From d2f8eac230a525a06a4659a66c38eb26139fa735 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 27 Mar 2007 20:13:00 +0000
Subject: [PATCH] Update the LDAP connection handler so that it only attempts to verify the key manager provider and trust manager provider values if either SSL or StartTLS is enabled. Previously, if a key/trust manager provider value was provided, then the server would require it to refer to a valid enabled key/trust manager provider, even if it wouldn't be used. Also, add a new check to ensure that if SSL or StartTLS is enabled, then a valid key manager provider and trust manager provider must have been configured for that connection handler.
---
opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java | 108 +++++++++++++++++++++++++++++++++---------------------
1 files changed, 66 insertions(+), 42 deletions(-)
diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index 2f7545e..435375a 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -577,31 +577,42 @@
ErrorLogSeverity.SEVERE_WARNING, message, msgID);
}
- // Validate the key manager provider DN.
- DN keyManagerProviderDN = config.getKeyManagerProviderDN();
- if (keyManagerProviderDN != null) {
- KeyManagerProvider provider = DirectoryServer
- .getKeyManagerProvider(keyManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
- String message = getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(keyManagerProviderDN));
+ if (config.isAllowStartTLS() || config.isUseSSL())
+ {
+ // Validate the key manager provider DN.
+ DN keyManagerProviderDN = config.getKeyManagerProviderDN();
+ if (keyManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
throw new ConfigException(msgID, message);
+ } else {
+ KeyManagerProvider provider = DirectoryServer
+ .getKeyManagerProvider(keyManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
+ String message = getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(keyManagerProviderDN));
+ throw new ConfigException(msgID, message);
+ }
}
- }
- // Validate the trust manager provider DN.
- DN trustManagerProviderDN = config.getTrustManagerProviderDN();
- if (trustManagerProviderDN != null) {
- TrustManagerProvider provider = DirectoryServer
- .getTrustManagerProvider(trustManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
- String message = getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(trustManagerProviderDN));
+ // Validate the trust manager provider DN.
+ DN trustManagerProviderDN = config.getTrustManagerProviderDN();
+ if (trustManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
throw new ConfigException(msgID, message);
+ } else {
+ TrustManagerProvider provider = DirectoryServer
+ .getTrustManagerProvider(trustManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
+ String message = getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(trustManagerProviderDN));
+ throw new ConfigException(msgID, message);
+ }
}
}
@@ -739,31 +750,44 @@
isAcceptable = false;
}
- // Validate the key manager provider DN.
- DN keyManagerProviderDN = config.getKeyManagerProviderDN();
- if (keyManagerProviderDN != null) {
- KeyManagerProvider provider = DirectoryServer
- .getKeyManagerProvider(keyManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
- unacceptableReasons.add(getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(keyManagerProviderDN)));
+ if (config.isAllowStartTLS() || config.isUseSSL())
+ {
+ // Validate the key manager provider DN.
+ DN keyManagerProviderDN = config.getKeyManagerProviderDN();
+ if (keyManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
+ unacceptableReasons.add(message);
isAcceptable = false;
+ } else {
+ KeyManagerProvider provider = DirectoryServer
+ .getKeyManagerProvider(keyManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
+ unacceptableReasons.add(getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(keyManagerProviderDN)));
+ isAcceptable = false;
+ }
}
- }
- // Validate the trust manager provider DN.
- DN trustManagerProviderDN = config.getTrustManagerProviderDN();
- if (trustManagerProviderDN != null) {
- TrustManagerProvider provider = DirectoryServer
- .getTrustManagerProvider(trustManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
- unacceptableReasons.add(getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(trustManagerProviderDN)));
+ // Validate the trust manager provider DN.
+ DN trustManagerProviderDN = config.getTrustManagerProviderDN();
+ if (trustManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
+ unacceptableReasons.add(message);
isAcceptable = false;
+ } else {
+ TrustManagerProvider provider = DirectoryServer
+ .getTrustManagerProvider(trustManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
+ unacceptableReasons.add(getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(trustManagerProviderDN)));
+ isAcceptable = false;
+ }
}
}
--
Gitblit v1.10.0