external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 8bf05d16 | patch | commit | ignore whitespace

OPENDJ-3532 Use JVM trust manager in connection handler by default

Gaetan Boismal

22.32.2016 a2f838c8ea5c73db9651fec9cdf9d71a60efda06

OPENDJ-3532 Use JVM trust manager in connection handler by default

Update Ldap and Http connection handlers configuration to allow using
ssl without specifying a trust manager provider.
If so, the default JVM one will be used if ssl client auth is enabled in
the connection handler.
Adapts connection handler code accordignly.

2 files deleted

6 files modified

	opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml	8 ●●●●● patch \| view \| raw \| blame \| history
	opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPConnectionHandlerConfiguration.xml	22 ●●●●● patch \| view \| raw \| blame \| history
	opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPConnectionHandlerConfiguration.xml	27 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java	17 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/extensions/NullTrustManagerProvider.java	76 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java	21 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java	22 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/extensions/NullTrustManagerProviderTestCase.java	66 ●●●●● patch \| view \| raw \| blame \| history

 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AdministrationConnectorConfiguration.xml

@@ -97,7 +97,7 @@
      </ldap:attribute>
    </adm:profile>
  </adm:property>
  <adm:property name="trust-manager-provider" mandatory="true">
  <adm:property name="trust-manager-provider">
    <adm:synopsis>
      Specifies the name of the trust manager that is used with
      the
@@ -108,7 +108,11 @@
      <adm:server-restart />
    </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:undefined />
      <adm:alias>
        <adm:synopsis>
          Use the trust manager provided by the JVM.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
    <adm:syntax>
      <adm:aggregation relation-name="trust-manager-provider"

 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPConnectionHandlerConfiguration.xml

@@ -41,22 +41,6 @@
      </adm:implies>
    </adm:condition>
  </adm:constraint>
  <adm:constraint>
    <adm:synopsis>
      A Trust Manager Provider must be specified when this
      <adm:user-friendly-name />
      is enabled and it is configured to use SSL.
    </adm:synopsis>
    <adm:condition>
      <adm:implies>
        <adm:contains property="enabled" value="true" />
        <adm:implies>
          <adm:contains property="use-ssl" value="true" />
          <adm:is-present property="trust-manager-provider" />
        </adm:implies>
      </adm:implies>
    </adm:condition>
  </adm:constraint>
  <adm:profile name="ldap">
    <ldap:object-class>
      <ldap:name>ds-cfg-http-connection-handler</ldap:name>
@@ -142,7 +126,11 @@
      </adm:none>
    </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:undefined />
      <adm:alias>
        <adm:synopsis>
          Use the trust manager provided by the JVM.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
    <adm:syntax>
      <adm:aggregation relation-name="trust-manager-provider"

 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPConnectionHandlerConfiguration.xml

@@ -13,7 +13,7 @@
  information: "Portions Copyright [year] [name of copyright owner]".

  Copyright 2007-2009 Sun Microsystems, Inc.
  Portions copyright 2011-2013 ForgeRock AS.
  Portions copyright 2011-2016 ForgeRock AS.
  ! -->
<adm:managed-object name="ldap-connection-handler"
  plural-name="ldap-connection-handlers"
@@ -50,25 +50,6 @@
  </adm:constraint>
  <adm:constraint>
    <adm:synopsis>
      A Trust Manager Provider must be specified when this
      <adm:user-friendly-name />
      is enabled and it is configured to use SSL or StartTLS.
    </adm:synopsis>
    <adm:condition>
      <adm:implies>
        <adm:contains property="enabled" value="true" />
        <adm:implies>
          <adm:or>
            <adm:contains property="use-ssl" value="true" />
            <adm:contains property="allow-start-tls" value="true" />
          </adm:or>
          <adm:is-present property="trust-manager-provider" />
        </adm:implies>
      </adm:implies>
    </adm:condition>
  </adm:constraint>
  <adm:constraint>
    <adm:synopsis>
      A
      <adm:user-friendly-name />
      cannot be configured to support SSL and StartTLS at the same time.
@@ -176,7 +157,11 @@
      </adm:none>
    </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:undefined />
      <adm:alias>
        <adm:synopsis>
          Use the trust manager provided by the JVM.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
    <adm:syntax>
      <adm:aggregation relation-name="trust-manager-provider"

 opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java

@@ -44,6 +44,7 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
@@ -70,7 +71,6 @@
import org.opends.server.api.DirectoryThread;
import org.opends.server.api.KeyManagerProvider;
import org.opends.server.api.ServerShutdownListener;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PluginConfigManager;
@@ -78,7 +78,6 @@
import org.opends.server.core.ServerContext;
import org.opends.server.core.WorkQueueStrategy;
import org.opends.server.extensions.NullKeyManagerProvider;
import org.opends.server.extensions.NullTrustManagerProvider;
import org.opends.server.monitors.ClientConnectionMonitorProvider;
import org.opends.server.protocols.ldap.LDAPStatistics;
import org.opends.server.types.DirectoryException;
@@ -897,7 +896,8 @@
    private SSLContext createSSLContext(LDAPConnectionHandlerCfg config) throws DirectoryException {
        try {
            DN keyMgrDN = config.getKeyManagerProviderDN();
            KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
            final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
            KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
            if (keyManagerProvider == null) {
                logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
                disableAndWarnIfUseSSL(config);
@@ -928,14 +928,11 @@
                        friendlyName);
            }

            DN trustMgrDN = config.getTrustManagerProviderDN();
            TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN);
            if (trustManagerProvider == null) {
                trustManagerProvider = new NullTrustManagerProvider();
            }

            final DN trustMgrDN = config.getTrustManagerProviderDN();
            final TrustManager[] trustManagers =
                    trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
            SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
            sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
            sslContext.init(keyManagers, trustManagers, null);
            return sslContext;
        } catch (Exception e) {
            logger.traceException(e);

 opendj-server-legacy/src/main/java/org/opends/server/extensions/NullTrustManagerProvider.java

File was deleted

 opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java

@@ -41,6 +41,7 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;

import org.forgerock.http.ApiProducer;
import org.forgerock.http.DescribedHttpApplication;
@@ -82,11 +83,9 @@
import org.opends.server.api.ConnectionHandler;
import org.opends.server.api.KeyManagerProvider;
import org.opends.server.api.ServerShutdownListener;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ServerContext;
import org.opends.server.extensions.NullKeyManagerProvider;
import org.opends.server.extensions.NullTrustManagerProvider;
import org.opends.server.loggers.HTTPAccessLogger;
import org.opends.server.monitors.ClientConnectionMonitorProvider;
import org.opends.server.protocols.internal.InternalClientConnection;
@@ -848,9 +847,9 @@
    {
      return null;
    }

    DN keyMgrDN = config.getKeyManagerProviderDN();
    KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
    final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
    final DN keyMgrDN = config.getKeyManagerProviderDN();
    KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
    if (keyManagerProvider == null)
    {
      logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
@@ -891,14 +890,10 @@
    }

    DN trustMgrDN = config.getTrustManagerProviderDN();
    TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN);
    if (trustManagerProvider == null)
    {
      trustManagerProvider = new NullTrustManagerProvider();
    }

    SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
    sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
    final TrustManager[] trustManagers =
            trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
    final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
    sslContext.init(keyManagers, trustManagers, null);
    return sslContext;
  }


 opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java

@@ -33,6 +33,7 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
@@ -52,7 +53,6 @@
import org.opends.server.core.ServerContext;
import org.opends.server.core.WorkQueueStrategy;
import org.opends.server.extensions.NullKeyManagerProvider;
import org.opends.server.extensions.NullTrustManagerProvider;
import org.opends.server.extensions.TLSByteChannel;
import org.opends.server.monitors.ClientConnectionMonitorProvider;
import org.opends.server.types.*;
@@ -1290,9 +1290,9 @@
  {
    try
    {
      DN keyMgrDN = config.getKeyManagerProviderDN();
      KeyManagerProvider<?> keyManagerProvider = DirectoryServer
          .getKeyManagerProvider(keyMgrDN);
      final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
      final DN keyMgrDN = config.getKeyManagerProviderDN();
      KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
      if (keyManagerProvider == null)
      {
        logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
@@ -1332,16 +1332,10 @@
      }

      DN trustMgrDN = config.getTrustManagerProviderDN();
      TrustManagerProvider<?> trustManagerProvider = DirectoryServer
          .getTrustManagerProvider(trustMgrDN);
      if (trustManagerProvider == null)
      {
        trustManagerProvider = new NullTrustManagerProvider();
      }

      SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
      sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(),
          null);
      final TrustManager[] trustManagers =
              trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
      final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
      sslContext.init(keyManagers, trustManagers, null);
      return sslContext;
    }
    catch (Exception e)

 opendj-server-legacy/src/test/java/org/opends/server/extensions/NullTrustManagerProviderTestCase.java

File was deleted

			@@ -97,7 +97,7 @@
			</ldap:attribute>
			</adm:profile>
			</adm:property>
			<adm:property name="trust-manager-provider" mandatory="true">
			<adm:property name="trust-manager-provider">
			<adm:synopsis>
			Specifies the name of the trust manager that is used with
			the
			@@ -108,7 +108,11 @@
			<adm:server-restart />
			</adm:requires-admin-action>
			<adm:default-behavior>
			<adm:undefined />
			<adm:alias>
			<adm:synopsis>
			Use the trust manager provided by the JVM.
			</adm:synopsis>
			</adm:alias>
			</adm:default-behavior>
			<adm:syntax>
			<adm:aggregation relation-name="trust-manager-provider"

			@@ -41,22 +41,6 @@
			</adm:implies>
			</adm:condition>
			</adm:constraint>
			<adm:constraint>
			<adm:synopsis>
			A Trust Manager Provider must be specified when this
			<adm:user-friendly-name />
			is enabled and it is configured to use SSL.
			</adm:synopsis>
			<adm:condition>
			<adm:implies>
			<adm:contains property="enabled" value="true" />
			<adm:implies>
			<adm:contains property="use-ssl" value="true" />
			<adm:is-present property="trust-manager-provider" />
			</adm:implies>
			</adm:implies>
			</adm:condition>
			</adm:constraint>
			<adm:profile name="ldap">
			<ldap:object-class>
			<ldap:name>ds-cfg-http-connection-handler</ldap:name>
			@@ -142,7 +126,11 @@
			</adm:none>
			</adm:requires-admin-action>
			<adm:default-behavior>
			<adm:undefined />
			<adm:alias>
			<adm:synopsis>
			Use the trust manager provided by the JVM.
			</adm:synopsis>
			</adm:alias>
			</adm:default-behavior>
			<adm:syntax>
			<adm:aggregation relation-name="trust-manager-provider"

			@@ -13,7 +13,7 @@
			information: "Portions Copyright [year] [name of copyright owner]".

			Copyright 2007-2009 Sun Microsystems, Inc.
			Portions copyright 2011-2013 ForgeRock AS.
			Portions copyright 2011-2016 ForgeRock AS.
			! -->
			<adm:managed-object name="ldap-connection-handler"
			plural-name="ldap-connection-handlers"
			@@ -50,25 +50,6 @@
			</adm:constraint>
			<adm:constraint>
			<adm:synopsis>
			A Trust Manager Provider must be specified when this
			<adm:user-friendly-name />
			is enabled and it is configured to use SSL or StartTLS.
			</adm:synopsis>
			<adm:condition>
			<adm:implies>
			<adm:contains property="enabled" value="true" />
			<adm:implies>
			<adm:or>
			<adm:contains property="use-ssl" value="true" />
			<adm:contains property="allow-start-tls" value="true" />
			</adm:or>
			<adm:is-present property="trust-manager-provider" />
			</adm:implies>
			</adm:implies>
			</adm:condition>
			</adm:constraint>
			<adm:constraint>
			<adm:synopsis>
			A
			<adm:user-friendly-name />
			cannot be configured to support SSL and StartTLS at the same time.
			@@ -176,7 +157,11 @@
			</adm:none>
			</adm:requires-admin-action>
			<adm:default-behavior>
			<adm:undefined />
			<adm:alias>
			<adm:synopsis>
			Use the trust manager provided by the JVM.
			</adm:synopsis>
			</adm:alias>
			</adm:default-behavior>
			<adm:syntax>
			<adm:aggregation relation-name="trust-manager-provider"

			@@ -44,6 +44,7 @@
			import javax.net.ssl.KeyManager;
			import javax.net.ssl.SSLContext;
			import javax.net.ssl.SSLEngine;
			import javax.net.ssl.TrustManager;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			@@ -70,7 +71,6 @@
			import org.opends.server.api.DirectoryThread;
			import org.opends.server.api.KeyManagerProvider;
			import org.opends.server.api.ServerShutdownListener;
			import org.opends.server.api.TrustManagerProvider;
			import org.opends.server.api.plugin.PluginResult;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.PluginConfigManager;
			@@ -78,7 +78,6 @@
			import org.opends.server.core.ServerContext;
			import org.opends.server.core.WorkQueueStrategy;
			import org.opends.server.extensions.NullKeyManagerProvider;
			import org.opends.server.extensions.NullTrustManagerProvider;
			import org.opends.server.monitors.ClientConnectionMonitorProvider;
			import org.opends.server.protocols.ldap.LDAPStatistics;
			import org.opends.server.types.DirectoryException;
			@@ -897,7 +896,8 @@
			private SSLContext createSSLContext(LDAPConnectionHandlerCfg config) throws DirectoryException {
			try {
			DN keyMgrDN = config.getKeyManagerProviderDN();
			KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
			final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
			KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
			if (keyManagerProvider == null) {
			logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
			disableAndWarnIfUseSSL(config);
			@@ -928,14 +928,11 @@
			friendlyName);
			}

			DN trustMgrDN = config.getTrustManagerProviderDN();
			TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN);
			if (trustManagerProvider == null) {
			trustManagerProvider = new NullTrustManagerProvider();
			}

			final DN trustMgrDN = config.getTrustManagerProviderDN();
			final TrustManager[] trustManagers =
			trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
			SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
			sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
			sslContext.init(keyManagers, trustManagers, null);
			return sslContext;
			} catch (Exception e) {
			logger.traceException(e);

			@@ -41,6 +41,7 @@
			import javax.net.ssl.KeyManager;
			import javax.net.ssl.SSLContext;
			import javax.net.ssl.SSLEngine;
			import javax.net.ssl.TrustManager;

			import org.forgerock.http.ApiProducer;
			import org.forgerock.http.DescribedHttpApplication;
			@@ -82,11 +83,9 @@
			import org.opends.server.api.ConnectionHandler;
			import org.opends.server.api.KeyManagerProvider;
			import org.opends.server.api.ServerShutdownListener;
			import org.opends.server.api.TrustManagerProvider;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ServerContext;
			import org.opends.server.extensions.NullKeyManagerProvider;
			import org.opends.server.extensions.NullTrustManagerProvider;
			import org.opends.server.loggers.HTTPAccessLogger;
			import org.opends.server.monitors.ClientConnectionMonitorProvider;
			import org.opends.server.protocols.internal.InternalClientConnection;
			@@ -848,9 +847,9 @@
			{
			return null;
			}

			DN keyMgrDN = config.getKeyManagerProviderDN();
			KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
			final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
			final DN keyMgrDN = config.getKeyManagerProviderDN();
			KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
			if (keyManagerProvider == null)
			{
			logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
			@@ -891,14 +890,10 @@
			}

			DN trustMgrDN = config.getTrustManagerProviderDN();
			TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN);
			if (trustManagerProvider == null)
			{
			trustManagerProvider = new NullTrustManagerProvider();
			}

			SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
			sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
			final TrustManager[] trustManagers =
			trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
			final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
			sslContext.init(keyManagers, trustManagers, null);
			return sslContext;
			}

			@@ -33,6 +33,7 @@
			import javax.net.ssl.KeyManager;
			import javax.net.ssl.SSLContext;
			import javax.net.ssl.SSLEngine;
			import javax.net.ssl.TrustManager;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			@@ -52,7 +53,6 @@
			import org.opends.server.core.ServerContext;
			import org.opends.server.core.WorkQueueStrategy;
			import org.opends.server.extensions.NullKeyManagerProvider;
			import org.opends.server.extensions.NullTrustManagerProvider;
			import org.opends.server.extensions.TLSByteChannel;
			import org.opends.server.monitors.ClientConnectionMonitorProvider;
			import org.opends.server.types.*;
			@@ -1290,9 +1290,9 @@
			{
			try
			{
			DN keyMgrDN = config.getKeyManagerProviderDN();
			KeyManagerProvider<?> keyManagerProvider = DirectoryServer
			.getKeyManagerProvider(keyMgrDN);
			final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
			final DN keyMgrDN = config.getKeyManagerProviderDN();
			KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
			if (keyManagerProvider == null)
			{
			logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
			@@ -1332,16 +1332,10 @@
			}

			DN trustMgrDN = config.getTrustManagerProviderDN();
			TrustManagerProvider<?> trustManagerProvider = DirectoryServer
			.getTrustManagerProvider(trustMgrDN);
			if (trustManagerProvider == null)
			{
			trustManagerProvider = new NullTrustManagerProvider();
			}

			SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
			sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(),
			null);
			final TrustManager[] trustManagers =
			trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
			final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
			sslContext.init(keyManagers, trustManagers, null);
			return sslContext;
			}
			catch (Exception e)