UI to change the encryption key

[avernet]

Currently, Form Runner doesn't provide an easy way to change the encryption key after data has been encrypted.

As a workaround, for a given form, one could in Form Builder mark all fields as non-encrypted, re-encrypt (so no fields are encrypted in the database), change the password, change the form definitions again in Form Builder to mark fields as encrypted, and do a final re-encryption. But of course, this procedure is quite inconvenient, to say the least.

[ebruchez]

Following #3525.

[avernet]

• UX
  • Set oxf.fr.field-encryption.password.read-fallback to oxf.fr.field-encryption.password
  • Set oxf.fr.field-encryption.password to new password
  • Click on reencrypt in Forms Admin, no change to the existing UI

[avernet]

• Add support for If-Unmodified-Since to the PUT operation
  • This creates an atomic operation that only stores the document if it hasn't been updated after the specified time
  • The atomicity is similar to that introduced by Create-If: search-empty for More robust Singleton form constraint checking #6902
  • On failure, use 412 Precondition Failed
• When re-encrypting, Orbeon Forms will:
  1. Read the data and note the Last-Modified
  2. When performing the PUT, provide that value as If-Unmodified-Since
  3. If the PUT fails, it means someone else saved the data after it was read, so start over from the first step
• Improvement: use ETags
  • The GET returns a header ETag: "686897696a7c876b7e"
  • The PUT adds a header If-Match: "686897696a7c876b7e"
• All the above headers are part of HTTP/1.1