From 07314bd0f1ad8d225edead4d97495876edb5fdc2 Mon Sep 17 00:00:00 2001
From: Patrick Diligent <patrick.diligent@forgerock.com>
Date: Fri, 17 Apr 2015 01:23:20 +0000
Subject: [PATCH] OPENDJ-1056 CR-6649 Add troubleshooting logging for mis-configured secure connections

---
 opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java
index d4edb1b..c0aa5db 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java
@@ -36,6 +36,8 @@
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.util.Enumeration;
+import java.util.Iterator;
 import java.util.List;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -258,6 +260,24 @@
                                    message, e);
     }
 
+    try {
+      // Troubleshooting aid; Analyse the keystore for the presence of at least one private entry.
+      boolean foundOneKeyEntry = false;
+      Enumeration<String> aliases = keyStore.aliases();
+      while (aliases.hasMoreElements()) {
+        String alias = aliases.nextElement();
+        if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
+          foundOneKeyEntry = true;
+          break;
+        }
+      }
+      if (!foundOneKeyEntry) {
+        logger.warn(INFO_NO_KEY_ENTRY_IN_KEYSTORE, keyStoreFile);
+      }
+    }
+    catch (Exception e) {
+      logger.traceException(e);
+    }
 
     try
     {

--
Gitblit v1.10.0