external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -63,10 +63,11 @@
			import static org.opends.messages.UtilityMessages.*;

			/**
			* Supports interacting with a user through the command line to
			* prompt for information necessary to create an LDAP connection.
			* Supports interacting with a user through the command line to prompt for
			* information necessary to create an LDAP connection.
			*/
			public class LDAPConnectionConsoleInteraction {
			public class LDAPConnectionConsoleInteraction
			{

			private boolean useSSL;
			private boolean useStartTLS;
			@@ -123,7 +124,8 @@
			/** The timeout to be used to connect. */
			private int connectTimeout;

			private LocalizableMessage heading = INFO_LDAP_CONN_HEADING_CONNECTION_PARAMETERS.get();
			private LocalizableMessage heading =
			INFO_LDAP_CONN_HEADING_CONNECTION_PARAMETERS.get();

			/** A copy of the secureArgList for convenience. */
			private SecureConnectionCliArgs copySecureArgsList;
			@@ -131,15 +133,14 @@
			/** The command builder that we can return with the connection information. */
			private CommandBuilder commandBuilder;


			/**
			* Enumeration description protocols for interactive CLI choices.
			*/
			private enum Protocols
			{
			LDAP(1, INFO_LDAP_CONN_PROMPT_SECURITY_LDAP.get()), SSL(2,
			INFO_LDAP_CONN_PROMPT_SECURITY_USE_SSL.get()), START_TLS(3,
			INFO_LDAP_CONN_PROMPT_SECURITY_USE_START_TLS.get());
			LDAP(1, INFO_LDAP_CONN_PROMPT_SECURITY_LDAP.get()),
			SSL(2, INFO_LDAP_CONN_PROMPT_SECURITY_USE_SSL.get()),
			START_TLS(3, INFO_LDAP_CONN_PROMPT_SECURITY_USE_START_TLS.get());

			private Integer choice;

			@@ -238,8 +239,8 @@
			UNTRUSTED(1, INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_NO.get()),
			SESSION(2,INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_SESSION.get()),
			PERMAMENT(3,INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION_ALWAYS.get()),
			CERTIFICATE_DETAILS(4,
			INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_DETAILS.get());
			CERTIFICATE_DETAILS(4, INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_DETAILS
			.get());

			private Integer choice;

			@@ -279,16 +280,19 @@
			return msg;
			}
			}

			/**
			* Constructs a parameterized instance.
			*
			* @param app console application
			* @param secureArgs existing set of arguments that have already
			* been parsed and contain some potential command line specified
			* LDAP arguments
			* @param app
			* console application
			* @param secureArgs
			* existing set of arguments that have already been parsed and
			* contain some potential command line specified LDAP arguments
			*/
			public LDAPConnectionConsoleInteraction(ConsoleApplication app,
			SecureConnectionCliArgs secureArgs) {
			SecureConnectionCliArgs secureArgs)
			{
			this.app = app;
			this.secureArgsList = secureArgs;
			this.commandBuilder = new CommandBuilder(null, null);
			@@ -309,26 +313,27 @@
			}

			/**
			* Interact with the user though the console to get information
			* necessary to establish an LDAP connection.
			* Interact with the user though the console to get information necessary to
			* establish an LDAP connection.
			*
			* @throws ArgumentException if there is a problem with the arguments
			* @throws ArgumentException
			* if there is a problem with the arguments
			*/
			public void run()
			throws ArgumentException
			public void run() throws ArgumentException
			{
			run(true, true);
			}


			/**
			* Interact with the user though the console to get information
			* necessary to establish an LDAP connection.
			* @param canUseSSL whether we can propose to connect using SSL or not.
			* @param canUseStartTLS whether we can propose to connect using Start TLS or
			* not.
			* Interact with the user though the console to get information necessary to
			* establish an LDAP connection.
			*
			* @throws ArgumentException if there is a problem with the arguments
			* @param canUseSSL
			* whether we can propose to connect using SSL or not.
			* @param canUseStartTLS
			* whether we can propose to connect using Start TLS or not.
			* @throws ArgumentException
			* if there is a problem with the arguments
			*/
			public void run(boolean canUseSSL, boolean canUseStartTLS)
			throws ArgumentException
			@@ -336,26 +341,17 @@
			// Reset everything
			commandBuilder.clearArguments();
			copySecureArgsList.createGlobalArguments();
			boolean secureConnection = (canUseSSL \|\| canUseStartTLS) &&
			(
			secureArgsList.useSSLArg.isPresent()
			\|\|
			secureArgsList.useStartTLSArg.isPresent()
			\|\|
			secureArgsList.trustAllArg.isPresent()
			\|\|
			secureArgsList.trustStorePathArg.isPresent()
			\|\|
			secureArgsList.trustStorePasswordArg.isPresent()
			\|\|
			secureArgsList.trustStorePasswordFileArg.isPresent()
			\|\|
			secureArgsList.keyStorePathArg.isPresent()
			\|\|
			secureArgsList.keyStorePasswordArg.isPresent()
			\|\|
			secureArgsList.keyStorePasswordFileArg.isPresent()
			);
			boolean secureConnection =
			(canUseSSL \|\| canUseStartTLS)
			&& (secureArgsList.useSSLArg.isPresent()
			\|\| secureArgsList.useStartTLSArg.isPresent()
			\|\| secureArgsList.trustAllArg.isPresent()
			\|\| secureArgsList.trustStorePathArg.isPresent()
			\|\| secureArgsList.trustStorePasswordArg.isPresent()
			\|\| secureArgsList.trustStorePasswordFileArg.isPresent()
			\|\| secureArgsList.keyStorePathArg.isPresent()
			\|\| secureArgsList.keyStorePasswordArg.isPresent() \|\| secureArgsList.keyStorePasswordFileArg
			.isPresent());
			// Get the LDAP host.
			hostName = secureArgsList.hostNameArg.getValue();
			final String tmpHostName = hostName;
			@@ -398,7 +394,8 @@
			try
			{
			app.println();
			hostName = app.readValidatedInput(INFO_LDAP_CONN_PROMPT_HOST_NAME
			hostName =
			app.readValidatedInput(INFO_LDAP_CONN_PROMPT_HOST_NAME
			.get(hostName), callback);
			}
			catch (ClientException e)
			@@ -418,8 +415,8 @@
			secureArgsList.alwaysSSL()
			\|\| secureArgsList.useSSLArg.isPresent()
			\|\| secureArgsList.useStartTLSArg.isPresent()
			\|\| (secureArgsList.useSSLArg.isValueSetByProperty()
			&& secureArgsList.useStartTLSArg.isValueSetByProperty());
			\|\| (secureArgsList.useSSLArg.isValueSetByProperty() && secureArgsList.useStartTLSArg
			.isValueSetByProperty());
			if (app.isInteractive() && !connectionTypeIsSet)
			{
			checkHeadingDisplayed();
			@@ -438,8 +435,8 @@
			}
			for (Protocols p : Protocols.values())
			{
			if (secureConnection && p.equals(Protocols.LDAP) &&
			!displayLdapIfSecureParameters)
			if (secureConnection && p.equals(Protocols.LDAP)
			&& !displayLdapIfSecureParameters)
			{
			continue ;
			}
			@@ -451,13 +448,14 @@
			{
			continue;
			}
			int i = builder.addNumberedOption(p.getMenuMessage(), MenuResult
			.success(p.getChoice()));
			int i =
			builder.addNumberedOption(p.getMenuMessage(), MenuResult.success(p
			.getChoice()));
			if (p.equals(defaultProtocol))
			{
			builder.setDefault(
			INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE
			.get(i), MenuResult.success(p.getChoice()));
			INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE.get(i),
			MenuResult.success(p.getChoice()));
			}
			}

			@@ -558,9 +556,12 @@
			{
			app.println();
			LocalizableMessage askPortNumber = null;
			if (secureArgsList.alwaysSSL()) {
			if (secureArgsList.alwaysSSL())
			{
			askPortNumber = INFO_ADMIN_CONN_PROMPT_PORT_NUMBER.get(portNumber);
			} else {
			}
			else
			{
			askPortNumber = INFO_LDAP_CONN_PROMPT_PORT_NUMBER.get(portNumber);
			}
			portNumber = app.readValidatedInput(askPortNumber, callback);
			@@ -593,8 +594,7 @@
			{
			providedAdminUID = null;
			}
			if ((!useAdmin \|\| useAdminOrBindDn) &&
			secureArgsList.bindDnArg.isPresent())
			if ((!useAdmin \|\| useAdminOrBindDn) && secureArgsList.bindDnArg.isPresent())
			{
			providedBindDN = bindDN;
			}
			@@ -644,9 +644,10 @@
			if (useAdminOrBindDn)
			{
			String def = (adminUID != null ? adminUID : bindDN);
			String v = app.readValidatedInput(
			INFO_LDAP_CONN_GLOBAL_ADMINISTRATOR_OR_BINDDN_PROMPT.get(def),
			callback);
			String v =
			app.readValidatedInput(
			INFO_LDAP_CONN_GLOBAL_ADMINISTRATOR_OR_BINDDN_PROMPT
			.get(def), callback);
			if (Utils.isDn(v))
			{
			bindDN = v;
			@@ -664,22 +665,22 @@
			}
			else if (useAdmin)
			{
			adminUID = app.readValidatedInput(
			INFO_LDAP_CONN_PROMPT_ADMINISTRATOR_UID.get(adminUID),
			callback);
			adminUID =
			app.readValidatedInput(INFO_LDAP_CONN_PROMPT_ADMINISTRATOR_UID
			.get(adminUID), callback);
			providedAdminUID = adminUID;
			}
			else
			{
			bindDN = app.readValidatedInput(INFO_LDAP_CONN_PROMPT_BIND_DN
			bindDN =
			app.readValidatedInput(INFO_LDAP_CONN_PROMPT_BIND_DN
			.get(bindDN), callback);
			providedBindDN = bindDN;
			}
			}
			catch (ClientException e)
			{
			throw ArgumentExceptionFactory
			.unableToReadConnectionParameters(e);
			throw ArgumentExceptionFactory.unableToReadConnectionParameters(e);
			}
			}
			if (useAdminOrBindDn)
			@@ -787,16 +788,15 @@
			}
			catch (Exception e)
			{
			throw ArgumentExceptionFactory
			.unableToReadConnectionParameters(e);
			throw ArgumentExceptionFactory.unableToReadConnectionParameters(e);
			}
			}
			copySecureArgsList.bindPasswordArg.clearValues();
			copySecureArgsList.bindPasswordArg.addValue(bindPassword);
			if (!addedPasswordFileArgument)
			{
			commandBuilder.addObfuscatedArgument(
			copySecureArgsList.bindPasswordArg);
			commandBuilder
			.addObfuscatedArgument(copySecureArgsList.bindPasswordArg);
			}
			}
			connectTimeout = secureArgsList.connectTimeoutArg.getIntValue();
			@@ -816,7 +816,8 @@
			* Get the trust manager.
			*
			* @return The trust manager based on CLI args on interactive prompt.
			* @throws ArgumentException If an error occurs when getting args values.
			* @throws ArgumentException
			* If an error occurs when getting args values.
			*/
			private ApplicationTrustManager getTrustManagerInternal()
			throws ArgumentException
			@@ -838,13 +839,9 @@
			// Check if some trust manager info are set
			boolean weDontKnowTheTrustMethod =
			!( secureArgsList.trustAllArg.isPresent()
			\|\|
			secureArgsList.trustStorePathArg.isPresent()
			\|\|
			secureArgsList.trustStorePasswordArg.isPresent()
			\|\|
			secureArgsList.trustStorePasswordFileArg.isPresent()
			);
			\|\| secureArgsList.trustStorePathArg.isPresent()
			\|\| secureArgsList.trustStorePasswordArg.isPresent() \|\| secureArgsList.trustStorePasswordFileArg
			.isPresent());
			boolean askForTrustStore = false;

			trustAll = secureArgsList.trustAllArg.isPresent();
			@@ -867,8 +864,9 @@
			TrustMethod defaultTrustMethod = TrustMethod.DISPLAY_CERTIFICATE;
			for (TrustMethod t : TrustMethod.values())
			{
			int i = builder.addNumberedOption(t.getMenuMessage(), MenuResult
			.success(t.getChoice()));
			int i =
			builder.addNumberedOption(t.getMenuMessage(), MenuResult.success(t
			.getChoice()));
			if (t.equals(defaultTrustMethod))
			{
			builder.setDefault(
			@@ -946,8 +944,7 @@
			if (ninput.length() == 0)
			{
			app.println();
			app.println(ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH
			.get());
			app.println(ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
			app.println();
			return null;
			}
			@@ -959,8 +956,7 @@
			else
			{
			app.println();
			app.println(ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH
			.get());
			app.println(ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
			app.println();
			return null;
			}
			@@ -970,7 +966,8 @@
			try
			{
			app.println();
			truststorePath = app.readValidatedInput(
			truststorePath =
			app.readValidatedInput(
			INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PATH.get(), callback);
			}
			catch (ClientException e)
			@@ -1012,7 +1009,8 @@
			try
			{
			app.println();
			LocalizableMessage prompt = INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PASSWORD
			LocalizableMessage prompt =
			INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PASSWORD
			.get(truststorePath);
			truststorePassword = readPassword(prompt);
			}
			@@ -1049,10 +1047,11 @@
			&& truststorePath != null)
			{
			copySecureArgsList.trustStorePasswordFileArg.clearValues();
			copySecureArgsList.trustStorePasswordFileArg.getNameToValueMap().putAll(
			copySecureArgsList.trustStorePasswordFileArg.getNameToValueMap()
			.putAll(
			secureArgsList.trustStorePasswordFileArg.getNameToValueMap());
			commandBuilder.addArgument(
			copySecureArgsList.trustStorePasswordFileArg);
			commandBuilder
			.addArgument(copySecureArgsList.trustStorePasswordFileArg);
			}
			else if (truststorePassword != null && truststorePath != null)
			{
			@@ -1060,8 +1059,8 @@
			// specified a trust store path.
			copySecureArgsList.trustStorePasswordArg.clearValues();
			copySecureArgsList.trustStorePasswordArg.addValue(truststorePassword);
			commandBuilder.addObfuscatedArgument(
			copySecureArgsList.trustStorePasswordArg);
			commandBuilder
			.addObfuscatedArgument(copySecureArgsList.trustStorePasswordArg);
			}

			return new ApplicationTrustManager(truststore);
			@@ -1076,10 +1075,10 @@
			* Get the key manager.
			*
			* @return The key manager based on CLI args on interactive prompt.
			* @throws ArgumentException If an error occurs when getting args values.
			* @throws ArgumentException
			* If an error occurs when getting args values.
			*/
			private KeyManager getKeyManagerInternal()
			throws ArgumentException
			private KeyManager getKeyManagerInternal() throws ArgumentException
			{
			// Remove these arguments since this method might be called several times.
			commandBuilder.removeArgument(copySecureArgsList.certNicknameArg);
			@@ -1091,11 +1090,10 @@
			// If one of the client side authentication args is set, we assume
			// that we
			// need client side authentication.
			boolean weDontKnowIfWeNeedKeystore = !(secureArgsList.keyStorePathArg
			.isPresent()
			boolean weDontKnowIfWeNeedKeystore =
			!(secureArgsList.keyStorePathArg.isPresent()
			\|\| secureArgsList.keyStorePasswordArg.isPresent()
			\|\| secureArgsList.keyStorePasswordFileArg.isPresent()
			\|\| secureArgsList.certNicknameArg
			\|\| secureArgsList.keyStorePasswordFileArg.isPresent() \|\| secureArgsList.certNicknameArg
			.isPresent());

			// We don't have specific key manager parameter.
			@@ -1133,8 +1131,7 @@
			else
			{
			app.println();
			app.println(ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH
			.get());
			app.println(ERR_LDAP_CONN_PROMPT_SECURITY_INVALID_FILE_PATH.get());
			app.println();
			return null;
			}
			@@ -1144,8 +1141,9 @@
			try
			{
			app.println();
			keystorePath = app.readValidatedInput(
			INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PATH.get(), callback);
			keystorePath =
			app.readValidatedInput(INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PATH
			.get(), callback);
			}
			catch (ClientException e)
			{
			@@ -1186,8 +1184,7 @@
			// Read the password from the stdin.
			if (!app.isInteractive())
			{
			throw ArgumentExceptionFactory
			.unableToReadBindPasswordInteractively();
			throw ArgumentExceptionFactory.unableToReadBindPasswordInteractively();
			}

			checkHeadingDisplayed();
			@@ -1195,8 +1192,8 @@
			try
			{
			app.println();
			LocalizableMessage prompt = INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PASSWORD
			.get(keystorePath);
			LocalizableMessage prompt =
			INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PASSWORD.get(keystorePath);
			keystorePassword = readPassword(prompt);
			}
			catch (Exception e)
			@@ -1238,10 +1235,11 @@
			String alias = aliasesEnum.nextElement();
			if (keystore.isKeyEntry(alias))
			{
			X509Certificate certif = (X509Certificate) keystore
			.getCertificate(alias);
			X509Certificate certif =
			(X509Certificate) keystore.getCertificate(alias);
			certificateNumber++;
			builder.addNumberedOption(
			builder
			.addNumberedOption(
			INFO_LDAP_CONN_PROMPT_SECURITY_CERTIFICATE_ALIAS.get(alias,
			certif.getSubjectDN().getName()), MenuResult
			.success(alias));
			@@ -1279,24 +1277,22 @@
			}

			// We'we got all the information to get the keys manager
			ApplicationKeyManager akm = new ApplicationKeyManager(keystore,
			keystorePassword.toCharArray());

			ApplicationKeyManager akm =
			new ApplicationKeyManager(keystore, keystorePassword.toCharArray());

			if (secureArgsList.keyStorePasswordFileArg.isPresent())
			{
			copySecureArgsList.keyStorePasswordFileArg.clearValues();
			copySecureArgsList.keyStorePasswordFileArg.getNameToValueMap().putAll(
			secureArgsList.keyStorePasswordFileArg.getNameToValueMap());
			commandBuilder.addArgument(
			copySecureArgsList.keyStorePasswordFileArg);
			commandBuilder.addArgument(copySecureArgsList.keyStorePasswordFileArg);
			}
			else if (keystorePassword != null)
			{
			copySecureArgsList.keyStorePasswordArg.clearValues();
			copySecureArgsList.keyStorePasswordArg.addValue(keystorePassword);
			commandBuilder.addObfuscatedArgument(
			copySecureArgsList.keyStorePasswordArg);
			commandBuilder
			.addObfuscatedArgument(copySecureArgsList.keyStorePasswordArg);
			}

			if (certifNickname != null)
			@@ -1313,62 +1309,69 @@
			}

			/**
			* Indicates whether or not a connection should use SSL based on
			* this interaction.
			* Indicates whether or not a connection should use SSL based on this
			* interaction.
			*
			* @return boolean where true means use SSL
			*/
			public boolean useSSL() {
			public boolean useSSL()
			{
			return useSSL;
			}

			/**
			* Indicates whether or not a connection should use StartTLS based on
			* this interaction.
			* Indicates whether or not a connection should use StartTLS based on this
			* interaction.
			*
			* @return boolean where true means use StartTLS
			*/
			public boolean useStartTLS() {
			public boolean useStartTLS()
			{
			return useStartTLS;
			}

			/**
			* Gets the host name that should be used for connections based on
			* this interaction.
			* Gets the host name that should be used for connections based on this
			* interaction.
			*
			* @return host name for connections
			*/
			public String getHostName() {
			public String getHostName()
			{
			return hostName;
			}

			/**
			* Gets the port number name that should be used for connections based on
			* this interaction.
			* Gets the port number name that should be used for connections based on this
			* interaction.
			*
			* @return port number for connections
			*/
			public int getPortNumber() {
			public int getPortNumber()
			{
			return portNumber;
			}

			/**
			* Sets the port number name that should be used for connections based on
			* this interaction.
			* Sets the port number name that should be used for connections based on this
			* interaction.
			*
			* @param portNumber port number for connections
			* @param portNumber
			* port number for connections
			*/
			public void setPortNumber(int portNumber) {
			public void setPortNumber(int portNumber)
			{
			this.portNumber = portNumber;
			}

			/**
			* Gets the bind DN name that should be used for connections based on
			* this interaction.
			* Gets the bind DN name that should be used for connections based on this
			* interaction.
			*
			* @return bind DN for connections
			*/
			public String getBindDN() {
			public String getBindDN()
			{
			String dn;
			if (useAdminOrBindDn)
			{
			@@ -1410,47 +1413,52 @@
			*
			* @return administrator UID for connections
			*/
			public String getAdministratorUID() {
			public String getAdministratorUID()
			{
			return this.adminUID;
			}

			/**
			* Gets the bind password that should be used for connections based on
			* this interaction.
			* Gets the bind password that should be used for connections based on this
			* interaction.
			*
			* @return bind password for connections
			*/
			public String getBindPassword() {
			public String getBindPassword()
			{
			return this.bindPassword;
			}

			/**
			* Gets the trust manager that should be used for connections based on
			* this interaction.
			* Gets the trust manager that should be used for connections based on this
			* interaction.
			*
			* @return trust manager for connections
			*/
			public ApplicationTrustManager getTrustManager() {
			public ApplicationTrustManager getTrustManager()
			{
			return this.trustManager;
			}

			/**
			* Gets the key store that should be used for connections based on
			* this interaction.
			* Gets the key store that should be used for connections based on this
			* interaction.
			*
			* @return key store for connections
			*/
			public KeyStore getKeyStore() {
			public KeyStore getKeyStore()
			{
			return this.truststore;
			}

			/**
			* Gets the key manager that should be used for connections based on
			* this interaction.
			* Gets the key manager that should be used for connections based on this
			* interaction.
			*
			* @return key manager for connections
			*/
			public KeyManager getKeyManager() {
			public KeyManager getKeyManager()
			{
			return this.keyManager;
			}

			@@ -1459,7 +1467,8 @@
			*
			* @return true if the trust store is in memory.
			*/
			public boolean isTrustStoreInMemory() {
			public boolean isTrustStoreInMemory()
			{
			return this.trustStoreInMemory;
			}

			@@ -1468,12 +1477,14 @@
			*
			* @return true all certificates must be accepted.
			*/
			public boolean isTrustAll() {
			public boolean isTrustAll()
			{
			return this.trustAll;
			}

			/**
			* Returns the timeout to be used to connect with the server.
			*
			* @return the timeout to be used to connect with the server.
			*/
			public int getConnectTimeout()
			@@ -1484,7 +1495,8 @@
			/**
			* Indicate if the certificate chain can be trusted.
			*
			* @param chain The certificate chain to validate
			* @param chain
			* The certificate chain to validate
			* @return true if the server certificate is trusted.
			*/
			public boolean checkServerCertificate(X509Certificate[] chain)
			@@ -1495,10 +1507,12 @@
			/**
			* Indicate if the certificate chain can be trusted.
			*
			* @param chain The certificate chain to validate
			* @param authType the authentication type.
			* @param host the host we tried to connect and that presented the
			* certificate.
			* @param chain
			* The certificate chain to validate
			* @param authType
			* the authentication type.
			* @param host
			* the host we tried to connect and that presented the certificate.
			* @return true if the server certificate is trusted.
			*/
			public boolean checkServerCertificate(X509Certificate[] chain,
			@@ -1522,17 +1536,16 @@
			for (int i = 0; i < chain.length; i++)
			{
			// Certificate DN
			app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_USER_DN.get(
			chain[i].getSubjectDN()));
			app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_USER_DN
			.get(chain[i].getSubjectDN()));

			// certificate validity
			app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_VALIDITY.get(
			chain[i].getNotBefore(),
			chain[i].getNotAfter()));
			chain[i].getNotBefore(), chain[i].getNotAfter()));

			// certificate Issuer
			app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_ISSUER.get(
			chain[i].getIssuerDN()));
			app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_ISSUER
			.get(chain[i].getIssuerDN()));

			if (i+1 <chain.length)
			{
			@@ -1546,13 +1559,14 @@
			TrustOption defaultTrustMethod = TrustOption.SESSION ;
			for (TrustOption t : TrustOption.values())
			{
			int i = builder.addNumberedOption(t.getMenuMessage(), MenuResult
			.success(t.getChoice()));
			int i =
			builder.addNumberedOption(t.getMenuMessage(), MenuResult.success(t
			.getChoice()));
			if (t.equals(defaultTrustMethod))
			{
			builder.setDefault(
			INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE
			.get(Integer.valueOf(i)), MenuResult.success(t.getChoice()));
			INFO_LDAP_CONN_PROMPT_SECURITY_PROTOCOL_DEFAULT_CHOICE.get(Integer
			.valueOf(i)), MenuResult.success(t.getChoice()));
			}
			}

			@@ -1572,7 +1586,8 @@
			return false;
			}

			if (result.getValue().equals(TrustOption.CERTIFICATE_DETAILS.getChoice()))
			if (result.getValue().equals(
			TrustOption.CERTIFICATE_DETAILS.getChoice()))
			{
			for (X509Certificate cert : chain)
			{
			@@ -1650,7 +1665,8 @@
			try
			{
			app.println();
			truststorePath = app.readValidatedInput(
			truststorePath =
			app.readValidatedInput(
			INFO_LDAP_CONN_PROMPT_SECURITY_TRUSTSTORE_PATH.get(),
			callback);
			}
			@@ -1664,7 +1680,8 @@
			try
			{
			app.println();
			LocalizableMessage prompt = INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PASSWORD
			LocalizableMessage prompt =
			INFO_LDAP_CONN_PROMPT_SECURITY_KEYSTORE_PASSWORD
			.get(truststorePath);
			truststorePassword = readPassword(prompt);
			}
			@@ -1727,29 +1744,32 @@
			/**
			* Populates a set of LDAP options with state from this interaction.
			*
			* @param options existing set of options; may be null in which case this
			* method will create a new set of <code>LDAPConnectionOptions</code>
			* to be returned
			* @param options
			* existing set of options; may be null in which case this method
			* will create a new set of <code>LDAPConnectionOptions</code> to be
			* returned
			* @return used during this interaction
			* @throws SSLConnectionException if this interaction has specified the use
			* of SSL and there is a problem initializing the SSL connection
			* factory
			* @throws SSLConnectionException
			* if this interaction has specified the use of SSL and there is a
			* problem initializing the SSL connection factory
			*/
			public LDAPConnectionOptions populateLDAPOptions(
			LDAPConnectionOptions options)
			public LDAPConnectionOptions populateLDAPOptions(LDAPConnectionOptions options)
			throws SSLConnectionException
			{
			if (options == null) {
			if (options == null)
			{
			options = new LDAPConnectionOptions();
			}
			if (this.useSSL) {
			if (this.useSSL)
			{
			options.setUseSSL(true);
			SSLConnectionFactory sslConnectionFactory = new SSLConnectionFactory();
			sslConnectionFactory.init(getTrustManager() == null, keystorePath,
			keystorePassword, certifNickname,
			truststorePath, truststorePassword);
			keystorePassword, certifNickname, truststorePath, truststorePassword);
			options.setSSLConnectionFactory(sslConnectionFactory);
			} else {
			}
			else
			{
			options.setUseSSL(false);
			}
			options.setStartTLS(this.useStartTLS);
			@@ -1758,14 +1778,19 @@

			/**
			* Prompts the user to accept the certificate.
			* @param t the throwable that was generated because the certificate was
			* not trusted.
			* @param usedTrustManager the trustManager used when trying to establish the
			* connection.
			* @param usedUrl the LDAP URL used to connect to the server.
			* @param displayErrorMessage whether to display an error message before
			* asking to accept the certificate or not.
			* @param logger the Logger used to log messages.
			*
			* @param t
			* the throwable that was generated because the certificate was not
			* trusted.
			* @param usedTrustManager
			* the trustManager used when trying to establish the connection.
			* @param usedUrl
			* the LDAP URL used to connect to the server.
			* @param displayErrorMessage
			* whether to display an error message before asking to accept the
			* certificate or not.
			* @param logger
			* the Logger used to log messages.
			* @return <CODE>true</CODE> if the user accepted the certificate and
			* <CODE>false</CODE> otherwise.
			*/
			@@ -1784,21 +1809,22 @@
			}
			if (logger != null)
			{
			logger.debug(LocalizableMessage.raw("Certificate exception cause: "+cause));
			logger.debug(LocalizableMessage.raw("Certificate exception cause: "
			+ cause));
			}
			UserDataCertificateException.Type excType = null;
			if (cause == ApplicationTrustManager.Cause.NOT_TRUSTED)
			{
			excType = UserDataCertificateException.Type.NOT_TRUSTED;
			}
			else if (cause ==
			ApplicationTrustManager.Cause.HOST_NAME_MISMATCH)
			else if (cause == ApplicationTrustManager.Cause.HOST_NAME_MISMATCH)
			{
			excType = UserDataCertificateException.Type.HOST_NAME_MISMATCH;
			}
			else
			{
			app.println(Utils.getThrowableMsg(INFO_ERROR_CONNECTING_TO_LOCAL.get(), t));
			app.println(Utils
			.getThrowableMsg(INFO_ERROR_CONNECTING_TO_LOCAL.get(), t));
			}

			if (excType != null)
			@@ -1815,31 +1841,31 @@
			{
			if (logger != null)
			{
			logger.warn(LocalizableMessage.raw("Error parsing ldap url of ldap url.", t1));
			logger.warn(LocalizableMessage.raw(
			"Error parsing ldap url of ldap url.", t1));
			}
			h = INFO_NOT_AVAILABLE_LABEL.get().toString();
			p = -1;
			}



			UserDataCertificateException udce =
			new UserDataCertificateException(Step.REPLICATION_OPTIONS,
			INFO_CERTIFICATE_EXCEPTION.get(h, p), t, h, p,
			usedTrustManager.getLastRefusedChain(),
			usedTrustManager.getLastRefusedAuthType(), excType);
			INFO_CERTIFICATE_EXCEPTION.get(h, p), t, h, p, usedTrustManager
			.getLastRefusedChain(), usedTrustManager
			.getLastRefusedAuthType(), excType);

			LocalizableMessage msg;
			if (udce.getType() == UserDataCertificateException.Type.NOT_TRUSTED)
			{
			msg = INFO_CERTIFICATE_NOT_TRUSTED_TEXT_CLI.get(udce.getHost(), udce.getPort());
			msg =
			INFO_CERTIFICATE_NOT_TRUSTED_TEXT_CLI.get(udce.getHost(), udce
			.getPort());
			}
			else
			{
			msg = INFO_CERTIFICATE_NAME_MISMATCH_TEXT_CLI.get(
			udce.getHost(), udce.getPort(),
			udce.getHost(),
			udce.getHost(), udce.getPort());
			msg =
			INFO_CERTIFICATE_NAME_MISMATCH_TEXT_CLI.get(udce.getHost(), udce
			.getPort(), udce.getHost(), udce.getHost(), udce.getPort());
			}
			if (displayErrorMessage)
			{
			@@ -1852,18 +1878,19 @@
			{
			if (chain == null)
			{
			logger.warn(LocalizableMessage.raw(
			"The chain is null for the UserDataCertificateException"));
			logger.warn(LocalizableMessage
			.raw("The chain is null for the UserDataCertificateException"));
			}
			if (authType == null)
			{
			logger.warn(LocalizableMessage.raw(
			"The auth type is null for the UserDataCertificateException"));
			logger
			.warn(LocalizableMessage
			.raw("The auth type is null for the UserDataCertificateException"));
			}
			if (host == null)
			{
			logger.warn(LocalizableMessage.raw(
			"The host is null for the UserDataCertificateException"));
			logger.warn(LocalizableMessage
			.raw("The host is null for the UserDataCertificateException"));
			}
			}
			if (chain != null)
			@@ -1876,7 +1903,9 @@

			/**
			* Sets the heading that is displayed in interactive mode.
			* @param heading the heading that is displayed in interactive mode.
			*
			* @param heading
			* the heading that is displayed in interactive mode.
			*/
			public void setHeadingMessage(LocalizableMessage heading)
			{
			@@ -1886,6 +1915,7 @@
			/**
			* Returns the command builder with the equivalent arguments on the
			* non-interactive mode.
			*
			* @return the command builder with the equivalent arguments on the
			* non-interactive mode.
			*/
			@@ -1896,7 +1926,6 @@

			/**
			* Displays the heading if it was not displayed before.
			*
			*/
			private void checkHeadingDisplayed()
			{
			@@ -1912,6 +1941,7 @@
			/**
			* Tells whether during interaction we can ask for both the DN or the admin
			* UID.
			*
			* @return <CODE>true</CODE> if during interaction we can ask for both the DN
			* and the admin UID and <CODE>false</CODE> otherwise.
			*/
			@@ -1923,8 +1953,10 @@
			/**
			* Tells whether we can ask during interaction for both the DN and the admin
			* UID or not.
			* @param useAdminOrBindDn whether we can ask for both the DN and the admin UID
			* during interaction or not.
			*
			* @param useAdminOrBindDn
			* whether we can ask for both the DN and the admin UID during
			* interaction or not.
			*/
			public void setUseAdminOrBindDn(boolean useAdminOrBindDn)
			{
			@@ -1932,11 +1964,13 @@
			}

			/**
			* Tells whether we propose LDAP as protocol even if the user provided security
			* parameters. This is required in command-lines that access multiple servers
			* (like dsreplication).
			* @param displayLdapIfSecureParameters whether propose LDAP as protocol even
			* if the user provided security parameters or not.
			* Tells whether we propose LDAP as protocol even if the user provided
			* security parameters. This is required in command-lines that access multiple
			* servers (like dsreplication).
			*
			* @param displayLdapIfSecureParameters
			* whether propose LDAP as protocol even if the user provided
			* security parameters or not.
			*/
			public void setDisplayLdapIfSecureParameters(
			boolean displayLdapIfSecureParameters)
			@@ -1945,8 +1979,8 @@
			}

			/**
			* Resets the heading displayed flag, so that next time we call run the heading
			* is displayed.
			* Resets the heading displayed flag, so that next time we call run the
			* heading is displayed.
			*/
			public void resetHeadingDisplayed()
			{
			@@ -1954,8 +1988,8 @@
			}

			/**
			* Resets the trust manager, so that next time we call the run() method
			* the trust manager takes into account the local trust store.
			* Resets the trust manager, so that next time we call the run() method the
			* trust manager takes into account the local trust store.
			*/
			public void resetTrustManager()
			{
			@@ -1965,8 +1999,9 @@
			/**
			* Forces the initialization of the trust manager with the arguments provided
			* by the user.
			* @throws ArgumentException if there is an error with the arguments provided
			* by the user.
			*
			* @throws ArgumentException
			* if there is an error with the arguments provided by the user.
			*/
			public void initializeTrustManagerIfRequired() throws ArgumentException
			{
			@@ -1980,16 +2015,23 @@
			* Initializes the global arguments in the parser with the provided values.
			* This is useful when we want to call LDAPConnectionConsoleInteraction.run()
			* with some default values.
			* @param hostName the host name.
			* @param port the port to connect to the server.
			* @param adminUid the administrator UID.
			* @param bindDn the bind DN to bind to the server.
			* @param bindPwd the password to bind.
			* @param pwdFile the Map containing the file and the password to bind.
			*
			* @param hostName
			* the host name.
			* @param port
			* the port to connect to the server.
			* @param adminUid
			* the administrator UID.
			* @param bindDn
			* the bind DN to bind to the server.
			* @param bindPwd
			* the password to bind.
			* @param pwdFile
			* the Map containing the file and the password to bind.
			*/
			public void initializeGlobalArguments(String hostName, int port,
			String adminUid, String bindDn,
			String bindPwd, LinkedHashMap<String, String> pwdFile)
			String adminUid, String bindDn, String bindPwd,
			LinkedHashMap<String, String> pwdFile)
			{
			resetConnectionArguments();
			if (hostName != null)
			@@ -2038,11 +2080,10 @@
			}

			/**
			* Resets the connection parameters for the LDAPConsoleInteraction object.
			* The reset does not apply to the certificate parameters. This is called
			* in order the LDAPConnectionConsoleInteraction object to ask for all this
			* connection parameters next time we call
			* LDAPConnectionConsoleInteraction.run().
			* Resets the connection parameters for the LDAPConsoleInteraction object. The
			* reset does not apply to the certificate parameters. This is called in order
			* the LDAPConnectionConsoleInteraction object to ask for all this connection
			* parameters next time we call LDAPConnectionConsoleInteraction.run().
			*/
			public void resetConnectionArguments()
			{
			@@ -2073,11 +2114,13 @@

			trustManagerInitialized = true;
			}

			/**
			* Returns the explicitly provided Admin UID from the user (interactively
			* or through the argument).
			* @return the explicitly provided Admin UID from the user (interactively
			* or through the argument).
			* Returns the explicitly provided Admin UID from the user (interactively or
			* through the argument).
			*
			* @return the explicitly provided Admin UID from the user (interactively or
			* through the argument).
			*/
			public String getProvidedAdminUID()
			{
			@@ -2085,10 +2128,11 @@
			}

			/**
			* Returns the explicitly provided bind DN from the user (interactively
			* or through the argument).
			* @return the explicitly provided bind DN from the user (interactively
			* or through the argument).
			* Returns the explicitly provided bind DN from the user (interactively or
			* through the argument).
			*
			* @return the explicitly provided bind DN from the user (interactively or
			* through the argument).
			*/
			public String getProvidedBindDN()
			{
			@@ -2102,14 +2146,17 @@
			*/
			private boolean addLocalTrustStore()
			{
			try {
			try
			{
			// If remote host, return
			if (!InetAddress.getLocalHost().getHostName().equals(hostName)) {
			if (!InetAddress.getLocalHost().getHostName().equals(hostName))
			{
			return false;
			}
			// check if we are in a local instance. Already checked the host,
			// now check the port
			if (secureArgsList.getAdminPortFromConfig() != portNumber) {
			if (secureArgsList.getAdminPortFromConfig() != portNumber)
			{
			return false;
			}

			@@ -2124,7 +2171,9 @@
			{
			return false;
			}
			} catch (Exception ex) {
			}
			catch (Exception ex)
			{
			// do nothing
			return false;
			}