From 1dd534c2b6ad1607ce6b5f4d6951cbfcebdedd56 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 18 Nov 2009 22:52:26 +0000
Subject: [PATCH] Fix for issue 4295 (Issues with dsreplication interactive mode) The following changes complete the previous fix done for this bug, if we were using dsreplication enable on the installation of one of the servers, the interactive mode failed if the option --trustAll was NOT specified.
---
opends/src/server/org/opends/server/util/cli/ConsoleApplication.java | 60 ++++++++++++++++++++++--------------------------------------
1 files changed, 22 insertions(+), 38 deletions(-)
diff --git a/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java b/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
index 50ab495..9d94b46 100644
--- a/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
+++ b/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
@@ -863,6 +863,25 @@
protected InitialLdapContext createInitialLdapContextInteracting(
LDAPConnectionConsoleInteraction ci) throws ClientException
{
+ return createInitialLdapContextInteracting(ci, isInteractive() &&
+ ci.isTrustStoreInMemory());
+ }
+
+ /**
+ * Creates an Initial LDAP Context interacting with the user if the
+ * application is interactive.
+ * @param ci the LDAPConnectionConsoleInteraction object that is assumed
+ * to have been already run.
+ * @param promptForCertificate whether we should prompt for the certificate
+ * or not.
+ * @return the initial LDAP context or <CODE>null</CODE> if the user did
+ * not accept to trust the certificates.
+ * @throws ClientException if there was an error establishing the connection.
+ */
+ protected InitialLdapContext createInitialLdapContextInteracting(
+ LDAPConnectionConsoleInteraction ci,
+ boolean promptForCertificate) throws ClientException
+ {
// Interact with the user though the console to get
// LDAP connection information
String hostName = ConnectionUtils.getHostNameForLdapUrl(ci.getHostName());
@@ -889,7 +908,7 @@
}
catch (NamingException e)
{
- if ( isInteractive() && ci.isTrustStoreInMemory())
+ if (promptForCertificate)
{
OpendsCertificateException oce = getCertificateRootException(e);
if (oce != null)
@@ -919,7 +938,7 @@
}
if (e.getCause() != null)
{
- if (!ci.isTrustStoreInMemory() &&
+ if (!isInteractive() &&
!ci.isTrustAll())
{
if (getCertificateRootException(e) != null ||
@@ -964,7 +983,7 @@
}
catch (NamingException e)
{
- if ( isInteractive() && ci.isTrustStoreInMemory())
+ if (promptForCertificate)
{
OpendsCertificateException oce = getCertificateRootException(e);
if (oce != null)
@@ -1021,41 +1040,6 @@
}
catch (NamingException e)
{
- if ( isInteractive() && ci.isTrustStoreInMemory())
- {
- OpendsCertificateException oce = getCertificateRootException(e);
- if (oce != null)
- {
- String authType = null;
- if (trustManager instanceof ApplicationTrustManager)
- {
- ApplicationTrustManager appTrustManager =
- (ApplicationTrustManager)trustManager;
- authType = appTrustManager.getLastRefusedAuthType();
- }
- if (ci.checkServerCertificate(oce.getChain(), authType,
- hostName))
- {
- // If the certificate is trusted, update the trust manager.
- trustManager = ci.getTrustManager();
-
- // Try to connect again.
- continue;
- }
- else
- {
- // Assume user canceled.
- return null;
- }
- }
- else
- {
- Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
- hostName, String.valueOf(portNumber));
- throw new ClientException(
- LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
- }
- }
Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
hostName, String.valueOf(portNumber));
throw new ClientException(
--
Gitblit v1.10.0