From d4d6629df6fc59094fd186454c54502432279a2d Mon Sep 17 00:00:00 2001
From: lutoff <lutoff@localhost>
Date: Tue, 04 Sep 2007 14:48:13 +0000
Subject: [PATCH] Fix for issue #1830 (dsconfig: add support for secure connections) Standard secure args are now part of dsconfig CLI.
---
opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliParser.java | 449 ++------------------------------------------------------
1 files changed, 17 insertions(+), 432 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliParser.java b/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliParser.java
index 3b5e43b..52bed17 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliParser.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliParser.java
@@ -27,7 +27,6 @@
package org.opends.server.admin.client.cli;
-import static org.opends.server.admin.client.cli.DsFrameworkCliReturnCode.*;
import static org.opends.server.loggers.debug.DebugLogger.debugEnabled;
import static org.opends.server.loggers.debug.DebugLogger.getTracer;
import static org.opends.messages.ToolMessages.*;
@@ -37,33 +36,23 @@
import static org.opends.server.util.ServerConstants.MAX_LINE_WIDTH;
import static org.opends.server.util.StaticUtils.wrapText;
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashSet;
-import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
-import org.opends.admin.ads.util.ApplicationKeyManager;
import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.util.PasswordReader;
-import org.opends.server.util.SelectableCertificateKeyManager;
import org.opends.server.util.args.Argument;
import org.opends.server.util.args.ArgumentException;
import org.opends.server.util.args.BooleanArgument;
import org.opends.server.util.args.FileBasedArgument;
-import org.opends.server.util.args.IntegerArgument;
import org.opends.server.util.args.StringArgument;
import org.opends.server.util.args.SubCommandArgumentParser;
@@ -82,87 +71,14 @@
protected BooleanArgument showUsageArg = null;
/**
- * The 'hostName' global argument.
- */
- protected StringArgument hostNameArg = null;
-
- /**
- * The 'port' global argument.
- */
- protected IntegerArgument portArg = null;
-
- /**
- * The 'binDN' global argument.
- */
- protected StringArgument bindDnArg = null;
-
- /**
- * The 'bindPasswordFile' global argument.
- */
- protected FileBasedArgument bindPasswordFileArg = null;
-
- /**
- * The 'bindPassword' global argument.
- */
- protected StringArgument bindPasswordArg = null;
-
- /**
* The 'verbose' global argument.
*/
protected BooleanArgument verboseArg = null;
/**
- * The 'trustAllArg' global argument.
+ * The secure args list object.
*/
- protected BooleanArgument trustAllArg = null;
-
- /**
- * The 'trustStore' global argument.
- */
- protected StringArgument trustStorePathArg = null;
-
- /**
- * The 'trustStorePassword' global argument.
- */
- protected StringArgument trustStorePasswordArg = null;
-
- /**
- * The 'trustStorePasswordFile' global argument.
- */
- protected FileBasedArgument trustStorePasswordFileArg = null;
-
- /**
- * The 'keyStore' global argument.
- */
- protected StringArgument keyStorePathArg = null;
-
- /**
- * The 'keyStorePassword' global argument.
- */
- protected StringArgument keyStorePasswordArg = null;
-
- /**
- * The 'keyStorePasswordFile' global argument.
- */
- protected FileBasedArgument keyStorePasswordFileArg = null;
-
- /**
- * The 'certNicknameArg' global argument.
- */
- protected StringArgument certNicknameArg = null;
-
- /**
- * The 'useSSLArg' global argument.
- */
- protected BooleanArgument useSSLArg = null;
-
- /**
- * The 'useStartTLSArg' global argument.
- */
- protected BooleanArgument useStartTLSArg = null;
-
- // the trust manager.
- private ApplicationTrustManager trustManager;
+ protected SecureConnectionCliArgs secureArgsList ;
/**
* The tracer object for the debug logger.
@@ -208,14 +124,7 @@
*/
public String getBindDN()
{
- if (bindDnArg.isPresent())
- {
- return bindDnArg.getValue();
- }
- else
- {
- return bindDnArg.getDefaultValue();
- }
+ return secureArgsList.getBindDN();
}
/**
@@ -322,7 +231,8 @@
*/
public String getBindPassword(String dn, OutputStream out, OutputStream err)
{
- return getBindPassword(dn, out, err, bindPasswordArg, bindPasswordFileArg);
+ return getBindPassword(dn, out, err, secureArgsList.bindPasswordArg,
+ secureArgsList.bindPasswordFileArg);
}
/**
@@ -365,7 +275,8 @@
*/
public String getBindPassword()
{
- return getBindPassword(bindPasswordArg, bindPasswordFileArg);
+ return getBindPassword(secureArgsList.bindPasswordArg,
+ secureArgsList.bindPasswordFileArg);
}
/**
@@ -382,94 +293,14 @@
OutputStream outStream)
throws ArgumentException
{
- LinkedHashSet<Argument> set = new LinkedHashSet<Argument>();
+ secureArgsList = new SecureConnectionCliArgs();
+ LinkedHashSet<Argument> set = secureArgsList.createGlobalArguments();
+
showUsageArg = new BooleanArgument("showUsage", OPTION_SHORT_HELP,
OPTION_LONG_HELP, INFO_DESCRIPTION_SHOWUSAGE.get());
setUsageArgument(showUsageArg, outStream);
set.add(showUsageArg);
- useSSLArg = new BooleanArgument("useSSL", OPTION_SHORT_USE_SSL,
- OPTION_LONG_USE_SSL, INFO_DESCRIPTION_USE_SSL.get());
- set.add(useSSLArg);
-
- useStartTLSArg = new BooleanArgument("startTLS", OPTION_SHORT_START_TLS,
- OPTION_LONG_START_TLS,
- INFO_DESCRIPTION_START_TLS.get());
- set.add(useStartTLSArg);
-
- hostNameArg = new StringArgument("host", OPTION_SHORT_HOST,
- OPTION_LONG_HOST, false, false, true, OPTION_VALUE_HOST, "localhost",
- null, INFO_DESCRIPTION_HOST.get());
- set.add(hostNameArg);
-
- portArg = new IntegerArgument("port", OPTION_SHORT_PORT, OPTION_LONG_PORT,
- false, false, true, OPTION_VALUE_PORT, 389, null,
- INFO_DESCRIPTION_PORT.get());
- set.add(portArg);
-
- bindDnArg = new StringArgument("bindDN", OPTION_SHORT_BINDDN,
- OPTION_LONG_BINDDN, false, false, true, OPTION_VALUE_BINDDN,
- "cn=Directory Manager", null, INFO_DESCRIPTION_BINDDN.get());
- set.add(bindDnArg);
-
- bindPasswordArg = new StringArgument("bindPassword",
- OPTION_SHORT_BINDPWD, OPTION_LONG_BINDPWD, false, false, true,
- OPTION_VALUE_BINDPWD, null, null, INFO_DESCRIPTION_BINDPASSWORD.get());
- set.add(bindPasswordArg);
-
- bindPasswordFileArg = new FileBasedArgument("bindPasswordFile",
- OPTION_SHORT_BINDPWD_FILE, OPTION_LONG_BINDPWD_FILE, false, false,
- OPTION_VALUE_BINDPWD_FILE, null, null,
- INFO_DESCRIPTION_BINDPASSWORDFILE.get());
- set.add(bindPasswordFileArg);
-
- trustAllArg = new BooleanArgument("trustAll", OPTION_SHORT_TRUSTALL,
- OPTION_LONG_TRUSTALL, INFO_DESCRIPTION_TRUSTALL.get());
- set.add(trustAllArg);
-
- trustStorePathArg = new StringArgument("trustStorePath",
- OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false,
- false, true, OPTION_VALUE_TRUSTSTOREPATH, null, null,
- INFO_DESCRIPTION_TRUSTSTOREPATH.get());
- set.add(trustStorePathArg);
-
- trustStorePasswordArg = new StringArgument("trustStorePassword",
- OPTION_SHORT_TRUSTSTORE_PWD, OPTION_LONG_TRUSTSTORE_PWD, false, false,
- true, OPTION_VALUE_TRUSTSTORE_PWD, null, null,
- INFO_DESCRIPTION_TRUSTSTOREPASSWORD.get());
- set.add(trustStorePasswordArg);
-
- trustStorePasswordFileArg = new FileBasedArgument("trustStorePasswordFile",
- OPTION_SHORT_TRUSTSTORE_PWD_FILE, OPTION_LONG_TRUSTSTORE_PWD_FILE,
- false, false, OPTION_VALUE_TRUSTSTORE_PWD_FILE, null, null,
- INFO_DESCRIPTION_TRUSTSTOREPASSWORD_FILE.get());
- set.add(trustStorePasswordFileArg);
-
- keyStorePathArg = new StringArgument("keyStorePath",
- OPTION_SHORT_KEYSTOREPATH, OPTION_LONG_KEYSTOREPATH, false, false,
- true, OPTION_VALUE_KEYSTOREPATH, null, null,
- INFO_DESCRIPTION_KEYSTOREPATH.get());
- set.add(keyStorePathArg);
-
- keyStorePasswordArg = new StringArgument("keyStorePassword",
- OPTION_SHORT_KEYSTORE_PWD,
- OPTION_LONG_KEYSTORE_PWD, false, false, true,
- OPTION_VALUE_KEYSTORE_PWD, null, null,
- INFO_DESCRIPTION_KEYSTOREPASSWORD.get());
- set.add(keyStorePasswordArg);
-
- keyStorePasswordFileArg = new FileBasedArgument("keystorePasswordFile",
- OPTION_SHORT_KEYSTORE_PWD_FILE, OPTION_LONG_KEYSTORE_PWD_FILE, false,
- false, OPTION_VALUE_KEYSTORE_PWD_FILE, null, null,
- INFO_DESCRIPTION_KEYSTOREPASSWORD_FILE.get());
- set.add(keyStorePasswordFileArg);
-
- certNicknameArg = new StringArgument("certNickname",
- OPTION_SHORT_CERT_NICKNAME, OPTION_LONG_CERT_NICKNAME,
- false, false, true, OPTION_VALUE_CERT_NICKNAME, null, null,
- INFO_DESCRIPTION_CERT_NICKNAME.get());
- set.add(certNicknameArg);
-
verboseArg = new BooleanArgument("verbose", OPTION_SHORT_VERBOSE,
OPTION_LONG_VERBOSE, INFO_DESCRIPTION_VERBOSE.get());
set.add(verboseArg);
@@ -500,14 +331,7 @@
*/
public String getHostName()
{
- if (hostNameArg.isPresent())
- {
- return hostNameArg.getValue();
- }
- else
- {
- return hostNameArg.getDefaultValue();
- }
+ return secureArgsList.getHostName();
}
/**
@@ -518,14 +342,7 @@
*/
public String getPort()
{
- if (portArg.isPresent())
- {
- return portArg.getValue();
- }
- else
- {
- return portArg.getDefaultValue();
- }
+ return secureArgsList.getPort();
}
/**
@@ -536,70 +353,7 @@
*/
public int validateGlobalOptions(MessageBuilder buf)
{
- ArrayList<Message> errors = new ArrayList<Message>();
- // Couldn't have at the same time bindPassword and bindPasswordFile
- if (bindPasswordArg.isPresent() && bindPasswordFileArg.isPresent()) {
- Message message = ERR_TOOL_CONFLICTING_ARGS.get(
- bindPasswordArg.getLongIdentifier(),
- bindPasswordFileArg.getLongIdentifier());
- errors.add(message);
- }
-
- // Couldn't have at the same time trustAll and
- // trustStore related arg
- if (trustAllArg.isPresent() && trustStorePathArg.isPresent()) {
- Message message = ERR_TOOL_CONFLICTING_ARGS.get(
- trustAllArg.getLongIdentifier(),
- trustStorePathArg.getLongIdentifier());
- errors.add(message);
- }
- if (trustAllArg.isPresent() && trustStorePasswordArg.isPresent()) {
- Message message = ERR_TOOL_CONFLICTING_ARGS.get(
- trustAllArg.getLongIdentifier(),
- trustStorePasswordArg.getLongIdentifier());
- errors.add(message);
- }
- if (trustAllArg.isPresent() && trustStorePasswordFileArg.isPresent()) {
- Message message = ERR_TOOL_CONFLICTING_ARGS.get(
- trustAllArg.getLongIdentifier(),
- trustStorePasswordFileArg.getLongIdentifier());
- errors.add(message);
- }
-
- // Couldn't have at the same time trustStorePasswordArg and
- // trustStorePasswordFileArg
- if (trustStorePasswordArg.isPresent()
- && trustStorePasswordFileArg.isPresent()) {
- Message message = ERR_TOOL_CONFLICTING_ARGS.get(
- trustStorePasswordArg.getLongIdentifier(),
- trustStorePasswordFileArg.getLongIdentifier());
- errors.add(message);
- }
-
- // Couldn't have at the same time startTLSArg and
- // useSSLArg
- if (useStartTLSArg.isPresent()
- && useSSLArg.isPresent()) {
- Message message = ERR_TOOL_CONFLICTING_ARGS.get(
- useStartTLSArg
- .getLongIdentifier(), useSSLArg.getLongIdentifier());
- errors.add(message);
- }
-
- if (errors.size() > 0)
- {
- for (Message error : errors)
- {
- if (buf.length() > 0)
- {
- buf.append(EOL);
- }
- buf.append(error);
- }
- return CONFLICTING_ARGS.getReturnCode();
- }
-
- return SUCCESSFUL_NOP.getReturnCode();
+ return secureArgsList.validateGlobalOptions(buf) ;
}
/**
* Indication if provided global options are validate.
@@ -643,14 +397,7 @@
*/
public boolean useSSL()
{
- if (useSSLArg.isPresent())
- {
- return true;
- }
- else
- {
- return false ;
- }
+ return secureArgsList.useSSL();
}
/**
@@ -660,14 +407,7 @@
*/
public boolean useStartTLS()
{
- if (useStartTLSArg.isPresent())
- {
- return true;
- }
- else
- {
- return false ;
- }
+ return secureArgsList.useStartTLS();
}
/**
@@ -677,83 +417,7 @@
*/
public ApplicationTrustManager getTrustManager()
{
- if (trustManager == null)
- {
- KeyStore truststore = null ;
- if (trustAllArg.isPresent())
- {
- // Running a null TrustManager will force createLdapsContext and
- // createStartTLSContext to use a bindTrustManager.
- return null ;
- }
- else
- if (trustStorePathArg.isPresent())
- {
- try
- {
- FileInputStream fos =
- new FileInputStream(trustStorePathArg.getValue());
- String trustStorePasswordStringValue = null;
- char[] trustStorePasswordValue = null;
- if (trustStorePasswordArg.isPresent())
- {
- trustStorePasswordStringValue = trustStorePasswordArg.getValue();
- }
- else if (trustStorePasswordFileArg.isPresent())
- {
- trustStorePasswordStringValue =
- trustStorePasswordFileArg.getValue();
- }
-
- if (trustStorePasswordStringValue != null)
- {
- trustStorePasswordStringValue = System
- .getProperty("javax.net.ssl.trustStorePassword");
- }
-
-
- if (trustStorePasswordStringValue != null)
- {
- trustStorePasswordValue =
- trustStorePasswordStringValue.toCharArray();
- }
-
- truststore = KeyStore.getInstance(KeyStore.getDefaultType());
- truststore.load(fos, trustStorePasswordValue);
- fos.close();
- }
- catch (KeyStoreException e)
- {
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we
- // are in a best effort mode.
- LOG.log(Level.WARNING, "Error with the truststore", e);
- }
- catch (NoSuchAlgorithmException e)
- {
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we
- // are in a best effort mode.
- LOG.log(Level.WARNING, "Error with the truststore", e);
- }
- catch (CertificateException e)
- {
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we
- // are in a best effort mode.
- LOG.log(Level.WARNING, "Error with the truststore", e);
- }
- catch (IOException e)
- {
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we
- // are in a best effort mode.
- LOG.log(Level.WARNING, "Error with the truststore", e);
- }
- }
- trustManager = new ApplicationTrustManager(truststore);
- }
- return trustManager;
+ return secureArgsList.getTrustManager();
}
/**
@@ -763,85 +427,6 @@
*/
public KeyManager getKeyManager()
{
- KeyStore keyStore = null;
- String keyStorePasswordStringValue = null;
- char[] keyStorePasswordValue = null;
- if (keyStorePathArg.isPresent())
- {
- try
- {
- FileInputStream fos = new FileInputStream(keyStorePathArg.getValue());
- if (keyStorePasswordArg.isPresent())
- {
- keyStorePasswordStringValue = keyStorePasswordArg.getValue();
- }
- else if (keyStorePasswordFileArg.isPresent())
- {
- keyStorePasswordStringValue = keyStorePasswordFileArg.getValue();
- }
- if (keyStorePasswordStringValue != null)
- {
- keyStorePasswordValue = keyStorePasswordStringValue.toCharArray();
- }
-
- keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- keyStore.load(fos,keyStorePasswordValue);
- fos.close();
- }
- catch (KeyStoreException e)
- {
- // Nothing to do: if this occurs we will systematically refuse
- // the
- // certificates. Maybe we should avoid this and be strict, but
- // we are in a best effort mode.
- LOG.log(Level.WARNING, "Error with the keystore", e);
- }
- catch (NoSuchAlgorithmException e)
- {
- // Nothing to do: if this occurs we will systematically refuse
- // the
- // certificates. Maybe we should avoid this and be strict, but
- // we are
- // in a best effort mode.
- LOG.log(Level.WARNING, "Error with the keystore", e);
- }
- catch (CertificateException e)
- {
- // Nothing to do: if this occurs we will systematically refuse
- // the
- // certificates. Maybe we should avoid this and be strict, but
- // we are
- // in a best effort mode.
- LOG.log(Level.WARNING, "Error with the keystore", e);
- }
- catch (IOException e)
- {
- // Nothing to do: if this occurs we will systematically refuse
- // the
- // certificates. Maybe we should avoid this and be strict, but
- // we are
- // in a best effort mode.
- LOG.log(Level.WARNING, "Error with the keystore", e);
- }
- char[] password = null;
- if (keyStorePasswordStringValue != null)
- {
- password = keyStorePasswordStringValue.toCharArray();
- }
- ApplicationKeyManager akm = new ApplicationKeyManager(keyStore,password);
- if (certNicknameArg.isPresent())
- {
- return new SelectableCertificateKeyManager(akm, certNicknameArg
- .getValue());
- }
- else
- {
- return akm;
- }
- }
- else
- {
- return null;
- }
+ return secureArgsList.getKeyManager() ;
}
}
--
Gitblit v1.10.0