Check if BC FIPS provider exists before loading it

Yuriy Movchan

29.57.2022 a9bbf17ba3b41d3940efaeb98caf4da2ef344f23

 opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java

@@ -188,6 +188,7 @@
      + "ds-cfg-trust-store-type: JCEKS" + NEW_LINE
      + "ds-cfg-trust-store-file: config/truststore" + NEW_LINE;

  private static final String DN_ADMIN_TRUST_MANAGER = "cn=Administration,cn=Trust Manager Providers," + DN_CONFIG_ROOT;
  private static final String DN_ADMIN_KEY_MANAGER = "cn=Administration,cn=Key Manager Providers," + DN_CONFIG_ROOT;

  /** The DN of the configuration entry defining the LDAP connection handler. */
@@ -881,9 +882,6 @@
      putKeyManagerConfigAttribute(enableStartTLS, DN_LDAP_CONNECTION_HANDLER);
      putKeyManagerConfigAttribute(ldapsPort, DN_LDAPS_CONNECTION_HANDLER);
      putKeyManagerConfigAttribute(ldapsPort, DN_HTTP_CONNECTION_HANDLER);
      if (StaticUtils.isFips()) {
          putAdminKeyManagerConfigAttribute(ldapsPort, DN_ADMIN_KEY_MANAGER);
      }

      if (keyManagerPath.isPresent())
      {
@@ -900,6 +898,10 @@
          throw new ConfigureDSException(e, LocalizableMessage.raw(e.toString()));
        }
      }

      if (StaticUtils.isFips()) {
          putAdminKeyManagerConfigAttribute(keyManagerProviderDN, DN_ADMIN_KEY_MANAGER);
      }
    }
  }

@@ -923,31 +925,52 @@
    }
  }

  private void putAdminKeyManagerConfigAttribute(final Argument arg, final String attributeDN)
  private void putAdminKeyManagerConfigAttribute(final Argument keyManagerProviderDN, final String attributeDN)
      throws ConfigureDSException
  {
    if (arg.isPresent())
    if (keyManagerProviderDN.isPresent())
    {
      try
      {
        updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_TYPE);
        updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_FILE);
      boolean isBcfks = keyManagerProviderDN.getValue().toLowerCase().startsWith("cn=bcfks");
      if (isBcfks) {
           updateConfigEntryWithAttribute(
                   attributeDN,
                   ATTR_KEYSTORE_TYPE,
                   CoreSchema.getDirectoryStringSyntax(),
                   "BCFKS");

        updateConfigEntryWithObjectClasses(
                attributeDN,
                "top", "ds-cfg-pkcs11-key-manager-provider", "ds-cfg-key-manager-provider");
           updateConfigEntryWithAttribute(
                 attributeDN,
                     ATTR_KEYSTORE_FILE,
                     CoreSchema.getDirectoryStringSyntax(),
                     keyManagerPath.getValue());

        updateConfigEntryWithAttribute(
            attributeDN,
            ATTR_KEYMANAGER_CLASS,
            CoreSchema.getDirectoryStringSyntax(),
            "org.opends.server.extensions.PKCS11KeyManagerProvider");

        updateConfigEntryWithAttribute(
                attributeDN,
                ATTR_KEYSTORE_PIN_FILE,
                CoreSchema.getDirectoryStringSyntax(),
                "config/keystore.pin");
           updateConfigEntryWithAttribute(
                   attributeDN,
                   ATTR_KEYSTORE_PIN_FILE,
                   CoreSchema.getDirectoryStringSyntax(),
                   "config/keystore.pin");
      } else {
           updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_TYPE);
           updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_FILE);
	
           updateConfigEntryWithObjectClasses(
                   attributeDN,
                   "top", "ds-cfg-pkcs11-key-manager-provider", "ds-cfg-key-manager-provider");
	
           updateConfigEntryWithAttribute(
               attributeDN,
               ATTR_KEYMANAGER_CLASS,
               CoreSchema.getDirectoryStringSyntax(),
               "org.opends.server.extensions.PKCS11KeyManagerProvider");
	
           updateConfigEntryWithAttribute(
                   attributeDN,
                   ATTR_KEYSTORE_PIN_FILE,
                   CoreSchema.getDirectoryStringSyntax(),
                   "config/keystore.pin");
      }
      }
      catch (final Exception e)
      {
@@ -996,6 +1019,10 @@
      removeSSLCertNicknameAttribute(DN_HTTP_CONNECTION_HANDLER);
      removeSSLCertNicknameAttribute(DN_JMX_CONNECTION_HANDLER);
    }

    if (StaticUtils.isFips()) {
        putAdminTrustManagerConfigAttribute(trustManagerProviderDN, DN_ADMIN_TRUST_MANAGER);
    }
  }

  private void putTrustManagerAttribute(final Argument arg, final String attributeDN) throws ConfigureDSException
@@ -1017,6 +1044,41 @@
    }
  }

  private void putAdminTrustManagerConfigAttribute(final Argument trustManagerProviderDN, final String attributeDN)
      throws ConfigureDSException
  {
    if (keyManagerProviderDN.isPresent())
    {
      try
      {
      boolean isBcfks = keyManagerProviderDN.getValue().toLowerCase().startsWith("cn=bcfks");
      if (isBcfks) {
           updateConfigEntryWithAttribute(
                   attributeDN,
                   ATTR_TRUSTSTORE_TYPE,
                   CoreSchema.getDirectoryStringSyntax(),
                   "BCFKS");

           updateConfigEntryWithAttribute(
                 attributeDN,
                     ATTR_TRUSTSTORE_FILE,
                     CoreSchema.getDirectoryStringSyntax(),
                     keyManagerPath.getValue());

           updateConfigEntryWithAttribute(
                   attributeDN,
                   ATTR_TRUSTSTORE_PIN_FILE,
                   CoreSchema.getDirectoryStringSyntax(),
                   "config/keystore.pin");
      }
      }
      catch (final Exception e)
      {
        throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(e));
      }
    }
  }

  private void updateCertNicknameEntry(final Argument arg, final String attributeDN,
      final String attrName, final List<String> attrValues) throws ConfigureDSException
  {