external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 85d1cf81 | patch | commit | show whitespace

Fix for issue 4371 (setup throws NullPointerException when trying to use a ...

jvergara

25.42.2009 de71d5ed799a2f79239c76610375ad5dbc18a338

Fix for issue 4371 (setup throws NullPointerException when trying to use a PKCS12 certificate)
Handle the case where the user provides a certificate without an alias.  The code in CertificateManager has been updated to detect this situation.
The code in ConfigureDS has also been updated to handle the case where the user does not provide a certificate nickname.

7 files modified

	opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java	99 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java	30 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/tools/ConfigureDS.java	45 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/tools/InstallDS.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java	40 ●●●●● patch \| view \| raw \| blame \| history
	opendj-sdk/opends/src/server/org/opends/server/util/SetupUtils.java	28 ●●●●● patch \| view \| raw \| blame \| history

 opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java

@@ -22,7 +22,7 @@
 * CDDL HEADER END
 *
 *
 *      Copyright 2006-2008 Sun Microsystems, Inc.
 *      Copyright 2006-2009 Sun Microsystems, Inc.
 */
package org.opends.quicksetup;


 opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java

@@ -853,6 +853,17 @@
      argList.add("-q");
    }

    String aliasInKeyStore = sec.getAliasToUse();
    String aliasInTrustStore;
    if (aliasInKeyStore == null)
    {
      aliasInTrustStore = SELF_SIGNED_CERT_ALIAS;
    }
    else
    {
      aliasInTrustStore = aliasInKeyStore;
    }

    switch (sec.getCertificateType())
    {
    case SELF_SIGNED_CERTIFICATE:
@@ -868,8 +879,11 @@
      argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
      argList.add("-m");
      argList.add(sec.getKeystorePath());
      if (aliasInKeyStore != null)
      {
      argList.add("-a");
      argList.add(sec.getAliasToUse());
        argList.add(aliasInKeyStore);
      }
      break;
    case JCEKS:
      argList.add("-k");
@@ -878,8 +892,11 @@
      argList.add("cn=JCEKS,cn=Trust Manager Providers,cn=config");
      argList.add("-m");
      argList.add(sec.getKeystorePath());
      if (aliasInKeyStore != null)
      {
      argList.add("-a");
      argList.add(sec.getAliasToUse());
        argList.add(aliasInKeyStore);
      }
      break;
    case PKCS12:
      argList.add("-k");
@@ -889,8 +906,11 @@
      argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
      argList.add("-m");
      argList.add(sec.getKeystorePath());
      if (aliasInKeyStore != null)
      {
      argList.add("-a");
      argList.add(sec.getAliasToUse());
        argList.add(aliasInKeyStore);
      }
      break;
    case PKCS11:
      argList.add("-k");
@@ -898,8 +918,11 @@
      argList.add("-t");
      // We are going to import the PCKS11 certificate in a JKS truststore
      argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
      if (aliasInKeyStore != null)
      {
      argList.add("-a");
      argList.add(sec.getAliasToUse());
        argList.add(aliasInKeyStore);
      }
      break;
    case NO_CERTIFICATE:
      // Nothing to do.
@@ -1048,14 +1071,22 @@
            sec.getKeystorePath(),
            CertificateManager.KEY_STORE_TYPE_JKS,
            sec.getKeystorePassword());
        SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
        if (aliasInKeyStore != null)
        {
          SetupUtils.exportCertificate(certManager, aliasInKeyStore,
            getTemporaryCertificatePath());
        }
        else
        {
          SetupUtils.exportCertificate(certManager,
              getTemporaryCertificatePath());
        }

        trustManager = new CertificateManager(
            getTrustManagerPath(),
            CertificateManager.KEY_STORE_TYPE_JKS,
            sec.getKeystorePassword());
        trustManager.addCertificate(sec.getAliasToUse(),
        trustManager.addCertificate(aliasInTrustStore,
            new File(getTemporaryCertificatePath()));
        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
        f = new File(getTemporaryCertificatePath());
@@ -1066,14 +1097,22 @@
            sec.getKeystorePath(),
            CertificateManager.KEY_STORE_TYPE_JCEKS,
            sec.getKeystorePassword());
        SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
        if (aliasInKeyStore != null)
        {
          SetupUtils.exportCertificate(certManager, aliasInKeyStore,
            getTemporaryCertificatePath());
        }
        else
        {
          SetupUtils.exportCertificate(certManager,
              getTemporaryCertificatePath());
        }

        trustManager = new CertificateManager(
            getTrustManagerPath(),
            CertificateManager.KEY_STORE_TYPE_JCEKS,
            sec.getKeystorePassword());
        trustManager.addCertificate(sec.getAliasToUse(),
        trustManager.addCertificate(aliasInTrustStore,
            new File(getTemporaryCertificatePath()));
        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
        f = new File(getTemporaryCertificatePath());
@@ -1084,14 +1123,22 @@
            sec.getKeystorePath(),
            CertificateManager.KEY_STORE_TYPE_PKCS12,
            sec.getKeystorePassword());
        SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
        if (aliasInKeyStore != null)
        {
          SetupUtils.exportCertificate(certManager, aliasInKeyStore,
            getTemporaryCertificatePath());
        }
        else
        {
          SetupUtils.exportCertificate(certManager,
              getTemporaryCertificatePath());
        }

        trustManager = new CertificateManager(
            getTrustManagerPath(),
            CertificateManager.KEY_STORE_TYPE_JKS,
            sec.getKeystorePassword());
        trustManager.addCertificate(sec.getAliasToUse(),
        trustManager.addCertificate(aliasInTrustStore,
            new File(getTemporaryCertificatePath()));
        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
        f = new File(getTemporaryCertificatePath());
@@ -1102,14 +1149,22 @@
            CertificateManager.KEY_STORE_PATH_PKCS11,
            CertificateManager.KEY_STORE_TYPE_PKCS11,
            sec.getKeystorePassword());
        SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
        if (aliasInKeyStore != null)
        {
          SetupUtils.exportCertificate(certManager, aliasInKeyStore,
            getTemporaryCertificatePath());
        }
        else
        {
          SetupUtils.exportCertificate(certManager,
              getTemporaryCertificatePath());
        }

        trustManager = new CertificateManager(
            getTrustManagerPath(),
            CertificateManager.KEY_STORE_TYPE_JKS,
            sec.getKeystorePassword());
        trustManager.addCertificate(sec.getAliasToUse(),
        trustManager.addCertificate(aliasInTrustStore,
            new File(getTemporaryCertificatePath()));
        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
        break;
@@ -3518,7 +3573,7 @@
      if (adsContext.hasAdminData())
      {
        /* Check if there are already global administrators */
        Set administrators = adsContext.readAdministratorRegistry();
        Set<?> administrators = adsContext.readAdministratorRegistry();
        if (administrators.size() > 0)
        {
          hasGlobalAdministrators[0] = true;
@@ -3774,7 +3829,7 @@
    if (qs.getFieldValue(FieldName.SUFFIXES_TO_REPLICATE_OPTIONS) ==
      SuffixesToReplicateOptions.Type.REPLICATE_WITH_EXISTING_SUFFIXES)
    {
      Set s = (Set)qs.getFieldValue(FieldName.SUFFIXES_TO_REPLICATE);
      Set<?> s = (Set<?>)qs.getFieldValue(FieldName.SUFFIXES_TO_REPLICATE);
      if (s.size() == 0)
      {
        errorMsgs.add(INFO_NO_SUFFIXES_CHOSEN_TO_REPLICATE.get());
@@ -3835,8 +3890,10 @@
    ArrayList<Message> errorMsgs = new ArrayList<Message>();
    Map<ServerDescriptor, AuthenticationData> servers =
      getUserData().getRemoteWithNoReplicationPort();
    Map hm = (Map) qs.getFieldValue(FieldName.REMOTE_REPLICATION_PORT);
    Map hmSecure = (Map) qs.getFieldValue(FieldName.REMOTE_REPLICATION_SECURE);
    Map<?, ?> hm =
      (Map<?, ?>) qs.getFieldValue(FieldName.REMOTE_REPLICATION_PORT);
    Map<?, ?> hmSecure =
      (Map<?, ?>) qs.getFieldValue(FieldName.REMOTE_REPLICATION_SECURE);
    for (ServerDescriptor server : servers.keySet())
    {
      String hostName = server.getHostName();
@@ -4435,8 +4492,9 @@
      }
      try
      {
        NamingEnumeration res = ctx.search(dn, filter, searchControls);
        SearchResult sr = (SearchResult)res.next();
        NamingEnumeration<SearchResult> res =
          ctx.search(dn, filter, searchControls);
        SearchResult sr = res.next();

        // Get the number of entries that have been handled and
        // a percentage...
@@ -4729,8 +4787,9 @@
      }
      try
      {
        NamingEnumeration res = ctx.search(dn, filter, searchControls);
        SearchResult sr = (SearchResult)res.next();
        NamingEnumeration<SearchResult> res =
          ctx.search(dn, filter, searchControls);
        SearchResult sr = res.next();
        String logMsg = getFirstValue(sr, "ds-task-log-message");
        if (logMsg != null)
        {

 opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java

@@ -100,6 +100,7 @@
  private SecurityOptions securityOptions;

  private String[] aliases;
  private boolean certificateHasAlias;
  private String selectedAlias;

  private final int DEFAULT_PORT = 636;
@@ -663,10 +664,11 @@
   */
  private void okClicked()
  {
    BackgroundTask worker = new BackgroundTask()
    BackgroundTask<ArrayList<Message>> worker =
      new BackgroundTask<ArrayList<Message>>()
    {
      @Override
      public Object processBackgroundTask()
      public ArrayList<Message> processBackgroundTask()
      {
        ArrayList<Message> errorMsgs = new ArrayList<Message>();

@@ -678,7 +680,7 @@
      }

      @Override
      public void backgroundTaskCompleted(Object returnValue,
      public void backgroundTaskCompleted(ArrayList<Message> returnValue,
          Throwable throwable)
      {
        if (throwable != null)
@@ -695,16 +697,10 @@
        {
          cancelButton.setEnabled(true);
          okButton.setEnabled(true);
          ArrayList ar = (ArrayList)returnValue;

          if (ar.size() > 0)
          if (returnValue.size() > 0)
          {
            ArrayList<Message> errorMsgs = new ArrayList<Message>();
            for (Object o: ar)
            {
              errorMsgs.add((Message)o);
            }
            displayError(Utils.getMessageFromCollection(errorMsgs, "\n"),
            displayError(Utils.getMessageFromCollection(returnValue, "\n"),
                INFO_ERROR_TITLE.get());
          }
          else
@@ -712,7 +708,13 @@
            if (rbUseExistingCertificate.isSelected() &&
                (cbEnableSSL.isSelected() || cbEnableStartTLS.isSelected()))
            {
              if (aliases.length > 1)
              if (!certificateHasAlias)
              {
                selectedAlias = null;
                isCancelled = false;
                dispose();
              }
              else if (aliases.length > 1)
              {
                if (aliasDlg == null)
                {
@@ -1050,6 +1052,10 @@
              pathValid = false;
            }
          }
          else
          {
            certificateHasAlias = certManager.hasRealAliases();
          }
        }
        catch (KeyStoreException ke)
        {

 opendj-sdk/opends/src/server/org/opends/server/tools/ConfigureDS.java

@@ -1123,6 +1123,51 @@
          return 1;
        }
      }
      else
      {
        try
        {
          if (ldapPort.isPresent())
          {
            // Use the key manager specified for the LDAP connection handler.
            DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
            ConfigEntry configEntry =
              configHandler.getConfigEntry(ldapListenerDN);

            configEntry.removeConfigAttribute(
                ATTR_SSL_CERT_NICKNAME.toLowerCase());
          }

          if (ldapsPort.isPresent())
          {
            // Use the key manager specified for the LDAPS connection handler.
            DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
            ConfigEntry configEntry =
              configHandler.getConfigEntry(ldapsListenerDN);

            configEntry.removeConfigAttribute(
                ATTR_SSL_CERT_NICKNAME.toLowerCase());
          }

          if (jmxPort.isPresent())
          {
            // Use the key manager specified for the JMX connection handler.
            DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER);
            ConfigEntry configEntry =
              configHandler.getConfigEntry(jmxListenerDN);

            configEntry.removeConfigAttribute(
                ATTR_SSL_CERT_NICKNAME.toLowerCase());
          }
        }
        catch (Exception e)
        {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(
                  String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // If a root user DN and password were specified, then update the config
      // accordingly.

 opendj-sdk/opends/src/server/org/opends/server/tools/InstallDS.java

@@ -2065,7 +2065,7 @@
            throw new IllegalArgumentException("Invalid type: "+type);
          }
        }
        else
        else if (certManager.hasRealAliases())
        {
          for (int i=0; i<aliases.length; i++)
          {
@@ -2075,7 +2075,7 @@
              ", ");
          if (certNickname != null)
          {
            // Check if the cert alias is in the list.
            // Check if the certificate alias is in the list.
            boolean found = false;
            for (int i=0; i<aliases.length && !found; i++)
            {
@@ -2268,7 +2268,7 @@
          keystoreAliases);
      firstTry = false;
    }
    if (certNickname == null)
    if ((certNickname == null) && !keystoreAliases.isEmpty())
    {
      certNickname = keystoreAliases.getFirst();
    }

 opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java

@@ -97,6 +97,8 @@

  private final char[] password;

  private Boolean realAliases;

  /**
   * Always return true.
   *
@@ -439,6 +441,44 @@
      }
  }

  /**
   * Returns whether this certificate manager contains 'real' aliases or not.
   * For instance, the certificate manager can contain a PKCS12 certificate
   * with no alias.
   * @return whether this certificate manager contains 'real' aliases or not.
   * @throws KeyStoreException if there is a problem accessing the key store.
   */
  public boolean hasRealAliases() throws KeyStoreException
  {
    if (realAliases == null)
    {
      String[] aliases = getCertificateAliases();
      if (aliases == null || aliases.length == 0)
      {
        realAliases = Boolean.FALSE;
      }
      else if (aliases.length > 1)
      {
        realAliases = Boolean.TRUE;
      }
      else
      {
        CertificateManager certManager2 = new CertificateManager(keyStorePath,
            keyStoreType, new String(password));
        String[] aliases2 = certManager2.getCertificateAliases();
        if (aliases2 != null && aliases2.length == 1)
        {
          realAliases = aliases[0].equalsIgnoreCase(aliases2[0]);
        }
        else
        {
          realAliases = Boolean.FALSE;
        }
      }
    }
    return realAliases;
  }

  private static void ensureFileValid(File arg, String msgStr) {
    if(arg == null) {
      Message msg = ERR_CERTMGR_FILE_NAME_INVALID.get(msgStr);

 opendj-sdk/opends/src/server/org/opends/server/util/SetupUtils.java

@@ -526,6 +526,34 @@


  /**
   * Export a certificate in a file.  It will export the first certificate
   * defined.  This method is required because of the way.
   *
   * @param certManager Certificate manager to use.
   * @param path Path of the output file.
   *
   * @throws CertificateEncodingException If the certificate manager cannot
   * encode the certificate.
   * @throws IOException If a problem occurs while creating or writing in the
   * output file.
   * @throws KeyStoreException If the certificate manager cannot retrieve the
   * certificate to be exported.
   */
  public static void exportCertificate(
    CertificateManager certManager, String path)
    throws CertificateEncodingException, IOException, KeyStoreException
  {
    String[] aliases = certManager.getCertificateAliases();
    Certificate certificate = certManager.getCertificate(aliases[0]);

    byte[] certificateBytes = certificate.getEncoded();

    FileOutputStream outputStream = new FileOutputStream(path, false);
    outputStream.write(certificateBytes);
    outputStream.close();
  }

  /**
   * Export a certificate in a file.
   *
   * @param certManager Certificate manager to use.

			@@ -22,7 +22,7 @@
			* CDDL HEADER END
			*
			*
			* Copyright 2006-2008 Sun Microsystems, Inc.
			* Copyright 2006-2009 Sun Microsystems, Inc.
			*/
			package org.opends.quicksetup;

			@@ -853,6 +853,17 @@
			argList.add("-q");
			}

			String aliasInKeyStore = sec.getAliasToUse();
			String aliasInTrustStore;
			if (aliasInKeyStore == null)
			{
			aliasInTrustStore = SELF_SIGNED_CERT_ALIAS;
			}
			else
			{
			aliasInTrustStore = aliasInKeyStore;
			}

			switch (sec.getCertificateType())
			{
			case SELF_SIGNED_CERTIFICATE:
			@@ -868,8 +879,11 @@
			argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
			argList.add("-m");
			argList.add(sec.getKeystorePath());
			if (aliasInKeyStore != null)
			{
			argList.add("-a");
			argList.add(sec.getAliasToUse());
			argList.add(aliasInKeyStore);
			}
			break;
			case JCEKS:
			argList.add("-k");
			@@ -878,8 +892,11 @@
			argList.add("cn=JCEKS,cn=Trust Manager Providers,cn=config");
			argList.add("-m");
			argList.add(sec.getKeystorePath());
			if (aliasInKeyStore != null)
			{
			argList.add("-a");
			argList.add(sec.getAliasToUse());
			argList.add(aliasInKeyStore);
			}
			break;
			case PKCS12:
			argList.add("-k");
			@@ -889,8 +906,11 @@
			argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
			argList.add("-m");
			argList.add(sec.getKeystorePath());
			if (aliasInKeyStore != null)
			{
			argList.add("-a");
			argList.add(sec.getAliasToUse());
			argList.add(aliasInKeyStore);
			}
			break;
			case PKCS11:
			argList.add("-k");
			@@ -898,8 +918,11 @@
			argList.add("-t");
			// We are going to import the PCKS11 certificate in a JKS truststore
			argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
			if (aliasInKeyStore != null)
			{
			argList.add("-a");
			argList.add(sec.getAliasToUse());
			argList.add(aliasInKeyStore);
			}
			break;
			case NO_CERTIFICATE:
			// Nothing to do.
			@@ -1048,14 +1071,22 @@
			sec.getKeystorePath(),
			CertificateManager.KEY_STORE_TYPE_JKS,
			sec.getKeystorePassword());
			SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
			if (aliasInKeyStore != null)
			{
			SetupUtils.exportCertificate(certManager, aliasInKeyStore,
			getTemporaryCertificatePath());
			}
			else
			{
			SetupUtils.exportCertificate(certManager,
			getTemporaryCertificatePath());
			}

			trustManager = new CertificateManager(
			getTrustManagerPath(),
			CertificateManager.KEY_STORE_TYPE_JKS,
			sec.getKeystorePassword());
			trustManager.addCertificate(sec.getAliasToUse(),
			trustManager.addCertificate(aliasInTrustStore,
			new File(getTemporaryCertificatePath()));
			createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
			f = new File(getTemporaryCertificatePath());
			@@ -1066,14 +1097,22 @@
			sec.getKeystorePath(),
			CertificateManager.KEY_STORE_TYPE_JCEKS,
			sec.getKeystorePassword());
			SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
			if (aliasInKeyStore != null)
			{
			SetupUtils.exportCertificate(certManager, aliasInKeyStore,
			getTemporaryCertificatePath());
			}
			else
			{
			SetupUtils.exportCertificate(certManager,
			getTemporaryCertificatePath());
			}

			trustManager = new CertificateManager(
			getTrustManagerPath(),
			CertificateManager.KEY_STORE_TYPE_JCEKS,
			sec.getKeystorePassword());
			trustManager.addCertificate(sec.getAliasToUse(),
			trustManager.addCertificate(aliasInTrustStore,
			new File(getTemporaryCertificatePath()));
			createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
			f = new File(getTemporaryCertificatePath());
			@@ -1084,14 +1123,22 @@
			sec.getKeystorePath(),
			CertificateManager.KEY_STORE_TYPE_PKCS12,
			sec.getKeystorePassword());
			SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
			if (aliasInKeyStore != null)
			{
			SetupUtils.exportCertificate(certManager, aliasInKeyStore,
			getTemporaryCertificatePath());
			}
			else
			{
			SetupUtils.exportCertificate(certManager,
			getTemporaryCertificatePath());
			}

			trustManager = new CertificateManager(
			getTrustManagerPath(),
			CertificateManager.KEY_STORE_TYPE_JKS,
			sec.getKeystorePassword());
			trustManager.addCertificate(sec.getAliasToUse(),
			trustManager.addCertificate(aliasInTrustStore,
			new File(getTemporaryCertificatePath()));
			createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
			f = new File(getTemporaryCertificatePath());
			@@ -1102,14 +1149,22 @@
			CertificateManager.KEY_STORE_PATH_PKCS11,
			CertificateManager.KEY_STORE_TYPE_PKCS11,
			sec.getKeystorePassword());
			SetupUtils.exportCertificate(certManager, sec.getAliasToUse(),
			if (aliasInKeyStore != null)
			{
			SetupUtils.exportCertificate(certManager, aliasInKeyStore,
			getTemporaryCertificatePath());
			}
			else
			{
			SetupUtils.exportCertificate(certManager,
			getTemporaryCertificatePath());
			}

			trustManager = new CertificateManager(
			getTrustManagerPath(),
			CertificateManager.KEY_STORE_TYPE_JKS,
			sec.getKeystorePassword());
			trustManager.addCertificate(sec.getAliasToUse(),
			trustManager.addCertificate(aliasInTrustStore,
			new File(getTemporaryCertificatePath()));
			createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
			break;
			@@ -3518,7 +3573,7 @@
			if (adsContext.hasAdminData())
			{
			/* Check if there are already global administrators */
			Set administrators = adsContext.readAdministratorRegistry();
			Set<?> administrators = adsContext.readAdministratorRegistry();
			if (administrators.size() > 0)
			{
			hasGlobalAdministrators[0] = true;
			@@ -3774,7 +3829,7 @@
			if (qs.getFieldValue(FieldName.SUFFIXES_TO_REPLICATE_OPTIONS) ==
			SuffixesToReplicateOptions.Type.REPLICATE_WITH_EXISTING_SUFFIXES)
			{
			Set s = (Set)qs.getFieldValue(FieldName.SUFFIXES_TO_REPLICATE);
			Set<?> s = (Set<?>)qs.getFieldValue(FieldName.SUFFIXES_TO_REPLICATE);
			if (s.size() == 0)
			{
			errorMsgs.add(INFO_NO_SUFFIXES_CHOSEN_TO_REPLICATE.get());
			@@ -3835,8 +3890,10 @@
			ArrayList<Message> errorMsgs = new ArrayList<Message>();
			Map<ServerDescriptor, AuthenticationData> servers =
			getUserData().getRemoteWithNoReplicationPort();
			Map hm = (Map) qs.getFieldValue(FieldName.REMOTE_REPLICATION_PORT);
			Map hmSecure = (Map) qs.getFieldValue(FieldName.REMOTE_REPLICATION_SECURE);
			Map<?, ?> hm =
			(Map<?, ?>) qs.getFieldValue(FieldName.REMOTE_REPLICATION_PORT);
			Map<?, ?> hmSecure =
			(Map<?, ?>) qs.getFieldValue(FieldName.REMOTE_REPLICATION_SECURE);
			for (ServerDescriptor server : servers.keySet())
			{
			String hostName = server.getHostName();
			@@ -4435,8 +4492,9 @@
			}
			try
			{
			NamingEnumeration res = ctx.search(dn, filter, searchControls);
			SearchResult sr = (SearchResult)res.next();
			NamingEnumeration<SearchResult> res =
			ctx.search(dn, filter, searchControls);
			SearchResult sr = res.next();

			// Get the number of entries that have been handled and
			// a percentage...
			@@ -4729,8 +4787,9 @@
			}
			try
			{
			NamingEnumeration res = ctx.search(dn, filter, searchControls);
			SearchResult sr = (SearchResult)res.next();
			NamingEnumeration<SearchResult> res =
			ctx.search(dn, filter, searchControls);
			SearchResult sr = res.next();
			String logMsg = getFirstValue(sr, "ds-task-log-message");
			if (logMsg != null)
			{

			@@ -100,6 +100,7 @@
			private SecurityOptions securityOptions;

			private String[] aliases;
			private boolean certificateHasAlias;
			private String selectedAlias;

			private final int DEFAULT_PORT = 636;
			@@ -663,10 +664,11 @@
			*/
			private void okClicked()
			{
			BackgroundTask worker = new BackgroundTask()
			BackgroundTask<ArrayList<Message>> worker =
			new BackgroundTask<ArrayList<Message>>()
			{
			@Override
			public Object processBackgroundTask()
			public ArrayList<Message> processBackgroundTask()
			{
			ArrayList<Message> errorMsgs = new ArrayList<Message>();

			@@ -678,7 +680,7 @@
			}

			@Override
			public void backgroundTaskCompleted(Object returnValue,
			public void backgroundTaskCompleted(ArrayList<Message> returnValue,
			Throwable throwable)
			{
			if (throwable != null)
			@@ -695,16 +697,10 @@
			{
			cancelButton.setEnabled(true);
			okButton.setEnabled(true);
			ArrayList ar = (ArrayList)returnValue;

			if (ar.size() > 0)
			if (returnValue.size() > 0)
			{
			ArrayList<Message> errorMsgs = new ArrayList<Message>();
			for (Object o: ar)
			{
			errorMsgs.add((Message)o);
			}
			displayError(Utils.getMessageFromCollection(errorMsgs, "\n"),
			displayError(Utils.getMessageFromCollection(returnValue, "\n"),
			INFO_ERROR_TITLE.get());
			}
			else
			@@ -712,7 +708,13 @@
			if (rbUseExistingCertificate.isSelected() &&
			(cbEnableSSL.isSelected() \|\| cbEnableStartTLS.isSelected()))
			{
			if (aliases.length > 1)
			if (!certificateHasAlias)
			{
			selectedAlias = null;
			isCancelled = false;
			dispose();
			}
			else if (aliases.length > 1)
			{
			if (aliasDlg == null)
			{
			@@ -1050,6 +1052,10 @@
			pathValid = false;
			}
			}
			else
			{
			certificateHasAlias = certManager.hasRealAliases();
			}
			}
			catch (KeyStoreException ke)
			{

			@@ -1123,6 +1123,51 @@
			return 1;
			}
			}
			else
			{
			try
			{
			if (ldapPort.isPresent())
			{
			// Use the key manager specified for the LDAP connection handler.
			DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
			ConfigEntry configEntry =
			configHandler.getConfigEntry(ldapListenerDN);

			configEntry.removeConfigAttribute(
			ATTR_SSL_CERT_NICKNAME.toLowerCase());
			}

			if (ldapsPort.isPresent())
			{
			// Use the key manager specified for the LDAPS connection handler.
			DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
			ConfigEntry configEntry =
			configHandler.getConfigEntry(ldapsListenerDN);

			configEntry.removeConfigAttribute(
			ATTR_SSL_CERT_NICKNAME.toLowerCase());
			}

			if (jmxPort.isPresent())
			{
			// Use the key manager specified for the JMX connection handler.
			DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER);
			ConfigEntry configEntry =
			configHandler.getConfigEntry(jmxListenerDN);

			configEntry.removeConfigAttribute(
			ATTR_SSL_CERT_NICKNAME.toLowerCase());
			}
			}
			catch (Exception e)
			{
			Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(
			String.valueOf(e));
			err.println(wrapText(message, MAX_LINE_WIDTH));
			return 1;
			}
			}

			// If a root user DN and password were specified, then update the config
			// accordingly.

			@@ -2065,7 +2065,7 @@
			throw new IllegalArgumentException("Invalid type: "+type);
			}
			}
			else
			else if (certManager.hasRealAliases())
			{
			for (int i=0; i<aliases.length; i++)
			{
			@@ -2075,7 +2075,7 @@
			", ");
			if (certNickname != null)
			{
			// Check if the cert alias is in the list.
			// Check if the certificate alias is in the list.
			boolean found = false;
			for (int i=0; i<aliases.length && !found; i++)
			{
			@@ -2268,7 +2268,7 @@
			keystoreAliases);
			firstTry = false;
			}
			if (certNickname == null)
			if ((certNickname == null) && !keystoreAliases.isEmpty())
			{
			certNickname = keystoreAliases.getFirst();
			}

			@@ -97,6 +97,8 @@

			private final char[] password;

			private Boolean realAliases;

			/**
			* Always return true.
			*
			@@ -439,6 +441,44 @@
			}
			}

			/**
			* Returns whether this certificate manager contains 'real' aliases or not.
			* For instance, the certificate manager can contain a PKCS12 certificate
			* with no alias.
			* @return whether this certificate manager contains 'real' aliases or not.
			* @throws KeyStoreException if there is a problem accessing the key store.
			*/
			public boolean hasRealAliases() throws KeyStoreException
			{
			if (realAliases == null)
			{
			String[] aliases = getCertificateAliases();
			if (aliases == null \|\| aliases.length == 0)
			{
			realAliases = Boolean.FALSE;
			}
			else if (aliases.length > 1)
			{
			realAliases = Boolean.TRUE;
			}
			else
			{
			CertificateManager certManager2 = new CertificateManager(keyStorePath,
			keyStoreType, new String(password));
			String[] aliases2 = certManager2.getCertificateAliases();
			if (aliases2 != null && aliases2.length == 1)
			{
			realAliases = aliases[0].equalsIgnoreCase(aliases2[0]);
			}
			else
			{
			realAliases = Boolean.FALSE;
			}
			}
			}
			return realAliases;
			}

			private static void ensureFileValid(File arg, String msgStr) {
			if(arg == null) {
			Message msg = ERR_CERTMGR_FILE_NAME_INVALID.get(msgStr);

			@@ -526,6 +526,34 @@


			/**
			* Export a certificate in a file. It will export the first certificate
			* defined. This method is required because of the way.
			*
			* @param certManager Certificate manager to use.
			* @param path Path of the output file.
			*
			* @throws CertificateEncodingException If the certificate manager cannot
			* encode the certificate.
			* @throws IOException If a problem occurs while creating or writing in the
			* output file.
			* @throws KeyStoreException If the certificate manager cannot retrieve the
			* certificate to be exported.
			*/
			public static void exportCertificate(
			CertificateManager certManager, String path)
			throws CertificateEncodingException, IOException, KeyStoreException
			{
			String[] aliases = certManager.getCertificateAliases();
			Certificate certificate = certManager.getCertificate(aliases[0]);

			byte[] certificateBytes = certificate.getEncoded();

			FileOutputStream outputStream = new FileOutputStream(path, false);
			outputStream.write(certificateBytes);
			outputStream.close();
			}

			/**
			* Export a certificate in a file.
			*
			* @param certManager Certificate manager to use.