From 3ba4a8a412fa60c947ecb3cee9d90fb24e590d54 Mon Sep 17 00:00:00 2001
From: Yannick Lecaillez <ylecaillez@forgerock.com>
Date: Wed, 18 Nov 2015 15:24:16 +0000
Subject: [PATCH] OPENDJ-2399: Start server fails if the jvm used does not contains an elliptic curve certificate provider.
---
opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/Installer.java | 25 +++++++++++++------------
1 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/Installer.java b/opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/Installer.java
index 94796da..a9d3ecf 100644
--- a/opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/Installer.java
+++ b/opendj-server-legacy/src/main/java/org/opends/quicksetup/installer/Installer.java
@@ -845,7 +845,8 @@
argList.add("--adminConnectorPort");
argList.add(String.valueOf(getUserData().getAdminConnectorPort()));
- SecurityOptions sec = getUserData().getSecurityOptions();
+ final SecurityOptions sec = getUserData().getSecurityOptions();
+ configureCertificate(sec);
// TODO: even if the user does not configure SSL maybe we should choose
// a secure port that is not being used and that we can actually use.
if (sec.getEnableSSL())
@@ -957,7 +958,6 @@
invokeLongOperation(thread);
notifyListeners(getFormattedDoneWithLineBreak());
checkAbort();
- configureCertificate(sec);
}
private void configureCertificate(SecurityOptions sec) throws ApplicationException
@@ -979,7 +979,7 @@
String pwd = getSelfSignedCertificatePwd();
final CertificateManager certManager =
new CertificateManager(getSelfSignedKeystorePath(), CertificateManager.KEY_STORE_TYPE_JKS, pwd);
- for (String alias : SELF_SIGNED_CERT_ALIASES)
+ for (String alias : sec.getAliasesToUse())
{
final KeyType keyType = KeyType.getTypeOrDefault(alias);
certManager.generateSelfSignedCertificate(keyType, alias, getSelfSignedCertificateSubjectDN(keyType),
@@ -1030,11 +1030,12 @@
final String trustStoreType, final SecurityOptions sec) throws Exception
{
final String keystorePassword = sec.getKeystorePassword();
- final String keyStoreAlias = sec.getAliasToUse();
-
CertificateManager certManager = new CertificateManager(keyStorePath, keyStoreType, keystorePassword);
- SetupUtils.exportCertificate(certManager, keyStoreAlias, getTemporaryCertificatePath());
- configureTrustStore(trustStoreType, keyStoreAlias, keystorePassword);
+ for (String keyStoreAlias : sec.getAliasesToUse())
+ {
+ SetupUtils.exportCertificate(certManager, keyStoreAlias, getTemporaryCertificatePath());
+ configureTrustStore(trustStoreType, keyStoreAlias, keystorePassword);
+ }
}
private void configureTrustStore(final String type, final String keyStoreAlias, final String password)
@@ -1051,7 +1052,7 @@
private void addCertificateArguments(SecurityOptions sec, List<String> argList)
{
- final String aliasInKeyStore = sec.getAliasToUse();
+ final Collection<String> aliasInKeyStore = sec.getAliasesToUse();
switch (sec.getCertificateType())
{
@@ -1085,8 +1086,8 @@
}
}
- private void addCertificateArguments(List<String> argList, SecurityOptions sec, String aliasInKeyStore,
- String keyStoreDN, String trustStoreDN)
+ private static void addCertificateArguments(List<String> argList, SecurityOptions sec,
+ Collection<String> aliasesInKeyStore, String keyStoreDN, String trustStoreDN)
{
argList.add("-k");
argList.add(keyStoreDN);
@@ -1097,10 +1098,10 @@
argList.add("-m");
argList.add(sec.getKeystorePath());
}
- if (aliasInKeyStore != null)
+ for(String alias : aliasesInKeyStore)
{
argList.add("-a");
- argList.add(aliasInKeyStore);
+ argList.add(alias);
}
}
--
Gitblit v1.10.0