

Specified by:

replaceEntry in class LocalBackend<TrustStoreBackendCfg>

Parameters:

oldEntry - The original entry that is being replaced.

newEntry - The new entry to use in place of the existing entry with the same DN.

modifyOperation - The modify operation with which this action is associated. This may be null for modifications performed internally.

Throws:

LdapException - If a problem occurs while trying to replace the entry.

CancelledResultException - If this backend noticed and reacted to a request to cancel or abandon the modify operation.

renameEntry

public void renameEntry(Dn currentDN,
                        Entry entry,
                        ModifyDnOperation modifyDNOperation)
                 throws LdapException

Description copied from class: LocalBackend

Moves and/or renames the provided entry in this backend, altering any subordinate entries as necessary. This must ensure that an entry already exists with the provided current DN, and that no entry exists with the target DN of the provided entry. The caller must hold write locks on both the current DN and the new DN for the entry.

Specified by:

renameEntry in class LocalBackend<TrustStoreBackendCfg>

Parameters:

currentDN - The current DN of the entry to be moved/renamed.

entry - The new content to use for the entry.

modifyDNOperation - The modify DN operation with which this action is associated. This may be null for modify DN operations performed internally.

Throws:

LdapException - If a problem occurs while trying to perform the rename.

CancelledResultException - If this backend noticed and reacted to a request to cancel or abandon the modify DN operation.

search

public void search(SearchOperation searchOperation)
            throws LdapException

Description copied from class: LocalBackend

Processes the specified search in this backend. Matching entries should be provided back to the core server using the SearchOperation.returnEntry method. The caller is not required to have any locks when calling this operation.

Specified by:

search in class LocalBackend<TrustStoreBackendCfg>

Parameters:

searchOperation - The search operation to be processed.

Throws:

LdapException - If a problem occurs while processing the search.

CancelledResultException - If this backend noticed and reacted to a request to cancel or abandon the search operation.

hasSubordinates

public ConditionResult hasSubordinates(Dn entryDN)
                                throws LdapException

Description copied from class: LocalBackend

Indicates whether the requested entry has any subordinates.

Specified by:

hasSubordinates in class LocalBackend<TrustStoreBackendCfg>

Parameters:

entryDN - The distinguished name of the entry.

Returns:

ConditionResult.TRUE if the entry has one or more subordinates or ConditionResult.FALSE otherwise or ConditionResult.UNDEFINED if it can not be determined.

Throws:

LdapException - If a problem occurs while trying to retrieve the entry.

getNumberOfEntriesInBaseDN

public long getNumberOfEntriesInBaseDN(Dn baseDN)
                                throws LdapException

Description copied from class: LocalBackend

Retrieves the number of entries for the specified base DN including all entries from the requested entry to the lowest level in the tree.

Specified by:

getNumberOfEntriesInBaseDN in class LocalBackend<TrustStoreBackendCfg>

Parameters:

baseDN - The base distinguished name.

Returns:

The number of subordinate entries including the base dn.

Throws:

LdapException - If baseDN isn't a base dn managed by this backend or if a problem occurs while trying to retrieve the entry.

getNumberOfChildren

public long getNumberOfChildren(Dn parentDN)
                         throws LdapException

Description copied from class: LocalBackend

Retrieves the number of subordinates immediately below the requested entry.

Specified by:

getNumberOfChildren in class LocalBackend<TrustStoreBackendCfg>

Parameters:

parentDN - The distinguished name of the parent.

Returns:

The number of subordinate entries for the requested entry.

Throws:

LdapException - If baseDN isn't a base dn managed by this backend or if a problem occurs while trying to retrieve the entry.

isConfigurationChangeAcceptable

public boolean isConfigurationChangeAcceptable(TrustStoreBackendCfg configuration,
                                               List<LocalizableMessage> unacceptableReasons)

Description copied from interface: ConfigurationChangeListener

Indicates whether the proposed change to the configuration is acceptable to this change listener.

Specified by:

isConfigurationChangeAcceptable in interface ConfigurationChangeListener<TrustStoreBackendCfg>

Parameters:

configuration - The new configuration containing the changes.

unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.

Returns:

Returns true if the proposed change is acceptable, or false if it is not.

applyConfigurationChange

public ConfigChangeResult applyConfigurationChange(TrustStoreBackendCfg cfg)

Description copied from interface: ConfigurationChangeListener

Applies the configuration changes to this change listener.

Specified by:

applyConfigurationChange in interface ConfigurationChangeListener<TrustStoreBackendCfg>

Parameters:

cfg - The new configuration containing the changes.

Returns:

Returns information about the result of changing the configuration.

getKeyManagers

public KeyManager[] getKeyManagers()
                            throws LdapException

Retrieves a set of KeyManager objects that may be used for interactions requiring access to a key manager.

Returns:

A set of KeyManager objects that may be used for interactions requiring access to a key manager.

Throws:

LdapException - If a problem occurs while attempting to obtain the set of key managers.

getTrustManagers

public TrustManager[] getTrustManagers()
                                throws LdapException

Retrieves a set of TrustManager objects that may be used for interactions requiring access to a trust manager.

Returns:

A set of TrustManager objects that may be used for interactions requiring access to a trust manager.

Throws:

LdapException - If a problem occurs while attempting to obtain the set of trust managers.

getKey

public Key getKey(String alias)
           throws LdapException

Returns the key associated with the given alias, using the trust store pin to recover it.

Parameters:

alias - The alias name.

Returns:

The requested key, or null if the given alias does not exist or does not identify a key-related entry.

Throws:

LdapException - If an error occurs while retrieving the key.

supports

public boolean supports(LocalBackend.BackendOperation backendOperation)

Description copied from class: LocalBackend

Indicates whether this backend supports the provided backend operation.

Overrides:

supports in class LocalBackend<TrustStoreBackendCfg>

Parameters:

backendOperation - the backend operation

Returns:

true if this backend supports the provided backend operation, false otherwise.

createBackup

public void createBackup(BackupConfig backupConfig)
                  throws LdapException

Description copied from class: LocalBackend

Creates a backup of the contents of this backend in a form that may be restored at a later date if necessary. This method should only be called if LocalBackend.supports(BackendOperation) with LocalBackend.BackendOperation.BACKUP returns true.

Note that the server will not explicitly initialize this backend before calling this method.

Overrides:

createBackup in class LocalBackend<TrustStoreBackendCfg>

Parameters:

backupConfig - The configuration to use when performing the backup.

Throws:

LdapException - If a problem occurs while performing the backup.

removeBackup

public void removeBackup(BackupDirectory backupDirectory,
                         String backupID)
                  throws LdapException

Description copied from class: LocalBackend

Removes the specified backup if it is possible to do so.

Overrides:

removeBackup in class LocalBackend<TrustStoreBackendCfg>

Parameters:

backupDirectory - The backup directory structure with which the specified backup is associated.

backupID - The backup ID for the backup to be removed.

Throws:

LdapException - If it is not possible to remove the specified backup for some reason (e.g., no such backup exists or there are other backups that are dependent upon it).

restoreBackup

public void restoreBackup(RestoreConfig restoreConfig)
                   throws LdapException

Description copied from class: LocalBackend

Restores a backup of the contents of this backend. This method should only be called if LocalBackend.supports(BackendOperation) with BackendOperation#RESTORE returns true.

Note that the server will not explicitly initialize this backend before calling this method.

Overrides:

restoreBackup in class LocalBackend<TrustStoreBackendCfg>

Parameters:

restoreConfig - The configuration to use when performing the restore.

Throws:

LdapException - If a problem occurs while performing the restore.