From 36d41eebc3cc0b9656a688976c26bf5f819188c3 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Tue, 28 Sep 2021 20:02:43 +0000
Subject: [PATCH] fix: Fix rebuild-index in FIPS mode (#189)
---
opendj-cli/src/main/java/com/forgerock/opendj/cli/Utils.java | 22 ++++++++++++++++++++++
opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java | 16 ++++++++++------
opendj-server-legacy/src/main/java/org/opends/server/util/cli/LDAPConnectionArgumentParser.java | 4 ++--
3 files changed, 34 insertions(+), 8 deletions(-)
diff --git a/opendj-cli/src/main/java/com/forgerock/opendj/cli/Utils.java b/opendj-cli/src/main/java/com/forgerock/opendj/cli/Utils.java
index 0e3658f..59b77e5 100644
--- a/opendj-cli/src/main/java/com/forgerock/opendj/cli/Utils.java
+++ b/opendj-cli/src/main/java/com/forgerock/opendj/cli/Utils.java
@@ -34,7 +34,9 @@
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.Date;
+import java.util.Optional;
import java.util.StringTokenizer;
import java.util.TimeZone;
@@ -732,4 +734,24 @@
return ERR_TOOL_CONFLICTING_ARGS.get(arg1.getLongIdentifier(), arg2.getLongIdentifier());
}
+ /**
+ * Returns value of first present {@link Argument}.
+ *
+ * @param args
+ * Array of {@link Argument} which should checked
+ */
+ public static String getFirstArgumentValue(final Argument ... args) {
+ if (args == null) {
+ return null;
+ }
+
+ for (Argument arg : args) {
+ if (arg.isPresent()) {
+ return arg.getValue();
+ }
+ }
+
+ return null;
+ }
+
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
index 69019a2..5a7f3cd 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/SSLConnectionFactory.java
@@ -47,7 +47,7 @@
import com.forgerock.opendj.cli.ConnectionFactoryProvider;
import static org.opends.messages.ToolMessages.*;
-
+import static com.forgerock.opendj.util.StaticUtils.isFips;
/**
* This class provides SSL connection related utility functions.
@@ -127,11 +127,15 @@
getTrustManagers(KeyStore.getDefaultType(), null, trustStorePath,
trustStorePassword);
trustManagers = new TrustManager[tmpTrustManagers.length];
- for (int i=0; i < trustManagers.length; i++)
- {
- trustManagers[i] =
- new ExpirationCheckTrustManager((X509TrustManager)
- tmpTrustManagers[i]);
+ if (isFips()) {
+ trustManagers = tmpTrustManagers;
+ } else {
+ for (int i=0; i < trustManagers.length; i++)
+ {
+ trustManagers[i] =
+ new ExpirationCheckTrustManager((X509TrustManager)
+ tmpTrustManagers[i]);
+ }
}
}
if(keyStorePath != null)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/util/cli/LDAPConnectionArgumentParser.java b/opendj-server-legacy/src/main/java/org/opends/server/util/cli/LDAPConnectionArgumentParser.java
index b20128b..3bcb272 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/util/cli/LDAPConnectionArgumentParser.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/util/cli/LDAPConnectionArgumentParser.java
@@ -166,10 +166,10 @@
SSLConnectionFactory sslConnectionFactory = new SSLConnectionFactory();
sslConnectionFactory.init(args.getTrustAllArg().isPresent(),
args.getKeyStorePathArg().getValue(),
- args.getKeyStorePasswordArg().getValue(),
+ getFirstArgumentValue(args.getKeyStorePasswordArg(), args.getKeyStorePasswordFileArg()),
clientAlias,
args.getTrustStorePathArg().getValue(),
- args.getTrustStorePasswordArg().getValue());
+ getFirstArgumentValue(args.getTrustStorePasswordArg(), args.getTrustStorePasswordFileArg()));
connectionOptions.setSSLConnectionFactory(sslConnectionFactory);
}
catch (SSLConnectionException sce)
--
Gitblit v1.10.0