mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml
@@ -97,7 +97,7 @@ </ldap:attribute> </adm:profile> </adm:property> <adm:property name="trust-manager-provider" mandatory="true"> <adm:property name="trust-manager-provider"> <adm:synopsis> Specifies the name of the trust manager that is used with the @@ -108,7 +108,11 @@ <adm:server-restart /> </adm:requires-admin-action> <adm:default-behavior> <adm:undefined /> <adm:alias> <adm:synopsis> Use the trust manager provided by the JVM. </adm:synopsis> </adm:alias> </adm:default-behavior> <adm:syntax> <adm:aggregation relation-name="trust-manager-provider" opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPConnectionHandlerConfiguration.xml
@@ -41,22 +41,6 @@ </adm:implies> </adm:condition> </adm:constraint> <adm:constraint> <adm:synopsis> A Trust Manager Provider must be specified when this <adm:user-friendly-name /> is enabled and it is configured to use SSL. </adm:synopsis> <adm:condition> <adm:implies> <adm:contains property="enabled" value="true" /> <adm:implies> <adm:contains property="use-ssl" value="true" /> <adm:is-present property="trust-manager-provider" /> </adm:implies> </adm:implies> </adm:condition> </adm:constraint> <adm:profile name="ldap"> <ldap:object-class> <ldap:name>ds-cfg-http-connection-handler</ldap:name> @@ -142,7 +126,11 @@ </adm:none> </adm:requires-admin-action> <adm:default-behavior> <adm:undefined /> <adm:alias> <adm:synopsis> Use the trust manager provided by the JVM. </adm:synopsis> </adm:alias> </adm:default-behavior> <adm:syntax> <adm:aggregation relation-name="trust-manager-provider" opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPConnectionHandlerConfiguration.xml
@@ -13,7 +13,7 @@ information: "Portions Copyright [year] [name of copyright owner]". Copyright 2007-2009 Sun Microsystems, Inc. Portions copyright 2011-2013 ForgeRock AS. Portions copyright 2011-2016 ForgeRock AS. ! --> <adm:managed-object name="ldap-connection-handler" plural-name="ldap-connection-handlers" @@ -50,25 +50,6 @@ </adm:constraint> <adm:constraint> <adm:synopsis> A Trust Manager Provider must be specified when this <adm:user-friendly-name /> is enabled and it is configured to use SSL or StartTLS. </adm:synopsis> <adm:condition> <adm:implies> <adm:contains property="enabled" value="true" /> <adm:implies> <adm:or> <adm:contains property="use-ssl" value="true" /> <adm:contains property="allow-start-tls" value="true" /> </adm:or> <adm:is-present property="trust-manager-provider" /> </adm:implies> </adm:implies> </adm:condition> </adm:constraint> <adm:constraint> <adm:synopsis> A <adm:user-friendly-name /> cannot be configured to support SSL and StartTLS at the same time. @@ -176,7 +157,11 @@ </adm:none> </adm:requires-admin-action> <adm:default-behavior> <adm:undefined /> <adm:alias> <adm:synopsis> Use the trust manager provided by the JVM. </adm:synopsis> </adm:alias> </adm:default-behavior> <adm:syntax> <adm:aggregation relation-name="trust-manager-provider" opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
@@ -44,6 +44,7 @@ import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; @@ -70,7 +71,6 @@ import org.opends.server.api.DirectoryThread; import org.opends.server.api.KeyManagerProvider; import org.opends.server.api.ServerShutdownListener; import org.opends.server.api.TrustManagerProvider; import org.opends.server.api.plugin.PluginResult; import org.opends.server.core.DirectoryServer; import org.opends.server.core.PluginConfigManager; @@ -78,7 +78,6 @@ import org.opends.server.core.ServerContext; import org.opends.server.core.WorkQueueStrategy; import org.opends.server.extensions.NullKeyManagerProvider; import org.opends.server.extensions.NullTrustManagerProvider; import org.opends.server.monitors.ClientConnectionMonitorProvider; import org.opends.server.protocols.ldap.LDAPStatistics; import org.opends.server.types.DirectoryException; @@ -897,7 +896,8 @@ private SSLContext createSSLContext(LDAPConnectionHandlerCfg config) throws DirectoryException { try { DN keyMgrDN = config.getKeyManagerProviderDN(); KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN); final ServerContext serverContext = DirectoryServer.getInstance().getServerContext(); KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN); if (keyManagerProvider == null) { logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName); disableAndWarnIfUseSSL(config); @@ -928,14 +928,11 @@ friendlyName); } DN trustMgrDN = config.getTrustManagerProviderDN(); TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN); if (trustManagerProvider == null) { trustManagerProvider = new NullTrustManagerProvider(); } final DN trustMgrDN = config.getTrustManagerProviderDN(); final TrustManager[] trustManagers = trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers(); SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME); sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null); sslContext.init(keyManagers, trustManagers, null); return sslContext; } catch (Exception e) { logger.traceException(e); opendj-server-legacy/src/main/java/org/opends/server/extensions/NullTrustManagerProvider.java
File was deleted opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java
@@ -41,6 +41,7 @@ import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import org.forgerock.http.ApiProducer; import org.forgerock.http.DescribedHttpApplication; @@ -82,11 +83,9 @@ import org.opends.server.api.ConnectionHandler; import org.opends.server.api.KeyManagerProvider; import org.opends.server.api.ServerShutdownListener; import org.opends.server.api.TrustManagerProvider; import org.opends.server.core.DirectoryServer; import org.opends.server.core.ServerContext; import org.opends.server.extensions.NullKeyManagerProvider; import org.opends.server.extensions.NullTrustManagerProvider; import org.opends.server.loggers.HTTPAccessLogger; import org.opends.server.monitors.ClientConnectionMonitorProvider; import org.opends.server.protocols.internal.InternalClientConnection; @@ -848,9 +847,9 @@ { return null; } DN keyMgrDN = config.getKeyManagerProviderDN(); KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN); final ServerContext serverContext = DirectoryServer.getInstance().getServerContext(); final DN keyMgrDN = config.getKeyManagerProviderDN(); KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN); if (keyManagerProvider == null) { logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName); @@ -891,14 +890,10 @@ } DN trustMgrDN = config.getTrustManagerProviderDN(); TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN); if (trustManagerProvider == null) { trustManagerProvider = new NullTrustManagerProvider(); } SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME); sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null); final TrustManager[] trustManagers = trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers(); final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME); sslContext.init(keyManagers, trustManagers, null); return sslContext; }
@@ -33,6 +33,7 @@ import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; @@ -52,7 +53,6 @@ import org.opends.server.core.ServerContext; import org.opends.server.core.WorkQueueStrategy; import org.opends.server.extensions.NullKeyManagerProvider; import org.opends.server.extensions.NullTrustManagerProvider; import org.opends.server.extensions.TLSByteChannel; import org.opends.server.monitors.ClientConnectionMonitorProvider; import org.opends.server.types.*; @@ -1290,9 +1290,9 @@ { try { DN keyMgrDN = config.getKeyManagerProviderDN(); KeyManagerProvider<?> keyManagerProvider = DirectoryServer .getKeyManagerProvider(keyMgrDN); final ServerContext serverContext = DirectoryServer.getInstance().getServerContext(); final DN keyMgrDN = config.getKeyManagerProviderDN(); KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN); if (keyManagerProvider == null) { logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName); @@ -1332,16 +1332,10 @@ } DN trustMgrDN = config.getTrustManagerProviderDN(); TrustManagerProvider<?> trustManagerProvider = DirectoryServer .getTrustManagerProvider(trustMgrDN); if (trustManagerProvider == null) { trustManagerProvider = new NullTrustManagerProvider(); } SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME); sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null); final TrustManager[] trustManagers = trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers(); final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME); sslContext.init(keyManagers, trustManagers, null); return sslContext; } catch (Exception e) opendj-server-legacy/src/test/java/org/opends/server/extensions/NullTrustManagerProviderTestCase.java
File was deleted
