external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -1370,9 +1370,16 @@
			configureKeyAndTrustStore(CertificateManager.KEY_STORE_PATH_PKCS11, CertificateManager.KEY_STORE_TYPE_PKCS11,
			CertificateManager.KEY_STORE_TYPE_JKS, sec);
			configureAdminKeyAndTrustStore(CertificateManager.KEY_STORE_PATH_PKCS11, CertificateManager.KEY_STORE_TYPE_PKCS11,
			CertificateManager.KEY_STORE_TYPE_JKS, sec);
			CertificateManager.KEY_STORE_TYPE_JKS, sec, true);
			break;

			case BCFKS:
			configureKeyAndTrustStore(sec.getKeystorePath(), CertificateManager.KEY_STORE_TYPE_BCFKS,
			CertificateManager.KEY_STORE_TYPE_JKS, sec);
			configureAdminKeyAndTrustStore(sec.getKeystorePath(), CertificateManager.KEY_STORE_TYPE_BCFKS,
			CertificateManager.KEY_STORE_TYPE_BCFKS, sec, true);
			break;

			default:
			throw new IllegalStateException("Unknown certificate type: " + certType);
			}
			@@ -1403,24 +1410,35 @@
			}

			private void configureAdminKeyAndTrustStore(final String keyStorePath, final String keyStoreType,
			final String trustStoreType, final SecurityOptions sec) throws Exception
			final String trustStoreType, final SecurityOptions sec, boolean exportKeys) throws Exception
			{
			final String keystorePassword = sec.getKeystorePassword();
			final String trustStorePath = getPath2("admin-truststore");

			CertificateManager certManager = new CertificateManager(keyStorePath, keyStoreType, keystorePassword);
			for (String keyStoreAlias : sec.getAliasesToUse())
			{
			SetupUtils.exportCertificate(certManager, keyStoreAlias, getTemporaryCertificatePath());
			configureAdminTrustStore(trustStorePath, trustStoreType, keyStoreAlias, keystorePassword);
			if (exportKeys) {
			final String exportTrustStorePath = getExportTrustManagerPath(trustStoreType);
			CertificateManager certManager = new CertificateManager(keyStorePath, keyStoreType, keystorePassword);
			for (String keyStoreAlias : sec.getAliasesToUse())
			{
			SetupUtils.exportCertificate(certManager, keyStoreAlias, getTemporaryCertificatePath());
			configureAdminTrustStore(exportTrustStorePath, trustStoreType, keyStoreAlias, keystorePassword);
			}
			}

			// Set default trustManager to allow check server startup status
			final String trustStorePath = getPath2("truststore");
			if (com.forgerock.opendj.util.StaticUtils.isFips()) {
			String usedTrustStorePath = trustStorePath;
			String usedTrustStoreType = "JKS";
			/*
			if (keyStoreType.equals(CertificateManager.KEY_STORE_TYPE_BCFKS)) {
			usedTrustStorePath = getTrustManagerPath(keyStoreType);
			usedTrustStoreType = keyStoreType;
			}
			*/
			KeyStore truststore = null;
			try (final FileInputStream fis = new FileInputStream(trustStorePath))
			try (final FileInputStream fis = new FileInputStream(usedTrustStorePath))
			{
			truststore = KeyStore.getInstance(trustStoreType);
			truststore = KeyStore.getInstance(usedTrustStoreType);
			truststore.load(fis, keystorePassword.toCharArray());
			}
			catch (KeyStoreException \| NoSuchAlgorithmException \| CertificateException \| IOException e)
			@@ -1496,6 +1514,10 @@
			addCertificateArguments(argList, null, aliasInKeyStore, "cn=PKCS11,cn=Key Manager Providers,cn=config",
			"cn=JKS,cn=Trust Manager Providers,cn=config");
			break;
			case BCFKS:
			addCertificateArguments(argList, sec, aliasInKeyStore, "cn=BCFKS,cn=Key Manager Providers,cn=config",
			"cn=BCFKS,cn=Trust Manager Providers,cn=config");
			break;
			case NO_CERTIFICATE:
			// Nothing to do.
			break;
			@@ -4045,6 +4067,22 @@
			}

			/**
			* Returns the trustmanager path to be used for exported
			* certificate.
			*
			* @return the trustmanager path to be used for exporting
			* certificate.
			*/
			private String getExportTrustManagerPath(String type)
			{
			if (type.equals(CertificateManager.KEY_STORE_TYPE_BCFKS)) {
			return getPath2("truststore.bcfks");
			}

			return getPath2("admin-truststore");
			}

			/**
			* Returns the path of the self-signed that we export to be able to create a
			* truststore.
			*