external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: e5b38a37 | patch | commit | ignore whitespace

Add the following global options in dsservice to handle client truststore

lutoff

15.06.2007 dba093e971f1dd1e52cb524ab831c8fe98844f2e

Add the following global options in dsservice to handle client truststore

-P, --trustStorePath {trustStorePath}
     Certificate trust store path
--trustStorePassword {trustStorePassword}
     Certificate trust store PIN
-U, --TrustStorePasswordFile  {path}
     Certificate trust store PIN file

4 files modified

	opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java	7 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Application.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java	44 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java	139 ●●●●● patch \| view \| raw \| blame \| history

 opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java

@@ -94,8 +94,9 @@

  /**
   * The default constructor.
   * @param keystore The keystore to use for this trustmanager.
   */
  public ApplicationTrustManager()
  public ApplicationTrustManager(KeyStore keystore)
  {
    TrustManagerFactory tmf = null;
    String algo = "SunX509";
@@ -103,7 +104,7 @@
    try
    {
      tmf = TrustManagerFactory.getInstance(algo, provider);
      tmf.init((KeyStore)null);
      tmf.init(keystore);
      sunJSSEX509TrustManager =
        (X509TrustManager)(tmf.getTrustManagers())[0];
    }
@@ -294,7 +295,7 @@
   */
  public ApplicationTrustManager createCopy()
  {
    ApplicationTrustManager copy = new ApplicationTrustManager();
    ApplicationTrustManager copy = new ApplicationTrustManager(null);
    copy.lastRefusedAuthType = lastRefusedAuthType;
    copy.lastRefusedChain = lastRefusedChain;
    copy.lastRefusedCause = lastRefusedCause;

 opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Application.java

@@ -536,7 +536,7 @@
  {
    if (trustManager == null)
    {
      trustManager = new ApplicationTrustManager();
      trustManager = new ApplicationTrustManager(null);
    }
    return trustManager;
  }

 opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java

@@ -223,22 +223,42 @@
    String pwd  = argParser.getBindPassword(dn,out,err) ;

    // Try to connect
    String ldapUrl = "ldap://"+host+":"+port;

   InitialLdapContext ctx = null;
   ReturnCode returnCode = ReturnCode.SUCCESSFUL ;
    try
    InitialLdapContext ctx = null;
    ReturnCode returnCode = ReturnCode.SUCCESSFUL;
    if (argParser.useSSL())
    {
      ctx = ConnectionUtils.createLdapContext(ldapUrl, dn, pwd,
          ConnectionUtils.getDefaultLDAPTimeout(), null);
      String ldapsUrl = "ldaps://" + host + ":" + port;
      try
      {
        ctx = ConnectionUtils.createLdapsContext(ldapsUrl,
            dn, pwd, ConnectionUtils.getDefaultLDAPTimeout(), null,
             argParser.getTrustManager());
      }
      catch (NamingException e)
      {
        int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
        String message = getMessage(msgID, host);

        err.println(wrapText(message, MAX_LINE_WIDTH));
        return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
      }
    }
    catch (NamingException e)
    else
    {
      int    msgID   = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
      String message = getMessage(msgID, host);
      String ldapUrl = "ldap://" + host + ":" + port;
      try
      {
        ctx = ConnectionUtils.createLdapContext(ldapUrl, dn, pwd,
            ConnectionUtils.getDefaultLDAPTimeout(), null);
      }
      catch (NamingException e)
      {
        int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
        String message = getMessage(msgID, host);

      err.println(wrapText(message, MAX_LINE_WIDTH));
      return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
        err.println(wrapText(message, MAX_LINE_WIDTH));
        return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
      }
    }
    ADSContext adsContext = new ADSContext(ctx);


 opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java

@@ -33,12 +33,21 @@
import static org.opends.server.util.ServerConstants.MAX_LINE_WIDTH;
import static org.opends.server.util.StaticUtils.wrapText;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.HashSet;
import java.util.logging.Level;
import java.util.logging.Logger;

import org.opends.admin.ads.ADSContext;
import org.opends.admin.ads.ADSContextException;
import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.server.admin.client.cli.DsServiceCliReturnCode.ReturnCode;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.DebugLogLevel;
@@ -51,6 +60,7 @@
import org.opends.server.util.args.SubCommand;
import org.opends.server.util.args.SubCommandArgumentParser;


/**
 * This class will parser CLI arguments.
 */
@@ -102,6 +112,27 @@
  private BooleanArgument verboseArg = null;

  /**
   * The 'trustStore' global argument.
   */
  private StringArgument trustStorePathArg = null;

  /**
   * The 'trustStorePassword' global argument.
   */
  private StringArgument trustStorePasswordArg = null;

  /**
   * The 'trustStorePasswordFile' global argument.
   */
  private FileBasedArgument trustStorePasswordFileArg = null;

  /**
   * The Logger.
   */
  static private final Logger LOG =
    Logger.getLogger(DsServiceCliParser.class.getName());

  /**
   * The diferent CLI group.
   */
  public HashSet<DsServiceCliSubCommandGroup> cliGroup;
@@ -206,6 +237,24 @@
        MSGID_DESCRIPTION_BINDPASSWORDFILE);
    addGlobalArgument(bindPasswordFileArg);

    trustStorePathArg = new StringArgument("trustStorePath",
        OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false,
        false, true, OPTION_VALUE_TRUSTSTOREPATH, null, null,
        MSGID_DESCRIPTION_TRUSTSTOREPATH);
    addGlobalArgument(trustStorePathArg);

    trustStorePasswordArg = new StringArgument("trustStorePassword", null,
        OPTION_LONG_TRUSTSTORE_PWD, false, false, true,
        OPTION_VALUE_TRUSTSTORE_PWD, null, null,
        MSGID_DESCRIPTION_TRUSTSTOREPASSWORD);
    addGlobalArgument(trustStorePasswordArg);

    trustStorePasswordFileArg = new FileBasedArgument("truststorepasswordfile",
        OPTION_SHORT_TRUSTSTORE_PWD_FILE, OPTION_LONG_TRUSTSTORE_PWD_FILE,
        false, false, OPTION_VALUE_TRUSTSTORE_PWD_FILE, null, null,
        MSGID_DESCRIPTION_TRUSTSTOREPASSWORD_FILE);
    addGlobalArgument(trustStorePasswordFileArg);

    verboseArg = new BooleanArgument("verbose", 'v', "verbose",
        MSGID_DESCRIPTION_VERBOSE);
    addGlobalArgument(verboseArg);
@@ -383,6 +432,84 @@
    }
  }


  /**
   * Indicate if the SSL mode is required.
   *
   * @return True if SSL mode is required
   */
  public boolean useSSL()
  {
    if (useSSLArg.isPresent())
    {
      return true;
    }
    else
    {
      return false ;
    }
  }

  /**
   * Handle TrustStore.
   *
   * @return The trustStore manager to be used for the command.
   */
  public ApplicationTrustManager getTrustManager()
  {
    ApplicationTrustManager trustStore = null ;
    KeyStore keyStore = null ;
    if (trustStorePathArg.isPresent())
    {
      try
      {
        FileInputStream fos = new FileInputStream(trustStorePathArg.getValue());
        String trustStorePasswordValue = null;
        if (trustStorePasswordArg.isPresent())
        {
          trustStorePasswordValue = trustStorePasswordArg.getValue();
        }
        else if (trustStorePasswordFileArg.isPresent())
        {
          trustStorePasswordValue = trustStorePasswordFileArg.getValue();
        }
        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fos, trustStorePasswordValue.toCharArray());
      }
      catch (KeyStoreException e)
      {
        // Nothing to do: if this occurs we will systematically refuse the
        // certificates.  Maybe we should avoid this and be strict, but we are
        // in a best effor mode.
        LOG.log(Level.WARNING, "Error with the keystore", e);
      }
      catch (NoSuchAlgorithmException e)
      {
        // Nothing to do: if this occurs we will systematically refuse the
        // certificates.  Maybe we should avoid this and be strict, but we are
        // in a best effor mode.
        LOG.log(Level.WARNING, "Error with the keystore", e);
      }
      catch (CertificateException e)
      {
        // Nothing to do: if this occurs we will systematically refuse the
        // certificates.  Maybe we should avoid this and be strict, but we are
        // in a best effor mode.
        LOG.log(Level.WARNING, "Error with the keystore", e);
      }
      catch (IOException e)
      {
        // Nothing to do: if this occurs we will systematically refuse the
        // certificates.  Maybe we should avoid this and be strict, but we are
        // in a best effor mode.
        LOG.log(Level.WARNING, "Error with the keystore", e);
      }
    }
    trustStore = new ApplicationTrustManager(keyStore);
    trustStore.setHost(getHostName());
    return trustStore ;
  }

  /**
   * Indication if provided global options are validate.
   *
@@ -404,6 +531,18 @@
      return returnCode.CONFLICTING_ARGS.getReturnCode();
    }

    // Couldn't have at the same time trustStorePasswordArg and
    // trustStorePasswordFileArg
    if (trustStorePasswordArg.isPresent()
        && trustStorePasswordFileArg.isPresent())
    {
      int msgID = MSGID_TOOL_CONFLICTING_ARGS;
      String message = getMessage(msgID, trustStorePasswordArg
          .getLongIdentifier(), trustStorePasswordFileArg.getLongIdentifier());
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return returnCode.CONFLICTING_ARGS.getReturnCode();
    }

    return ReturnCode.SUCCESSFUL_NOP.getReturnCode();
  }

			@@ -94,8 +94,9 @@

			/**
			* The default constructor.
			* @param keystore The keystore to use for this trustmanager.
			*/
			public ApplicationTrustManager()
			public ApplicationTrustManager(KeyStore keystore)
			{
			TrustManagerFactory tmf = null;
			String algo = "SunX509";
			@@ -103,7 +104,7 @@
			try
			{
			tmf = TrustManagerFactory.getInstance(algo, provider);
			tmf.init((KeyStore)null);
			tmf.init(keystore);
			sunJSSEX509TrustManager =
			(X509TrustManager)(tmf.getTrustManagers())[0];
			}
			@@ -294,7 +295,7 @@
			*/
			public ApplicationTrustManager createCopy()
			{
			ApplicationTrustManager copy = new ApplicationTrustManager();
			ApplicationTrustManager copy = new ApplicationTrustManager(null);
			copy.lastRefusedAuthType = lastRefusedAuthType;
			copy.lastRefusedChain = lastRefusedChain;
			copy.lastRefusedCause = lastRefusedCause;

			@@ -536,7 +536,7 @@
			{
			if (trustManager == null)
			{
			trustManager = new ApplicationTrustManager();
			trustManager = new ApplicationTrustManager(null);
			}
			return trustManager;
			}

			@@ -223,22 +223,42 @@
			String pwd = argParser.getBindPassword(dn,out,err) ;

			// Try to connect
			String ldapUrl = "ldap://"+host+":"+port;

			InitialLdapContext ctx = null;
			ReturnCode returnCode = ReturnCode.SUCCESSFUL ;
			try
			InitialLdapContext ctx = null;
			ReturnCode returnCode = ReturnCode.SUCCESSFUL;
			if (argParser.useSSL())
			{
			ctx = ConnectionUtils.createLdapContext(ldapUrl, dn, pwd,
			ConnectionUtils.getDefaultLDAPTimeout(), null);
			String ldapsUrl = "ldaps://" + host + ":" + port;
			try
			{
			ctx = ConnectionUtils.createLdapsContext(ldapsUrl,
			dn, pwd, ConnectionUtils.getDefaultLDAPTimeout(), null,
			argParser.getTrustManager());
			}
			catch (NamingException e)
			{
			int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
			String message = getMessage(msgID, host);

			err.println(wrapText(message, MAX_LINE_WIDTH));
			return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
			}
			}
			catch (NamingException e)
			else
			{
			int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
			String message = getMessage(msgID, host);
			String ldapUrl = "ldap://" + host + ":" + port;
			try
			{
			ctx = ConnectionUtils.createLdapContext(ldapUrl, dn, pwd,
			ConnectionUtils.getDefaultLDAPTimeout(), null);
			}
			catch (NamingException e)
			{
			int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
			String message = getMessage(msgID, host);

			err.println(wrapText(message, MAX_LINE_WIDTH));
			return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
			err.println(wrapText(message, MAX_LINE_WIDTH));
			return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
			}
			}
			ADSContext adsContext = new ADSContext(ctx);

			@@ -33,12 +33,21 @@
			import static org.opends.server.util.ServerConstants.MAX_LINE_WIDTH;
			import static org.opends.server.util.StaticUtils.wrapText;

			import java.io.FileInputStream;
			import java.io.IOException;
			import java.io.OutputStream;
			import java.io.PrintStream;
			import java.security.KeyStore;
			import java.security.KeyStoreException;
			import java.security.NoSuchAlgorithmException;
			import java.security.cert.CertificateException;
			import java.util.HashSet;
			import java.util.logging.Level;
			import java.util.logging.Logger;

			import org.opends.admin.ads.ADSContext;
			import org.opends.admin.ads.ADSContextException;
			import org.opends.admin.ads.util.ApplicationTrustManager;
			import org.opends.server.admin.client.cli.DsServiceCliReturnCode.ReturnCode;
			import org.opends.server.loggers.debug.DebugTracer;
			import org.opends.server.types.DebugLogLevel;
			@@ -51,6 +60,7 @@
			import org.opends.server.util.args.SubCommand;
			import org.opends.server.util.args.SubCommandArgumentParser;


			/**
			* This class will parser CLI arguments.
			*/
			@@ -102,6 +112,27 @@
			private BooleanArgument verboseArg = null;

			/**
			* The 'trustStore' global argument.
			*/
			private StringArgument trustStorePathArg = null;

			/**
			* The 'trustStorePassword' global argument.
			*/
			private StringArgument trustStorePasswordArg = null;

			/**
			* The 'trustStorePasswordFile' global argument.
			*/
			private FileBasedArgument trustStorePasswordFileArg = null;

			/**
			* The Logger.
			*/
			static private final Logger LOG =
			Logger.getLogger(DsServiceCliParser.class.getName());

			/**
			* The diferent CLI group.
			*/
			public HashSet<DsServiceCliSubCommandGroup> cliGroup;
			@@ -206,6 +237,24 @@
			MSGID_DESCRIPTION_BINDPASSWORDFILE);
			addGlobalArgument(bindPasswordFileArg);

			trustStorePathArg = new StringArgument("trustStorePath",
			OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false,
			false, true, OPTION_VALUE_TRUSTSTOREPATH, null, null,
			MSGID_DESCRIPTION_TRUSTSTOREPATH);
			addGlobalArgument(trustStorePathArg);

			trustStorePasswordArg = new StringArgument("trustStorePassword", null,
			OPTION_LONG_TRUSTSTORE_PWD, false, false, true,
			OPTION_VALUE_TRUSTSTORE_PWD, null, null,
			MSGID_DESCRIPTION_TRUSTSTOREPASSWORD);
			addGlobalArgument(trustStorePasswordArg);

			trustStorePasswordFileArg = new FileBasedArgument("truststorepasswordfile",
			OPTION_SHORT_TRUSTSTORE_PWD_FILE, OPTION_LONG_TRUSTSTORE_PWD_FILE,
			false, false, OPTION_VALUE_TRUSTSTORE_PWD_FILE, null, null,
			MSGID_DESCRIPTION_TRUSTSTOREPASSWORD_FILE);
			addGlobalArgument(trustStorePasswordFileArg);

			verboseArg = new BooleanArgument("verbose", 'v', "verbose",
			MSGID_DESCRIPTION_VERBOSE);
			addGlobalArgument(verboseArg);
			@@ -383,6 +432,84 @@
			}
			}


			/**
			* Indicate if the SSL mode is required.
			*
			* @return True if SSL mode is required
			*/
			public boolean useSSL()
			{
			if (useSSLArg.isPresent())
			{
			return true;
			}
			else
			{
			return false ;
			}
			}

			/**
			* Handle TrustStore.
			*
			* @return The trustStore manager to be used for the command.
			*/
			public ApplicationTrustManager getTrustManager()
			{
			ApplicationTrustManager trustStore = null ;
			KeyStore keyStore = null ;
			if (trustStorePathArg.isPresent())
			{
			try
			{
			FileInputStream fos = new FileInputStream(trustStorePathArg.getValue());
			String trustStorePasswordValue = null;
			if (trustStorePasswordArg.isPresent())
			{
			trustStorePasswordValue = trustStorePasswordArg.getValue();
			}
			else if (trustStorePasswordFileArg.isPresent())
			{
			trustStorePasswordValue = trustStorePasswordFileArg.getValue();
			}
			keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
			keyStore.load(fos, trustStorePasswordValue.toCharArray());
			}
			catch (KeyStoreException e)
			{
			// Nothing to do: if this occurs we will systematically refuse the
			// certificates. Maybe we should avoid this and be strict, but we are
			// in a best effor mode.
			LOG.log(Level.WARNING, "Error with the keystore", e);
			}
			catch (NoSuchAlgorithmException e)
			{
			// Nothing to do: if this occurs we will systematically refuse the
			// certificates. Maybe we should avoid this and be strict, but we are
			// in a best effor mode.
			LOG.log(Level.WARNING, "Error with the keystore", e);
			}
			catch (CertificateException e)
			{
			// Nothing to do: if this occurs we will systematically refuse the
			// certificates. Maybe we should avoid this and be strict, but we are
			// in a best effor mode.
			LOG.log(Level.WARNING, "Error with the keystore", e);
			}
			catch (IOException e)
			{
			// Nothing to do: if this occurs we will systematically refuse the
			// certificates. Maybe we should avoid this and be strict, but we are
			// in a best effor mode.
			LOG.log(Level.WARNING, "Error with the keystore", e);
			}
			}
			trustStore = new ApplicationTrustManager(keyStore);
			trustStore.setHost(getHostName());
			return trustStore ;
			}

			/**
			* Indication if provided global options are validate.
			*
			@@ -404,6 +531,18 @@
			return returnCode.CONFLICTING_ARGS.getReturnCode();
			}

			// Couldn't have at the same time trustStorePasswordArg and
			// trustStorePasswordFileArg
			if (trustStorePasswordArg.isPresent()
			&& trustStorePasswordFileArg.isPresent())
			{
			int msgID = MSGID_TOOL_CONFLICTING_ARGS;
			String message = getMessage(msgID, trustStorePasswordArg
			.getLongIdentifier(), trustStorePasswordFileArg.getLongIdentifier());
			err.println(wrapText(message, MAX_LINE_WIDTH));
			return returnCode.CONFLICTING_ARGS.getReturnCode();
			}

			return ReturnCode.SUCCESSFUL_NOP.getReturnCode();
			}