From 265df7b49bf091c79771e8a286f911f8e3ba488c Mon Sep 17 00:00:00 2001
From: lutoff <lutoff@localhost>
Date: Wed, 20 Jun 2007 08:56:58 +0000
Subject: [PATCH] Add the following global options in dsservice
---
opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java | 19 ++++++
opends/src/ads/org/opends/admin/ads/ADSContext.java | 15 +++-
opends/src/server/org/opends/server/admin/client/cli/DsServiceCliAds.java | 9 --
opends/src/ads/org/opends/admin/ads/util/ConnectionUtils.java | 11 ++-
opends/src/quicksetup/org/opends/quicksetup/util/Utils.java | 2
opends/src/ads/org/opends/admin/ads/util/ServerLoader.java | 2
opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java | 4
opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java | 110 +++++++++++++++++++++++++++++++++++-
8 files changed, 150 insertions(+), 22 deletions(-)
diff --git a/opends/src/ads/org/opends/admin/ads/ADSContext.java b/opends/src/ads/org/opends/admin/ads/ADSContext.java
index 239cfb2..bc1e02f 100644
--- a/opends/src/ads/org/opends/admin/ads/ADSContext.java
+++ b/opends/src/ads/org/opends/admin/ads/ADSContext.java
@@ -762,12 +762,13 @@
* The call to this method assumes that OpenDS.jar has already been loaded.
* So this should not be called by the Java Web Start before being sure that
* this jar is loaded.
+ * @param backendName the backend name which will handle admin inforamtion.
* @throws ADSContextException if something goes wrong.
*/
- public void createAdminData() throws ADSContextException
+ public void createAdminData(String backendName) throws ADSContextException
{
// Add the administration suffix
- createAdministrationSuffix();
+ createAdministrationSuffix(backendName);
// Create the DIT below the administration suffix
createTopContainerEntry();
@@ -1748,13 +1749,19 @@
/**
* Creates the Administration Suffix.
+ * @param backendName TODO
* @throws ADSContextException if something goes wrong.
*/
- private void createAdministrationSuffix()
+ private void createAdministrationSuffix(String backendName)
throws ADSContextException
{
ADSContextHelper helper = new ADSContextHelper();
- helper.createAdministrationSuffix(getDirContext(), getBackendName(),
+ String ben = backendName ;
+ if (backendName == null)
+ {
+ ben = getBackendName() ;
+ }
+ helper.createAdministrationSuffix(getDirContext(), ben,
"db", "importAdminTemp");
}
diff --git a/opends/src/ads/org/opends/admin/ads/util/ConnectionUtils.java b/opends/src/ads/org/opends/admin/ads/util/ConnectionUtils.java
index 1831427..a8e7656 100644
--- a/opends/src/ads/org/opends/admin/ads/util/ConnectionUtils.java
+++ b/opends/src/ads/org/opends/admin/ads/util/ConnectionUtils.java
@@ -233,11 +233,12 @@
* @param pwd passed as Context.SECURITY_CREDENTIALS if not null.
* @param timeout passed as com.sun.jndi.ldap.connect.timeout if > 0.
* @param env null or additional environment properties.
- * @param trustManager null or the trust manager to be invoked during SSL.
+ * @param trustManager null or the trust manager to be invoked during SSL
+ * negociation.
+ * @param keyManager null or the key manager to be invoked during SSL
* negociation.
* @param verifier null or the hostname verifier to be setup in the
* StartTlsResponse.
- *
* @return the established connection with the given parameters.
*
* @throws NamingException the exception thrown when instantiating
@@ -252,7 +253,8 @@
public static InitialLdapContext createStartTLSContext(String ldapsURL,
String dn, String pwd, int timeout, Hashtable<String, String> env,
- TrustManager trustManager, HostnameVerifier verifier)
+ TrustManager trustManager, KeyManager keyManager,
+ HostnameVerifier verifier)
throws NamingException
{
if (trustManager == null)
@@ -282,6 +284,7 @@
final String fDn = dn;
final String fPwd = pwd;
final TrustManager fTrustManager = trustManager;
+ final KeyManager fKeyManager = keyManager;
final HostnameVerifier fVerifier = verifier;
Thread t = new Thread(new Runnable() {
@@ -296,7 +299,7 @@
tls.setHostnameVerifier(fVerifier);
try
{
- tls.negotiate(new TrustedSocketFactory(fTrustManager,null));
+ tls.negotiate(new TrustedSocketFactory(fTrustManager,fKeyManager));
}
catch(IOException x) {
NamingException xx;
diff --git a/opends/src/ads/org/opends/admin/ads/util/ServerLoader.java b/opends/src/ads/org/opends/admin/ads/util/ServerLoader.java
index f4a7514..ba878b1 100644
--- a/opends/src/ads/org/opends/admin/ads/util/ServerLoader.java
+++ b/opends/src/ads/org/opends/admin/ads/util/ServerLoader.java
@@ -250,7 +250,7 @@
{
ctx = ConnectionUtils.createStartTLSContext(lastLdapUrl, dn, pwd,
ConnectionUtils.getDefaultLDAPTimeout(), null, trustManager,
- null);
+ null, null);
}
}
else
diff --git a/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java b/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
index 7b02fed..374232c 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
@@ -1606,7 +1606,7 @@
notifyListeners(getFormattedWithPoints(
getMsg("progress-creating-ads-on-remote", getHostDisplay(auth))));
- adsContext.createAdminData();
+ adsContext.createAdminData(null);
adsContext.createAdministrator(getAdministratorProperties());
adsContext.registerServer(
getRemoteServerProperties(auth.getHostName(),
@@ -3544,7 +3544,7 @@
try
{
ADSContext adsContext = new ADSContext(ctx);
- adsContext.createAdminData();
+ adsContext.createAdminData(null);
adsContext.registerServer(getNewServerAdsProperties());
if (getUserData().mustCreateAdministrator())
{
diff --git a/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java b/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java
index 06b08e3..1b51479 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java
@@ -944,7 +944,7 @@
throws NamingException
{
return ConnectionUtils.createStartTLSContext(ldapsURL, dn, pwd, timeout,
- env, trustManager, verifier);
+ env, trustManager, null, verifier);
}
diff --git a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliAds.java b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliAds.java
index bfcf427..14d7625 100644
--- a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliAds.java
+++ b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliAds.java
@@ -115,7 +115,7 @@
{
// Create-ads subcommand
createAdsSubCmd = new SubCommand(argParser, SubCommandNameEnum.CREATE_ADS
- .toString(), true, 3, 3, OPERAND_BACKEND,
+ .toString(), true, 1, 1, OPERAND_BACKEND,
MSGID_ADMIN_SUBCMD_CREATE_ADS_DESCRIPTION);
createAdsSubCmd.setHidden(true);
@@ -147,12 +147,7 @@
if (subCmd.getName().equals(createAdsSubCmd.getName()))
{
String backendName = subCmd.getTrailingArguments().get(0);
- String dbDirectory = subCmd.getTrailingArguments().get(1);
- String importTempDirectory = subCmd.getTrailingArguments().get(2);
- ADSContextHelper helper = new ADSContextHelper();
- adsContext.createAdminData();
- helper.createAdministrationSuffix(adsContext.getDirContext(),
- backendName, dbDirectory, importTempDirectory);
+ adsContext.createAdminData(backendName);
return ReturnCode.SUCCESSFUL;
}
else if (subCmd.getName().equals(deleteAdsSubCmd.getName()))
diff --git a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java
index 3ca7af5..c993a70 100644
--- a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java
+++ b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java
@@ -244,6 +244,25 @@
}
}
else
+ if (argParser.startTLS())
+ {
+ String ldapsUrl = "ldaps://" + host + ":" + port;
+ try
+ {
+ ctx = ConnectionUtils.createStartTLSContext(ldapsUrl, dn, pwd,
+ ConnectionUtils.getDefaultLDAPTimeout(), null, argParser
+ .getTrustManager(), argParser.getKeyManager(), null);
+ }
+ catch (NamingException e)
+ {
+ int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
+ String message = getMessage(msgID, host);
+
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
+ }
+ }
+ else
{
String ldapUrl = "ldap://" + host + ":" + port;
try
diff --git a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java
index 8e904fa..11f3ea9 100644
--- a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java
+++ b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java
@@ -45,6 +45,8 @@
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.net.ssl.KeyManager;
+
import org.opends.admin.ads.ADSContext;
import org.opends.admin.ads.ADSContextException;
import org.opends.admin.ads.util.ApplicationKeyManager;
@@ -53,6 +55,7 @@
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.util.PasswordReader;
+import org.opends.server.util.SelectableCertificateKeyManager;
import org.opends.server.util.args.ArgumentException;
import org.opends.server.util.args.BooleanArgument;
import org.opends.server.util.args.FileBasedArgument;
@@ -83,6 +86,11 @@
private BooleanArgument useSSLArg = null;
/**
+ * The 'startTLSArg' global argument.
+ */
+ private BooleanArgument startTLSArg = null;
+
+ /**
* The 'hostName' global argument.
*/
private StringArgument hostNameArg = null;
@@ -113,6 +121,11 @@
private BooleanArgument verboseArg = null;
/**
+ * The 'trustAllArg' global argument.
+ */
+ private BooleanArgument trustAllArg = null;
+
+ /**
* The 'trustStore' global argument.
*/
private StringArgument trustStorePathArg = null;
@@ -143,6 +156,11 @@
private FileBasedArgument keyStorePasswordFileArg = null;
/**
+ * The 'keyStorePasswordFile' global argument.
+ */
+ private StringArgument certNicknameArg = null;
+
+ /**
* The Logger.
*/
static private final Logger LOG =
@@ -227,6 +245,11 @@
OPTION_LONG_USE_SSL, MSGID_DESCRIPTION_USE_SSL);
addGlobalArgument(useSSLArg);
+ startTLSArg = new BooleanArgument("startTLS", OPTION_SHORT_START_TLS,
+ OPTION_LONG_START_TLS,
+ MSGID_DESCRIPTION_START_TLS);
+ addGlobalArgument(startTLSArg);
+
hostNameArg = new StringArgument("host", OPTION_SHORT_HOST,
OPTION_LONG_HOST, false, false, true, OPTION_VALUE_HOST, "localhost",
null, MSGID_DESCRIPTION_HOST);
@@ -253,6 +276,10 @@
MSGID_DESCRIPTION_BINDPASSWORDFILE);
addGlobalArgument(bindPasswordFileArg);
+ trustAllArg = new BooleanArgument("trustAll", 'X', "trustAll",
+ MSGID_DESCRIPTION_TRUSTALL);
+ addGlobalArgument(trustAllArg);
+
trustStorePathArg = new StringArgument("trustStorePath",
OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false,
false, true, OPTION_VALUE_TRUSTSTOREPATH, null, null,
@@ -289,6 +316,11 @@
MSGID_DESCRIPTION_KEYSTOREPASSWORD_FILE);
addGlobalArgument(keyStorePasswordFileArg);
+ certNicknameArg = new StringArgument("certnickname", 'N', "certNickname",
+ false, false, true, "{nickname}", null, null,
+ MSGID_DESCRIPTION_CERT_NICKNAME);
+ addGlobalArgument(certNicknameArg);
+
verboseArg = new BooleanArgument("verbose", 'v', "verbose",
MSGID_DESCRIPTION_VERBOSE);
addGlobalArgument(verboseArg);
@@ -485,6 +517,23 @@
}
/**
+ * Indicate if the startTLS mode is required.
+ *
+ * @return True if startTLS mode is required
+ */
+ public boolean startTLS()
+ {
+ if (startTLSArg.isPresent())
+ {
+ return true;
+ }
+ else
+ {
+ return false ;
+ }
+ }
+
+ /**
* Handle TrustStore.
*
* @return The trustStore manager to be used for the command.
@@ -493,6 +542,13 @@
{
ApplicationTrustManager truststoreManager = null ;
KeyStore truststore = null ;
+ if (trustAllArg.isPresent())
+ {
+ // Running a null TrustManager will force createLdapsContext and
+ // createStartTLSContext to use a bindTrustManager.
+ return null ;
+ }
+ else
if (trustStorePathArg.isPresent())
{
try
@@ -549,7 +605,7 @@
*
* @return The keyStore manager to be used for the command.
*/
- public ApplicationKeyManager getKeyManager()
+ public KeyManager getKeyManager()
{
KeyStore keyStore = null;
String keyStorePasswordValue = null;
@@ -606,8 +662,17 @@
LOG.log(Level.WARNING, "Error with the keystore", e);
}
}
- return new ApplicationKeyManager(keyStore, keyStorePasswordValue
- .toCharArray());
+ ApplicationKeyManager akm = new ApplicationKeyManager(keyStore,
+ keyStorePasswordValue.toCharArray());
+ if (certNicknameArg.isPresent())
+ {
+ return new SelectableCertificateKeyManager(akm, certNicknameArg
+ .getValue());
+ }
+ else
+ {
+ return akm;
+ }
}
/**
@@ -630,6 +695,33 @@
return returnCode.CONFLICTING_ARGS.getReturnCode();
}
+ // Couldn't have at the same time trustAll and
+ // trustStore related arg
+ if (trustAllArg.isPresent() && trustStorePathArg.isPresent())
+ {
+ int msgID = MSGID_TOOL_CONFLICTING_ARGS;
+ String message = getMessage(msgID, trustAllArg.getLongIdentifier(),
+ trustStorePathArg.getLongIdentifier());
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return returnCode.CONFLICTING_ARGS.getReturnCode();
+ }
+ if (trustAllArg.isPresent() && trustStorePasswordArg.isPresent())
+ {
+ int msgID = MSGID_TOOL_CONFLICTING_ARGS;
+ String message = getMessage(msgID, trustAllArg.getLongIdentifier(),
+ trustStorePasswordArg.getLongIdentifier());
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return returnCode.CONFLICTING_ARGS.getReturnCode();
+ }
+ if (trustAllArg.isPresent() && trustStorePasswordFileArg.isPresent())
+ {
+ int msgID = MSGID_TOOL_CONFLICTING_ARGS;
+ String message = getMessage(msgID, trustAllArg.getLongIdentifier(),
+ trustStorePasswordFileArg.getLongIdentifier());
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return returnCode.CONFLICTING_ARGS.getReturnCode();
+ }
+
// Couldn't have at the same time trustStorePasswordArg and
// trustStorePasswordFileArg
if (trustStorePasswordArg.isPresent()
@@ -642,6 +734,18 @@
return returnCode.CONFLICTING_ARGS.getReturnCode();
}
+ // Couldn't have at the same time startTLSArg and
+ // useSSLArg
+ if (startTLSArg.isPresent()
+ && useSSLArg.isPresent())
+ {
+ int msgID = MSGID_TOOL_CONFLICTING_ARGS;
+ String message = getMessage(msgID, startTLSArg
+ .getLongIdentifier(), useSSLArg.getLongIdentifier());
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return returnCode.CONFLICTING_ARGS.getReturnCode();
+ }
+
return ReturnCode.SUCCESSFUL_NOP.getReturnCode();
}
--
Gitblit v1.10.0