From f2797b991570267b97d045b5024f3a45b399e9b9 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Thu, 08 Nov 2007 00:00:39 +0000
Subject: [PATCH] Update the code of the interactive installer to be consistent with dsconfig, setup and status command-lines in the formatting and in the format used to present certificates to the user.

---
 opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java |   43 ++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java b/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
index 7282949..3951b57 100644
--- a/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
+++ b/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
@@ -66,7 +66,7 @@
   private String bindDN;
   private String bindPassword;
   private KeyManager keyManager;
-  private TrustManager trustManager;
+  private ApplicationTrustManager trustManager;
 
   // The SecureConnectionCliArgsList object.
   private SecureConnectionCliArgs secureArgsList = null;
@@ -1147,6 +1147,16 @@
   }
 
   /**
+   * Gets the key store that should be used for connections based on
+   * this interaction.
+   *
+   * @return key store for connections
+   */
+  public KeyStore getKeyStore() {
+    return this.truststore;
+  }
+
+  /**
    * Gets the key manager that should be used for connections based on
    * this interaction.
    *
@@ -1173,6 +1183,21 @@
    */
   public boolean checkServerCertificate(X509Certificate[] chain)
   {
+    return checkServerCertificate(chain, null, null);
+  }
+
+  /**
+   * Indicate if the certificate chain can be trusted.
+   *
+   * @param chain The certificate chain to validate
+   * @param authType the authentication type.
+   * @param host the host we tried to connect and that presented the
+   * certificate.
+   * @return true if the server certificate is trusted.
+   */
+  public boolean checkServerCertificate(X509Certificate[] chain,
+      String authType, String host)
+    {
     app.println();
     app.println(INFO_LDAP_CONN_PROMPT_SECURITY_SERVER_CERTIFICATE.get());
     app.println();
@@ -1259,8 +1284,20 @@
           }
 
           // Update the trust manager
-          trustManager = new ApplicationTrustManager(truststore);
-
+          if (trustManager == null)
+          {
+            trustManager = new ApplicationTrustManager(truststore);
+          }
+          if ((authType != null) && (host != null))
+          {
+            // Update the trust manager with the new certificate
+            trustManager.acceptCertificate(chain, authType, host);
+          }
+          else
+          {
+            // Do a full reset of the contents of the keystore.
+            trustManager = new ApplicationTrustManager(truststore);
+          }
           if (result.getValue().equals(TrustOption.PERMAMENT.getChoice()))
           {
             ValidationCallback<String> callback =

--
Gitblit v1.10.0