Package org.opends.server.crypto
Class GetSymmetricKeyExtendedOperation
- java.lang.Object
-
- org.opends.server.api.ExtendedOperationHandler<GetSymmetricKeyExtendedOperationHandlerCfg>
-
- org.opends.server.crypto.GetSymmetricKeyExtendedOperation
-
public final class GetSymmetricKeyExtendedOperation extends ExtendedOperationHandler<GetSymmetricKeyExtendedOperationHandlerCfg>
This class implements the get symmetric key extended operation, an OpenDS proprietary extension used for distribution of symmetric keys amongst servers.Before 7.0 each server had its own instance key-pair. The public keys were published in
cn=admin data. This is no longer the case in 7.0, since there is now a single instance key for the whole topology, which is referred to as the "master key" and stored in a local keystore.A pure 7.0 topology should not need to use the GetSymmetricKey request because all servers have the same master key-pair, so they should all be able to decrypt symmetric keys. However, we still need to deal with migration (mixed topologies), where the 7.0 master public key should be pre-published in
cn=admin data. There are two scenarios where the GetSymmetricKey will be used:- a 7.0 server encounters a symmetric key which has only been encrypted by <7.0 servers. In this case send a
symmetric key request to a 6.5 servers. Their discovery information will have also been published in
cn=admin data - a 6.5 server encounters a symmetric key which has only been encrypted by 7.0 servers. In this case the 6.5
server will need to send a symmetric key request to the 7.0 server. However, 7.0 servers do not publish
discovery information in
cn=admin data, so this scenario is not supported for the time being. In reality, this scenario should not happen in practice because a 7.0 server will automatically encrypt new symmetric keys with the public keys of all servers in the topology including 6.5 servers, since their public keys are published incn=admin data.
- a 7.0 server encounters a symmetric key which has only been encrypted by <7.0 servers. In this case send a
symmetric key request to a 6.5 servers. Their discovery information will have also been published in
-
-
Constructor Summary
Constructors Constructor Description GetSymmetricKeyExtendedOperation()Create an instance of this symmetric key extended operation.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetExtendedOperationName()Retrieves the name associated with this extended operation.StringgetExtendedOperationOID()Retrieves the object OID associated with this extended operation.voidprocessExtendedOperation(ExtendedOperation operation)Processes the provided extended operation.-
Methods inherited from class org.opends.server.api.ExtendedOperationHandler
finalizeExtendedOperationHandler, getServerContext, getSupportedControls, getSupportedFeatures, initializeExtendedOperationHandler, isConfigurationAcceptable, supportsControl
-
-
-
-
Method Detail
-
processExtendedOperation
public void processExtendedOperation(ExtendedOperation operation)
Processes the provided extended operation.- Specified by:
processExtendedOperationin classExtendedOperationHandler<GetSymmetricKeyExtendedOperationHandlerCfg>- Parameters:
operation- The extended operation to be processed.
-
getExtendedOperationOID
public String getExtendedOperationOID()
Description copied from class:ExtendedOperationHandlerRetrieves the object OID associated with this extended operation.- Specified by:
getExtendedOperationOIDin classExtendedOperationHandler<GetSymmetricKeyExtendedOperationHandlerCfg>- Returns:
- the oid associated with this extended operation, if any, or
nullif there is none.
-
getExtendedOperationName
public String getExtendedOperationName()
Description copied from class:ExtendedOperationHandlerRetrieves the name associated with this extended operation.- Specified by:
getExtendedOperationNamein classExtendedOperationHandler<GetSymmetricKeyExtendedOperationHandlerCfg>- Returns:
- The name associated with this extended operation, if any, or
nullif there is none.
-
-