From 5db985b08760a12f0ccfe27f4872cb8806831175 Mon Sep 17 00:00:00 2001
From: Patrick Diligent <patrick.diligent@forgerock.com>
Date: Wed, 22 Jul 2015 12:37:35 +0000
Subject: [PATCH] OPENDJ-1056 CR-7615

---
 opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java |   41 ++++++++++++++++++++++++++++++++++++++---
 1 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index 205dd87..bca67f2 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -674,6 +674,7 @@
     // Configure SSL if needed.
     try
     {
+      // This call may disable the connector if wrong SSL settings
       configureSSL(config);
     }
     catch (DirectoryException e)
@@ -929,6 +930,7 @@
   {
     setName(handlerName);
     boolean listening = false;
+    boolean starting = true;
 
     while (!shutdownRequested)
     {
@@ -944,6 +946,20 @@
           logger.info(NOTE_CONNHANDLER_STOPPED_LISTENING, handlerName);
         }
 
+        if (starting)
+        {
+          // This may happen if there was an initialisation error
+          // which led to disable the connector.
+          // The main thread is waiting for the connector to listen
+          // on its port, which will not occur yet,
+          // so notify here to allow the server startup to complete.
+          synchronized (waitListen)
+          {
+            starting = false;
+            waitListen.notify();
+          }
+        }
+
         StaticUtils.sleep(1000);
         continue;
       }
@@ -1376,6 +1392,15 @@
 
 
 
+  private void disableAndWarnIfUseSSL(LDAPConnectionHandlerCfg config)
+  {
+    if (config.isUseSSL())
+    {
+      logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
+      enabled = false;
+    }
+  }
+
   private SSLContext createSSLContext(LDAPConnectionHandlerCfg config)
       throws DirectoryException
   {
@@ -1386,10 +1411,15 @@
           .getKeyManagerProvider(keyMgrDN);
       if (keyManagerProvider == null)
       {
-        if (config.isUseSSL()) {
-          logger.warn(INFO_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
-        }
+        logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
+        disableAndWarnIfUseSSL(config);
         keyManagerProvider = new NullKeyManagerProvider();
+        // The SSL connection is unusable without a key manager provider
+      }
+      else if (! keyManagerProvider.containsAtLeastOneKey())
+      {
+        logger.error(ERR_INVALID_KEYSTORE, friendlyName);
+        disableAndWarnIfUseSSL(config);
       }
 
       String alias = config.getSSLCertNickname();
@@ -1400,6 +1430,11 @@
       }
       else
       {
+        if (!keyManagerProvider.containsKeyWithAlias(alias))
+        {
+          logger.error(ERR_KEYSTORE_DOES_NOT_CONTAIN_ALIAS, alias, friendlyName);
+          disableAndWarnIfUseSSL(config);
+        }
         keyManagers = SelectableCertificateKeyManager.wrap(
             keyManagerProvider.getKeyManagers(), alias, friendlyName);
       }

--
Gitblit v1.10.0