mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -36,15 +36,14 @@ import java.security.cert.X509Certificate; import java.util.ArrayList; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.server.util.Platform; /** @@ -105,15 +104,11 @@ */ public ApplicationTrustManager(KeyStore keystore) { TrustManagerFactory tmf = null; this.keystore = keystore; String userSpecifiedAlgo = System.getProperty("org.opends.admin.trustmanageralgo"); String userSpecifiedProvider = System.getProperty("org.opends.admin.trustmanagerprovider"); String userSpecifiedAlgo = System.getProperty("org.opends.admin.trustmanageralgo"); String userSpecifiedProvider = System.getProperty("org.opends.admin.trustmanagerprovider"); //Handle IBM specific cases if the user did not specify a algorithm and/or //provider. //Handle IBM specific cases if the user did not specify a algorithm and/or provider. if(userSpecifiedAlgo == null && Platform.isVendor("IBM")) { userSpecifiedAlgo = "IbmX509"; @@ -123,10 +118,10 @@ userSpecifiedProvider = "IBMJSSE2"; } // Have some fallbacks to choose the provider and algorith of the key // manager. First see if the user wanted to use something specific, // then try with the SunJSSE provider and SunX509 algorithm. Finally, // fallback to the default algorithm of the JVM. // Have some fallbacks to choose the provider and algorithm of the key manager. // First see if the user wanted to use something specific, // then try with the SunJSSE provider and SunX509 algorithm. // Finally,fallback to the default algorithm of the JVM. String[] preferredProvider = { userSpecifiedProvider, "SunJSSE", null, null }; String[] preferredAlgo = @@ -143,6 +138,7 @@ } try { TrustManagerFactory tmf = null; if (provider != null) { tmf = TrustManagerFactory.getInstance(algo, provider); @@ -152,12 +148,11 @@ tmf = TrustManagerFactory.getInstance(algo); } tmf.init(keystore); TrustManager[] trustManagers = tmf.getTrustManagers(); for (int j=0; j < trustManagers.length; j++) for (TrustManager tm : tmf.getTrustManagers()) { if (trustManagers[j] instanceof X509TrustManager) if (tm instanceof X509TrustManager) { trustManager = (X509TrustManager)trustManagers[j]; trustManager = (X509TrustManager) tm; break; } } @@ -270,9 +265,7 @@ lastRefusedChain = chain; lastRefusedAuthType = authType; lastRefusedCause = cause; final OpendsCertificateException e = new OpendsCertificateException(chain); e.initCause(ce); throw e; throw new OpendsCertificateException(chain, ce); } /** {@inheritDoc} */ @@ -289,8 +282,7 @@ * This method is called when the user accepted a certificate. * @param chain the certificate chain accepted by the user. * @param authType the authentication type. * @param host the host we tried to connect and that presented the * certificate. * @param host the host we tried to connect and that presented the certificate. */ public void acceptCertificate(X509Certificate[] chain, String authType, String host) @@ -302,7 +294,7 @@ /** * Sets the host name we are trying to contact in a secure mode. This * method is used if we want to verify the correspondance between the * method is used if we want to verify the correspondence between the * hostname and the subject DN of the certificate that is being presented. * If this method is never called (or called passing null) no verification * will be made on the host name. opendj-sdk/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/OpendsCertificateException.java
@@ -38,11 +38,9 @@ */ public class OpendsCertificateException extends CertificateException { /** The serial version UUID. */ private static final long serialVersionUID = 1151044344529478436L; /** Private certificate chain. */ private X509Certificate[] chain; @@ -77,6 +75,19 @@ } /** * Build a new OpendsCertificationException object. * * @param chain the certificate chain which is unknown and has caused * the SSL handcheck failure. * @param cause the cause */ public OpendsCertificateException(X509Certificate[] chain, CertificateException cause) { super(cause); this.chain = chain; } /** * Return the certificate chain which is unknown and has caused * the SSL handcheck failure. * opendj-sdk/opendj-server-legacy/src/main/java/org/opends/quicksetup/util/ZipExtractor.java
@@ -24,12 +24,12 @@ * Copyright 2007-2008 Sun Microsystems, Inc. * Portions Copyright 2011-2015 ForgeRock AS */ package org.opends.quicksetup.util; import static com.forgerock.opendj.cli.Utils.*; import static com.forgerock.opendj.util.OperatingSystem.*; import static org.opends.messages.QuickSetupMessages.*; import static com.forgerock.opendj.util.OperatingSystem.isUnix; import static com.forgerock.opendj.cli.Utils.getThrowableMsg; import java.io.File; import java.io.FileInputStream; @@ -169,7 +169,6 @@ public void extract(String destDir, boolean removeFirstPath) throws ApplicationException { ZipInputStream zipIn = new ZipInputStream(is); int nEntries = 1; @@ -179,18 +178,19 @@ * these files. This is done this way to group the number of calls to * Runtime.exec (which is required to update the file system permissions). */ Map<String, ArrayList<String>> permissions = new HashMap<String, ArrayList<String>>(); ArrayList<String> list = new ArrayList<String>(); Map<String, ArrayList<String>> permissions = new HashMap<>(); ArrayList<String> list = new ArrayList<>(); list.add(destDir); permissions.put(getProtectedDirectoryPermissionUnix(), list); try { if(application != null) if(application != null) { application.checkAbort(); } ZipEntry entry = zipIn.getNextEntry(); while (entry != null) { if(application != null) if(application != null) { application.checkAbort(); } int ratioBeforeCompleted = minRatio + ((nEntries - 1) * (maxRatio - minRatio) / numberZipEntries); int ratioWhenCompleted = @@ -212,15 +212,11 @@ File destination = new File(destDir, name); copyZipEntry(entry, destination, zipIn, ratioBeforeCompleted, ratioWhenCompleted, permissions); } catch (IOException ioe) { LocalizableMessage errorMsg = getThrowableMsg( INFO_ERROR_COPYING.get(entry.getName()), ioe); throw new ApplicationException( ReturnCode.FILE_SYSTEM_ACCESS_ERROR, errorMsg, ioe); getThrowableMsg(INFO_ERROR_COPYING.get(entry.getName()), ioe), ioe); } } @@ -240,23 +236,16 @@ + paths + ". The chmod error code was: " + result); } } catch (InterruptedException ie) { IOException ioe = new IOException("Could not set permissions on files " + paths + ". The chmod call returned an " + "InterruptedException."); ioe.initCause(ie); throw ioe; throw new IOException("Could not set permissions on files " + paths + ". The chmod call returned an InterruptedException.", ie); } } } } catch (IOException ioe) { LocalizableMessage errorMsg = getThrowableMsg( INFO_ERROR_ZIP_STREAM.get(zipFileName), ioe); throw new ApplicationException( ReturnCode.FILE_SYSTEM_ACCESS_ERROR, errorMsg, ioe); getThrowableMsg(INFO_ERROR_ZIP_STREAM.get(zipFileName), ioe), ioe); } } @@ -265,12 +254,9 @@ * @param entry the ZipEntry object. * @param destination File where the entry will be copied. * @param is the ZipInputStream that contains the contents to be copied. * @param ratioBeforeCompleted the progress ratio before the zip file is * copied. * @param ratioWhenCompleted the progress ratio after the zip file is * copied. * @param permissions an ArrayList with permissions whose contents will be * updated. * @param ratioBeforeCompleted the progress ratio before the zip file is copied. * @param ratioWhenCompleted the progress ratio after the zip file is copied. * @param permissions an ArrayList with permissions whose contents will be updated. * @throws IOException if an error occurs. */ private void copyZipEntry(ZipEntry entry, File destination, @@ -300,7 +286,7 @@ ArrayList<String> list = permissions.get(perm); if (list == null) { list = new ArrayList<String>(); list = new ArrayList<>(); } list.add(Utils.getPath(destination)); permissions.put(perm, list); @@ -315,7 +301,7 @@ ArrayList<String> list = permissions.get(perm); if (list == null) { list = new ArrayList<String>(); list = new ArrayList<>(); } list.add(Utils.getPath(destination)); permissions.put(perm, list); @@ -350,5 +336,4 @@ // TODO We should get this dynamically during build? return "755"; } } opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/protocols/jmx/RmiAuthenticator.java
@@ -67,10 +67,7 @@ */ private boolean finalizedPhase; /** * The JMX Client connection to be used to perform the bind (auth) * call. */ /** The JMX Client connection to be used to perform the bind (auth) call. */ private JmxConnectionHandler jmxConnectionHandler; /** @@ -131,16 +128,11 @@ throw new SecurityException(); } if (logger.isTraceEnabled()) { logger.trace("UserName = %s", authcID); } // Declare the client connection JmxClientConnection jmxClientConnection; // Try to see if we have an Ldap Authentication // Which should be the case in the current implementation JmxClientConnection jmxClientConnection; try { jmxClientConnection = bind(authcID, password); @@ -152,13 +144,10 @@ throw se; } // If we've gotten here, then the authentication was // successful. We'll take the connection so // invoke the post-connect plugins. PluginConfigManager pluginManager = DirectoryServer .getPluginConfigManager(); PluginResult.PostConnect pluginResult = pluginManager .invokePostConnectPlugins(jmxClientConnection); // If we've gotten here, then the authentication was successful. // We'll take the connection so invoke the post-connect plugins. PluginConfigManager pluginManager = DirectoryServer.getPluginConfigManager(); PluginResult.PostConnect pluginResult = pluginManager.invokePostConnectPlugins(jmxClientConnection); if (!pluginResult.continueProcessing()) { jmxClientConnection.disconnect(pluginResult.getDisconnectReason(), @@ -182,8 +171,7 @@ s.getPrincipals().add(new OpendsJmxPrincipal(authcID)); // add the connection client object // this connection client is used at forwarder level to identify the // calling client // this connection client is used at forwarder level to identify the calling client s.getPrivateCredentials().add(new Credential(jmxClientConnection)); return s; @@ -199,8 +187,6 @@ */ private JmxClientConnection bind(String authcID, String password) { ArrayList<Control> requestControls = new ArrayList<Control>(); try { DN.valueOf(authcID); @@ -210,19 +196,11 @@ LDAPException ldapEx = new LDAPException( LDAPResultCode.INVALID_CREDENTIALS, CoreMessages.INFO_RESULT_INVALID_CREDENTIALS.get()); SecurityException se = new SecurityException(); se.initCause(ldapEx); throw se; throw new SecurityException(ldapEx); } ByteString bindPW; if (password == null) { bindPW = null; } else { bindPW = ByteString.valueOf(password); } ArrayList<Control> requestControls = new ArrayList<>(); ByteString bindPW = password != null ? ByteString.valueOf(password) : null; AuthenticationInfo authInfo = new AuthenticationInfo(); JmxClientConnection jmxClientConnection = new JmxClientConnection( @@ -237,10 +215,7 @@ bindOp.run(); if (bindOp.getResultCode() == ResultCode.SUCCESS) { if (logger.isTraceEnabled()) { logger.trace("User is authenticated"); } authInfo = bindOp.getAuthenticationInfo(); jmxClientConnection.setAuthenticationInfo(authInfo); @@ -263,8 +238,7 @@ LDAPException ldapEx = new LDAPException( LDAPResultCode.INVALID_CREDENTIALS, CoreMessages.INFO_RESULT_INVALID_CREDENTIALS.get()); SecurityException se = new SecurityException("return code: " + bindOp.getResultCode()); SecurityException se = new SecurityException("return code: " + bindOp.getResultCode()); se.initCause(ldapEx); throw se; }
