mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-cli/src/main/java/com/forgerock/opendj/cli/ConnectionFactoryProvider.java
@@ -47,7 +47,7 @@ import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509TrustManager; import com.forgerock.opendj.util.FipsStaticUtils; import com.forgerock.opendj.util.StaticUtils; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.ldap.ConnectionFactory; @@ -721,7 +721,7 @@ keyStorePIN = keyStorePass.toCharArray(); } boolean isFips = FipsStaticUtils.isFips(); boolean isFips = StaticUtils.isFips(); final String keyStoreType = KeyStore.getDefaultType(); final KeyStore keystore = KeyStore.getInstance(keyStoreType); if (isFips) { @@ -829,7 +829,7 @@ return TrustManagers.trustAll(); } boolean isFips = FipsStaticUtils.isFips(); boolean isFips = StaticUtils.isFips(); X509TrustManager tm = null; if (trustStorePathArg.isPresent() && trustStorePathArg.getValue().length() > 0) { if (isFips) { opendj-config/src/main/java/org/forgerock/opendj/config/dsconfig/DSConfig.java
@@ -28,7 +28,7 @@ import static org.forgerock.opendj.config.PropertyOption.*; import static org.forgerock.opendj.config.dsconfig.ArgumentExceptionFactory.*; import static com.forgerock.opendj.util.FipsStaticUtils.registerBcProvider; import static com.forgerock.opendj.util.StaticUtils.registerBcProvider; import java.io.BufferedReader; import java.io.BufferedWriter; opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java
@@ -13,30 +13,17 @@ */ public static final byte[] EMPTY_BYTES = new byte[0]; public static boolean isFips() { java.security.Provider[] providers = java.security.Security.getProviders(); for (int i = 0; i < providers.length; i++) { if (providers[i].getName().toLowerCase().contains("fips")) return true; } return false; } public static void registerBcProvider() { if (!isFips()) { return; } org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider bouncyCastleProvider = (org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider) java.security.Security.getProvider(org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.PROVIDER_NAME); if (bouncyCastleProvider == null) { FipsStaticUtils.logger.info(INFO_BC_PROVIDER_REGISTER.get()); org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider bouncyCastleProvider = (org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider) java.security.Security.getProvider(org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.PROVIDER_NAME); if (bouncyCastleProvider == null) { logger.info(INFO_BC_PROVIDER_REGISTER.get()); bouncyCastleProvider = new org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider(); java.security.Security.insertProviderAt(bouncyCastleProvider, 1); } else { logger.info(INFO_BC_PROVIDER_REGISTERED_ALREADY.get()); } bouncyCastleProvider = new org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider(); java.security.Security.insertProviderAt(bouncyCastleProvider, 1); } else { FipsStaticUtils.logger.info(INFO_BC_PROVIDER_REGISTERED_ALREADY.get()); } } } opendj-core/src/main/java/com/forgerock/opendj/util/StaticUtils.java
@@ -36,6 +36,9 @@ import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ThreadFactory; import static com.forgerock.opendj.ldap.CoreMessages.INFO_BC_PROVIDER_REGISTER; import static com.forgerock.opendj.ldap.CoreMessages.INFO_BC_PROVIDER_REGISTERED_ALREADY; /** * Common utility methods. */ @@ -775,4 +778,18 @@ } } public static boolean isFips() { java.security.Provider[] providers = java.security.Security.getProviders(); for (int i = 0; i < providers.length; i++) { if (providers[i].getName().toLowerCase().contains("fips")) return true; } return false; } public static void registerBcProvider() { try { FipsStaticUtils.registerBcProvider(); } catch (NoClassDefFoundError e) {} } } opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/GrizzlyLDAPConnection.java
@@ -38,7 +38,7 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import com.forgerock.opendj.util.FipsStaticUtils; import com.forgerock.opendj.util.StaticUtils; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.io.LDAPWriter; @@ -100,7 +100,7 @@ static { try { // We need to use FIPS compatible Trust Manasger in FIPS mode if (!FipsStaticUtils.isFips()) { if (!StaticUtils.isFips()) { DUMMY_SSL_ENGINE_CONFIGURATOR = new SSLEngineConfigurator(new SSLContextBuilder().setTrustManager( TrustManagers.distrustAll()).getSSLContext()); opendj-ldap-toolkit/src/main/java/com/forgerock/opendj/ldap/tools/Utils.java
@@ -26,7 +26,7 @@ import static com.forgerock.opendj.ldap.tools.LDAPToolException.newToolParamException; import static com.forgerock.opendj.ldap.tools.ToolsMessages.*; import static com.forgerock.opendj.util.FipsStaticUtils.registerBcProvider; import static com.forgerock.opendj.util.StaticUtils.registerBcProvider; import java.io.BufferedReader; import java.io.FileInputStream; opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
@@ -22,7 +22,7 @@ import static org.opends.server.util.ServerConstants.*; import static org.opends.server.util.StaticUtils.*; import static com.forgerock.opendj.util.FipsStaticUtils.isFips; import static com.forgerock.opendj.util.StaticUtils.isFips; import java.io.IOException; import java.net.InetAddress; opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/Installer.java
@@ -59,7 +59,6 @@ import javax.naming.ldap.Rdn; import javax.swing.JPanel; import com.forgerock.opendj.util.FipsStaticUtils; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.LocalizableMessageBuilder; import org.forgerock.i18n.LocalizableMessageDescriptor.Arg0; @@ -1417,7 +1416,7 @@ } // Set default trustManager to allow check server startup status if (FipsStaticUtils.isFips()) { if (com.forgerock.opendj.util.StaticUtils.isFips()) { KeyStore truststore = null; try (final FileInputStream fis = new FileInputStream(trustStorePath)) { opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/SetupLauncher.java
@@ -20,7 +20,7 @@ import static org.opends.messages.ToolMessages.*; import static org.opends.server.util.ServerConstants.*; import static com.forgerock.opendj.util.FipsStaticUtils.registerBcProvider; import static com.forgerock.opendj.util.StaticUtils.registerBcProvider; import org.forgerock.i18n.LocalizableMessage; import org.opends.quicksetup.CliApplication; opendj-server-legacy/src/main/java/org/opends/quicksetup/util/ServerController.java
@@ -25,7 +25,7 @@ import javax.net.ssl.TrustManager; import com.forgerock.opendj.util.FipsStaticUtils; import com.forgerock.opendj.util.StaticUtils; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.LocalizableMessageBuilder; import org.forgerock.i18n.slf4j.LocalizedLogger; @@ -460,7 +460,7 @@ } TrustManager trustManager = null; if (FipsStaticUtils.isFips()) { if (StaticUtils.isFips()) { trustManager = application.getTrustManager().getX509TrustManager(); }
@@ -27,7 +27,7 @@ import static org.opends.server.util.ServerConstants.*; import static org.opends.server.util.StaticUtils.*; import static com.forgerock.opendj.util.FipsStaticUtils.registerBcProvider; import static com.forgerock.opendj.util.StaticUtils.registerBcProvider; import java.io.File; import java.io.FileOutputStream; opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
@@ -43,7 +43,7 @@ import static org.opends.server.extensions.FileBasedKeyManagerProvider.getKeyStorePIN; import static org.opends.server.util.StaticUtils.*; import static com.forgerock.opendj.util.FipsStaticUtils.isFips; import static com.forgerock.opendj.util.StaticUtils.isFips; /** * This class defines a trust manager provider that will reference certificates opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java
@@ -43,7 +43,7 @@ import javax.crypto.Cipher; import com.forgerock.opendj.util.FipsStaticUtils; import com.forgerock.opendj.util.StaticUtils; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.LocalizedIllegalArgumentException; import org.forgerock.opendj.adapter.server3x.Converters; @@ -881,7 +881,7 @@ putKeyManagerConfigAttribute(enableStartTLS, DN_LDAP_CONNECTION_HANDLER); putKeyManagerConfigAttribute(ldapsPort, DN_LDAPS_CONNECTION_HANDLER); putKeyManagerConfigAttribute(ldapsPort, DN_HTTP_CONNECTION_HANDLER); if (FipsStaticUtils.isFips()) { if (StaticUtils.isFips()) { putAdminKeyManagerConfigAttribute(ldapsPort, DN_ADMIN_KEY_MANAGER); }
@@ -47,7 +47,7 @@ import com.forgerock.opendj.cli.ConnectionFactoryProvider; import static org.opends.messages.ToolMessages.*; import static com.forgerock.opendj.util.FipsStaticUtils.isFips; import static com.forgerock.opendj.util.StaticUtils.isFips; /** * This class provides SSL connection related utility functions.
