mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-sdk/opendj3-server-dev/src/ads/org/opends/admin/ads/util/ConnectionUtils.java
@@ -64,8 +64,6 @@ */ public class ConnectionUtils { private static final int DEFAULT_LDAP_CONNECT_TIMEOUT = 30000; private static final String STARTTLS_PROPERTY = "org.opends.connectionutils.isstarttls"; @@ -742,24 +740,14 @@ } /** * Returns the default LDAP timeout in milliseconds when we try to connect to * a server. * @return the default LDAP timeout in milliseconds when we try to connect to * a server. */ public static int getDefaultLDAPTimeout() { return DEFAULT_LDAP_CONNECT_TIMEOUT; } /** * Returns the String that can be used to represent a given host name in a * LDAP URL. * This method must be used when we have IPv6 addresses (the address in the * LDAP URL must be enclosed with brackets). * @param host the host name. * @return the String that can be used to represent a given host name in a * LDAP URL. * LDAP URL. This method must be used when we have IPv6 addresses (the address * in the LDAP URL must be enclosed with brackets). * * @param host * The host name. * @return The String that can be used to represent a given host name in a * LDAP URL. */ public static String getHostNameForLdapUrl(String host) { @@ -770,7 +758,7 @@ host = host.trim(); if (!host.startsWith("[")) { host = "["+host; host = "[" + host; } if (!host.endsWith("]")) { opendj-sdk/opendj3-server-dev/src/guitools/org/opends/guitools/controlpanel/ControlPanelArgumentParser.java
@@ -31,7 +31,6 @@ import java.util.LinkedHashSet; import org.opends.admin.ads.util.ConnectionUtils; import org.forgerock.i18n.LocalizableMessage; import org.opends.quicksetup.Constants; import org.opends.quicksetup.UserData; @@ -153,9 +152,7 @@ remoteArg = CommonArguments.getRemote(); addArgument(remoteArg); connectTimeoutArg = CommonArguments.getConnectTimeOut(ConnectionUtils .getDefaultLDAPTimeout()); connectTimeoutArg = CommonArguments.getConnectTimeOut(); connectTimeoutArg.setHidden(false); addArgument(connectTimeoutArg);
@@ -42,6 +42,8 @@ import org.opends.server.types.LDAPURL; import org.forgerock.opendj.ldap.SearchScope; import com.forgerock.opendj.cli.CliConstants; /** * An LDAPConnectionPool is a pool of LDAPConnection. * <BR><BR> @@ -79,7 +81,7 @@ private Control[] requestControls = new Control[] {}; private ApplicationTrustManager trustManager; private int connectTimeout = ConnectionUtils.getDefaultLDAPTimeout(); private int connectTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; /** * Returns <CODE>true</CODE> if the connection passed is registered in the opendj-sdk/opendj3-server-dev/src/guitools/org/opends/guitools/controlpanel/datamodel/ControlPanelInfo.java
@@ -65,6 +65,8 @@ import org.opends.server.tools.ConfigureWindowsService; import org.opends.server.util.StaticUtils; import com.forgerock.opendj.cli.CliConstants; /** * This is the classes that is shared among all the different places in the * Control Panel. It contains information about the server status and @@ -86,7 +88,7 @@ private boolean stopPooling; private boolean pooling; private ApplicationTrustManager trustManager; private int connectTimeout = ConnectionUtils.getDefaultLDAPTimeout(); private int connectTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; private ConnectionProtocolPolicy connectionPolicy = ConnectionProtocolPolicy.USE_MOST_SECURE_AVAILABLE; private String ldapURL; opendj-sdk/opendj3-server-dev/src/quicksetup/org/opends/quicksetup/UserData.java
@@ -33,13 +33,14 @@ import org.opends.admin.ads.ServerDescriptor; import org.opends.admin.ads.SuffixDescriptor; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.quicksetup.installer.AuthenticationData; import org.opends.quicksetup.installer.DataReplicationOptions; import org.opends.quicksetup.installer.NewSuffixOptions; import org.opends.quicksetup.installer.SuffixesToReplicateOptions; import org.opends.quicksetup.util.Utils; import com.forgerock.opendj.cli.CliConstants; /** * This class is used to provide a data model for the different parameters * that the user can provide in the installation wizard. @@ -95,7 +96,7 @@ private static String defaultHostName; private int connectTimeout = ConnectionUtils.getDefaultLDAPTimeout(); private int connectTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; /** * The script name to be used to get and set the java arguments for the opendj-sdk/opendj3-server-dev/src/quicksetup/org/opends/quicksetup/util/ServerController.java
@@ -40,8 +40,11 @@ import org.opends.server.util.SetupUtils; import org.opends.server.util.StaticUtils; import com.forgerock.opendj.cli.CliConstants; import javax.naming.NamingException; import javax.naming.ldap.InitialLdapContext; import java.util.ArrayList; import java.util.Map; import java.io.BufferedReader; @@ -468,7 +471,7 @@ String ldapUrl = "ldaps://"+hostName+":" + port; try { int timeout = ConnectionUtils.getDefaultLDAPTimeout(); int timeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; if (application != null) { if (application.getUserData() != null) opendj-sdk/opendj3-server-dev/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
@@ -48,7 +48,6 @@ import org.forgerock.i18n.LocalizableMessageBuilder; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.admin.ads.util.ApplicationTrustManager; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.server.admin.AdministrationConnector; import org.opends.server.admin.server.ServerManagementContext; import org.opends.server.admin.std.server.AdministrationConnectorCfg; @@ -341,9 +340,7 @@ certNicknameArg = CommonArguments.getCertNickName(); argList.add(certNicknameArg); connectTimeoutArg = CommonArguments.getConnectTimeOut(ConnectionUtils .getDefaultLDAPTimeout()); connectTimeoutArg = CommonArguments.getConnectTimeOut(); connectTimeoutArg.setHidden(false); argList.add(connectTimeoutArg);
@@ -37,7 +37,6 @@ import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.quicksetup.Constants; import org.opends.quicksetup.Installation; import org.opends.quicksetup.UserData; @@ -374,9 +373,7 @@ INFO_INSTALLDS_DESCRIPTION_CERT_NICKNAME.get()); addDefaultArgument(certNicknameArg); connectTimeoutArg = CommonArguments.getConnectTimeOut(ConnectionUtils .getDefaultLDAPTimeout()); connectTimeoutArg = CommonArguments.getConnectTimeOut(); addArgument(connectTimeoutArg); acceptLicense = CommonArguments.getAcceptLicense(); opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/LDAPCompare.java
@@ -41,7 +41,6 @@ import org.forgerock.i18n.LocalizableMessage; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DecodeException; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.server.controls.LDAPAssertionRequestControl; import org.opends.server.protocols.ldap.CompareRequestProtocolOp; import org.opends.server.protocols.ldap.CompareResponseProtocolOp; @@ -57,6 +56,7 @@ import com.forgerock.opendj.cli.ArgumentException; import com.forgerock.opendj.cli.ArgumentParser; import com.forgerock.opendj.cli.BooleanArgument; import com.forgerock.opendj.cli.CliConstants; import com.forgerock.opendj.cli.ClientException; import com.forgerock.opendj.cli.CommonArguments; import com.forgerock.opendj.cli.FileBasedArgument; @@ -608,7 +608,7 @@ version.setPropertyName(OPTION_LONG_PROTOCOL_VERSION); argParser.addArgument(version); int defaultTimeout = ConnectionUtils.getDefaultLDAPTimeout(); int defaultTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; connectTimeout = new IntegerArgument(OPTION_LONG_CONNECT_TIMEOUT, null, OPTION_LONG_CONNECT_TIMEOUT, false, false, true, INFO_TIMEOUT_PLACEHOLDER.get(), opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/LDAPDelete.java
@@ -41,7 +41,6 @@ import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DecodeException; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.server.controls.SubtreeDeleteControl; import org.opends.server.protocols.ldap.DeleteRequestProtocolOp; import org.opends.server.protocols.ldap.DeleteResponseProtocolOp; @@ -55,6 +54,7 @@ import com.forgerock.opendj.cli.ArgumentException; import com.forgerock.opendj.cli.ArgumentParser; import com.forgerock.opendj.cli.BooleanArgument; import com.forgerock.opendj.cli.CliConstants; import com.forgerock.opendj.cli.CommonArguments; import com.forgerock.opendj.cli.FileBasedArgument; import com.forgerock.opendj.cli.IntegerArgument; @@ -513,7 +513,7 @@ version.setPropertyName(OPTION_LONG_PROTOCOL_VERSION); argParser.addArgument(version); int defaultTimeout = ConnectionUtils.getDefaultLDAPTimeout(); int defaultTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; connectTimeout = new IntegerArgument(OPTION_LONG_CONNECT_TIMEOUT, null, OPTION_LONG_CONNECT_TIMEOUT, false, false, true, INFO_TIMEOUT_PLACEHOLDER.get(), opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/LDAPModify.java
@@ -41,7 +41,6 @@ import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DecodeException; import org.forgerock.opendj.ldap.ResultCode; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.server.controls.*; import org.opends.server.plugins.ChangeNumberControlPlugin; import org.opends.server.protocols.ldap.AddRequestProtocolOp; @@ -71,6 +70,7 @@ import com.forgerock.opendj.cli.ArgumentException; import com.forgerock.opendj.cli.ArgumentParser; import com.forgerock.opendj.cli.BooleanArgument; import com.forgerock.opendj.cli.CliConstants; import com.forgerock.opendj.cli.CommonArguments; import com.forgerock.opendj.cli.FileBasedArgument; import com.forgerock.opendj.cli.IntegerArgument; @@ -838,7 +838,7 @@ version.setPropertyName(OPTION_LONG_PROTOCOL_VERSION); argParser.addArgument(version); int defaultTimeout = ConnectionUtils.getDefaultLDAPTimeout(); int defaultTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; connectTimeout = new IntegerArgument(OPTION_LONG_CONNECT_TIMEOUT, null, OPTION_LONG_CONNECT_TIMEOUT, false, false, true, INFO_TIMEOUT_PLACEHOLDER.get(), opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/LDAPPasswordModify.java
@@ -32,7 +32,6 @@ import java.util.List; import java.util.concurrent.atomic.AtomicInteger; import org.opends.admin.ads.util.ConnectionUtils; import org.forgerock.i18n.LocalizableMessage; import org.opends.server.controls.PasswordPolicyErrorType; import org.opends.server.controls.PasswordPolicyResponseControl; @@ -52,6 +51,7 @@ import com.forgerock.opendj.cli.ArgumentException; import com.forgerock.opendj.cli.ArgumentParser; import com.forgerock.opendj.cli.BooleanArgument; import com.forgerock.opendj.cli.CliConstants; import com.forgerock.opendj.cli.CommonArguments; import com.forgerock.opendj.cli.ConsoleApplication; import com.forgerock.opendj.cli.FileBasedArgument; @@ -388,7 +388,7 @@ controlStr.setPropertyName("control"); argParser.addArgument(controlStr); int defaultTimeout = ConnectionUtils.getDefaultLDAPTimeout(); int defaultTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; connectTimeout = new IntegerArgument(OPTION_LONG_CONNECT_TIMEOUT, null, OPTION_LONG_CONNECT_TIMEOUT, false, false, true, INFO_TIMEOUT_PLACEHOLDER.get(), opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/LDAPSearch.java
@@ -38,7 +38,6 @@ import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DecodeException; import org.opends.admin.ads.util.ConnectionUtils; import org.opends.server.controls.*; import org.opends.server.protocols.ldap.*; import org.opends.server.types.*; @@ -48,6 +47,7 @@ import com.forgerock.opendj.cli.ArgumentException; import com.forgerock.opendj.cli.ArgumentParser; import com.forgerock.opendj.cli.BooleanArgument; import com.forgerock.opendj.cli.CliConstants; import com.forgerock.opendj.cli.CommonArguments; import com.forgerock.opendj.cli.FileBasedArgument; import com.forgerock.opendj.cli.IntegerArgument; @@ -986,7 +986,7 @@ version.setPropertyName(OPTION_LONG_PROTOCOL_VERSION); argParser.addArgument(version); int defaultTimeout = ConnectionUtils.getDefaultLDAPTimeout(); int defaultTimeout = CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT; connectTimeout = new IntegerArgument(OPTION_LONG_CONNECT_TIMEOUT, null, OPTION_LONG_CONNECT_TIMEOUT, false, false, true, INFO_TIMEOUT_PLACEHOLDER.get(), opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/dsconfig/LDAPManagementContextFactory.java
@@ -156,100 +156,75 @@ { // Interact with the user though the console to get // LDAP connection information String hostName = ConnectionUtils.getHostNameForLdapUrl(ci.getHostName()); Integer portNumber = ci.getPortNumber(); String bindDN = ci.getBindDN(); String bindPassword = ci.getBindPassword(); final String hostName = ConnectionUtils.getHostNameForLdapUrl(ci.getHostName()); final Integer portNumber = ci.getPortNumber(); final String bindDN = ci.getBindDN(); final String bindPassword = ci.getBindPassword(); TrustManager trustManager = ci.getTrustManager(); KeyManager keyManager = ci.getKeyManager(); final KeyManager keyManager = ci.getKeyManager(); // Do we have a secure connection ? final LDAPOptions options = new LDAPOptions(); options.setConnectTimeout(ci.getConnectTimeout(), TimeUnit.MILLISECONDS); LDAPConnectionFactory factory = null; Connection connection; if (ci.useSSL()) Connection connection = null; while (true) { while (true) { try { final SSLContextBuilder sslBuilder = new SSLContextBuilder(); sslBuilder.setTrustManager((trustManager == null ? TrustManagers .trustAll() : trustManager)); sslBuilder.setKeyManager(keyManager); options.setUseStartTLS(ci.useStartTLS()); options.setSSLContext(sslBuilder.getSSLContext()); factory = new LDAPConnectionFactory(hostName, portNumber, options); connection = factory.getConnection(); connection.bind(bindDN, bindPassword.toCharArray()); break; } catch (ErrorResultException e) { final Throwable cause = e.getCause(); if (app.isInteractive() && ci.isTrustStoreInMemory() && cause != null && cause instanceof SSLException && cause.getCause() instanceof CertificateException) { String authType = null; if (trustManager instanceof ApplicationTrustManager) { // FIXME use PromptingTrustManager ApplicationTrustManager appTrustManager = (ApplicationTrustManager) trustManager; authType = appTrustManager.getLastRefusedAuthType(); X509Certificate[] cert = appTrustManager.getLastRefusedChain(); if (ci.checkServerCertificate(cert, authType, hostName)) { // If the certificate is trusted, update the trust manager. trustManager = ci.getTrustManager(); // Try to connect again. continue; } } } if (cause instanceof SSLException) { throw new ClientException(ReturnCode.CLIENT_SIDE_CONNECT_ERROR, ERR_FAILED_TO_CONNECT_NOT_TRUSTED.get(hostName, portNumber)); } throw couldNotConnect(cause, hostName, portNumber, bindDN); } catch (GeneralSecurityException e) { throw new ClientException(ReturnCode.CLIENT_SIDE_CONNECT_ERROR, ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(hostName, portNumber)); } } } else { // FIXME The dsconfig is always using secure connection. This code can be // removed in this case but statusCli and uninstall are also using it. Cleanup needed. // Create the management context. try { final SSLContextBuilder sslBuilder = new SSLContextBuilder(); sslBuilder.setTrustManager((trustManager == null ? TrustManagers .trustAll() : trustManager)); sslBuilder.setKeyManager(keyManager); options.setUseStartTLS(ci.useStartTLS()); options.setSSLContext(sslBuilder.getSSLContext()); factory = new LDAPConnectionFactory(hostName, portNumber, options); connection = factory.getConnection(); connection.bind(bindDN, bindPassword.toCharArray()); break; } catch (ErrorResultException e) { throw couldNotConnect(e.getCause(), hostName, portNumber, bindDN); } finally { if (factory != null) final Throwable cause = e.getCause(); if (app.isInteractive() && ci.isTrustStoreInMemory() && cause != null && cause instanceof SSLException && cause.getCause() instanceof CertificateException) { factory.close(); String authType = null; if (trustManager instanceof ApplicationTrustManager) { // FIXME use PromptingTrustManager ApplicationTrustManager appTrustManager = (ApplicationTrustManager) trustManager; authType = appTrustManager.getLastRefusedAuthType(); X509Certificate[] cert = appTrustManager.getLastRefusedChain(); if (ci.checkServerCertificate(cert, authType, hostName)) { // If the certificate is trusted, update the trust manager. trustManager = ci.getTrustManager(); // Try to connect again. continue; } } } if (cause instanceof SSLException) { throw new ClientException(ReturnCode.CLIENT_SIDE_CONNECT_ERROR, ERR_FAILED_TO_CONNECT_NOT_TRUSTED.get(hostName, portNumber)); } throw couldNotConnect(cause, hostName, portNumber, bindDN); } catch (GeneralSecurityException e) { throw new ClientException(ReturnCode.CLIENT_SIDE_CONNECT_ERROR, ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(hostName, portNumber)); } finally { closeSilently(factory); } } context = LDAPManagementContext.newManagementContext(connection, LDAPProfile.getInstance()); LDAPManagementContext.newManagementContext(connection, LDAPProfile .getInstance()); } return context; } opendj-sdk/opendj3-server-dev/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
@@ -91,6 +91,7 @@ import com.forgerock.opendj.cli.Argument; import com.forgerock.opendj.cli.BooleanArgument; import com.forgerock.opendj.cli.CliConstants; import com.forgerock.opendj.cli.StringArgument; import com.forgerock.opendj.cli.ArgumentException; import com.forgerock.opendj.cli.ClientException; @@ -1342,7 +1343,7 @@ { ctx = ConnectionUtils.createStartTLSContext(ldapUrl, bindDN, bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null, bindPassword, CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT, null, trustManager, keyManager, null); ctx.reconnect(null); break; @@ -1400,7 +1401,7 @@ { ctx = ConnectionUtils.createLdapContext(ldapUrl, bindDN, bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null); CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT, null); ctx.reconnect(null); break; } opendj-sdk/opendj3-server-dev/src/server/org/opends/server/util/BuildVersion.java
@@ -30,6 +30,7 @@ import static org.opends.messages.ToolMessages.ERR_BUILDVERSION_MALFORMED; import static org.opends.messages.ToolMessages.ERR_BUILDVERSION_MISMATCH; import static org.opends.server.config.ConfigConstants.CONFIG_DIR_NAME; import static org.forgerock.util.Utils.closeSilently; import java.io.BufferedReader; import java.io.File; @@ -107,17 +108,7 @@ } finally { if (reader != null) { try { reader.close(); } catch (final Exception e) { // Ignore. } } closeSilently(reader); } } @@ -187,9 +178,7 @@ this.rev = rev; } /** * {@inheritDoc} */ /** {@inheritDoc} */ public int compareTo(final BuildVersion version) { if (major == version.major) @@ -224,9 +213,7 @@ return 1; } /** * {@inheritDoc} */ /** {@inheritDoc} */ public boolean equals(final Object obj) { if (this == obj) @@ -236,8 +223,8 @@ else if (obj instanceof BuildVersion) { final BuildVersion other = (BuildVersion) obj; return (major == other.major) && (minor == other.minor) && (point == other.point) && (rev == other.rev); return major == other.major && minor == other.minor && point == other.point && rev == other.rev; } else { @@ -285,18 +272,14 @@ return rev; } /** * {@inheritDoc} */ /** {@inheritDoc} */ public int hashCode() { return Arrays.hashCode(new int[] { major, minor, point, (int) (rev >>> 32), (int) (rev & 0xFFFFL) }); } /** * {@inheritDoc} */ /** {@inheritDoc} */ public String toString() { final StringBuilder builder = new StringBuilder(); opendj-sdk/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/crypto/CryptoManagerTestCase.java
@@ -62,6 +62,8 @@ import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import com.forgerock.opendj.cli.CliConstants; import static org.testng.Assert.*; /** @@ -96,7 +98,7 @@ "ldaps://" + "127.0.0.1" + ":" + String.valueOf(TestCaseUtils.getServerAdminPort()), "cn=Directory Manager", "password", ConnectionUtils.getDefaultLDAPTimeout(), null, null, null); CliConstants.DEFAULT_LDAP_CONNECT_TIMEOUT, null, null, null); // TODO: should the below dn be in ConfigConstants? final String dnStr = "ds-cfg-key-id=ads-certificate,cn=ads-truststore"; final LdapName dn = new LdapName(dnStr);
