Fix for OPENDJ-3445 (#96)

pvarga88

12.20.2020 2b5790588e1de6415985a05167cdb15512cce290

Fix for OPENDJ-3445 (#96)

 opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java

@@ -3543,8 +3543,14 @@
        case EXTENDED:
         ExtendedOperationBasis extOp = (ExtendedOperationBasis) operation;
         String   requestOID = extOp.getRequestOID();
         if (!OID_START_TLS_REQUEST.equals(requestOID))
         if (!OID_START_TLS_REQUEST.equals(requestOID) 
             && !OID_GET_SYMMETRIC_KEY_EXTENDED_OP.equals(requestOID))
         {
           // Clients must be allowed to enable TLS before authenticating.

           // Authentication is not required for the get symmetric key request as it depends on out of band trust
           // negotiation. See OPENDJ-3445.

           message = directoryServer.lockdownMode
               ? NOTE_REJECT_OPERATION_IN_LOCKDOWN_MODE.get()
               : ERR_REJECT_UNAUTHENTICATED_OPERATION.get();

 opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java

@@ -98,6 +98,7 @@
import org.opends.server.tools.LDAPConnectionOptions;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.LDAPWriter;
import org.opends.server.tools.SSLConnectionFactory;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeBuilder;
import org.opends.server.types.Attributes;
@@ -924,19 +925,23 @@
        for (SearchResultEntry resultEntry : resultEntries)
        {
          String hostname = resultEntry.parseAttribute("hostname").asString();
          Integer ldapPort = resultEntry.parseAttribute("ldapport").asInteger();
          Integer adminPort = resultEntry.parseAttribute("adminport").asInteger();

          // Connect to the server.
          AtomicInteger nextMessageID = new AtomicInteger(1);
          SSLConnectionFactory sslCF = new SSLConnectionFactory();
          sslCF.init(true, null, null, null, null, null);
          LDAPConnectionOptions connectionOptions =
               new LDAPConnectionOptions();
          connectionOptions.setUseSSL(true);
          connectionOptions.setSSLConnectionFactory(sslCF);
          PrintStream nullPrintStream =
               new PrintStream(new OutputStream() {
                 @Override
                 public void write ( int b ) { }
               });
          LDAPConnection connection =
               new LDAPConnection(hostname, ldapPort,
               new LDAPConnection(hostname, adminPort,
                                  connectionOptions,
                                  nullPrintStream,
                                  nullPrintStream);