From 0e9445463dbd065a765589a30dde204f4504bbd2 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Mon, 20 Oct 2008 11:40:48 +0000
Subject: [PATCH] Fix for issue 3504 (setup --userJavaKeystore doesn't support JCEKS keystore).
---
opends/src/server/org/opends/server/util/CertificateManager.java | 20 ++
opends/src/server/org/opends/server/tools/InstallDS.java | 92 +++++++++++-
opends/src/server/org/opends/server/tools/InstallDSArgumentParser.java | 11 +
opends/src/messages/messages/quicksetup.properties | 10 +
opends/src/messages/messages/tools.properties | 9 +
opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java | 29 ++++
opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java | 46 ++++++
opends/src/quicksetup/org/opends/quicksetup/ui/QuickSetupStepPanel.java | 4
opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java | 39 +++++
opends/src/server/org/opends/server/tools/ConfigureDS.java | 113 ++++++++++++++--
10 files changed, 339 insertions(+), 34 deletions(-)
diff --git a/opends/src/messages/messages/quicksetup.properties b/opends/src/messages/messages/quicksetup.properties
index c42967d..6f2bf99 100644
--- a/opends/src/messages/messages/quicksetup.properties
+++ b/opends/src/messages/messages/quicksetup.properties
@@ -276,6 +276,10 @@
INFO_ERROR_ACCESSING_JKS_KEYSTORE=Could not access the JKS key store. Check \
that the contents of the file correspond to a valid JKS key store, that you \
have access rights to it and that the provided PIN is valid.
+INFO_ERROR_ACCESSING_JCEKS_KEYSTORE=Could not access the JCEKS key store. \
+ Check that the running Java installation supports JCEKS, that the contents of \
+ the file correspond to a valid JCEKS key store, that you have access rights \
+ to it and that the provided PIN is valid.
INFO_ERROR_ACCESSING_PKCS11_KEYSTORE=Could not access the PKCS#11 key store. \
Check that is installed and that the provided PIN is valid.
INFO_ERROR_ACCESSING_PKCS12_KEYSTORE=Could not access the PKCS#12 key store. \
@@ -602,6 +606,12 @@
certificate.
INFO_JKS_KEYSTORE_DOES_NOT_EXIST=No certificates for the Java Key Store could \
be found. Check that the provided path is valid.
+INFO_JCEKS_CERTIFICATE=Use existing JCEKS File
+INFO_JCEKS_CERTIFICATE_LABEL=JCEKS File
+INFO_JCEKS_CERTIFICATE_TOOLTIP=Select this option if you have a JCEKS \
+ certificate.
+INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST=No certificates for the Java Key Store could \
+ be found. Check that the provided path is valid.
INFO_KEYSTORE_PATH_DOES_NOT_EXIST=The provided key store path does not exist.
INFO_KEYSTORE_PATH_LABEL=Key Store Path:
INFO_KEYSTORE_PATH_NOT_A_FILE=The provided key store path is not a file.
diff --git a/opends/src/messages/messages/tools.properties b/opends/src/messages/messages/tools.properties
index a3e9a83..9d6ea5a 100644
--- a/opends/src/messages/messages/tools.properties
+++ b/opends/src/messages/messages/tools.properties
@@ -2369,3 +2369,12 @@
to read the file '%s' containing the list of ignored attributes: %s
INFO_LDIFDIFF_CANNOT_PARSE_STRING_AS_DN_1616=The string '%s' from file '%s' could \
not be parsed as a dn
+INFO_INSTALLDS_DESCRIPTION_USE_JCEKS_1617=Path of a JCEKS containing a \
+ certificate to be used as the server certificate
+INFO_INSTALLDS_CERT_OPTION_JCEKS_1618=Use an existing certificate located on a \
+ JCEKS key store
+INFO_INSTALLDS_PROMPT_JCEKS_PATH_1619=JCEKS Key Store path:
+SEVERE_ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER_1620=Error creating \
+ JCEKS Key Provider configuration: %s
+SEVERE_ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_TRUST_MANAGER_1621=Error \
+ creating JCEKS Trust Manager configuration: %s
diff --git a/opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java b/opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java
index a63e652..b60f777 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/SecurityOptions.java
@@ -55,6 +55,10 @@
*/
JKS,
/**
+ * Use an existing JCEKS keystore.
+ */
+ JCEKS,
+ /**
* Use an existing PKCS#11 keystore.
*/
PKCS11,
@@ -130,6 +134,31 @@
}
/**
+ * Creates a new instance of a SecurityOptions using a JCE Key Store.
+ * @param keystorePath the path of the key store.
+ * @param keystorePwd the password of the key store.
+ * @param enableSSL whether SSL is enabled or not.
+ * @param enableStartTLS whether Start TLS is enabled or not.
+ * @param sslPort the value of the LDAPS port.
+ * @param aliasToUse the alias of the certificate in the keystore to be used.
+ * @return a new instance of a SecurityOptions using a JCE Key Store.
+ */
+ public static SecurityOptions createJCEKSCertificateOptions(
+ String keystorePath,
+ String keystorePwd, boolean enableSSL, boolean enableStartTLS,
+ int sslPort, String aliasToUse)
+ {
+ SecurityOptions ops = new SecurityOptions();
+ ops.setCertificateType(CertificateType.JCEKS);
+ ops.setKeyStorePath(keystorePath);
+ ops.setKeyStorePassword(keystorePwd);
+ updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort,
+ aliasToUse);
+ return ops;
+ }
+
+
+ /**
* Creates a new instance of a SecurityOptions using a PKCS#11 Key Store.
* @param keystorePwd the password of the key store.
* @param enableSSL whether SSL is enabled or not.
diff --git a/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java b/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
index f61e948..1e793ac 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
@@ -863,6 +863,16 @@
argList.add("-a");
argList.add(sec.getAliasToUse());
break;
+ case JCEKS:
+ argList.add("-k");
+ argList.add("cn=JCEKS,cn=Key Manager Providers,cn=config");
+ argList.add("-t");
+ argList.add("cn=JCEKS,cn=Trust Manager Providers,cn=config");
+ argList.add("-m");
+ argList.add(sec.getKeystorePath());
+ argList.add("-a");
+ argList.add(sec.getAliasToUse());
+ break;
case PKCS12:
argList.add("-k");
argList.add("cn=PKCS12,cn=Key Manager Providers,cn=config");
@@ -947,7 +957,7 @@
{
cmd.append(s);
}
- nextPassword = s.equals("-w");
+ nextPassword = "-w".equals(s);
}
LOG.log(Level.INFO, "configure DS cmd: "+cmd);
final InstallerHelper helper = new InstallerHelper();
@@ -966,6 +976,9 @@
ReturnCode.CONFIGURATION_ERROR,
INFO_ERROR_CONFIGURING.get(), null);
}
+ } catch (ApplicationException aex)
+ {
+ ae = aex;
} catch (Throwable t)
{
ae = new ApplicationException(
@@ -1044,6 +1057,24 @@
f = new File(getTemporaryCertificatePath());
f.delete();
break;
+ case JCEKS:
+ certManager = new CertificateManager(
+ sec.getKeystorePath(),
+ CertificateManager.KEY_STORE_TYPE_JCEKS,
+ sec.getKeystorePassword());
+ exportCertificate(certManager, sec.getAliasToUse(),
+ getTemporaryCertificatePath());
+
+ trustManager = new CertificateManager(
+ getTrustManagerPath(),
+ CertificateManager.KEY_STORE_TYPE_JCEKS,
+ sec.getKeystorePassword());
+ trustManager.addCertificate(sec.getAliasToUse(),
+ new File(getTemporaryCertificatePath()));
+ createFile(getKeystorePinPath(), sec.getKeystorePassword());
+ f = new File(getTemporaryCertificatePath());
+ f.delete();
+ break;
case PKCS12:
certManager = new CertificateManager(
sec.getKeystorePath(),
@@ -1088,6 +1119,7 @@
}
catch (Throwable t)
{
+ LOG.log(Level.SEVERE, "Error configuring certificate: "+t, t);
throw new ApplicationException(
ReturnCode.CONFIGURATION_ERROR,
getThrowableMsg(INFO_ERROR_CONFIGURING_CERTIFICATE.get(),
@@ -4709,6 +4741,10 @@
}
}
}
+ if (thread.getException() != null)
+ {
+ throw thread.getException();
+ }
if (canceled)
{
checkAbort();
@@ -4716,6 +4752,7 @@
}
catch (ApplicationException e)
{
+ LOG.log(Level.SEVERE, "Error: "+e, e);
throw e;
}
catch (Throwable t)
diff --git a/opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java b/opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java
index e0fb13c..c43418d 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/installer/ui/SecurityOptionsDialog.java
@@ -82,6 +82,7 @@
private JLabel lKeystoreType;
private JRadioButton rbPKCS11;
private JRadioButton rbJKS;
+ private JRadioButton rbJCEKS;
private JRadioButton rbPKCS12;
private JLabel lKeystorePath;
private JTextField tfKeystorePath;
@@ -210,6 +211,13 @@
String.valueOf(tfKeystorePwd.getPassword()), enableSSL,
enableStartTLS, sslPort, selectedAlias);
}
+ else if (rbJCEKS.isSelected())
+ {
+ ops = SecurityOptions.createJCEKSCertificateOptions(
+ tfKeystorePath.getText(),
+ String.valueOf(tfKeystorePwd.getPassword()), enableSSL,
+ enableStartTLS, sslPort, selectedAlias);
+ }
else if (rbPKCS11.isSelected())
{
ops = SecurityOptions.createPKCS11CertificateOptions(
@@ -381,6 +389,11 @@
INFO_JKS_CERTIFICATE_TOOLTIP.get(),
UIFactory.TextStyle.SECONDARY_FIELD_VALID);
rbJKS.addActionListener(l);
+ rbJCEKS = UIFactory.makeJRadioButton(
+ INFO_JCEKS_CERTIFICATE_LABEL.get(),
+ INFO_JCEKS_CERTIFICATE_TOOLTIP.get(),
+ UIFactory.TextStyle.SECONDARY_FIELD_VALID);
+ rbJCEKS.addActionListener(l);
rbPKCS11 = UIFactory.makeJRadioButton(
INFO_PKCS11_CERTIFICATE_LABEL.get(),
INFO_PKCS11_CERTIFICATE_TOOLTIP.get(),
@@ -393,6 +406,7 @@
rbPKCS12.addActionListener(l);
ButtonGroup group2 = new ButtonGroup();
group2.add(rbJKS);
+ group2.add(rbJCEKS);
group2.add(rbPKCS11);
group2.add(rbPKCS12);
lKeystoreType.setLabelFor(rbJKS);
@@ -538,6 +552,10 @@
gbc.gridwidth = GridBagConstraints.RELATIVE;
aux2Panel.add(Box.createHorizontalGlue(), gbc);
gbc.gridwidth = GridBagConstraints.REMAINDER;
+ aux2Panel.add(rbJCEKS, gbc);
+ gbc.gridwidth = GridBagConstraints.RELATIVE;
+ aux2Panel.add(Box.createHorizontalGlue(), gbc);
+ gbc.gridwidth = GridBagConstraints.REMAINDER;
aux2Panel.add(rbPKCS12, gbc);
gbc.gridwidth = GridBagConstraints.RELATIVE;
aux2Panel.add(Box.createHorizontalGlue(), gbc);
@@ -776,6 +794,13 @@
tfKeystorePwd.setText(securityOptions.getKeystorePassword());
break;
+ case JCEKS:
+ rbUseExistingCertificate.setSelected(true);
+ rbJCEKS.setSelected(true);
+ tfKeystorePath.setText(securityOptions.getKeystorePath());
+ tfKeystorePwd.setText(securityOptions.getKeystorePassword());
+ break;
+
case PKCS11:
rbUseExistingCertificate.setSelected(true);
rbPKCS11.setSelected(true);
@@ -814,7 +839,8 @@
}
if (useSSL && rbUseExistingCertificate.isSelected() &&
- !rbJKS.isSelected() && !rbPKCS11.isSelected() && !rbPKCS12.isSelected())
+ !rbJKS.isSelected() && !rbJCEKS.isSelected() &&
+ !rbPKCS11.isSelected() && !rbPKCS12.isSelected())
{
rbJKS.setSelected(true);
}
@@ -826,6 +852,7 @@
lKeystoreType.setEnabled(
rbUseExistingCertificate.isSelected() && useSSL);
rbJKS.setEnabled(rbUseExistingCertificate.isSelected() && useSSL);
+ rbJCEKS.setEnabled(rbUseExistingCertificate.isSelected() && useSSL);
rbPKCS11.setEnabled(rbUseExistingCertificate.isSelected() && useSSL);
rbPKCS12.setEnabled(rbUseExistingCertificate.isSelected() && useSSL);
@@ -927,7 +954,7 @@
(cbEnableSSL.isSelected() || cbEnableStartTLS.isSelected()))
{
String path = tfKeystorePath.getText();
- if (rbJKS.isSelected() || rbPKCS12.isSelected())
+ if (rbJKS.isSelected() || rbJCEKS.isSelected() || rbPKCS12.isSelected())
{
/* Check the path */
if ((path == null) || (path.length() == 0))
@@ -970,6 +997,13 @@
CertificateManager.KEY_STORE_TYPE_JKS,
pwd);
}
+ else if (rbJCEKS.isSelected())
+ {
+ certManager = new CertificateManager(
+ path,
+ CertificateManager.KEY_STORE_TYPE_JCEKS,
+ pwd);
+ }
else if (rbPKCS12.isSelected())
{
certManager = new CertificateManager(
@@ -1002,6 +1036,10 @@
{
errorMsgs.add(INFO_JKS_KEYSTORE_DOES_NOT_EXIST.get());
}
+ else if (rbJCEKS.isSelected())
+ {
+ errorMsgs.add(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST.get());
+ }
else
{
errorMsgs.add(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST.get());
@@ -1029,6 +1067,10 @@
{
errorMsgs.add(INFO_ERROR_ACCESSING_JKS_KEYSTORE.get());
}
+ else if (rbJCEKS.isSelected())
+ {
+ errorMsgs.add(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE.get());
+ }
else
{
errorMsgs.add(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE.get());
diff --git a/opends/src/quicksetup/org/opends/quicksetup/ui/QuickSetupStepPanel.java b/opends/src/quicksetup/org/opends/quicksetup/ui/QuickSetupStepPanel.java
index b042f24..4eeeb49 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/ui/QuickSetupStepPanel.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/ui/QuickSetupStepPanel.java
@@ -500,6 +500,10 @@
certMsg = INFO_JKS_CERTIFICATE.get();
break;
+ case JCEKS:
+ certMsg = INFO_JCEKS_CERTIFICATE.get();
+ break;
+
case PKCS11:
certMsg = INFO_PKCS11_CERTIFICATE.get();
break;
diff --git a/opends/src/server/org/opends/server/tools/ConfigureDS.java b/opends/src/server/org/opends/server/tools/ConfigureDS.java
index c3a72cb..a63ed1b 100644
--- a/opends/src/server/org/opends/server/tools/ConfigureDS.java
+++ b/opends/src/server/org/opends/server/tools/ConfigureDS.java
@@ -35,6 +35,7 @@
import java.util.LinkedList;
import java.util.Set;
import java.io.File;
+import java.io.StringReader;
import javax.crypto.Cipher;
@@ -56,7 +57,10 @@
import org.opends.server.types.DirectoryException;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryEnvironmentConfig;
+import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
+import org.opends.server.types.LDIFImportConfig;
+import org.opends.server.util.LDIFReader;
import org.opends.server.util.SetupUtils;
import org.opends.server.util.args.ArgumentException;
import org.opends.server.util.args.ArgumentParser;
@@ -549,9 +553,12 @@
if (keyManagerProviderDN.isPresent())
{
DN dn = null;
+ DN JCEKSProviderDN = null;
try
{
dn = DN.decode(keyManagerProviderDN.getValue());
+ JCEKSProviderDN =
+ DN.decode("cn=JCEKS,cn=Key Manager Providers,cn=config");
}
catch (DirectoryException de)
{
@@ -563,16 +570,54 @@
return 1;
}
- try
+ if (dn.equals(JCEKSProviderDN))
{
- configHandler.getConfigEntry(dn);
+ // Create the JCEKSProvider entry
+ try
+ {
+ String ldif = "dn: cn=JCEKS,cn=Key Manager Providers,cn=config\n"+
+ "objectClass: top\n"+
+ "objectClass: ds-cfg-key-manager-provider\n"+
+ "objectClass: ds-cfg-file-based-key-manager-provider\n"+
+ "cn: JCEKS\n"+
+ "ds-cfg-java-class: org.opends.server.extensions."+
+ "FileBasedKeyManagerProvider\n"+
+ "ds-cfg-enabled: true\n"+
+ "ds-cfg-key-store-type: JCEKS\n"+
+ "ds-cfg-key-store-file: config/keystore.jceks\n"+
+ "ds-cfg-key-store-pin-file: config/keystore.pin";
+
+ LDIFImportConfig ldifImportConfig =
+ new LDIFImportConfig(new StringReader(ldif));
+ LDIFReader reader = new LDIFReader(ldifImportConfig);
+ Entry providerConfigEntry;
+ while ((providerConfigEntry = reader.readEntry()) != null)
+ {
+ configHandler.addEntry(providerConfigEntry, null);
+ }
+ }
+ catch (Exception e)
+ {
+ Message message =
+ ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER.get(
+ String.valueOf(e));
+ System.err.println(wrapText(message, MAX_LINE_WIDTH));
+ return 1;
+ }
}
- catch (Exception e)
+ else
{
- Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(
- String.valueOf(e));
- System.err.println(wrapText(message, MAX_LINE_WIDTH));
- return 1;
+ try
+ {
+ configHandler.getConfigEntry(dn);
+ }
+ catch (Exception e)
+ {
+ Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(
+ String.valueOf(e));
+ System.err.println(wrapText(message, MAX_LINE_WIDTH));
+ return 1;
+ }
}
}
@@ -580,9 +625,12 @@
if (trustManagerProviderDN.isPresent())
{
DN dn = null;
+ DN JCEKSTrustManagerDN = null;
try
{
dn = DN.decode(trustManagerProviderDN.getValue());
+ JCEKSTrustManagerDN =
+ DN.decode("cn=JCEKS,cn=Trust Manager Providers,cn=config");
}
catch (DirectoryException de)
{
@@ -592,16 +640,51 @@
return 1;
}
- try
+ if (dn.equals(JCEKSTrustManagerDN))
{
- configHandler.getConfigEntry(dn);
- }
- catch (Exception e)
- {
- Message message = ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(
+ try
+ {
+ String ldif = "dn: cn=JCEKS,cn=Trust Manager Providers,cn=config\n"+
+ "objectClass: top\n"+
+ "objectClass: ds-cfg-trust-manager-provider\n"+
+ "objectClass: ds-cfg-file-based-trust-manager-provider\n"+
+ "cn: JKS\n"+
+ "ds-cfg-java-class: org.opends.server.extensions."+
+ "FileBasedTrustManagerProvider\n"+
+ "ds-cfg-enabled: false\n"+
+ "ds-cfg-trust-store-type: JCEKS\n"+
+ "ds-cfg-trust-store-file: config/truststore\n";
+
+ LDIFImportConfig ldifImportConfig =
+ new LDIFImportConfig(new StringReader(ldif));
+ LDIFReader reader = new LDIFReader(ldifImportConfig);
+ Entry trustManagerConfigEntry;
+ while ((trustManagerConfigEntry = reader.readEntry()) != null)
+ {
+ configHandler.addEntry(trustManagerConfigEntry, null);
+ }
+ }
+ catch (Exception e)
+ {
+ Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(
String.valueOf(e));
- System.err.println(wrapText(message, MAX_LINE_WIDTH));
- return 1;
+ System.err.println(wrapText(message, MAX_LINE_WIDTH));
+ return 1;
+ }
+ }
+ else
+ {
+ try
+ {
+ configHandler.getConfigEntry(dn);
+ }
+ catch (Exception e)
+ {
+ Message message = ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(
+ String.valueOf(e));
+ System.err.println(wrapText(message, MAX_LINE_WIDTH));
+ return 1;
+ }
}
}
diff --git a/opends/src/server/org/opends/server/tools/InstallDS.java b/opends/src/server/org/opends/server/tools/InstallDS.java
index 4034293..18068ad 100644
--- a/opends/src/server/org/opends/server/tools/InstallDS.java
+++ b/opends/src/server/org/opends/server/tools/InstallDS.java
@@ -874,14 +874,34 @@
String path = argParser.useJavaKeyStoreArg.getValue();
checkCertificateInKeystore(SecurityOptions.CertificateType.JKS, path, pwd,
certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
securityOptions = SecurityOptions.createJKSCertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
}
+ else if (argParser.useJCEKSArg.isPresent())
+ {
+ String path = argParser.useJCEKSArg.getValue();
+ checkCertificateInKeystore(SecurityOptions.CertificateType.JCEKS, path,
+ pwd, certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
+ securityOptions = SecurityOptions.createJCEKSCertificateOptions(
+ path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
+ }
else if (argParser.usePkcs12Arg.isPresent())
{
String path = argParser.usePkcs12Arg.getValue();
checkCertificateInKeystore(SecurityOptions.CertificateType.PKCS12, path,
pwd, certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
securityOptions = SecurityOptions.createPKCS12CertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
}
@@ -889,6 +909,10 @@
{
checkCertificateInKeystore(SecurityOptions.CertificateType.PKCS11, null,
pwd, certNickname, errorMessages, keystoreAliases);
+ if ((certNickname == null) && !keystoreAliases.isEmpty())
+ {
+ certNickname = keystoreAliases.getFirst();
+ }
securityOptions = SecurityOptions.createPKCS11CertificateOptions(
pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
}
@@ -1599,6 +1623,12 @@
createSecurityOptionsPrompting(SecurityOptions.CertificateType.JKS,
enableSSL, enableStartTLS, ldapsPort);
}
+ else if (argParser.useJCEKSArg.isPresent())
+ {
+ securityOptions =
+ createSecurityOptionsPrompting(SecurityOptions.CertificateType.JCEKS,
+ enableSSL, enableStartTLS, ldapsPort);
+ }
else if (argParser.usePkcs12Arg.isPresent())
{
securityOptions =
@@ -1623,12 +1653,14 @@
{
final int SELF_SIGNED = 1;
final int JKS = 2;
- final int PKCS12 = 3;
- final int PKCS11 = 4;
- int[] indexes = {SELF_SIGNED, JKS, PKCS12, PKCS11};
+ final int JCEKS = 3;
+ final int PKCS12 = 4;
+ final int PKCS11 = 5;
+ int[] indexes = {SELF_SIGNED, JKS, JCEKS, PKCS12, PKCS11};
Message[] msgs = {
INFO_INSTALLDS_CERT_OPTION_SELF_SIGNED.get(),
INFO_INSTALLDS_CERT_OPTION_JKS.get(),
+ INFO_INSTALLDS_CERT_OPTION_JCEKS.get(),
INFO_INSTALLDS_CERT_OPTION_PKCS12.get(),
INFO_INSTALLDS_CERT_OPTION_PKCS11.get()
};
@@ -1655,6 +1687,10 @@
builder.setDefault(Message.raw(String.valueOf(JKS)),
MenuResult.success(JKS));
break;
+ case JCEKS:
+ builder.setDefault(Message.raw(String.valueOf(JCEKS)),
+ MenuResult.success(JCEKS));
+ break;
case PKCS11:
builder.setDefault(Message.raw(String.valueOf(PKCS11)),
MenuResult.success(PKCS11));
@@ -1700,6 +1736,13 @@
createSecurityOptionsPrompting(SecurityOptions.CertificateType.JKS,
enableSSL, enableStartTLS, ldapsPort);
}
+ else if (certType == JCEKS)
+ {
+ securityOptions =
+ createSecurityOptionsPrompting(
+ SecurityOptions.CertificateType.JCEKS,
+ enableSSL, enableStartTLS, ldapsPort);
+ }
else if (certType == PKCS12)
{
securityOptions =
@@ -1847,6 +1890,13 @@
pwd);
break;
+ case JCEKS:
+ certManager = new CertificateManager(
+ path,
+ CertificateManager.KEY_STORE_TYPE_JCEKS,
+ pwd);
+ break;
+
case PKCS12:
certManager = new CertificateManager(
path,
@@ -1871,15 +1921,17 @@
switch (type)
{
case JKS:
- errorMessages.add(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST.get());
- break;
-
- case PKCS12:
errorMessages.add(INFO_JKS_KEYSTORE_DOES_NOT_EXIST.get());
break;
- case PKCS11:
+ case JCEKS:
+ errorMessages.add(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST.get());
+ break;
+ case PKCS12:
errorMessages.add(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST.get());
break;
+ case PKCS11:
+ errorMessages.add(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST.get());
+ break;
default:
throw new IllegalArgumentException("Invalid type: "+type);
}
@@ -1922,7 +1974,9 @@
case JKS:
errorMessages.add(INFO_ERROR_ACCESSING_JKS_KEYSTORE.get());
break;
-
+ case JCEKS:
+ errorMessages.add(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE.get());
+ break;
case PKCS12:
errorMessages.add(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE.get());
break;
@@ -1978,6 +2032,15 @@
defaultPathValue = lastResetKeyStorePath;
}
break;
+ case JCEKS:
+ path = argParser.useJCEKSArg.getValue();
+ pathPrompt = INFO_INSTALLDS_PROMPT_JCEKS_PATH.get();
+ defaultPathValue = argParser.useJCEKSArg.getValue();
+ if (defaultPathValue == null)
+ {
+ defaultPathValue = lastResetKeyStorePath;
+ }
+ break;
case PKCS11:
path = null;
defaultPathValue = null;
@@ -2086,6 +2149,10 @@
securityOptions = SecurityOptions.createJKSCertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
break;
+ case JCEKS:
+ securityOptions = SecurityOptions.createJCEKSCertificateOptions(
+ path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
+ break;
case PKCS12:
securityOptions = SecurityOptions.createPKCS12CertificateOptions(
path, pwd, enableSSL, enableStartTLS, ldapsPort, certNickname);
@@ -2116,9 +2183,11 @@
if (msg.getDescriptor().equals(INFO_KEYSTORE_PATH_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_KEYSTORE_PATH_NOT_A_FILE) ||
msg.getDescriptor().equals(INFO_JKS_KEYSTORE_DOES_NOT_EXIST) ||
+ msg.getDescriptor().equals(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JKS_KEYSTORE) ||
+ msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS11_KEYSTORE))
{
@@ -2142,9 +2211,11 @@
for (Message msg : msgs)
{
if (msg.getDescriptor().equals(INFO_JKS_KEYSTORE_DOES_NOT_EXIST) ||
+ msg.getDescriptor().equals(INFO_JCEKS_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS12_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_PKCS11_KEYSTORE_DOES_NOT_EXIST) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JKS_KEYSTORE) ||
+ msg.getDescriptor().equals(INFO_ERROR_ACCESSING_JCEKS_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS12_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_ACCESSING_PKCS11_KEYSTORE) ||
msg.getDescriptor().equals(INFO_ERROR_NO_KEYSTORE_PASSWORD) ||
@@ -2480,7 +2551,8 @@
lastResetEnableStartTLS = sec.getEnableStartTLS();
lastResetCertType = sec.getCertificateType();
if (lastResetCertType == SecurityOptions.CertificateType.JKS ||
- lastResetCertType == SecurityOptions.CertificateType.PKCS11)
+ lastResetCertType == SecurityOptions.CertificateType.JCEKS ||
+ lastResetCertType == SecurityOptions.CertificateType.PKCS12)
{
lastResetKeyStorePath = sec.getKeystorePath();
}
diff --git a/opends/src/server/org/opends/server/tools/InstallDSArgumentParser.java b/opends/src/server/org/opends/server/tools/InstallDSArgumentParser.java
index ae388a0..5a0ed37 100644
--- a/opends/src/server/org/opends/server/tools/InstallDSArgumentParser.java
+++ b/opends/src/server/org/opends/server/tools/InstallDSArgumentParser.java
@@ -90,6 +90,7 @@
StringArgument directoryManagerDNArg;
StringArgument directoryManagerPwdStringArg;
StringArgument useJavaKeyStoreArg;
+ StringArgument useJCEKSArg;
StringArgument usePkcs12Arg;
StringArgument keyStorePasswordArg;
StringArgument certNicknameArg;
@@ -347,6 +348,12 @@
INFO_INSTALLDS_DESCRIPTION_USE_JAVAKEYSTORE.get());
addArgument(useJavaKeyStoreArg);
+ useJCEKSArg = new StringArgument("useJCEKS".toLowerCase(),
+ null, "useJCEKS", false, false,
+ true, INFO_KEYSTOREPATH_PLACEHOLDER.get(), null, "useJCEKS",
+ INFO_INSTALLDS_DESCRIPTION_USE_JCEKS.get());
+ addArgument(useJCEKSArg);
+
usePkcs12Arg = new StringArgument("usePkcs12keyStore".toLowerCase(),
null, "usePkcs12keyStore", false, false,
true, INFO_KEYSTOREPATH_PLACEHOLDER.get(), null, "usePkcs12keyStore",
@@ -652,6 +659,10 @@
{
certificateType++;
}
+ if (useJCEKSArg.isPresent())
+ {
+ certificateType++;
+ }
if (usePkcs11Arg.isPresent())
{
certificateType++;
diff --git a/opends/src/server/org/opends/server/util/CertificateManager.java b/opends/src/server/org/opends/server/util/CertificateManager.java
index bb420ee..c42695c 100644
--- a/opends/src/server/org/opends/server/util/CertificateManager.java
+++ b/opends/src/server/org/opends/server/util/CertificateManager.java
@@ -46,8 +46,8 @@
/**
* This class provides an interface for generating self-signed certificates and
* certificate signing requests, and for importing, exporting, and deleting
- * certificates from a key store. It supports JKS, PKCS11, and PKCS12 key store
- * types.
+ * certificates from a key store. It supports JKS, JCEKS PKCS11, and PKCS12 key
+ * store types.
* <BR><BR>
* Note that for some operations, particularly those that require updating the
* contents of a key store (including generating certificates and/or certificate
@@ -83,7 +83,10 @@
*/
public static final String KEY_STORE_TYPE_JKS = "JKS";
-
+ /**
+ * The key store type value that should be used for the "JCEKS" key store.
+ */
+ public static final String KEY_STORE_TYPE_JCEKS = "JCEKS";
/**
* The key store type value that should be used for the "PKCS11" key store.
@@ -186,6 +189,7 @@
* performed.
* @param keyStoreType The key store type to use. It should be one of
* {@code KEY_STORE_TYPE_JKS},
+ * {@code KEY_STORE_TYPE_JCEKS},
* {@code KEY_STORE_TYPE_PKCS11}, or
* {@code KEY_STORE_TYPE_PKCS12}.
* @param keyStorePIN The PIN required to access the key store. It must
@@ -231,6 +235,7 @@
}
}
else if (keyStoreType.equals(KEY_STORE_TYPE_JKS) ||
+ keyStoreType.equals(KEY_STORE_TYPE_JCEKS) ||
keyStoreType.equals(KEY_STORE_TYPE_PKCS12))
{
File keyStoreFile = new File(keyStorePath);
@@ -261,6 +266,7 @@
// FIXME -- Make this an internationalizeable string.
throw new IllegalArgumentException("Invalid key store type -- it must " +
"be one of " + KEY_STORE_TYPE_JKS + ", " +
+ "be one of " + KEY_STORE_TYPE_JCEKS + ", " +
KEY_STORE_TYPE_PKCS11 + ", or " + KEY_STORE_TYPE_PKCS12);
}
@@ -888,11 +894,13 @@
return keyStore;
}
- // For JKS and PKCS12 key stores, we should make sure the file exists, and
- // we'll need an input stream that we can use to read it. For PKCS11 key
- // stores there won't be a file and the input stream should be null.
+ // For JKS, JCEKS and PKCS12 key stores, we should make sure the file
+ // exists, and we'll need an input stream that we can use to read it.
+ // For PKCS11 key stores there won't be a file and the input stream should
+ // be null.
FileInputStream keyStoreInputStream = null;
if (keyStoreType.equals(KEY_STORE_TYPE_JKS) ||
+ keyStoreType.equals(KEY_STORE_TYPE_JCEKS) ||
keyStoreType.equals(KEY_STORE_TYPE_PKCS12))
{
File keyStoreFile = new File(keyStorePath);
--
Gitblit v1.10.0