From 1dd534c2b6ad1607ce6b5f4d6951cbfcebdedd56 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 18 Nov 2009 22:52:26 +0000
Subject: [PATCH] Fix for issue 4295 (Issues with dsreplication interactive mode) The following changes complete the previous fix done for this bug, if we were using dsreplication enable on the installation of one of the servers, the interactive mode failed if the option --trustAll was NOT specified.
---
opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java | 22 +++++-----
opends/src/server/org/opends/server/util/cli/ConsoleApplication.java | 60 +++++++++++-------------------
opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java | 4 +-
3 files changed, 35 insertions(+), 51 deletions(-)
diff --git a/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java b/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
index d7e8d15..e603575 100644
--- a/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
+++ b/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
@@ -1163,7 +1163,7 @@
if (!error)
{
- ctx2 = createInitialLdapContextInteracting(ci);
+ ctx2 = createInitialLdapContextInteracting(ci, true);
if (ctx2 == null)
{
@@ -2315,7 +2315,7 @@
if (!error)
{
- ctxDestination = createInitialLdapContextInteracting(ci);
+ ctxDestination = createInitialLdapContextInteracting(ci, true);
if (ctxDestination == null)
{
diff --git a/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java b/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
index 50ab495..9d94b46 100644
--- a/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
+++ b/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
@@ -863,6 +863,25 @@
protected InitialLdapContext createInitialLdapContextInteracting(
LDAPConnectionConsoleInteraction ci) throws ClientException
{
+ return createInitialLdapContextInteracting(ci, isInteractive() &&
+ ci.isTrustStoreInMemory());
+ }
+
+ /**
+ * Creates an Initial LDAP Context interacting with the user if the
+ * application is interactive.
+ * @param ci the LDAPConnectionConsoleInteraction object that is assumed
+ * to have been already run.
+ * @param promptForCertificate whether we should prompt for the certificate
+ * or not.
+ * @return the initial LDAP context or <CODE>null</CODE> if the user did
+ * not accept to trust the certificates.
+ * @throws ClientException if there was an error establishing the connection.
+ */
+ protected InitialLdapContext createInitialLdapContextInteracting(
+ LDAPConnectionConsoleInteraction ci,
+ boolean promptForCertificate) throws ClientException
+ {
// Interact with the user though the console to get
// LDAP connection information
String hostName = ConnectionUtils.getHostNameForLdapUrl(ci.getHostName());
@@ -889,7 +908,7 @@
}
catch (NamingException e)
{
- if ( isInteractive() && ci.isTrustStoreInMemory())
+ if (promptForCertificate)
{
OpendsCertificateException oce = getCertificateRootException(e);
if (oce != null)
@@ -919,7 +938,7 @@
}
if (e.getCause() != null)
{
- if (!ci.isTrustStoreInMemory() &&
+ if (!isInteractive() &&
!ci.isTrustAll())
{
if (getCertificateRootException(e) != null ||
@@ -964,7 +983,7 @@
}
catch (NamingException e)
{
- if ( isInteractive() && ci.isTrustStoreInMemory())
+ if (promptForCertificate)
{
OpendsCertificateException oce = getCertificateRootException(e);
if (oce != null)
@@ -1021,41 +1040,6 @@
}
catch (NamingException e)
{
- if ( isInteractive() && ci.isTrustStoreInMemory())
- {
- OpendsCertificateException oce = getCertificateRootException(e);
- if (oce != null)
- {
- String authType = null;
- if (trustManager instanceof ApplicationTrustManager)
- {
- ApplicationTrustManager appTrustManager =
- (ApplicationTrustManager)trustManager;
- authType = appTrustManager.getLastRefusedAuthType();
- }
- if (ci.checkServerCertificate(oce.getChain(), authType,
- hostName))
- {
- // If the certificate is trusted, update the trust manager.
- trustManager = ci.getTrustManager();
-
- // Try to connect again.
- continue;
- }
- else
- {
- // Assume user canceled.
- return null;
- }
- }
- else
- {
- Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
- hostName, String.valueOf(portNumber));
- throw new ClientException(
- LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
- }
- }
Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
hostName, String.valueOf(portNumber));
throw new ClientException(
diff --git a/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java b/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
index 7c70f19..665cbaa 100644
--- a/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
+++ b/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
@@ -94,7 +94,7 @@
// the Console application
private ConsoleApplication app;
- // Indicate if the truststore in in memory
+ // Indicate if the trust store in in memory
private boolean trustStoreInMemory = false;
// Indicate if the all certificates are accepted
@@ -103,7 +103,7 @@
// Indicate that the trust manager was created with the parameters provided
private boolean trustManagerInitialized;
- // The truststore to use for the SSL or STARTTLS connection
+ // The trust store to use for the SSL or STARTTLS connection
private KeyStore truststore;
private String keystorePath;
@@ -835,8 +835,8 @@
trustAll = secureArgsList.trustAllArg.isPresent();
- // Try to use the local instance trustore, to avoid certifacte validation
- // when both the CLI and the server are in the same instance.
+ // Try to use the local instance trust store, to avoid certificate
+ // validation when both the CLI and the server are in the same instance.
if (weDontKnowTheTrustMethod) {
if (addLocalTrustStore()) {
weDontKnowTheTrustMethod = false;
@@ -883,7 +883,7 @@
else if (result.getValue().equals(
TrustMethod.TRUSTSTORE.getChoice()))
{
- // We have to ask for truststore info
+ // We have to ask for trust store info
askForTrustStore = true;
}
else if (result.getValue().equals(
@@ -917,7 +917,7 @@
}
// If we do not trust all server certificates, we have to get info
- // about truststore. First get the truststore path.
+ // about trust store. First get the trust store path.
truststorePath = secureArgsList.trustStorePathArg.getValue();
if (app.isInteractive() && !secureArgsList.trustStorePathArg.isPresent()
@@ -1438,9 +1438,9 @@
}
/**
- * Indicate if the truststore is in memory.
+ * Indicate if the trust store is in memory.
*
- * @return true if the truststore is in memory.
+ * @return true if the trust store is in memory.
*/
public boolean isTrustStoreInMemory() {
return this.trustStoreInMemory;
@@ -1933,7 +1933,7 @@
/**
* Resets the trust manager, so that next time we call the run() method
- * the trust manager takes into account the local truststore.
+ * the trust manager takes into account the local trust store.
*/
public void resetTrustManager()
{
@@ -2043,7 +2043,7 @@
private void initializeTrustManager() throws ArgumentException
{
- // Get truststore info
+ // Get trust store info
trustManager = getTrustManagerInternal();
// Check if we need client side authentication
@@ -2076,7 +2076,7 @@
/**
* Add the TrustStore of the administration connector of the local instance.
*
- * @return true if the local trustore has been added.
+ * @return true if the local trust store has been added.
*/
private boolean addLocalTrustStore()
{
--
Gitblit v1.10.0