From 0a7536039dc247a4e5c3db3c5d0601074b75f3f3 Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Fri, 07 Sep 2007 20:05:01 +0000
Subject: [PATCH] On start-up create the self-signed certificate in the local ADS trust store if it does not exist. It will be needed by a stand-alone server instance to encrypt secret keys.

---
 opendj-sdk/opends/src/server/org/opends/server/backends/TrustStoreBackend.java |   44 +++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 43 insertions(+), 1 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/backends/TrustStoreBackend.java b/opendj-sdk/opends/src/server/org/opends/server/backends/TrustStoreBackend.java
index 5621508..dc2f793 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/backends/TrustStoreBackend.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/backends/TrustStoreBackend.java
@@ -319,6 +319,9 @@
                                 trustStoreType,
                                 new String(trustStorePIN));
 
+    // Generate a self-signed certificate, if there is none.
+    generateInstanceCertificateIfAbsent();
+
     // Construct the trust store base entry.
     LinkedHashMap<ObjectClass,String> objectClasses =
          new LinkedHashMap<ObjectClass,String>(2);
@@ -353,7 +356,7 @@
                                 opAttrs);
 
 
-    // Define an empty sets for the supported controls and features.
+    // Define empty sets for the supported controls and features.
     supportedControls = new HashSet<String>(0);
     supportedFeatures = new HashSet<String>(0);
 
@@ -1711,5 +1714,44 @@
     }
   }
 
+  /**
+   * Generates a self-signed certificate with well-known alias if there is none.
+   * @throws InitializationException If an error occurs while interacting with
+   *                                 the key store.
+   */
+  private void generateInstanceCertificateIfAbsent()
+       throws InitializationException
+  {
+    String certAlias = ADS_CERTIFICATE_ALIAS;
+
+    try
+    {
+      if (certificateManager.aliasInUse(certAlias))
+      {
+        return;
+      }
+    }
+    catch (Exception e)
+    {
+      Message message = ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(
+           certAlias, trustStoreFile, getExceptionMessage(e));
+      throw new InitializationException(message, e);
+    }
+
+    try
+    {
+      certificateManager.generateSelfSignedCertificate(
+           certAlias,
+           getADSCertificateSubjectDN(),
+           getADSCertificateValidity());
+    }
+    catch (Exception e)
+    {
+      Message message = ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(
+           certAlias, trustStoreFile, getExceptionMessage(e));
+      throw new InitializationException(message, e);
+    }
+
+  }
 }
 

--
Gitblit v1.10.0