From 9f05da86b2d6d99bcd2345811c985b64626873b0 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 02 Apr 2008 13:00:55 +0000
Subject: [PATCH] Fix for issue 3075 (ads-truststore creation failure and exception handling) 1. There is a problem with the default cipher algorithm provided in the CryptoManager  configuration (RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING) since it does not work in IBM Java.  RSA/ECB/PKCS1Padding must be used instead in default Java 5 AIX installations.  This issue may apply to any other JVM that do not include the same ciphers as Sun JCE.        A fix to handle this case corresponds to the modifications performed in ConfigureDS.java. ConfigureDS checks whether the default cipher can be used with the JVM and if not, tries to use an alternative cipher.  If the default cipher does not work and an alternative cipher is found, the configuration of the CryptoManager is updated.

---
 opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java |   56 ++++++++++++++++++++++++++++++++++++++++++++++----------
 1 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java b/opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java
index 37c358c..bb420ee 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/util/CertificateManager.java
@@ -40,6 +40,7 @@
 import java.util.ArrayList;
 import java.util.Enumeration;
 
+import org.opends.server.types.OperatingSystem;
 
 
 /**
@@ -443,13 +444,12 @@
     // invoking the KeyTool command.
     keyStore = null;
 
-
     // First, we need to run with the "-genkey" command to create the private
     // key.
     String[] commandElements =
     {
       KEYTOOL_COMMAND,
-      "-genkey",
+      getGenKeyCommand(),
       "-alias", alias,
       "-dname", subjectDN,
       "-keyalg", "rsa",
@@ -541,7 +541,7 @@
     String[] commandElements =
     {
       KEYTOOL_COMMAND,
-      "-genkey",
+      getGenKeyCommand(),
       "-alias", alias,
       "-dname", subjectDN,
       "-keyalg", "rsa",
@@ -553,6 +553,7 @@
     // Next, we need to run with the "-certreq" command to generate the
     // certificate signing request.
     File csrFile = File.createTempFile("CertificateManager-", ".csr");
+    csrFile.deleteOnExit();
     commandElements = new String[]
     {
       KEYTOOL_COMMAND,
@@ -743,11 +744,11 @@
       KEY_STORE_TYPE_PKCS11.equals(keyStoreType);
 
     boolean isNewKeyStorePassword = !keyStoreDefined &&
-      ("-genkey".equalsIgnoreCase(commandElements[1]) ||
+      (getGenKeyCommand().equalsIgnoreCase(commandElements[1]) ||
       "-import".equalsIgnoreCase(commandElements[1]));
 
     boolean isNewStorePassword =
-      "-genkey".equalsIgnoreCase(commandElements[1]);
+      getGenKeyCommand().equalsIgnoreCase(commandElements[1]);
 
     boolean askForStorePassword =
       !"-import".equalsIgnoreCase(commandElements[1]);
@@ -762,15 +763,34 @@
       Process process = processBuilder.start();
       InputStream inputStream = process.getInputStream();
       OutputStream out = process.getOutputStream();
+      if (!isJDK15() &&
+          (SetupUtils.getOperatingSystem() == OperatingSystem.AIX))
+      {
+        // This is required when using JDK 1.6 on AIX to be able to write
+        // on the OutputStream.
+        try
+        {
+          Thread.sleep(1500);
+        } catch (Throwable t) {}
+      }
       out.write(keyStorePassword.getBytes()) ;
       out.write(lineSeparator.getBytes()) ;
       out.flush() ;
       // With Java6 and above, keytool asks for the password twice.
       if (!isJDK15() && isNewKeyStorePassword)
       {
-         out.write(keyStorePassword.getBytes()) ;
-         out.write(lineSeparator.getBytes()) ;
-         out.flush() ;
+        if (SetupUtils.getOperatingSystem() == OperatingSystem.AIX)
+        {
+          // This is required when using JDK 1.6 on AIX to be able to write
+          // on the OutputStream.
+          try
+          {
+            Thread.sleep(1500);
+          } catch (Throwable t) {}
+        }
+        out.write(keyStorePassword.getBytes()) ;
+        out.write(lineSeparator.getBytes()) ;
+        out.flush() ;
       }
 
       if (askForStorePassword)
@@ -779,8 +799,10 @@
         out.write(lineSeparator.getBytes()) ;
         out.flush() ;
 
-        // With Java6 and above, keytool asks for the password twice!
-        if (!isJDK15() && isNewStorePassword)
+        // With Java6 and above, keytool asks for the password twice (if we
+        // are not running AIX).
+        if (!isJDK15() && isNewStorePassword &&
+            (SetupUtils.getOperatingSystem() != OperatingSystem.AIX))
         {
           out.write(storePassword.getBytes()) ;
           out.write(lineSeparator.getBytes()) ;
@@ -934,6 +956,20 @@
     }
     return isJDK15;
   }
+
+  private String getGenKeyCommand()
+  {
+    String genKeyCommand;
+    if (!isJDK15())
+    {
+      genKeyCommand = "-genkeypair";
+    }
+    else
+    {
+      genKeyCommand = "-genkey";
+    }
+    return genKeyCommand;
+  }
 }
 
 

--
Gitblit v1.10.0