From 4ed62ed003d9e18bc4ff04024f8e294a47395256 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Mon, 01 Aug 2022 12:20:50 +0000
Subject: [PATCH] Add BCFKS FIPS key store type support (#247)

---
 opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
index 5a7f3cd..0c7db67 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
@@ -40,6 +40,7 @@
 import org.opends.server.extensions.BlindTrustManagerProvider;
 import org.forgerock.i18n.slf4j.LocalizedLogger;
 import org.forgerock.opendj.ldap.SSLContextBuilder;
+import org.forgerock.opendj.ldap.TrustManagers;
 import org.opends.server.util.CollectionUtils;
 import org.opends.server.util.ExpirationCheckTrustManager;
 import org.opends.server.util.SelectableCertificateKeyManager;
@@ -120,8 +121,13 @@
             new BlindTrustManagerProvider();
         trustManagers = blindTrustProvider.getTrustManagers();
       } else if (trustStorePath == null) {
-        trustManagers = PromptTrustManager.getTrustManagers();
-      } else
+			if (isFips()) {
+				TrustManager tm = TrustManagers.checkUsingPkcs11TrustStore();
+				trustManagers = new TrustManager[] { tm };
+			} else {
+				trustManagers = PromptTrustManager.getTrustManagers();
+			}
+	  } else
       {
         TrustManager[] tmpTrustManagers =
              getTrustManagers(KeyStore.getDefaultType(), null, trustStorePath,

--
Gitblit v1.10.0