From 58d668e476b45ccdac9fce119f398d151d292ebe Mon Sep 17 00:00:00 2001
From: lutoff <lutoff@localhost>
Date: Tue, 11 Sep 2007 12:50:16 +0000
Subject: [PATCH] Fix for issue #2240

---
 opendj-sdk/opends/src/server/org/opends/server/tools/dsconfig/LDAPManagementContextFactory.java |  109 ++++++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 84 insertions(+), 25 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/tools/dsconfig/LDAPManagementContextFactory.java b/opendj-sdk/opends/src/server/org/opends/server/tools/dsconfig/LDAPManagementContextFactory.java
index 8a70706..624bf65 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/tools/dsconfig/LDAPManagementContextFactory.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/tools/dsconfig/LDAPManagementContextFactory.java
@@ -26,8 +26,9 @@
  */
 package org.opends.server.tools.dsconfig;
 
-
 import org.opends.admin.ads.util.ConnectionUtils;
+import org.opends.admin.ads.util.OpendsCertificationException;
+
 import static org.opends.messages.DSConfigMessages.*;
 import org.opends.messages.Message;
 import org.opends.messages.MessageBuilder;
@@ -101,38 +102,96 @@
       {
         InitialLdapContext ctx;
         String ldapsUrl = "ldaps://" + hostName + ":" + portNumber;
-        try
+        while (true)
         {
-          ctx = ConnectionUtils.createLdapsContext(ldapsUrl, bindDN,
-              bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null,
-              trustManager, keyManager);
-          conn = JNDIDirContextAdaptor.adapt(ctx);
-        }
-        catch (NamingException e)
-        {
-          Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
-              hostName, String.valueOf(portNumber));
-          throw new ClientException(LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR,
-              message) ;
+          try
+          {
+            ctx = ConnectionUtils.createLdapsContext(ldapsUrl, bindDN,
+                bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null,
+                trustManager, keyManager);
+            conn = JNDIDirContextAdaptor.adapt(ctx);
+            break;
+          }
+          catch (NamingException e)
+          {
+            if ( app.isInteractive() && ci.isTrustStoreInMemory())
+            {
+              if ((e.getRootCause() != null)
+                  && (e.getRootCause().getCause()
+                      instanceof OpendsCertificationException))
+              {
+                OpendsCertificationException oce =
+                  (OpendsCertificationException) e.getRootCause().getCause();
+                  if (ci.checkServerCertificate(oce.getChain()))
+                  {
+                    // If the certificate is trusted, update the trust manager.
+                    trustManager = ci.getTrustManager();
+
+                    // Try to connect again.
+                    continue ;
+                  }
+              }
+              else
+              {
+                Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
+                    hostName, String.valueOf(portNumber));
+                throw new ClientException(
+                    LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
+              }
+            }
+            Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
+                hostName, String.valueOf(portNumber));
+            throw new ClientException(
+                LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
+          }
         }
       }
       else if (ci.useStartTLS())
       {
         InitialLdapContext ctx;
         String ldapUrl = "ldap://" + hostName + ":" + portNumber;
-        try
+        while (true)
         {
-          ctx = ConnectionUtils.createStartTLSContext(ldapUrl, bindDN,
-              bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null,
-              trustManager, keyManager, null);
-          conn = JNDIDirContextAdaptor.adapt(ctx);
-        }
-        catch (NamingException e)
-        {
-          Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
-              hostName, String.valueOf(portNumber));
-          throw new ClientException(LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR,
-              message) ;
+          try
+          {
+            ctx = ConnectionUtils.createStartTLSContext(ldapUrl, bindDN,
+                bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null,
+                trustManager, keyManager, null);
+            conn = JNDIDirContextAdaptor.adapt(ctx);
+            break;
+          }
+          catch (NamingException e)
+          {
+            if ( app.isInteractive() && ci.isTrustStoreInMemory())
+            {
+              if ((e.getRootCause() != null)
+                  && (e.getRootCause().getCause()
+                      instanceof OpendsCertificationException))
+              {
+                OpendsCertificationException oce =
+                  (OpendsCertificationException) e.getRootCause().getCause();
+                  if (ci.checkServerCertificate(oce.getChain()))
+                  {
+                    // If the certificate is trusted, update the trust manager.
+                    trustManager = ci.getTrustManager();
+
+                    // Try to connect again.
+                    continue ;
+                  }
+              }
+              else
+              {
+                Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
+                    hostName, String.valueOf(portNumber));
+                throw new ClientException(
+                    LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
+              }
+            }
+            Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
+                hostName, String.valueOf(portNumber));
+            throw new ClientException(
+                LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
+          }
         }
       }
       else

--
Gitblit v1.10.0