Changes

Jump to: navigation, search

NSS Shared DB

1,431 bytes added, 01:07, 26 January 2008
Database Upgrade
In the shared database design, upgrade is no longer mandatory. Applications
may choose to remain using continue to use the old DBM database, update to using use the new shared database from old DBM databases, or update and merge your old DBM database into a new location shared by multiple apps. There is still a desire for this update to be automatic, at least as far as the application user is concerned. The following design manages this updatedescribe how applications .
To understand the issues of migration to the Shareable Database version of NSS from the traditional (legacy) versions, we group applications that use the new version of NSS into three 'modes' of operation, and into two types for a total of five valid combinations (Mode 1 B is not valid)..
First, Mode three applications need to call NSS_InitWithMerge(). This call includes extra parameters needed by NSS to help automatically determine if an update/merge is necessary, and how to accomplish it.
==== Database Upgrade Underlying Implementation ====
=====Upgrade complications=====
In Mode 1, NSS never needs to do an update or a merge.
Flow chart State machine of NSS update actions for Mode 31NSS initializeNSS_Initialize
|
V
the old database on future opens until the update succeeds.
Flow chart State machine of NSS update actions for Mode 2: NSS initializeNSS_Initialize
|
V
open shared DB
|
| V
| < is password > no
| < supplied? >-------> donestate= 'not updated' ----> return
| |
+--------------+
V
update (and use) shared DB
|
V
V
done
------------------------------------------ PK11_Authenticate | V < is password > no < supplied? >-------> return | V < is state > no < 'not updated'? >-------> return | V update (and use) shared DB | V close legacy DB | V done  
In Mode 3, the new database may or may not be initialized. For the first mode 3
Flow chart of NSS update actions for Mode 3:
Start NSS_Initialize
|
V
V
no < does legacy DB >
+-------< have a password? > | | yes | V | no < does legacy DB > +-------< have any private > | < or secret keys? >
| | yes
| V
| until password
| is supplied
| | | V | < is password > no | < supplied? >+-------------state = "not updated"----> exception Areturn | |
+--------------+
V
| | yes
| V
| use legacy DB | until password | is supplied | +----------- state = "has legacy pwd" --- return | +--------------+ V update/merge shared DB | V close legacy DB | V done ---------------------------------------------------------------  PK11_Authenticate | V < yes is password > no < does shared DB's supplied? >-------> return | V"has legacy pw" < > other +------------< switch state >--------> done | < > | | "not updated" | | | < store password match > | < state = "has legacy DB's PW? pw" > | | no | V | get no < does shared DB > | +-----------< have a password? > | |yes | V | yes < does shared DB's > +------------< password match is password > no | < suppliedlegacy DB's PW? > | | no | +-------> exception B---- state = "has legacy pwd" --- return | |
+--------------+
V
V
done
 
 
 
exception A. Application needs to decide what happens if the legacy password
439
edits

Navigation menu