external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 0e65bd2b | patch | commit | ignore whitespace

Fix for issue 4295 (Issues with dsreplication interactive mode)

jvergara

17.07.2009 a0843f89806c512784a1752421fe384a97a35810

Fix for issue 4295 (Issues with dsreplication interactive mode)

The biggest issue was that the trust manager was reset when connecting to the second server, this caused the establishing of the connections to fail.

There was also a problem with the way the code found out whether a NamingException was caused by a certificate problem or not.

Finally the code handles the particular case where the user provides global administrator credentials but this is not defined on the second server.  If this is the case, the code now prompts only for the credentials (and not for the whole second server connection parameters).

3 files modified

	opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliArgumentParser.java	10 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java	26 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/util/cli/ConsoleApplication.java	132 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliArgumentParser.java

@@ -40,7 +40,6 @@
import org.opends.messages.Message;
import org.opends.messages.MessageBuilder;
import org.opends.quicksetup.Constants;
import org.opends.quicksetup.UserData;
import org.opends.quicksetup.util.Utils;
import org.opends.server.admin.client.cli.SecureConnectionCliArgs;
import org.opends.server.admin.client.cli.SecureConnectionCliParser;
@@ -2064,7 +2063,14 @@
  {
    if (defaultLocalHostValue == null)
    {
      defaultLocalHostValue = UserData.getDefaultHostName();
      try
      {
        defaultLocalHostValue =
          java.net.InetAddress.getLocalHost().getHostName();
      }
      catch (Throwable t)
      {
      }
      if (defaultLocalHostValue == null)
      {
        defaultLocalHostValue = "localhost";

 opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java

@@ -1067,7 +1067,9 @@
    String bindDn2 = null;
    String pwd2 = null;
    ci.resetHeadingDisplayed();
    ci.resetTrustManager();

    boolean doNotDisplayFirstError = false;

    if (!cancelled)
    {
      host2 = argParser.getHostName2();
@@ -1087,6 +1089,7 @@
      }
      else if (bindDn2 == null)
      {
        doNotDisplayFirstError = true;
        pwd = adminPwd;
        if (argParser.getSecureArgsList().bindPasswordFileArg.isPresent())
        {
@@ -1156,10 +1159,19 @@
      catch (ClientException ce)
      {
        LOG.log(Level.WARNING, "Client exception "+ce);
        println();
        println(ce.getMessageObject());
        println();
        ci.resetConnectionArguments();
        if (!doNotDisplayFirstError)
        {
          println();
          println(ce.getMessageObject());
          println();
          ci.resetConnectionArguments();
        }
        else
        {
          // Reset only the credential parameters.
          ci.resetConnectionArguments();
          ci.initializeGlobalArguments(host2, port2, null, null, null, null);
        }
      }
      catch (ArgumentException ae)
      {
@@ -1169,6 +1181,10 @@
        println();
        cancelled = true;
      }
      finally
      {
        doNotDisplayFirstError = false;
      }
    }

    if (!cancelled)

 opends/src/server/org/opends/server/util/cli/ConsoleApplication.java

@@ -57,6 +57,7 @@
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;

import org.opends.admin.ads.ServerDescriptor;
import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.admin.ads.util.ConnectionUtils;
import org.opends.admin.ads.util.OpendsCertificateException;
@@ -890,12 +891,9 @@
        {
          if ( isInteractive() && ci.isTrustStoreInMemory())
          {
            if ((e.getRootCause() != null)
                && (e.getRootCause().getCause()
                    instanceof OpendsCertificateException))
            OpendsCertificateException oce = getCertificateRootException(e);
            if (oce != null)
            {
              OpendsCertificateException oce =
                (OpendsCertificateException) e.getRootCause().getCause();
              String authType = null;
              if (trustManager instanceof ApplicationTrustManager)
              {
@@ -903,31 +901,29 @@
                  (ApplicationTrustManager)trustManager;
                authType = appTrustManager.getLastRefusedAuthType();
              }
                if (ci.checkServerCertificate(oce.getChain(), authType,
                    hostName))
                {
                  // If the certificate is trusted, update the trust manager.
                  trustManager = ci.getTrustManager();
              if (ci.checkServerCertificate(oce.getChain(), authType,
                  hostName))
              {
                // If the certificate is trusted, update the trust manager.
                trustManager = ci.getTrustManager();

                  // Try to connect again.
                  continue ;
                }
                else
                {
                  // Assume user cancelled.
                  return null;
                }
                // Try to connect again.
                continue;
              }
              else
              {
                // Assume user canceled.
                return null;
              }
            }
          }
          if (e.getRootCause() != null)
          if (e.getCause() != null)
          {
            if (e.getRootCause().getCause() != null &&
                !ci.isTrustStoreInMemory() &&
            if (!ci.isTrustStoreInMemory() &&
                !ci.isTrustAll())
            {
              if (((e.getRootCause().getCause()
                instanceof OpendsCertificateException)) ||
                (e.getRootCause() instanceof SSLHandshakeException))
              if (getCertificateRootException(e) != null ||
                (e.getCause() instanceof SSLHandshakeException))
              {
                Message message =
                  ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_NOT_TRUSTED.get(
@@ -936,7 +932,7 @@
                  LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
              }
            }
            if (e.getRootCause() instanceof SSLException)
            if (e.getCause() instanceof SSLException)
            {
              Message message =
                ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_WRONG_PORT.get(
@@ -945,8 +941,9 @@
                LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
            }
          }
          Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
              hostName, String.valueOf(portNumber));
          String hostPort =
            ServerDescriptor.getServerRepresentation(hostName, portNumber);
          Message message = Utils.getMessageForException(e, hostPort);
          throw new ClientException(
              LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
        }
@@ -969,9 +966,8 @@
        {
          if ( isInteractive() && ci.isTrustStoreInMemory())
          {
            if ((e.getRootCause() != null)
                && (e.getRootCause().getCause()
                    instanceof OpendsCertificateException))
            OpendsCertificateException oce = getCertificateRootException(e);
            if (oce != null)
            {
              String authType = null;
              if (trustManager instanceof ApplicationTrustManager)
@@ -980,22 +976,21 @@
                  (ApplicationTrustManager)trustManager;
                authType = appTrustManager.getLastRefusedAuthType();
              }
              OpendsCertificateException oce =
                (OpendsCertificateException) e.getRootCause().getCause();
                if (ci.checkServerCertificate(oce.getChain(), authType,
                    hostName))
                {
                  // If the certificate is trusted, update the trust manager.
                  trustManager = ci.getTrustManager();

                  // Try to connect again.
                  continue ;
                }
                else
                {
                  // Assume user cancelled.
                  return null;
                }
              if (ci.checkServerCertificate(oce.getChain(), authType,
                  hostName))
              {
                // If the certificate is trusted, update the trust manager.
                trustManager = ci.getTrustManager();

                // Try to connect again.
                continue ;
              }
              else
              {
                // Assume user cancelled.
                return null;
              }
            }
            else
            {
@@ -1028,9 +1023,8 @@
        {
          if ( isInteractive() && ci.isTrustStoreInMemory())
          {
            if ((e.getRootCause() != null)
                && (e.getRootCause().getCause()
                    instanceof OpendsCertificateException))
            OpendsCertificateException oce = getCertificateRootException(e);
            if (oce != null)
            {
              String authType = null;
              if (trustManager instanceof ApplicationTrustManager)
@@ -1039,22 +1033,20 @@
                  (ApplicationTrustManager)trustManager;
                authType = appTrustManager.getLastRefusedAuthType();
              }
              OpendsCertificateException oce =
                (OpendsCertificateException) e.getRootCause().getCause();
                if (ci.checkServerCertificate(oce.getChain(), authType,
                    hostName))
                {
                  // If the certificate is trusted, update the trust manager.
                  trustManager = ci.getTrustManager();
              if (ci.checkServerCertificate(oce.getChain(), authType,
                  hostName))
              {
                // If the certificate is trusted, update the trust manager.
                trustManager = ci.getTrustManager();

                  // Try to connect again.
                  continue ;
                }
                else
                {
                  // Assume user cancelled.
                  return null;
                }
                // Try to connect again.
                continue;
              }
              else
              {
                // Assume user canceled.
                return null;
              }
            }
            else
            {
@@ -1252,4 +1244,18 @@
      pointAdderStopped = true;
    }
  }

  private OpendsCertificateException getCertificateRootException(Throwable t)
  {
    OpendsCertificateException oce = null;
    while (t != null && oce == null)
    {
      t = t.getCause();
      if (t instanceof OpendsCertificateException)
      {
        oce = (OpendsCertificateException)t;
      }
    }
    return oce;
  }
}

			@@ -40,7 +40,6 @@
			import org.opends.messages.Message;
			import org.opends.messages.MessageBuilder;
			import org.opends.quicksetup.Constants;
			import org.opends.quicksetup.UserData;
			import org.opends.quicksetup.util.Utils;
			import org.opends.server.admin.client.cli.SecureConnectionCliArgs;
			import org.opends.server.admin.client.cli.SecureConnectionCliParser;
			@@ -2064,7 +2063,14 @@
			{
			if (defaultLocalHostValue == null)
			{
			defaultLocalHostValue = UserData.getDefaultHostName();
			try
			{
			defaultLocalHostValue =
			java.net.InetAddress.getLocalHost().getHostName();
			}
			catch (Throwable t)
			{
			}
			if (defaultLocalHostValue == null)
			{
			defaultLocalHostValue = "localhost";

			@@ -1067,7 +1067,9 @@
			String bindDn2 = null;
			String pwd2 = null;
			ci.resetHeadingDisplayed();
			ci.resetTrustManager();

			boolean doNotDisplayFirstError = false;

			if (!cancelled)
			{
			host2 = argParser.getHostName2();
			@@ -1087,6 +1089,7 @@
			}
			else if (bindDn2 == null)
			{
			doNotDisplayFirstError = true;
			pwd = adminPwd;
			if (argParser.getSecureArgsList().bindPasswordFileArg.isPresent())
			{
			@@ -1156,10 +1159,19 @@
			catch (ClientException ce)
			{
			LOG.log(Level.WARNING, "Client exception "+ce);
			println();
			println(ce.getMessageObject());
			println();
			ci.resetConnectionArguments();
			if (!doNotDisplayFirstError)
			{
			println();
			println(ce.getMessageObject());
			println();
			ci.resetConnectionArguments();
			}
			else
			{
			// Reset only the credential parameters.
			ci.resetConnectionArguments();
			ci.initializeGlobalArguments(host2, port2, null, null, null, null);
			}
			}
			catch (ArgumentException ae)
			{
			@@ -1169,6 +1181,10 @@
			println();
			cancelled = true;
			}
			finally
			{
			doNotDisplayFirstError = false;
			}
			}

			if (!cancelled)

			@@ -57,6 +57,7 @@
			import javax.net.ssl.SSLHandshakeException;
			import javax.net.ssl.TrustManager;

			import org.opends.admin.ads.ServerDescriptor;
			import org.opends.admin.ads.util.ApplicationTrustManager;
			import org.opends.admin.ads.util.ConnectionUtils;
			import org.opends.admin.ads.util.OpendsCertificateException;
			@@ -890,12 +891,9 @@
			{
			if ( isInteractive() && ci.isTrustStoreInMemory())
			{
			if ((e.getRootCause() != null)
			&& (e.getRootCause().getCause()
			instanceof OpendsCertificateException))
			OpendsCertificateException oce = getCertificateRootException(e);
			if (oce != null)
			{
			OpendsCertificateException oce =
			(OpendsCertificateException) e.getRootCause().getCause();
			String authType = null;
			if (trustManager instanceof ApplicationTrustManager)
			{
			@@ -903,31 +901,29 @@
			(ApplicationTrustManager)trustManager;
			authType = appTrustManager.getLastRefusedAuthType();
			}
			if (ci.checkServerCertificate(oce.getChain(), authType,
			hostName))
			{
			// If the certificate is trusted, update the trust manager.
			trustManager = ci.getTrustManager();
			if (ci.checkServerCertificate(oce.getChain(), authType,
			hostName))
			{
			// If the certificate is trusted, update the trust manager.
			trustManager = ci.getTrustManager();

			// Try to connect again.
			continue ;
			}
			else
			{
			// Assume user cancelled.
			return null;
			}
			// Try to connect again.
			continue;
			}
			else
			{
			// Assume user canceled.
			return null;
			}
			}
			}
			if (e.getRootCause() != null)
			if (e.getCause() != null)
			{
			if (e.getRootCause().getCause() != null &&
			!ci.isTrustStoreInMemory() &&
			if (!ci.isTrustStoreInMemory() &&
			!ci.isTrustAll())
			{
			if (((e.getRootCause().getCause()
			instanceof OpendsCertificateException)) \|\|
			(e.getRootCause() instanceof SSLHandshakeException))
			if (getCertificateRootException(e) != null \|\|
			(e.getCause() instanceof SSLHandshakeException))
			{
			Message message =
			ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_NOT_TRUSTED.get(
			@@ -936,7 +932,7 @@
			LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
			}
			}
			if (e.getRootCause() instanceof SSLException)
			if (e.getCause() instanceof SSLException)
			{
			Message message =
			ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_WRONG_PORT.get(
			@@ -945,8 +941,9 @@
			LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
			}
			}
			Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
			hostName, String.valueOf(portNumber));
			String hostPort =
			ServerDescriptor.getServerRepresentation(hostName, portNumber);
			Message message = Utils.getMessageForException(e, hostPort);
			throw new ClientException(
			LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
			}
			@@ -969,9 +966,8 @@
			{
			if ( isInteractive() && ci.isTrustStoreInMemory())
			{
			if ((e.getRootCause() != null)
			&& (e.getRootCause().getCause()
			instanceof OpendsCertificateException))
			OpendsCertificateException oce = getCertificateRootException(e);
			if (oce != null)
			{
			String authType = null;
			if (trustManager instanceof ApplicationTrustManager)
			@@ -980,22 +976,21 @@
			(ApplicationTrustManager)trustManager;
			authType = appTrustManager.getLastRefusedAuthType();
			}
			OpendsCertificateException oce =
			(OpendsCertificateException) e.getRootCause().getCause();
			if (ci.checkServerCertificate(oce.getChain(), authType,
			hostName))
			{
			// If the certificate is trusted, update the trust manager.
			trustManager = ci.getTrustManager();

			// Try to connect again.
			continue ;
			}
			else
			{
			// Assume user cancelled.
			return null;
			}
			if (ci.checkServerCertificate(oce.getChain(), authType,
			hostName))
			{
			// If the certificate is trusted, update the trust manager.
			trustManager = ci.getTrustManager();

			// Try to connect again.
			continue ;
			}
			else
			{
			// Assume user cancelled.
			return null;
			}
			}
			else
			{
			@@ -1028,9 +1023,8 @@
			{
			if ( isInteractive() && ci.isTrustStoreInMemory())
			{
			if ((e.getRootCause() != null)
			&& (e.getRootCause().getCause()
			instanceof OpendsCertificateException))
			OpendsCertificateException oce = getCertificateRootException(e);
			if (oce != null)
			{
			String authType = null;
			if (trustManager instanceof ApplicationTrustManager)
			@@ -1039,22 +1033,20 @@
			(ApplicationTrustManager)trustManager;
			authType = appTrustManager.getLastRefusedAuthType();
			}
			OpendsCertificateException oce =
			(OpendsCertificateException) e.getRootCause().getCause();
			if (ci.checkServerCertificate(oce.getChain(), authType,
			hostName))
			{
			// If the certificate is trusted, update the trust manager.
			trustManager = ci.getTrustManager();
			if (ci.checkServerCertificate(oce.getChain(), authType,
			hostName))
			{
			// If the certificate is trusted, update the trust manager.
			trustManager = ci.getTrustManager();

			// Try to connect again.
			continue ;
			}
			else
			{
			// Assume user cancelled.
			return null;
			}
			// Try to connect again.
			continue;
			}
			else
			{
			// Assume user canceled.
			return null;
			}
			}
			else
			{
			@@ -1252,4 +1244,18 @@
			pointAdderStopped = true;
			}
			}

			private OpendsCertificateException getCertificateRootException(Throwable t)
			{
			OpendsCertificateException oce = null;
			while (t != null && oce == null)
			{
			t = t.getCause();
			if (t instanceof OpendsCertificateException)
			{
			oce = (OpendsCertificateException)t;
			}
			}
			return oce;
			}
			}