/** {@inheritDoc} */
@Override()
public void search(SearchOperation searchOperation)
throws DirectoryException, CanceledOperationException {
readerBegin();
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(searchOperation.getBaseDN());
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
ec.sharedLock.lock();
try {
ec.search(searchOperation);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
readerEnd();
}
}
/** {@inheritDoc} */
@Override
public Entry getEntry(DN entryDN) throws DirectoryException {
// If the requested entry was null, then throw an exception.
if (entryDN == null) {
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(),
ERR_BACKEND_GET_ENTRY_NULL.get(getBackendID()));
}
// If the requested entry was the backend base entry, then retrieve it.
if (entryDN.equals(backupBaseDN)) {
return backupBaseEntry.duplicate(true);
}
// See if the requested entry was one level below the backend base entry.
// If so, then it must point to a backup directory. Otherwise, it must be
// two levels below the backup base entry and must point to a specific
// backup.
DN parentDN = entryDN.getParentDNInSuffix();
if (parentDN == null) {
Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message);
} else if (parentDN.equals(backupBaseDN)) {
return getBackupDirectoryEntry(entryDN);
} else if (backupBaseDN.equals(parentDN.getParentDNInSuffix())) {
return getBackupEntry(entryDN);
} else {
Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, backupBaseDN, null);
}
}
/** {@inheritDoc} */
@Override()
public Entry getEntry(DN entryDN) throws DirectoryException {
readerBegin();
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(entryDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
ec.sharedLock.lock();
Entry entry;
try {
entry = ec.getEntry(entryDN);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
readerEnd();
}
return entry;
}
/** {@inheritDoc} */
@Override()
public void replaceEntry(Entry oldEntry, Entry newEntry, ModifyOperation modifyOperation)
throws DirectoryException, CanceledOperationException {
checkDiskSpace(modifyOperation);
writerBegin();
DN entryDN = newEntry.getDN();
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(entryDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
ec.sharedLock.lock();
try {
ec.replaceEntry(oldEntry, newEntry, modifyOperation);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
writerEnd();
}
}
/** {@inheritDoc} */
@Override()
public long numSubordinates(DN entryDN, boolean subtree) throws DirectoryException {
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(entryDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
if (ec == null) {
return -1;
}
readerBegin();
ec.sharedLock.lock();
try {
long count = ec.getNumSubordinates(entryDN, subtree);
if (count == Long.MAX_VALUE) {
// The index entry limit has exceeded and there is no count maintained.
return -1;
}
return count;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
readerEnd();
}
}
/** {@inheritDoc} */
@Override
public ByteString encodePasswordWithScheme(ByteSequence plaintext) throws DirectoryException {
StringBuilder buffer = new StringBuilder();
buffer.append('{');
buffer.append(STORAGE_SCHEME_NAME_SHA_1);
buffer.append('}');
// TODO: Can we avoid this copy?
byte[] plaintextBytes = null;
byte[] digestBytes;
synchronized (digestLock) {
try {
plaintextBytes = plaintext.toByteArray();
digestBytes = messageDigest.digest(plaintextBytes);
} catch (Exception e) {
logger.traceException(e);
LocalizableMessage message =
ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
} finally {
if (plaintextBytes != null) {
Arrays.fill(plaintextBytes, (byte) 0);
}
}
}
buffer.append(Base64.encode(digestBytes));
return ByteString.valueOfUtf8(buffer);
}
/**
* Generates an entry for a backup directory based on the provided DN. The DN must contain an RDN
* component that specifies the path to the backup directory, and that directory must exist and be
* a valid backup directory.
*
* @param entryDN The DN of the backup directory entry to retrieve.
* @return The requested backup directory entry.
* @throws DirectoryException If the specified directory does not exist or is not a valid backup
* directory, or if the DN does not specify any backup directory.
*/
private Entry getBackupDirectoryEntry(DN entryDN) throws DirectoryException {
// Make sure that the DN specifies a backup directory.
AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true);
AttributeValue v = entryDN.getRDN().getAttributeValue(t);
if (v == null) {
Message message = ERR_BACKUP_DN_DOES_NOT_SPECIFY_DIRECTORY.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message, backupBaseDN, null);
}
// Get a handle to the backup directory and the information that it
// contains.
BackupDirectory backupDirectory;
try {
backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
Message message =
ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessage());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
// Construct the backup directory entry to return.
LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(2);
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ObjectClass backupDirOC = DirectoryServer.getObjectClass(OC_BACKUP_DIRECTORY, true);
ocMap.put(backupDirOC, OC_BACKUP_DIRECTORY);
LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(0);
LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(3);
ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, v));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_BACKEND_DN, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(
t, AttributeValues.create(t, backupDirectory.getConfigEntryDN().toString())));
userAttrs.put(t, attrList);
Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs);
e.processVirtualAttributes();
return e;
}
/**
* Fetch a record from the entry tree.
*
* @param txn a non null transaction
* @param entryID The desired entry ID which forms the key.
* @return The requested entry, or null if there is no such record.
* @throws DirectoryException If a problem occurs while getting the entry.
* @throws StorageRuntimeException If an error occurs in the storage.
*/
public Entry get(ReadableTransaction txn, EntryID entryID)
throws DirectoryException, StorageRuntimeException {
try {
return get0(txn.read(getName(), entryID.toByteString()));
} catch (Exception e) {
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), ERR_ENTRY_DATABASE_CORRUPT.get(entryID));
}
}
private SSLContext createSSLContext(LDAPConnectionHandlerCfg config) throws DirectoryException {
try {
DN keyMgrDN = config.getKeyManagerProviderDN();
KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
if (keyManagerProvider == null) {
logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
disableAndWarnIfUseSSL(config);
keyManagerProvider = new NullKeyManagerProvider();
// The SSL connection is unusable without a key manager provider
} else if (!keyManagerProvider.containsAtLeastOneKey()) {
logger.error(ERR_INVALID_KEYSTORE, friendlyName);
disableAndWarnIfUseSSL(config);
}
final SortedSet<String> aliases = new TreeSet<>(config.getSSLCertNickname());
final KeyManager[] keyManagers;
if (aliases.isEmpty()) {
keyManagers = keyManagerProvider.getKeyManagers();
} else {
final Iterator<String> it = aliases.iterator();
while (it.hasNext()) {
if (!keyManagerProvider.containsKeyWithAlias(it.next())) {
logger.error(ERR_KEYSTORE_DOES_NOT_CONTAIN_ALIAS, aliases, friendlyName);
it.remove();
}
}
if (aliases.isEmpty()) {
disableAndWarnIfUseSSL(config);
}
keyManagers =
SelectableCertificateKeyManager.wrap(
keyManagerProvider.getKeyManagers(), aliases, friendlyName);
}
DN trustMgrDN = config.getTrustManagerProviderDN();
TrustManagerProvider<?> trustManagerProvider =
DirectoryServer.getTrustManagerProvider(trustMgrDN);
if (trustManagerProvider == null) {
trustManagerProvider = new NullTrustManagerProvider();
}
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
return sslContext;
} catch (Exception e) {
logger.traceException(e);
ResultCode resCode = DirectoryServer.getServerErrorResultCode();
LocalizableMessage message =
ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e));
throw new DirectoryException(resCode, message, e);
}
}
private SSLEngineConfigurator createSSLEngineConfigurator(HTTPConnectionHandlerCfg config)
throws DirectoryException {
if (!config.isUseSSL()) {
return null;
}
try {
SSLContext sslContext = createSSLContext(config);
SSLEngineConfigurator configurator = new SSLEngineConfigurator(sslContext);
configurator.setClientMode(false);
// configure with defaults from the JVM
final SSLEngine defaults = sslContext.createSSLEngine();
configurator.setEnabledProtocols(defaults.getEnabledProtocols());
configurator.setEnabledCipherSuites(defaults.getEnabledCipherSuites());
final Set<String> protocols = config.getSSLProtocol();
if (!protocols.isEmpty()) {
configurator.setEnabledProtocols(protocols.toArray(new String[protocols.size()]));
}
final Set<String> ciphers = config.getSSLCipherSuite();
if (!ciphers.isEmpty()) {
configurator.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()]));
}
switch (config.getSSLClientAuthPolicy()) {
case DISABLED:
configurator.setNeedClientAuth(false);
configurator.setWantClientAuth(false);
break;
case REQUIRED:
configurator.setNeedClientAuth(true);
configurator.setWantClientAuth(true);
break;
case OPTIONAL:
default:
configurator.setNeedClientAuth(false);
configurator.setWantClientAuth(true);
break;
}
return configurator;
} catch (Exception e) {
logger.traceException(e);
ResultCode resCode = DirectoryServer.getServerErrorResultCode();
throw new DirectoryException(
resCode, ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e)), e);
}
}
/**
* Verify the integrity of the backend instance.
*
* @param verifyConfig The verify configuration.
* @param statEntry Optional entry to save stats into.
* @return The error count.
* @throws ConfigException If an unrecoverable problem arises during initialization.
* @throws InitializationException If a problem occurs during initialization that is not related
* to the server configuration.
* @throws DirectoryException If a Directory Server error occurs.
*/
public long verifyBackend(VerifyConfig verifyConfig, Entry statEntry)
throws InitializationException, ConfigException, DirectoryException {
// If the backend already has the root container open, we must use the same
// underlying root container
boolean openRootContainer = rootContainer == null;
long errorCount = 0;
try {
if (openRootContainer) {
EnvironmentConfig envConfig = ConfigurableEnvironment.parseConfigEntry(cfg);
envConfig.setReadOnly(true);
envConfig.setAllowCreate(false);
envConfig.setTransactional(false);
envConfig.setConfigParam("je.env.isLocking", "true");
envConfig.setConfigParam("je.env.runCheckpointer", "true");
rootContainer = initializeRootContainer(envConfig);
}
VerifyJob verifyJob = new VerifyJob(verifyConfig);
errorCount = verifyJob.verifyBackend(rootContainer, statEntry);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} catch (JebException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), e.getMessageObject());
} finally {
// If a root container was opened in this method as read only, close it
// to leave the backend in the same state.
if (openRootContainer && rootContainer != null) {
try {
rootContainer.close();
rootContainer = null;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
return errorCount;
}
/**
* Decodes the entry encode configuration from current position and length of the given byte
* array.
*
* @param buffer The byte array containing the encoded entry.
* @param length The number of bytes contained in the encode configuration.
* @param compressedSchema The compressed schema manager to use when decoding.
* @return The decoded configuration.
* @throws DirectoryException If the configuration cannot be properly decoded.
*/
public static EntryEncodeConfig decode(
ByteSequenceReader buffer, int length, CompressedSchema compressedSchema)
throws DirectoryException {
if (length != 1) {
LocalizableMessage message = ERR_ENTRYENCODECFG_INVALID_LENGTH.get();
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
byte b = buffer.readByte();
boolean excludeDN = is(b, ENCODE_FLAG_EXCLUDE_DN);
boolean compressAttrDescriptions = is(b, ENCODE_FLAG_COMPRESS_ADS);
boolean compressObjectClassSets = is(b, ENCODE_FLAG_COMPRESS_OCS);
return new EntryEncodeConfig(
excludeDN, compressAttrDescriptions, compressObjectClassSets, compressedSchema);
}
/** {@inheritDoc} */
@Override
public MemberList getMembers() throws DirectoryException {
Group targetGroup = DirectoryServer.getGroupManager().getGroupInstance(targetGroupDN);
if (targetGroup == null) {
LocalizableMessage message =
ERR_VIRTUAL_STATIC_GROUP_NO_TARGET_GROUP.get(targetGroupDN, groupEntryDN);
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
} else if (targetGroup instanceof VirtualStaticGroup) {
LocalizableMessage message =
ERR_VIRTUAL_STATIC_GROUP_TARGET_CANNOT_BE_VIRTUAL.get(groupEntryDN, targetGroupDN);
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} else {
return targetGroup.getMembers();
}
}
/**
* Creates a customized DirectoryException from the DatabaseException thrown by JE backend.
*
* @param e The DatabaseException to be converted.
* @return DirectoryException created from exception.
*/
DirectoryException createDirectoryException(DatabaseException e) {
ResultCode resultCode = DirectoryServer.getServerErrorResultCode();
Message message;
if ((e instanceof EnvironmentFailureException) && !rootContainer.isValid()) {
message = NOTE_BACKEND_ENVIRONMENT_UNUSABLE.get(getBackendID());
logError(message);
DirectoryServer.sendAlertNotification(
DirectoryServer.getInstance(), ALERT_TYPE_BACKEND_ENVIRONMENT_UNUSABLE, message);
}
String jeMessage = e.getMessage();
if (jeMessage == null) {
jeMessage = stackTraceToSingleLineString(e);
}
message = ERR_JEB_DATABASE_EXCEPTION.get(jeMessage);
return new DirectoryException(resultCode, message, e);
}
/** {@inheritDoc} */
@Override
public boolean isMember(Entry userEntry, Set<DN> examinedGroups) throws DirectoryException {
if (!examinedGroups.add(getGroupDN())) {
return false;
}
Group targetGroup = DirectoryServer.getGroupManager().getGroupInstance(targetGroupDN);
if (targetGroup == null) {
LocalizableMessage message =
ERR_VIRTUAL_STATIC_GROUP_NO_TARGET_GROUP.get(targetGroupDN, groupEntryDN);
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
} else if (targetGroup instanceof VirtualStaticGroup) {
LocalizableMessage message =
ERR_VIRTUAL_STATIC_GROUP_TARGET_CANNOT_BE_VIRTUAL.get(groupEntryDN, targetGroupDN);
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} else {
return targetGroup.isMember(userEntry);
}
}
private SSLEngine createSSLEngine(LDAPConnectionHandlerCfg config, SSLContext sslContext)
throws DirectoryException {
try {
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode(false);
final Set<String> protocols = config.getSSLProtocol();
if (!protocols.isEmpty()) {
sslEngine.setEnabledProtocols(protocols.toArray(new String[0]));
}
final Set<String> ciphers = config.getSSLCipherSuite();
if (!ciphers.isEmpty()) {
sslEngine.setEnabledCipherSuites(ciphers.toArray(new String[0]));
}
switch (config.getSSLClientAuthPolicy()) {
case DISABLED:
sslEngine.setNeedClientAuth(false);
sslEngine.setWantClientAuth(false);
break;
case REQUIRED:
sslEngine.setWantClientAuth(true);
sslEngine.setNeedClientAuth(true);
break;
case OPTIONAL:
default:
sslEngine.setNeedClientAuth(false);
sslEngine.setWantClientAuth(true);
break;
}
return sslEngine;
} catch (Exception e) {
logger.traceException(e);
ResultCode resCode = DirectoryServer.getServerErrorResultCode();
LocalizableMessage message =
ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE.get(getExceptionMessage(e));
throw new DirectoryException(resCode, message, e);
}
}
/** {@inheritDoc} */
@Override()
public void renameEntry(DN currentDN, Entry entry, ModifyDNOperation modifyDNOperation)
throws DirectoryException, CanceledOperationException {
checkDiskSpace(modifyDNOperation);
writerBegin();
EntryContainer currentContainer;
if (rootContainer != null) {
currentContainer = rootContainer.getEntryContainer(currentDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
EntryContainer container = rootContainer.getEntryContainer(entry.getDN());
if (currentContainer != container) {
// FIXME: No reason why we cannot implement a move between containers
// since the containers share the same database environment.
Message msg = WARN_JEB_FUNCTION_NOT_SUPPORTED.get();
throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, msg);
}
currentContainer.sharedLock.lock();
try {
currentContainer.renameEntry(currentDN, entry, modifyDNOperation);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
currentContainer.sharedLock.unlock();
writerEnd();
}
}
/** {@inheritDoc} */
public ConfigChangeResult applyConfigurationChange(LocalDBBackendCfg newCfg) {
ConfigChangeResult ccr;
ResultCode resultCode = ResultCode.SUCCESS;
ArrayList<Message> messages = new ArrayList<Message>();
try {
if (rootContainer != null) {
DN[] newBaseDNs = new DN[newCfg.getBaseDN().size()];
newBaseDNs = newCfg.getBaseDN().toArray(newBaseDNs);
// Check for changes to the base DNs.
for (DN baseDN : cfg.getBaseDN()) {
boolean found = false;
for (DN dn : newBaseDNs) {
if (dn.equals(baseDN)) {
found = true;
}
}
if (!found) {
// The base DN was deleted.
DirectoryServer.deregisterBaseDN(baseDN);
EntryContainer ec = rootContainer.unregisterEntryContainer(baseDN);
ec.close();
ec.delete();
}
}
for (DN baseDN : newBaseDNs) {
if (!rootContainer.getBaseDNs().contains(baseDN)) {
try {
// The base DN was added.
EntryContainer ec = rootContainer.openEntryContainer(baseDN, null);
rootContainer.registerEntryContainer(baseDN, ec);
DirectoryServer.registerBaseDN(baseDN, this, false);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
resultCode = DirectoryServer.getServerErrorResultCode();
messages.add(
ERR_BACKEND_CANNOT_REGISTER_BASEDN.get(
String.valueOf(baseDN), String.valueOf(e)));
ccr = new ConfigChangeResult(resultCode, false, messages);
return ccr;
}
}
}
baseDNs = newBaseDNs;
}
if (cfg.getDiskFullThreshold() != newCfg.getDiskFullThreshold()
|| cfg.getDiskLowThreshold() != newCfg.getDiskLowThreshold()) {
diskMonitor.setFullThreshold(newCfg.getDiskFullThreshold());
diskMonitor.setLowThreshold(newCfg.getDiskLowThreshold());
}
// Put the new configuration in place.
this.cfg = newCfg;
} catch (Exception e) {
messages.add(Message.raw(stackTraceToSingleLineString(e)));
ccr = new ConfigChangeResult(DirectoryServer.getServerErrorResultCode(), false, messages);
return ccr;
}
ccr = new ConfigChangeResult(resultCode, false, messages);
return ccr;
}
private DirectoryException newDirectoryException(Exception e) {
LocalizableMessage message = LocalizableMessage.raw(e.getMessage());
return new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
/**
* Rebuild index(es) in the backend instance. Note that the server will not explicitly initialize
* this backend before calling this method.
*
* @param rebuildConfig The rebuild configuration.
* @throws ConfigException If an unrecoverable problem arises during initialization.
* @throws InitializationException If a problem occurs during initialization that is not related
* to the server configuration.
* @throws DirectoryException If a Directory Server error occurs.
*/
public void rebuildBackend(RebuildConfig rebuildConfig)
throws InitializationException, ConfigException, DirectoryException {
// If the backend already has the root container open, we must use the same
// underlying root container
boolean openRootContainer = rootContainer == null;
/*
* If the rootContainer is open, the backend is initialized by something
* else. We can't do any rebuild of system indexes while others are using
* this backend.
*/
if (!openRootContainer && rebuildConfig.includesSystemIndex()) {
Message message = ERR_JEB_REBUILD_BACKEND_ONLINE.get();
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
try {
EnvironmentConfig envConfig;
if (openRootContainer) {
envConfig = new EnvironmentConfig();
envConfig.setAllowCreate(true);
envConfig.setTransactional(false);
envConfig.setDurability(Durability.COMMIT_NO_SYNC);
envConfig.setLockTimeout(0, TimeUnit.SECONDS);
envConfig.setTxnTimeout(0, TimeUnit.SECONDS);
envConfig.setConfigParam(
EnvironmentConfig.CLEANER_MIN_FILE_UTILIZATION,
String.valueOf(cfg.getDBCleanerMinUtilization()));
envConfig.setConfigParam(
EnvironmentConfig.LOG_FILE_MAX, String.valueOf(cfg.getDBLogFileMax()));
Importer importer = new Importer(rebuildConfig, cfg, envConfig);
rootContainer = initializeRootContainer(envConfig);
importer.rebuildIndexes(rootContainer);
} else {
envConfig = ConfigurableEnvironment.parseConfigEntry(cfg);
Importer importer = new Importer(rebuildConfig, cfg, envConfig);
importer.rebuildIndexes(rootContainer);
}
} catch (ExecutionException execEx) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, execEx);
}
Message message = ERR_EXECUTION_ERROR.get(execEx.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
} catch (InterruptedException intEx) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, intEx);
}
Message message = ERR_INTERRUPTED_ERROR.get(intEx.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), ce.getMessageObject());
} catch (JebException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), e.getMessageObject());
} catch (InitializationException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw new InitializationException(e.getMessageObject());
} finally {
// If a root container was opened in this method as read only, close it
// to leave the backend in the same state.
if (openRootContainer && rootContainer != null) {
try {
rootContainer.close();
rootContainer = null;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
}
/** {@inheritDoc} */
@Override
public LDIFImportResult importLDIF(
LDIFImportConfig importConfig, RootContainer rootContainer, ServerContext serverContext)
throws DirectoryException {
try {
ScheduledThreadPoolExecutor timerService = new ScheduledThreadPoolExecutor(1);
try {
final LDIFReader reader;
try {
reader = new LDIFReader(importConfig);
} catch (Exception e) {
LocalizableMessage m =
ERR_LDIF_BACKEND_CANNOT_CREATE_LDIF_READER.get(stackTraceToSingleLineString(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), m, e);
}
long importCount = 0;
final long startTime = System.currentTimeMillis();
timerService.scheduleAtFixedRate(
new ImportProgress(reader),
IMPORT_PROGRESS_INTERVAL,
IMPORT_PROGRESS_INTERVAL,
TimeUnit.MILLISECONDS);
while (true) {
final Entry entry;
try {
entry = reader.readEntry();
if (entry == null) {
break;
}
} catch (LDIFException le) {
if (!le.canContinueReading()) {
LocalizableMessage m =
ERR_LDIF_BACKEND_ERROR_READING_LDIF.get(stackTraceToSingleLineString(le));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), m, le);
}
continue;
}
final DN dn = entry.getName();
final EntryContainer ec = rootContainer.getEntryContainer(dn);
if (ec == null) {
final LocalizableMessage m = ERR_LDIF_SKIP.get(dn);
logger.error(m);
reader.rejectLastEntry(m);
continue;
}
try {
ec.addEntry(entry, null);
importCount++;
} catch (DirectoryException e) {
switch (e.getResultCode().asEnum()) {
case ENTRY_ALREADY_EXISTS:
if (importConfig.replaceExistingEntries()) {
final Entry oldEntry = ec.getEntry(entry.getName());
ec.replaceEntry(oldEntry, entry, null);
} else {
reader.rejectLastEntry(WARN_IMPORT_ENTRY_EXISTS.get());
}
break;
case NO_SUCH_OBJECT:
reader.rejectLastEntry(ERR_IMPORT_PARENT_NOT_FOUND.get(dn.parent()));
break;
default:
// Not sure why it failed.
reader.rejectLastEntry(e.getMessageObject());
break;
}
}
}
final long finishTime = System.currentTimeMillis();
waitForShutdown(timerService);
final long importTime = finishTime - startTime;
float rate = 0;
if (importTime > 0) {
rate = 1000f * reader.getEntriesRead() / importTime;
}
logger.info(
NOTE_IMPORT_FINAL_STATUS,
reader.getEntriesRead(),
importCount,
reader.getEntriesIgnored(),
reader.getEntriesRejected(),
0,
importTime / 1000,
rate);
return new LDIFImportResult(
reader.getEntriesRead(), reader.getEntriesRejected(), reader.getEntriesIgnored());
} finally {
rootContainer.close();
// if not already stopped, then stop it
waitForShutdown(timerService);
}
} catch (DirectoryException e) {
logger.traceException(e);
throw e;
} catch (OpenDsException e) {
logger.traceException(e);
throw new DirectoryException(getServerErrorResultCode(), e.getMessageObject());
} catch (Exception e) {
logger.traceException(e);
throw new DirectoryException(
getServerErrorResultCode(), LocalizableMessage.raw(e.getMessage()));
}
}
/**
* Generates an entry for a backup based on the provided DN. The DN must have an RDN component
* that specifies the backup ID, and the parent DN must have an RDN component that specifies the
* backup directory.
*
* @param entryDN The DN of the backup entry to retrieve.
* @return The requested backup entry.
* @throws DirectoryException If the specified backup does not exist or is invalid.
*/
private Entry getBackupEntry(DN entryDN) throws DirectoryException {
// First, get the backup ID from the entry DN.
AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true);
AttributeValue idValue = entryDN.getRDN().getAttributeValue(idType);
if (idValue == null) {
Message message = ERR_BACKUP_NO_BACKUP_ID_IN_DN.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
String backupID = idValue.getValue().toString();
// Next, get the backup directory from the parent DN.
DN parentDN = entryDN.getParentDNInSuffix();
if (parentDN == null) {
Message message = ERR_BACKUP_NO_BACKUP_PARENT_DN.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true);
AttributeValue v = parentDN.getRDN().getAttributeValue(t);
if (v == null) {
Message message = ERR_BACKUP_NO_BACKUP_DIR_IN_DN.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
BackupDirectory backupDirectory;
try {
backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
Message message =
ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessageObject());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
BackupInfo backupInfo = backupDirectory.getBackupInfo(backupID);
if (backupInfo == null) {
Message message = ERR_BACKUP_NO_SUCH_BACKUP.get(backupID, backupDirectory.getPath());
throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, parentDN, null);
}
// Construct the backup entry to return.
LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(3);
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ObjectClass oc = DirectoryServer.getObjectClass(OC_BACKUP_INFO, true);
ocMap.put(oc, OC_BACKUP_INFO);
oc = DirectoryServer.getObjectClass(OC_EXTENSIBLE_OBJECT_LC, true);
ocMap.put(oc, OC_EXTENSIBLE_OBJECT);
LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(0);
LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>();
ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(idType, idValue));
userAttrs.put(idType, attrList);
backupInfo.getBackupDirectory();
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, v));
userAttrs.put(t, attrList);
Date backupDate = backupInfo.getBackupDate();
if (backupDate != null) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_DATE, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(
t, AttributeValues.create(t, GeneralizedTimeSyntax.format(backupDate))));
userAttrs.put(t, attrList);
}
t = DirectoryServer.getAttributeType(ATTR_BACKUP_COMPRESSED, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isCompressed())));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_ENCRYPTED, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isEncrypted())));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_INCREMENTAL, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isIncremental())));
userAttrs.put(t, attrList);
HashSet<String> dependencies = backupInfo.getDependencies();
if (dependencies != null && !dependencies.isEmpty()) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_DEPENDENCY, true);
AttributeBuilder builder = new AttributeBuilder(t);
for (String s : dependencies) {
builder.add(AttributeValues.create(t, s));
}
attrList = new ArrayList<Attribute>(1);
attrList.add(builder.toAttribute());
userAttrs.put(t, attrList);
}
byte[] signedHash = backupInfo.getSignedHash();
if (signedHash != null) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_SIGNED_HASH, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, AttributeValues.create(t, ByteString.wrap(signedHash))));
userAttrs.put(t, attrList);
}
byte[] unsignedHash = backupInfo.getUnsignedHash();
if (unsignedHash != null) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_UNSIGNED_HASH, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, AttributeValues.create(t, ByteString.wrap(unsignedHash))));
userAttrs.put(t, attrList);
}
HashMap<String, String> properties = backupInfo.getBackupProperties();
if (properties != null && !properties.isEmpty()) {
for (Map.Entry<String, String> e : properties.entrySet()) {
t = DirectoryServer.getAttributeType(toLowerCase(e.getKey()), true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, AttributeValues.create(t, e.getValue())));
userAttrs.put(t, attrList);
}
}
Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs);
e.processVirtualAttributes();
return e;
}
/** {@inheritDoc} */
@Override()
public void exportLDIF(LDIFExportConfig exportConfig) throws DirectoryException {
// If the backend already has the root container open, we must use the same
// underlying root container
boolean openRootContainer = rootContainer == null;
try {
if (openRootContainer) {
EnvironmentConfig envConfig = ConfigurableEnvironment.parseConfigEntry(cfg);
envConfig.setReadOnly(true);
envConfig.setAllowCreate(false);
envConfig.setTransactional(false);
envConfig.setConfigParam("je.env.isLocking", "true");
envConfig.setConfigParam("je.env.runCheckpointer", "true");
rootContainer = initializeRootContainer(envConfig);
}
ExportJob exportJob = new ExportJob(exportConfig);
exportJob.exportLDIF(rootContainer);
} catch (IOException ioe) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ioe);
}
Message message = ERR_JEB_EXPORT_IO_ERROR.get(ioe.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
} catch (JebException je) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, je);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), je.getMessageObject());
} catch (DatabaseException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
throw createDirectoryException(de);
} catch (LDIFException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), e.getMessageObject());
} catch (InitializationException ie) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ie);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), ie.getMessageObject());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), ce.getMessageObject());
} finally {
// If a root container was opened in this method as read only, close it
// to leave the backend in the same state.
if (openRootContainer && rootContainer != null) {
try {
rootContainer.close();
rootContainer = null;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
}
private void processSearch(BooleanHolder executePostOpPlugins) throws CanceledOperationException {
// Process the search base and filter to convert them from their raw forms
// as provided by the client to the forms required for the rest of the
// search processing.
baseDN = getBaseDN();
filter = getFilter();
if (baseDN == null || filter == null) {
return;
}
// Check to see if there are any controls in the request. If so, then
// see if there is any special processing required.
try {
handleRequestControls();
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
setResponseData(de);
return;
}
// Check to see if the client has permission to perform the
// search.
// FIXME: for now assume that this will check all permission
// pertinent to the operation. This includes proxy authorization
// and any other controls specified.
try {
if (!AccessControlConfigManager.getInstance().getAccessControlHandler().isAllowed(this)) {
setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
appendErrorMessage(ERR_SEARCH_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(String.valueOf(baseDN)));
return;
}
} catch (DirectoryException e) {
setResultCode(e.getResultCode());
appendErrorMessage(e.getMessageObject());
return;
}
// Check for a request to cancel this operation.
checkIfCanceled(false);
// Invoke the pre-operation search plugins.
executePostOpPlugins.value = true;
PluginResult.PreOperation preOpResult =
DirectoryServer.getPluginConfigManager().invokePreOperationSearchPlugins(this);
if (!preOpResult.continueProcessing()) {
setResultCode(preOpResult.getResultCode());
appendErrorMessage(preOpResult.getErrorMessage());
setMatchedDN(preOpResult.getMatchedDN());
setReferralURLs(preOpResult.getReferralURLs());
return;
}
// Check for a request to cancel this operation.
checkIfCanceled(false);
// Get the backend that should hold the search base. If there is none,
// then fail.
if (backend == null) {
setResultCode(ResultCode.NO_SUCH_OBJECT);
appendErrorMessage(ERR_SEARCH_BASE_DOESNT_EXIST.get(String.valueOf(baseDN)));
return;
}
// We'll set the result code to "success". If a problem occurs, then it
// will be overwritten.
setResultCode(ResultCode.SUCCESS);
try {
// If there's a persistent search, then register it with the server.
boolean processSearchNow = true;
if (persistentSearch != null) {
// If we're only interested in changes, then we do not actually want
// to process the search now.
processSearchNow = !persistentSearch.isChangesOnly();
// The Core server maintains the count of concurrent persistent searches
// so that all the backends (Remote and Local) are aware of it. Verify
// with the core if we have already reached the threshold.
if (!DirectoryServer.allowNewPersistentSearch()) {
setResultCode(ResultCode.ADMIN_LIMIT_EXCEEDED);
appendErrorMessage(ERR_MAX_PSEARCH_LIMIT_EXCEEDED.get());
return;
}
backend.registerPersistentSearch(persistentSearch);
persistentSearch.enable();
}
if (processSearchNow) {
// Process the search in the backend and all its subordinates.
backend.search(this);
}
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.VERBOSE, de);
}
setResponseData(de);
if (persistentSearch != null) {
persistentSearch.cancel();
setSendResponse(true);
}
return;
} catch (CanceledOperationException coe) {
if (persistentSearch != null) {
persistentSearch.cancel();
setSendResponse(true);
}
throw coe;
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
setResultCode(DirectoryServer.getServerErrorResultCode());
appendErrorMessage(ERR_SEARCH_BACKEND_EXCEPTION.get(getExceptionMessage(e)));
if (persistentSearch != null) {
persistentSearch.cancel();
setSendResponse(true);
}
}
}
/** {@inheritDoc} */
@Override()
public LDIFImportResult importLDIF(LDIFImportConfig importConfig) throws DirectoryException {
RuntimeInformation.logInfo();
// If the backend already has the root container open, we must use the same
// underlying root container
boolean openRootContainer = rootContainer == null;
// If the rootContainer is open, the backend is initialized by something
// else.
// We can't do import while the backend is online.
if (!openRootContainer) {
Message message = ERR_JEB_IMPORT_BACKEND_ONLINE.get();
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
try {
EnvironmentConfig envConfig = new EnvironmentConfig();
envConfig.setAllowCreate(true);
envConfig.setTransactional(false);
envConfig.setDurability(Durability.COMMIT_NO_SYNC);
envConfig.setLockTimeout(0, TimeUnit.SECONDS);
envConfig.setTxnTimeout(0, TimeUnit.SECONDS);
envConfig.setConfigParam(
EnvironmentConfig.CLEANER_MIN_FILE_UTILIZATION,
String.valueOf(cfg.getDBCleanerMinUtilization()));
envConfig.setConfigParam(
EnvironmentConfig.LOG_FILE_MAX, String.valueOf(cfg.getDBLogFileMax()));
if (!importConfig.appendToExistingData()) {
if (importConfig.clearBackend() || cfg.getBaseDN().size() <= 1) {
// We have the writer lock on the environment, now delete the
// environment and re-open it. Only do this when we are
// importing to all the base DNs in the backend or if the backend only
// have one base DN.
File parentDirectory = getFileForPath(cfg.getDBDirectory());
File backendDirectory = new File(parentDirectory, cfg.getBackendId());
// If the backend does not exist the import will create it.
if (backendDirectory.exists()) {
EnvManager.removeFiles(backendDirectory.getPath());
}
}
}
Importer importer = new Importer(importConfig, cfg, envConfig);
rootContainer = initializeRootContainer(envConfig);
return importer.processImport(rootContainer);
} catch (ExecutionException execEx) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, execEx);
}
if (execEx.getCause() instanceof DirectoryException) {
throw ((DirectoryException) execEx.getCause());
} else {
Message message = ERR_EXECUTION_ERROR.get(execEx.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
} catch (InterruptedException intEx) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, intEx);
}
Message message = ERR_INTERRUPTED_ERROR.get(intEx.getMessage());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
} catch (JebException je) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, je);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), je.getMessageObject());
} catch (InitializationException ie) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ie);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), ie.getMessageObject());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), ce.getMessageObject());
} finally {
// leave the backend in the same state.
try {
if (rootContainer != null) {
long startTime = System.currentTimeMillis();
rootContainer.close();
long finishTime = System.currentTimeMillis();
long closeTime = (finishTime - startTime) / 1000;
Message msg = NOTE_JEB_IMPORT_LDIF_ROOTCONTAINER_CLOSE.get(closeTime);
logError(msg);
rootContainer = null;
}
// Sync the environment to disk.
if (debugEnabled()) {
Message message = NOTE_JEB_IMPORT_CLOSING_DATABASE.get();
TRACER.debugInfo(message.toString());
}
} catch (DatabaseException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
}
}
}