From 0505fc5833dfc17b69bcb12e2c28e4e07a7b339f Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Fri, 29 Jul 2022 16:59:10 +0000
Subject: [PATCH] Revert "Check if BC FIPS provider exists before loading it"
---
opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java | 104 ++++++++++-----------------------------------------
1 files changed, 21 insertions(+), 83 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java
index e09f413..b5da0ef 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/ConfigureDS.java
@@ -188,7 +188,6 @@
+ "ds-cfg-trust-store-type: JCEKS" + NEW_LINE
+ "ds-cfg-trust-store-file: config/truststore" + NEW_LINE;
- private static final String DN_ADMIN_TRUST_MANAGER = "cn=Administration,cn=Trust Manager Providers," + DN_CONFIG_ROOT;
private static final String DN_ADMIN_KEY_MANAGER = "cn=Administration,cn=Key Manager Providers," + DN_CONFIG_ROOT;
/** The DN of the configuration entry defining the LDAP connection handler. */
@@ -882,6 +881,9 @@
putKeyManagerConfigAttribute(enableStartTLS, DN_LDAP_CONNECTION_HANDLER);
putKeyManagerConfigAttribute(ldapsPort, DN_LDAPS_CONNECTION_HANDLER);
putKeyManagerConfigAttribute(ldapsPort, DN_HTTP_CONNECTION_HANDLER);
+ if (StaticUtils.isFips()) {
+ putAdminKeyManagerConfigAttribute(ldapsPort, DN_ADMIN_KEY_MANAGER);
+ }
if (keyManagerPath.isPresent())
{
@@ -898,10 +900,6 @@
throw new ConfigureDSException(e, LocalizableMessage.raw(e.toString()));
}
}
-
- if (StaticUtils.isFips()) {
- putAdminKeyManagerConfigAttribute(keyManagerProviderDN, DN_ADMIN_KEY_MANAGER);
- }
}
}
@@ -925,52 +923,31 @@
}
}
- private void putAdminKeyManagerConfigAttribute(final Argument keyManagerProviderDN, final String attributeDN)
+ private void putAdminKeyManagerConfigAttribute(final Argument arg, final String attributeDN)
throws ConfigureDSException
{
- if (keyManagerProviderDN.isPresent())
+ if (arg.isPresent())
{
try
{
- boolean isBcfks = keyManagerProviderDN.getValue().toLowerCase().startsWith("cn=bcfks");
- if (isBcfks) {
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_KEYSTORE_TYPE,
- CoreSchema.getDirectoryStringSyntax(),
- "BCFKS");
+ updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_TYPE);
+ updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_FILE);
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_KEYSTORE_FILE,
- CoreSchema.getDirectoryStringSyntax(),
- keyManagerPath.getValue());
+ updateConfigEntryWithObjectClasses(
+ attributeDN,
+ "top", "ds-cfg-pkcs11-key-manager-provider", "ds-cfg-key-manager-provider");
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_KEYSTORE_PIN_FILE,
- CoreSchema.getDirectoryStringSyntax(),
- "config/keystore.pin");
- } else {
- updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_TYPE);
- updateConfigEntryByRemovingAttribute(attributeDN, ATTR_KEYSTORE_FILE);
-
- updateConfigEntryWithObjectClasses(
- attributeDN,
- "top", "ds-cfg-pkcs11-key-manager-provider", "ds-cfg-key-manager-provider");
-
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_KEYMANAGER_CLASS,
- CoreSchema.getDirectoryStringSyntax(),
- "org.opends.server.extensions.PKCS11KeyManagerProvider");
-
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_KEYSTORE_PIN_FILE,
- CoreSchema.getDirectoryStringSyntax(),
- "config/keystore.pin");
- }
+ updateConfigEntryWithAttribute(
+ attributeDN,
+ ATTR_KEYMANAGER_CLASS,
+ CoreSchema.getDirectoryStringSyntax(),
+ "org.opends.server.extensions.PKCS11KeyManagerProvider");
+
+ updateConfigEntryWithAttribute(
+ attributeDN,
+ ATTR_KEYSTORE_PIN_FILE,
+ CoreSchema.getDirectoryStringSyntax(),
+ "config/keystore.pin");
}
catch (final Exception e)
{
@@ -1019,10 +996,6 @@
removeSSLCertNicknameAttribute(DN_HTTP_CONNECTION_HANDLER);
removeSSLCertNicknameAttribute(DN_JMX_CONNECTION_HANDLER);
}
-
- if (StaticUtils.isFips()) {
- putAdminTrustManagerConfigAttribute(trustManagerProviderDN, DN_ADMIN_TRUST_MANAGER);
- }
}
private void putTrustManagerAttribute(final Argument arg, final String attributeDN) throws ConfigureDSException
@@ -1044,41 +1017,6 @@
}
}
- private void putAdminTrustManagerConfigAttribute(final Argument trustManagerProviderDN, final String attributeDN)
- throws ConfigureDSException
- {
- if (keyManagerProviderDN.isPresent())
- {
- try
- {
- boolean isBcfks = keyManagerProviderDN.getValue().toLowerCase().startsWith("cn=bcfks");
- if (isBcfks) {
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_TRUSTSTORE_TYPE,
- CoreSchema.getDirectoryStringSyntax(),
- "BCFKS");
-
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_TRUSTSTORE_FILE,
- CoreSchema.getDirectoryStringSyntax(),
- keyManagerPath.getValue());
-
- updateConfigEntryWithAttribute(
- attributeDN,
- ATTR_TRUSTSTORE_PIN_FILE,
- CoreSchema.getDirectoryStringSyntax(),
- "config/keystore.pin");
- }
- }
- catch (final Exception e)
- {
- throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(e));
- }
- }
- }
-
private void updateCertNicknameEntry(final Argument arg, final String attributeDN,
final String attrName, final List<String> attrValues) throws ConfigureDSException
{
--
Gitblit v1.10.0