From a9bbf17ba3b41d3940efaeb98caf4da2ef344f23 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Fri, 29 Jul 2022 16:57:31 +0000
Subject: [PATCH] Check if BC FIPS provider exists before loading it
---
opendj-server-legacy/src/main/java/org/opends/server/tools/InstallDS.java | 50 ++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/InstallDS.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/InstallDS.java
index 8410788..f5bf1a4 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/InstallDS.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/InstallDS.java
@@ -820,6 +820,11 @@
certType = SecurityOptions.CertificateType.PKCS12;
pathToCertificat = argParser.usePkcs12Arg.getValue();
}
+ else if (argParser.useBcfksArg.isPresent())
+ {
+ certType = SecurityOptions.CertificateType.BCFKS;
+ pathToCertificat = argParser.useBcfksArg.getValue();
+ }
else
{
certType = SecurityOptions.CertificateType.NO_CERTIFICATE;
@@ -1592,6 +1597,12 @@
createSecurityOptionsPrompting(SecurityOptions.CertificateType.PKCS11,
enableSSL, enableStartTLS, ldapsPort);
}
+ else if (argParser.useBcfksArg.isPresent())
+ {
+ securityOptions =
+ createSecurityOptionsPrompting(SecurityOptions.CertificateType.BCFKS,
+ enableSSL, enableStartTLS, ldapsPort);
+ }
else if (!enableSSL && !enableStartTLS)
{
// If the user did not want to enable SSL or start TLS do not ask
@@ -1605,13 +1616,15 @@
final int JCEKS = 3;
final int PKCS12 = 4;
final int PKCS11 = 5;
- final int[] indexes = {SELF_SIGNED, JKS, JCEKS, PKCS12, PKCS11};
+ final int BCFKS = 6;
+ final int[] indexes = {SELF_SIGNED, JKS, JCEKS, PKCS12, PKCS11, BCFKS};
final LocalizableMessage[] msgs = {
INFO_INSTALLDS_CERT_OPTION_SELF_SIGNED.get(),
INFO_INSTALLDS_CERT_OPTION_JKS.get(),
INFO_INSTALLDS_CERT_OPTION_JCEKS.get(),
INFO_INSTALLDS_CERT_OPTION_PKCS12.get(),
- INFO_INSTALLDS_CERT_OPTION_PKCS11.get()
+ INFO_INSTALLDS_CERT_OPTION_PKCS11.get(),
+ INFO_INSTALLDS_CERT_OPTION_BCFKS.get()
};
final MenuBuilder<Integer> builder = new MenuBuilder<>(this);
@@ -1647,6 +1660,10 @@
builder.setDefault(LocalizableMessage.raw(String.valueOf(PKCS12)),
MenuResult.success(PKCS12));
break;
+ case BCFKS:
+ builder.setDefault(LocalizableMessage.raw(String.valueOf(BCFKS)),
+ MenuResult.success(BCFKS));
+ break;
default:
builder.setDefault(LocalizableMessage.raw(String.valueOf(SELF_SIGNED)),
MenuResult.success(SELF_SIGNED));
@@ -1705,6 +1722,13 @@
SecurityOptions.CertificateType.PKCS11, enableSSL,
enableStartTLS, ldapsPort);
}
+ else if (certType == BCFKS)
+ {
+ securityOptions =
+ createSecurityOptionsPrompting(
+ SecurityOptions.CertificateType.BCFKS, enableSSL,
+ enableStartTLS, ldapsPort);
+ }
else
{
throw new IllegalStateException("Unexpected cert type: "+ certType);
@@ -1852,6 +1876,13 @@
pwd);
break;
+ case BCFKS:
+ certManager = new CertificateManager(
+ path,
+ CertificateManager.KEY_STORE_TYPE_BCFKS,
+ pwd);
+ break;
+
default:
throw new IllegalArgumentException("Invalid type: "+type);
}
@@ -1873,6 +1904,9 @@
case PKCS11:
errorMessages.add(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST.get());
break;
+ case BCFKS:
+ errorMessages.add(INFO_BCFKS_KEYSTORE_DOES_NOT_EXIST.get());
+ break;
default:
throw new IllegalArgumentException("Invalid type: "+type);
}
@@ -2000,6 +2034,15 @@
}
pathPrompt = INFO_INSTALLDS_PROMPT_PKCS12_PATH.get();
break;
+ case BCFKS:
+ path = argParser.useBcfksArg.getValue();
+ defaultPathValue = argParser.useBcfksArg.getValue();
+ if (defaultPathValue == null)
+ {
+ defaultPathValue = lastResetKeyStorePath;
+ }
+ pathPrompt = INFO_INSTALLDS_PROMPT_BCFKS_PATH.get();
+ break;
default:
throw new IllegalStateException(
"Called promptIfRequiredCertificate with invalid type: "+type);
@@ -2095,6 +2138,9 @@
certNicknames);
case PKCS11:
return SecurityOptions.createPKCS11CertificateOptions(pwd, enableSSL, enableStartTLS, ldapsPort, certNicknames);
+ case BCFKS:
+ return SecurityOptions.createBCFKSCertificateOptions(path, pwd, enableSSL, enableStartTLS, ldapsPort,
+ certNicknames);
default:
throw new IllegalStateException("Called createSecurityOptionsPrompting with invalid type: " + type);
}
--
Gitblit v1.10.0