From 2cf46088b7e69b4f424a821291607afe6faa7e4f Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Fri, 30 Jul 2021 14:08:39 +0000
Subject: [PATCH] Add FIPS support (#176)
---
opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java b/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
index 3ef1bf9..6746e51 100644
--- a/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
+++ b/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
@@ -22,6 +22,8 @@
import static org.opends.server.util.ServerConstants.*;
import static org.opends.server.util.StaticUtils.*;
+import static com.forgerock.opendj.util.StaticUtils.isFips;
+
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
@@ -92,6 +94,8 @@
import com.forgerock.reactive.ReactiveHandler;
import com.forgerock.reactive.Stream;
+import java.security.Provider;
+import java.security.Security;
/**
* This class defines a connection handler that will be used for communicating with clients over LDAP. It is actually
@@ -939,7 +943,11 @@
final TrustManager[] trustManagers =
trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
- sslContext.init(keyManagers, trustManagers, null);
+ if (isFips()) {
+ sslContext.init(keyManagerProvider.getKeyManagers(), trustManagers, null);
+ } else {
+ sslContext.init(keyManagers, trustManagers, null);
+ }
return sslContext;
} catch (Exception e) {
logger.traceException(e);
--
Gitblit v1.10.0