From 2cf46088b7e69b4f424a821291607afe6faa7e4f Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Fri, 30 Jul 2021 14:08:39 +0000
Subject: [PATCH] Add FIPS support (#176)

---
 opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
index 3d74eac..f82d64c 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
@@ -43,6 +43,8 @@
 import static org.opends.server.extensions.FileBasedKeyManagerProvider.getKeyStorePIN;
 import static org.opends.server.util.StaticUtils.*;
 
+import static com.forgerock.opendj.util.StaticUtils.isFips;
+
 /**
  * This class defines a trust manager provider that will reference certificates
  * stored in a file located on the Directory Server filesystem.
@@ -122,9 +124,13 @@
       trustManagerFactory.init(trustStore);
       TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
       TrustManager[] newTrustManagers = new TrustManager[trustManagers.length];
-      for (int i=0; i < trustManagers.length; i++)
-      {
-        newTrustManagers[i] = new ExpirationCheckTrustManager((X509TrustManager) trustManagers[i]);
+      if (isFips()) {
+    	  newTrustManagers = trustManagers;
+      } else {
+	      for (int i=0; i < trustManagers.length; i++)
+	      {
+	        newTrustManagers[i] = new ExpirationCheckTrustManager((X509TrustManager) trustManagers[i]);
+	      }
       }
       return newTrustManagers;
     }

--
Gitblit v1.10.0