From 0e9445463dbd065a765589a30dde204f4504bbd2 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Mon, 20 Oct 2008 11:40:48 +0000
Subject: [PATCH] Fix for issue 3504 (setup --userJavaKeystore doesn't support JCEKS keystore).
---
opends/src/server/org/opends/server/tools/InstallDS.java | 92 +++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 82 insertions(+), 10 deletions(-)
diff --git a/opends/src/server/org/opends/server/tools/InstallDS.java b/opends/src/server/org/opends/server/tools/InstallDS.java
index 4034293..18068ad 100644
--- a/opends/src/server/org/opends/server/tools/InstallDS.java
+++ b/opends/src/server/org/opends/server/tools/InstallDS.java
@@ -874,14 +874,34 @@
String path = argParser.useJavaKeyStoreArg.getValue();
checkCertificateInKeystore(SecurityOptions.CertificateType.JKS, path, pwd,
certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
securityOptions = SecurityOptions.createJKSCertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
}
+ else if (argParser.useJCEKSArg.isPresent())
+ {
+ String path = argParser.useJCEKSArg.getValue();
+ checkCertificateInKeystore(SecurityOptions.CertificateType.JCEKS, path,
+ pwd, certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
+ securityOptions = SecurityOptions.createJCEKSCertificateOptions(
+ path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
+ }
else if (argParser.usePkcs12Arg.isPresent())
{
String path = argParser.usePkcs12Arg.getValue();
checkCertificateInKeystore(SecurityOptions.CertificateType.PKCS12, path,
pwd, certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
securityOptions = SecurityOptions.createPKCS12CertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
}
@@ -889,6 +909,10 @@
{
checkCertificateInKeystore(SecurityOptions.CertificateType.PKCS11, null,
pwd, certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
securityOptions = SecurityOptions.createPKCS11CertificateOptions(
pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
}
@@ -1599,6 +1623,12 @@
createSecurityOptionsPrompting(SecurityOptions.CertificateType.JKS,
enableSSL, enableStartTLS, ldapsPort);
}
+ else if (argParser.useJCEKSArg.isPresent())
+ {
+ securityOptions =
+ createSecurityOptionsPrompting(SecurityOptions.CertificateType.JCEKS,
+ enableSSL, enableStartTLS, ldapsPort);
+ }
else if (argParser.usePkcs12Arg.isPresent())
{
securityOptions =
@@ -1623,12 +1653,14 @@
{
final int SELF_SIGNED = 1;
final int JKS = 2;
- final int PKCS12 = 3;
- final int PKCS11 = 4;
- int[] indexes = {SELF_SIGNED, JKS, PKCS12, PKCS11};
+ final int JCEKS = 3;
+ final int PKCS12 = 4;
+ final int PKCS11 = 5;
+ int[] indexes = {SELF_SIGNED, JKS, JCEKS, PKCS12, PKCS11};
Message[] msgs = {
INFO_INSTALLDS_CERT_OPTION_SELF_SIGNED.get(),
INFO_INSTALLDS_CERT_OPTION_JKS.get(),
+ INFO_INSTALLDS_CERT_OPTION_JCEKS.get(),
INFO_INSTALLDS_CERT_OPTION_PKCS12.get(),
INFO_INSTALLDS_CERT_OPTION_PKCS11.get()
};
@@ -1655,6 +1687,10 @@
builder.setDefault(Message.raw(String.valueOf(JKS)),
MenuResult.success(JKS));
break;
+ case JCEKS:
+ builder.setDefault(Message.raw(String.valueOf(JCEKS)),
+ MenuResult.success(JCEKS));
+ break;
case PKCS11:
builder.setDefault(Message.raw(String.valueOf(PKCS11)),
MenuResult.success(PKCS11));
@@ -1700,6 +1736,13 @@
createSecurityOptionsPrompting(SecurityOptions.CertificateType.JKS,
enableSSL, enableStartTLS, ldapsPort);
}
+ else if (certType == JCEKS)
+ {
+ securityOptions =
+ createSecurityOptionsPrompting(
+ SecurityOptions.CertificateType.JCEKS,
+ enableSSL, enableStartTLS, ldapsPort);
+ }
else if (certType == PKCS12)
{
securityOptions =
@@ -1847,6 +1890,13 @@
pwd);
break;
+ case JCEKS:
+ certManager = new CertificateManager(
+ path,
+ CertificateManager.KEY_STORE_TYPE_JCEKS,
+ pwd);
+ break;
+
case PKCS12:
certManager = new CertificateManager(
path,
@@ -1871,15 +1921,17 @@
switch (type)
{
case JKS:
- errorMessages.add(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST.get());
- break;
-
- case PKCS12:
errorMessages.add(INFO_JKS_KEYSTORE_DOES_NOT_EXIST.get());
break;
- case PKCS11:
+ case JCEKS:
+ errorMessages.add(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST.get());
+ break;
+ case PKCS12:
errorMessages.add(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST.get());
break;
+ case PKCS11:
+ errorMessages.add(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST.get());
+ break;
default:
throw new IllegalArgumentException("Invalid type: "+type);
}
@@ -1922,7 +1974,9 @@
case JKS:
errorMessages.add(INFO_ERROR_ACCESSING_JKS_KEYSTORE.get());
break;
-
+ case JCEKS:
+ errorMessages.add(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE.get());
+ break;
case PKCS12:
errorMessages.add(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE.get());
break;
@@ -1978,6 +2032,15 @@
defaultPathValue = lastResetKeyStorePath;
}
break;
+ case JCEKS:
+ path = argParser.useJCEKSArg.getValue();
+ pathPrompt = INFO_INSTALLDS_PROMPT_JCEKS_PATH.get();
+ defaultPathValue = argParser.useJCEKSArg.getValue();
+ if (defaultPathValue == null)
+ {
+ defaultPathValue = lastResetKeyStorePath;
+ }
+ break;
case PKCS11:
path = null;
defaultPathValue = null;
@@ -2086,6 +2149,10 @@
securityOptions = SecurityOptions.createJKSCertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
break;
+ case JCEKS:
+ securityOptions = SecurityOptions.createJCEKSCertificateOptions(
+ path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
+ break;
case PKCS12:
securityOptions = SecurityOptions.createPKCS12CertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
@@ -2116,9 +2183,11 @@
if (msg.getDescriptor().equals(INFO_KEYSTORE_PATH_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_KEYSTORE_PATH_NOT_A_FILE) ||
msg.getDescriptor().equals(INFO_JKS_KEYSTORE_DOES_NOT_EXIST) ||
+ msg.getDescriptor().equals(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JKS_KEYSTORE) ||
+ msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS11_KEYSTORE))
{
@@ -2142,9 +2211,11 @@
for (Message msg : msgs)
{
if (msg.getDescriptor().equals(INFO_JKS_KEYSTORE_DOES_NOT_EXIST) ||
+ msg.getDescriptor().equals(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JKS_KEYSTORE) ||
+ msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS11_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_NO_KEYSTORE_PASSWORD) ||
@@ -2480,7 +2551,8 @@
lastResetEnableStartTLS = sec.getEnableStartTLS();
lastResetCertType = sec.getCertificateType();
if (lastResetCertType == SecurityOptions.CertificateType.JKS ||
- lastResetCertType == SecurityOptions.CertificateType.PKCS11)
+ lastResetCertType == SecurityOptions.CertificateType.JCEKS ||
+ lastResetCertType == SecurityOptions.CertificateType.PKCS12)
{
lastResetKeyStorePath = sec.getKeystorePath();
}
--
Gitblit v1.10.0