mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliParser.java
@@ -27,7 +27,6 @@ package org.opends.server.admin.client.cli; import static org.opends.server.admin.client.cli.DsFrameworkCliReturnCode.*; import static org.opends.server.loggers.debug.DebugLogger.debugEnabled; import static org.opends.server.loggers.debug.DebugLogger.getTracer; import static org.opends.messages.ToolMessages.*; @@ -37,33 +36,23 @@ import static org.opends.server.util.ServerConstants.MAX_LINE_WIDTH; import static org.opends.server.util.StaticUtils.wrapText; import java.io.FileInputStream; import java.io.IOException; import java.io.OutputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; import java.util.LinkedHashSet; import java.util.logging.Level; import java.util.logging.Logger; import javax.net.ssl.KeyManager; import org.opends.admin.ads.util.ApplicationKeyManager; import org.opends.admin.ads.util.ApplicationTrustManager; import org.opends.server.loggers.debug.DebugTracer; import org.opends.server.types.DebugLogLevel; import org.opends.server.util.PasswordReader; import org.opends.server.util.SelectableCertificateKeyManager; import org.opends.server.util.args.Argument; import org.opends.server.util.args.ArgumentException; import org.opends.server.util.args.BooleanArgument; import org.opends.server.util.args.FileBasedArgument; import org.opends.server.util.args.IntegerArgument; import org.opends.server.util.args.StringArgument; import org.opends.server.util.args.SubCommandArgumentParser; @@ -82,87 +71,14 @@ protected BooleanArgument showUsageArg = null; /** * The 'hostName' global argument. */ protected StringArgument hostNameArg = null; /** * The 'port' global argument. */ protected IntegerArgument portArg = null; /** * The 'binDN' global argument. */ protected StringArgument bindDnArg = null; /** * The 'bindPasswordFile' global argument. */ protected FileBasedArgument bindPasswordFileArg = null; /** * The 'bindPassword' global argument. */ protected StringArgument bindPasswordArg = null; /** * The 'verbose' global argument. */ protected BooleanArgument verboseArg = null; /** * The 'trustAllArg' global argument. * The secure args list object. */ protected BooleanArgument trustAllArg = null; /** * The 'trustStore' global argument. */ protected StringArgument trustStorePathArg = null; /** * The 'trustStorePassword' global argument. */ protected StringArgument trustStorePasswordArg = null; /** * The 'trustStorePasswordFile' global argument. */ protected FileBasedArgument trustStorePasswordFileArg = null; /** * The 'keyStore' global argument. */ protected StringArgument keyStorePathArg = null; /** * The 'keyStorePassword' global argument. */ protected StringArgument keyStorePasswordArg = null; /** * The 'keyStorePasswordFile' global argument. */ protected FileBasedArgument keyStorePasswordFileArg = null; /** * The 'certNicknameArg' global argument. */ protected StringArgument certNicknameArg = null; /** * The 'useSSLArg' global argument. */ protected BooleanArgument useSSLArg = null; /** * The 'useStartTLSArg' global argument. */ protected BooleanArgument useStartTLSArg = null; // the trust manager. private ApplicationTrustManager trustManager; protected SecureConnectionCliArgs secureArgsList ; /** * The tracer object for the debug logger. @@ -208,14 +124,7 @@ */ public String getBindDN() { if (bindDnArg.isPresent()) { return bindDnArg.getValue(); } else { return bindDnArg.getDefaultValue(); } return secureArgsList.getBindDN(); } /** @@ -322,7 +231,8 @@ */ public String getBindPassword(String dn, OutputStream out, OutputStream err) { return getBindPassword(dn, out, err, bindPasswordArg, bindPasswordFileArg); return getBindPassword(dn, out, err, secureArgsList.bindPasswordArg, secureArgsList.bindPasswordFileArg); } /** @@ -365,7 +275,8 @@ */ public String getBindPassword() { return getBindPassword(bindPasswordArg, bindPasswordFileArg); return getBindPassword(secureArgsList.bindPasswordArg, secureArgsList.bindPasswordFileArg); } /** @@ -382,94 +293,14 @@ OutputStream outStream) throws ArgumentException { LinkedHashSet<Argument> set = new LinkedHashSet<Argument>(); secureArgsList = new SecureConnectionCliArgs(); LinkedHashSet<Argument> set = secureArgsList.createGlobalArguments(); showUsageArg = new BooleanArgument("showUsage", OPTION_SHORT_HELP, OPTION_LONG_HELP, INFO_DESCRIPTION_SHOWUSAGE.get()); setUsageArgument(showUsageArg, outStream); set.add(showUsageArg); useSSLArg = new BooleanArgument("useSSL", OPTION_SHORT_USE_SSL, OPTION_LONG_USE_SSL, INFO_DESCRIPTION_USE_SSL.get()); set.add(useSSLArg); useStartTLSArg = new BooleanArgument("startTLS", OPTION_SHORT_START_TLS, OPTION_LONG_START_TLS, INFO_DESCRIPTION_START_TLS.get()); set.add(useStartTLSArg); hostNameArg = new StringArgument("host", OPTION_SHORT_HOST, OPTION_LONG_HOST, false, false, true, OPTION_VALUE_HOST, "localhost", null, INFO_DESCRIPTION_HOST.get()); set.add(hostNameArg); portArg = new IntegerArgument("port", OPTION_SHORT_PORT, OPTION_LONG_PORT, false, false, true, OPTION_VALUE_PORT, 389, null, INFO_DESCRIPTION_PORT.get()); set.add(portArg); bindDnArg = new StringArgument("bindDN", OPTION_SHORT_BINDDN, OPTION_LONG_BINDDN, false, false, true, OPTION_VALUE_BINDDN, "cn=Directory Manager", null, INFO_DESCRIPTION_BINDDN.get()); set.add(bindDnArg); bindPasswordArg = new StringArgument("bindPassword", OPTION_SHORT_BINDPWD, OPTION_LONG_BINDPWD, false, false, true, OPTION_VALUE_BINDPWD, null, null, INFO_DESCRIPTION_BINDPASSWORD.get()); set.add(bindPasswordArg); bindPasswordFileArg = new FileBasedArgument("bindPasswordFile", OPTION_SHORT_BINDPWD_FILE, OPTION_LONG_BINDPWD_FILE, false, false, OPTION_VALUE_BINDPWD_FILE, null, null, INFO_DESCRIPTION_BINDPASSWORDFILE.get()); set.add(bindPasswordFileArg); trustAllArg = new BooleanArgument("trustAll", OPTION_SHORT_TRUSTALL, OPTION_LONG_TRUSTALL, INFO_DESCRIPTION_TRUSTALL.get()); set.add(trustAllArg); trustStorePathArg = new StringArgument("trustStorePath", OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false, false, true, OPTION_VALUE_TRUSTSTOREPATH, null, null, INFO_DESCRIPTION_TRUSTSTOREPATH.get()); set.add(trustStorePathArg); trustStorePasswordArg = new StringArgument("trustStorePassword", OPTION_SHORT_TRUSTSTORE_PWD, OPTION_LONG_TRUSTSTORE_PWD, false, false, true, OPTION_VALUE_TRUSTSTORE_PWD, null, null, INFO_DESCRIPTION_TRUSTSTOREPASSWORD.get()); set.add(trustStorePasswordArg); trustStorePasswordFileArg = new FileBasedArgument("trustStorePasswordFile", OPTION_SHORT_TRUSTSTORE_PWD_FILE, OPTION_LONG_TRUSTSTORE_PWD_FILE, false, false, OPTION_VALUE_TRUSTSTORE_PWD_FILE, null, null, INFO_DESCRIPTION_TRUSTSTOREPASSWORD_FILE.get()); set.add(trustStorePasswordFileArg); keyStorePathArg = new StringArgument("keyStorePath", OPTION_SHORT_KEYSTOREPATH, OPTION_LONG_KEYSTOREPATH, false, false, true, OPTION_VALUE_KEYSTOREPATH, null, null, INFO_DESCRIPTION_KEYSTOREPATH.get()); set.add(keyStorePathArg); keyStorePasswordArg = new StringArgument("keyStorePassword", OPTION_SHORT_KEYSTORE_PWD, OPTION_LONG_KEYSTORE_PWD, false, false, true, OPTION_VALUE_KEYSTORE_PWD, null, null, INFO_DESCRIPTION_KEYSTOREPASSWORD.get()); set.add(keyStorePasswordArg); keyStorePasswordFileArg = new FileBasedArgument("keystorePasswordFile", OPTION_SHORT_KEYSTORE_PWD_FILE, OPTION_LONG_KEYSTORE_PWD_FILE, false, false, OPTION_VALUE_KEYSTORE_PWD_FILE, null, null, INFO_DESCRIPTION_KEYSTOREPASSWORD_FILE.get()); set.add(keyStorePasswordFileArg); certNicknameArg = new StringArgument("certNickname", OPTION_SHORT_CERT_NICKNAME, OPTION_LONG_CERT_NICKNAME, false, false, true, OPTION_VALUE_CERT_NICKNAME, null, null, INFO_DESCRIPTION_CERT_NICKNAME.get()); set.add(certNicknameArg); verboseArg = new BooleanArgument("verbose", OPTION_SHORT_VERBOSE, OPTION_LONG_VERBOSE, INFO_DESCRIPTION_VERBOSE.get()); set.add(verboseArg); @@ -500,14 +331,7 @@ */ public String getHostName() { if (hostNameArg.isPresent()) { return hostNameArg.getValue(); } else { return hostNameArg.getDefaultValue(); } return secureArgsList.getHostName(); } /** @@ -518,14 +342,7 @@ */ public String getPort() { if (portArg.isPresent()) { return portArg.getValue(); } else { return portArg.getDefaultValue(); } return secureArgsList.getPort(); } /** @@ -536,70 +353,7 @@ */ public int validateGlobalOptions(MessageBuilder buf) { ArrayList<Message> errors = new ArrayList<Message>(); // Couldn't have at the same time bindPassword and bindPasswordFile if (bindPasswordArg.isPresent() && bindPasswordFileArg.isPresent()) { Message message = ERR_TOOL_CONFLICTING_ARGS.get( bindPasswordArg.getLongIdentifier(), bindPasswordFileArg.getLongIdentifier()); errors.add(message); } // Couldn't have at the same time trustAll and // trustStore related arg if (trustAllArg.isPresent() && trustStorePathArg.isPresent()) { Message message = ERR_TOOL_CONFLICTING_ARGS.get( trustAllArg.getLongIdentifier(), trustStorePathArg.getLongIdentifier()); errors.add(message); } if (trustAllArg.isPresent() && trustStorePasswordArg.isPresent()) { Message message = ERR_TOOL_CONFLICTING_ARGS.get( trustAllArg.getLongIdentifier(), trustStorePasswordArg.getLongIdentifier()); errors.add(message); } if (trustAllArg.isPresent() && trustStorePasswordFileArg.isPresent()) { Message message = ERR_TOOL_CONFLICTING_ARGS.get( trustAllArg.getLongIdentifier(), trustStorePasswordFileArg.getLongIdentifier()); errors.add(message); } // Couldn't have at the same time trustStorePasswordArg and // trustStorePasswordFileArg if (trustStorePasswordArg.isPresent() && trustStorePasswordFileArg.isPresent()) { Message message = ERR_TOOL_CONFLICTING_ARGS.get( trustStorePasswordArg.getLongIdentifier(), trustStorePasswordFileArg.getLongIdentifier()); errors.add(message); } // Couldn't have at the same time startTLSArg and // useSSLArg if (useStartTLSArg.isPresent() && useSSLArg.isPresent()) { Message message = ERR_TOOL_CONFLICTING_ARGS.get( useStartTLSArg .getLongIdentifier(), useSSLArg.getLongIdentifier()); errors.add(message); } if (errors.size() > 0) { for (Message error : errors) { if (buf.length() > 0) { buf.append(EOL); } buf.append(error); } return CONFLICTING_ARGS.getReturnCode(); } return SUCCESSFUL_NOP.getReturnCode(); return secureArgsList.validateGlobalOptions(buf) ; } /** * Indication if provided global options are validate. @@ -643,14 +397,7 @@ */ public boolean useSSL() { if (useSSLArg.isPresent()) { return true; } else { return false ; } return secureArgsList.useSSL(); } /** @@ -660,14 +407,7 @@ */ public boolean useStartTLS() { if (useStartTLSArg.isPresent()) { return true; } else { return false ; } return secureArgsList.useStartTLS(); } /** @@ -677,83 +417,7 @@ */ public ApplicationTrustManager getTrustManager() { if (trustManager == null) { KeyStore truststore = null ; if (trustAllArg.isPresent()) { // Running a null TrustManager will force createLdapsContext and // createStartTLSContext to use a bindTrustManager. return null ; } else if (trustStorePathArg.isPresent()) { try { FileInputStream fos = new FileInputStream(trustStorePathArg.getValue()); String trustStorePasswordStringValue = null; char[] trustStorePasswordValue = null; if (trustStorePasswordArg.isPresent()) { trustStorePasswordStringValue = trustStorePasswordArg.getValue(); } else if (trustStorePasswordFileArg.isPresent()) { trustStorePasswordStringValue = trustStorePasswordFileArg.getValue(); } if (trustStorePasswordStringValue != null) { trustStorePasswordStringValue = System .getProperty("javax.net.ssl.trustStorePassword"); } if (trustStorePasswordStringValue != null) { trustStorePasswordValue = trustStorePasswordStringValue.toCharArray(); } truststore = KeyStore.getInstance(KeyStore.getDefaultType()); truststore.load(fos, trustStorePasswordValue); fos.close(); } catch (KeyStoreException e) { // Nothing to do: if this occurs we will systematically refuse the // certificates. Maybe we should avoid this and be strict, but we // are in a best effort mode. LOG.log(Level.WARNING, "Error with the truststore", e); } catch (NoSuchAlgorithmException e) { // Nothing to do: if this occurs we will systematically refuse the // certificates. Maybe we should avoid this and be strict, but we // are in a best effort mode. LOG.log(Level.WARNING, "Error with the truststore", e); } catch (CertificateException e) { // Nothing to do: if this occurs we will systematically refuse the // certificates. Maybe we should avoid this and be strict, but we // are in a best effort mode. LOG.log(Level.WARNING, "Error with the truststore", e); } catch (IOException e) { // Nothing to do: if this occurs we will systematically refuse the // certificates. Maybe we should avoid this and be strict, but we // are in a best effort mode. LOG.log(Level.WARNING, "Error with the truststore", e); } } trustManager = new ApplicationTrustManager(truststore); } return trustManager; return secureArgsList.getTrustManager(); } /** @@ -763,85 +427,6 @@ */ public KeyManager getKeyManager() { KeyStore keyStore = null; String keyStorePasswordStringValue = null; char[] keyStorePasswordValue = null; if (keyStorePathArg.isPresent()) { try { FileInputStream fos = new FileInputStream(keyStorePathArg.getValue()); if (keyStorePasswordArg.isPresent()) { keyStorePasswordStringValue = keyStorePasswordArg.getValue(); } else if (keyStorePasswordFileArg.isPresent()) { keyStorePasswordStringValue = keyStorePasswordFileArg.getValue(); } if (keyStorePasswordStringValue != null) { keyStorePasswordValue = keyStorePasswordStringValue.toCharArray(); } keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(fos,keyStorePasswordValue); fos.close(); } catch (KeyStoreException e) { // Nothing to do: if this occurs we will systematically refuse // the // certificates. Maybe we should avoid this and be strict, but // we are in a best effort mode. LOG.log(Level.WARNING, "Error with the keystore", e); } catch (NoSuchAlgorithmException e) { // Nothing to do: if this occurs we will systematically refuse // the // certificates. Maybe we should avoid this and be strict, but // we are // in a best effort mode. LOG.log(Level.WARNING, "Error with the keystore", e); } catch (CertificateException e) { // Nothing to do: if this occurs we will systematically refuse // the // certificates. Maybe we should avoid this and be strict, but // we are // in a best effort mode. LOG.log(Level.WARNING, "Error with the keystore", e); } catch (IOException e) { // Nothing to do: if this occurs we will systematically refuse // the // certificates. Maybe we should avoid this and be strict, but // we are // in a best effort mode. LOG.log(Level.WARNING, "Error with the keystore", e); } char[] password = null; if (keyStorePasswordStringValue != null) { password = keyStorePasswordStringValue.toCharArray(); } ApplicationKeyManager akm = new ApplicationKeyManager(keyStore,password); if (certNicknameArg.isPresent()) { return new SelectableCertificateKeyManager(akm, certNicknameArg .getValue()); } else { return akm; } } else { return null; } return secureArgsList.getKeyManager() ; } }
