inspect keystore entries for matching client certificate
lookup the correct property for keystore file
drop old identifier when upgrading from 1.9.5 to 2.0.0
use HttpClient to set up SSL connection when doing replication calls -- this will use the server's configured certificate as the client certificate on the request. The server it is calling can then inspect that certificate and decide whether or not it trusts the caller.
check client-provided certificate when servicing ReplicationServlet requests.
Add updateReplicationMetadata() to the CN service implementation. This was missing from the API, and likely never called. It fully replaces the given replica item in the list of replicas in system metadata.
getReplica() should log replication events as DataONE Types.Event.replicate (vs 'getreplica')
Minor indentation cleanup.
Modify isAuthorized() to get the most up to date system metadata from the hzSystemMetadata map.
Add a placeholder setAccessPolicy() method in MNodeService that throws NotImplemented since this method is being deprecated. Note: need to confirm that this shouldn't be calling D1Client.getCN().setAccessPolicy().
Update getSystemMetadata() to lock(); get(); unlock() to ensure we have the latest version of system metadata from the hzSystemMetadata map. Remove the setAccessPolicy() method since it is being deprecated in the MNAuthorization API.change insertSystemMetadata() to use a finer grained Date object on insertion. Locking of the pid happens in the subclass prior to the insert.
Add setAccessPolicy() to CNodeService since the CN should only make changes to access policies for objects registered with the D1 system. Increment the serial version after locling and getting the most up to fdate system metadata. Note: CCIT meeting decision says the serial version of the system metadata (during the change) should equal the current serial version, but setAccessPolicy() does not pass in the entire system metadata object, so there's no way to check. For now, increment the latest system metadata from the hzSystemMetadata map.
In CNodeService, separate the CN.create() functionality from the MN.create() functionality while still using the superclass to call create(). Deal with Hazelcast locks and setting serial versions only in the CN implementation.
Change updateSystemMetadata() to evaluate the incoming system metadata serial version against that found in the hzSystemMetadata map. If they are the same, do the update. If not, throw an InvalidRequest explaining that they need the most current version.
Modify CNodeService's registerSystemMetadata() with support for SystemMetadata's serialVersion field. Also, use the hzSystemMetadata map for all system metadata reads using a lock on the pid in order to get the very latest version. This affected isNodeAuthorized(), getChecksum(), and assertRelation(). Since we're using Hazelcast, exceptions are masked as RuntimeException, so throw a ServiceFailure with the underlying message.
Modify CNodeService's updateSystemMetadata(), setReplicationStatus(), setReplicationPolicy(), and setOwner() with support for SystemMetadata's serialVersion field. Other methods still pending an update. Use the hzSystemMetadata map for all system metadata reads using a lock on the pid in order to get the very latest version.
SystemMetadataManager's functionality is handled by IdentifierManager. Removing it and it's test.
MetadataTypeRegister is now replaced by ObjectFormatService. Removing it and it's test.
include clearer error message when UPDATE action is requested on a replicated document and we fail to successfully get a lock from the source Metacat serverhttp://bugzilla.ecoinformatics.org/show_bug.cgi?id=4907
move the DataONE 1.0.0-SNAPSHOT
correctly check for missing config values during geoserver configuration
remove reference to tomcat5.5 in favor of tomcat6. including the "custom" start up script that used the sun jdk -- this can be configured rather than coded into the script.
Configure and use CertificateManager in order to act as the MN when performing replicate() and getReplica() mthods.
use logging, not system.out
change upgrade scripts/routines to use 2.0.0 version number instead of 1.10.0
make sure we close the prepared statement always
The incoming source node param is just a string, not XML, so don't attempt to deserialize it. Rather, just make a new NodeReference object and set it's value to the value of the incoming param.
add User-Agent logging to support D1 requirements
remove old RestServlet handler -- not used now
Add debugging output to MNodeService.
use default fmtid if we can't find the user-supplied data mime type in our list
including newer d1 libclient that uses Foresite (and Jena) to construct/parse ORE resource maps for DataONE
delete the xml access rules by either docid or guid to make sure we have the most up to date information
Fix a data-typing issue when pulling replicationAllowed from postgres. Use getBoolean(), not getString().
cleaned up to use for populating a DataONE MN using the D1 api. Retrieves packages from a Metacat and generates system metadata for them before calling MN.create() for both data and metadata.NOTE: you need a client certificate that the target server accepts (either DataONE-generated for testing or a CILogon one for more official use). I was only able to get the former certificate type to work with our existing MN servers
IdentifierManager.getSystemMetadata() was missing the number_replicas and replication_allowed fields when building a ReplicationPolicy section of a SystemMetadata document being returned. Add in these two attributes.
update D1 jars to include recent SubjectList -> SubjectInfo refactoring and the SUBJECT_PUBLIC constant
include SystemMetadata when replicating data and metadata documents -- this allows us to establish the guid-to-docid mapping that is crucial for being able to read the replicated document by guid (d1 api)
throw InvalidToken when the Session parameter is null for create()https://redmine.dataone.org/issues/1850
Once a CN calls replicate() on an MN, the MN needs to call getReplica() on the source MN (not get()). Once the bytes are retrieved, the MN must then call back to the CN with setReplicationStatus() to indicate that the replication status is complete. Modify MNodeService to do so.
Bug fix for access control rules coming in from the dataone system metadata. Previously, the code used getLocalId() to get the docid to insert into the XML access table, but that docid included the revision number (e.g., foo.1.1), which it shouldn't. Now use the AccessionNumber class to strip off the rev to get a real docid for insertion into the table.
allow the XML namespace to be given in both double and single quotes. The regex pattern was only looking for xmlns values that were in double quotes. This was brought to light by LTER:http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5497
set date uploaded and date system metadata updated date to current time when calling MN.create() and MN.update()
do not allow system metadata to have obsoletes or obsoletedBy fields when calling the create() method -- these are only allowed for updates so that we do not subvert object versioning by [un]knowingly submitting system metadata that directs one id to another.
set the originating member node on update()
set the originating member node on create()
-use whatever object format id is stored in the DB-only set originating node and authoritative node if we have non-null values for them
set sysmeta submitter based on the subject given in the certificate
skip Objects that have null format ids are invalid checksums
MN.setAccess() is a PUT
correctly handle incoming "accessPolicy" parameters for the setAccess() method
swap the parameters for update: existing pid should be first, and then newPid
Modified cron schedule to fix the incorrect crontab entry.
do not require ID reservation before create() or update()
use "action" parameter instead of "permission"
catch datapackage parsing errors as before
include checksum algorithm when setting describehttps://redmine.dataone.org/issues/1799
check for null session before logging sync failedhttps://redmine.dataone.org/issues/1798
use Settings augmentation to customize the D1Client.CN_URL when used in a Metacat deployment.
correctly implement MN.describehttps://redmine.dataone.org/issues/1799
return Node not NodeList for getCapabilitieshttps://redmine.dataone.org/issues/1800
Use setProperty() instead of addProperty() to properly override the Settings property.
Modify to set the CN URL before getting a CN instance.
Pull the certificate path for dataone certificates from the metacat properties file.
return null instead of throwing an exception when pid is not found in store
log errors on create() and registerSM
more stringent NP checking when saving replication policy
Register as a MN on the DataONE network as part of the properties setup. This is currently done always, but it needs to be conditional rather than automatically triggered.
Added subject field to getCapabilities() call.
comment out resynch() method until errors are resolved
use default hazelcast config when not configured to use an external one
Don't use the hzNodes map yet (as a hazelcast client). Use D1Client instead to get the node list in isNodeAuthorized().
For now, remove the hzClient code connecting to the DataONE process cluster to get the hzNodes map. This will be moved into the storage cluster, but use D1Client to get the node list for now.
going back to using IDentifier as the key for the ObjectPAthMap.
Fix getCapabilities to properly throw ServiceFailure when properties can not be read, rather than failing with a log message. Fix properties in the Node object to reflect their correct values. Set the sync schedule properly to default to 5 minute intervals. Improve documentation.
Reformatted to correct indentation to make class readable.
newer d1 jars -- contains CN.isNodeAuthorized() method
collect "message" param from multipart request for MN.synchronizationFailed method
Reverting previous @Overrides chanrge from r6470, as that is the desiredbehavior under Java 1.6 -- previous versions of Java (e.g., 1.5) will notcomile with this usage of the @Overrides annotation, but the currentlysupported version will. So reverting to the 1.6 convention.
Removing incorrect @Override annotations that were preventing compilation. The methods marked did not actually override a method in the superclass, so they were not compiling. I think @Overrides was being mistaken for methods that implement an interface but aren't actually in the superclass.
use d1_common_java's date serialization utility for parsing parameters
catch runtime exceptions that arise from hazelcast storage errors in the system metadata map
Lock the system metadata entry in hzSystemMetadata when calling setReplicationPolicy().
Lock the system metadata entry in hzSystemMetadata when calling registerSystemMetadata().
Remove references to CNReplicationTask.
Remove the CNReplicationTask (for now). We will be using Metacat's ForceReplicationHandler to replicate science metadata across CNs, and may explore the use of a 100% evicted hzScienceMetadata map. Either way, the distributed task design won't be needed. When a dropped CN comes back online, we'll catch it up based on last modified dates for PIDs in the hzSystemMetadata map.
Change isNodeAuthorized() to query the hzSystemMetadata map rather than the hzPendingreplicationTasks map. The latter isn't needed for authorization since the ReplicationStatus for each Replica in SystemMetadata lists the status of the replica and can be queried.
Add getNodesMap() to return the hzNodes map from the process cluster. Remove getPendingReplicationTasks since that structure is being removed. Add minor documentation.
only include 0.6.4 schemas for D1. Will also need to update this when we release whatever v1 ends up being.
lookup latest system metadata update date for use in synchronizing CN-CN when an offline nodes comes back online
changed the key type from Identifier to String for ObjectPathMap. (need a Comparable key).
rework this to be MN->MN replication. Should be fleshed out more.
throw RuntimeExceptions when store() methods throw declared exceptions -- we want callers to put() to be alerted if there are errors.
move CNReplicationTask to the hazelcast package
do not throw exception when checking for system metadata - boolean return is good.use ReplicationStatus.valueOf() instead of convert()
implicit success for setting accessPolicy - trust that the MapStore persists the updated system metadata
check if system metadata exists rather than just the id mapping (before creating the entry)
treat access rules atomically - do not group them together otherwise the intent is subverted