From 3ee2cc20c54dbde5e7a9fceace7134a156ee63d3 Mon Sep 17 00:00:00 2001
From: lutoff <lutoff@localhost>
Date: Fri, 15 Jun 2007 08:06:11 +0000
Subject: [PATCH] Add the following global options in dsservice to handle client truststore
---
opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java | 44 ++++++++---
opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java | 7 +
opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java | 139 ++++++++++++++++++++++++++++++++++
opends/src/quicksetup/org/opends/quicksetup/Application.java | 2
4 files changed, 176 insertions(+), 16 deletions(-)
diff --git a/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java b/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
index 2a3587b..cf2f9ec 100644
--- a/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
+++ b/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -94,8 +94,9 @@
/**
* The default constructor.
+ * @param keystore The keystore to use for this trustmanager.
*/
- public ApplicationTrustManager()
+ public ApplicationTrustManager(KeyStore keystore)
{
TrustManagerFactory tmf = null;
String algo = "SunX509";
@@ -103,7 +104,7 @@
try
{
tmf = TrustManagerFactory.getInstance(algo, provider);
- tmf.init((KeyStore)null);
+ tmf.init(keystore);
sunJSSEX509TrustManager =
(X509TrustManager)(tmf.getTrustManagers())[0];
}
@@ -294,7 +295,7 @@
*/
public ApplicationTrustManager createCopy()
{
- ApplicationTrustManager copy = new ApplicationTrustManager();
+ ApplicationTrustManager copy = new ApplicationTrustManager(null);
copy.lastRefusedAuthType = lastRefusedAuthType;
copy.lastRefusedChain = lastRefusedChain;
copy.lastRefusedCause = lastRefusedCause;
diff --git a/opends/src/quicksetup/org/opends/quicksetup/Application.java b/opends/src/quicksetup/org/opends/quicksetup/Application.java
index 9cb4682..f6a5d27 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/Application.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/Application.java
@@ -536,7 +536,7 @@
{
if (trustManager == null)
{
- trustManager = new ApplicationTrustManager();
+ trustManager = new ApplicationTrustManager(null);
}
return trustManager;
}
diff --git a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java
index a753bdc..d524df2 100644
--- a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java
+++ b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliMain.java
@@ -223,22 +223,42 @@
String pwd = argParser.getBindPassword(dn,out,err) ;
// Try to connect
- String ldapUrl = "ldap://"+host+":"+port;
-
- InitialLdapContext ctx = null;
- ReturnCode returnCode = ReturnCode.SUCCESSFUL ;
- try
+ InitialLdapContext ctx = null;
+ ReturnCode returnCode = ReturnCode.SUCCESSFUL;
+ if (argParser.useSSL())
{
- ctx = ConnectionUtils.createLdapContext(ldapUrl, dn, pwd,
- ConnectionUtils.getDefaultLDAPTimeout(), null);
+ String ldapsUrl = "ldaps://" + host + ":" + port;
+ try
+ {
+ ctx = ConnectionUtils.createLdapsContext(ldapsUrl,
+ dn, pwd, ConnectionUtils.getDefaultLDAPTimeout(), null,
+ argParser.getTrustManager());
+ }
+ catch (NamingException e)
+ {
+ int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
+ String message = getMessage(msgID, host);
+
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
+ }
}
- catch (NamingException e)
+ else
{
- int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
- String message = getMessage(msgID, host);
+ String ldapUrl = "ldap://" + host + ":" + port;
+ try
+ {
+ ctx = ConnectionUtils.createLdapContext(ldapUrl, dn, pwd,
+ ConnectionUtils.getDefaultLDAPTimeout(), null);
+ }
+ catch (NamingException e)
+ {
+ int msgID = MSGID_ADMIN_CANNOT_CONNECT_TO_ADS;
+ String message = getMessage(msgID, host);
- err.println(wrapText(message, MAX_LINE_WIDTH));
- return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return ReturnCode.CANNOT_CONNECT_TO_ADS.getReturnCode();
+ }
}
ADSContext adsContext = new ADSContext(ctx);
diff --git a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java
index e9aeade..fa1e865 100644
--- a/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java
+++ b/opends/src/server/org/opends/server/admin/client/cli/DsServiceCliParser.java
@@ -33,12 +33,21 @@
import static org.opends.server.util.ServerConstants.MAX_LINE_WIDTH;
import static org.opends.server.util.StaticUtils.wrapText;
+import java.io.FileInputStream;
+import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
import java.util.HashSet;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import org.opends.admin.ads.ADSContext;
import org.opends.admin.ads.ADSContextException;
+import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.server.admin.client.cli.DsServiceCliReturnCode.ReturnCode;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.DebugLogLevel;
@@ -51,6 +60,7 @@
import org.opends.server.util.args.SubCommand;
import org.opends.server.util.args.SubCommandArgumentParser;
+
/**
* This class will parser CLI arguments.
*/
@@ -102,6 +112,27 @@
private BooleanArgument verboseArg = null;
/**
+ * The 'trustStore' global argument.
+ */
+ private StringArgument trustStorePathArg = null;
+
+ /**
+ * The 'trustStorePassword' global argument.
+ */
+ private StringArgument trustStorePasswordArg = null;
+
+ /**
+ * The 'trustStorePasswordFile' global argument.
+ */
+ private FileBasedArgument trustStorePasswordFileArg = null;
+
+ /**
+ * The Logger.
+ */
+ static private final Logger LOG =
+ Logger.getLogger(DsServiceCliParser.class.getName());
+
+ /**
* The diferent CLI group.
*/
public HashSet<DsServiceCliSubCommandGroup> cliGroup;
@@ -206,6 +237,24 @@
MSGID_DESCRIPTION_BINDPASSWORDFILE);
addGlobalArgument(bindPasswordFileArg);
+ trustStorePathArg = new StringArgument("trustStorePath",
+ OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false,
+ false, true, OPTION_VALUE_TRUSTSTOREPATH, null, null,
+ MSGID_DESCRIPTION_TRUSTSTOREPATH);
+ addGlobalArgument(trustStorePathArg);
+
+ trustStorePasswordArg = new StringArgument("trustStorePassword", null,
+ OPTION_LONG_TRUSTSTORE_PWD, false, false, true,
+ OPTION_VALUE_TRUSTSTORE_PWD, null, null,
+ MSGID_DESCRIPTION_TRUSTSTOREPASSWORD);
+ addGlobalArgument(trustStorePasswordArg);
+
+ trustStorePasswordFileArg = new FileBasedArgument("truststorepasswordfile",
+ OPTION_SHORT_TRUSTSTORE_PWD_FILE, OPTION_LONG_TRUSTSTORE_PWD_FILE,
+ false, false, OPTION_VALUE_TRUSTSTORE_PWD_FILE, null, null,
+ MSGID_DESCRIPTION_TRUSTSTOREPASSWORD_FILE);
+ addGlobalArgument(trustStorePasswordFileArg);
+
verboseArg = new BooleanArgument("verbose", 'v', "verbose",
MSGID_DESCRIPTION_VERBOSE);
addGlobalArgument(verboseArg);
@@ -383,6 +432,84 @@
}
}
+
+ /**
+ * Indicate if the SSL mode is required.
+ *
+ * @return True if SSL mode is required
+ */
+ public boolean useSSL()
+ {
+ if (useSSLArg.isPresent())
+ {
+ return true;
+ }
+ else
+ {
+ return false ;
+ }
+ }
+
+ /**
+ * Handle TrustStore.
+ *
+ * @return The trustStore manager to be used for the command.
+ */
+ public ApplicationTrustManager getTrustManager()
+ {
+ ApplicationTrustManager trustStore = null ;
+ KeyStore keyStore = null ;
+ if (trustStorePathArg.isPresent())
+ {
+ try
+ {
+ FileInputStream fos = new FileInputStream(trustStorePathArg.getValue());
+ String trustStorePasswordValue = null;
+ if (trustStorePasswordArg.isPresent())
+ {
+ trustStorePasswordValue = trustStorePasswordArg.getValue();
+ }
+ else if (trustStorePasswordFileArg.isPresent())
+ {
+ trustStorePasswordValue = trustStorePasswordFileArg.getValue();
+ }
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ keyStore.load(fos, trustStorePasswordValue.toCharArray());
+ }
+ catch (KeyStoreException e)
+ {
+ // Nothing to do: if this occurs we will systematically refuse the
+ // certificates. Maybe we should avoid this and be strict, but we are
+ // in a best effor mode.
+ LOG.log(Level.WARNING, "Error with the keystore", e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ // Nothing to do: if this occurs we will systematically refuse the
+ // certificates. Maybe we should avoid this and be strict, but we are
+ // in a best effor mode.
+ LOG.log(Level.WARNING, "Error with the keystore", e);
+ }
+ catch (CertificateException e)
+ {
+ // Nothing to do: if this occurs we will systematically refuse the
+ // certificates. Maybe we should avoid this and be strict, but we are
+ // in a best effor mode.
+ LOG.log(Level.WARNING, "Error with the keystore", e);
+ }
+ catch (IOException e)
+ {
+ // Nothing to do: if this occurs we will systematically refuse the
+ // certificates. Maybe we should avoid this and be strict, but we are
+ // in a best effor mode.
+ LOG.log(Level.WARNING, "Error with the keystore", e);
+ }
+ }
+ trustStore = new ApplicationTrustManager(keyStore);
+ trustStore.setHost(getHostName());
+ return trustStore ;
+ }
+
/**
* Indication if provided global options are validate.
*
@@ -404,6 +531,18 @@
return returnCode.CONFLICTING_ARGS.getReturnCode();
}
+ // Couldn't have at the same time trustStorePasswordArg and
+ // trustStorePasswordFileArg
+ if (trustStorePasswordArg.isPresent()
+ && trustStorePasswordFileArg.isPresent())
+ {
+ int msgID = MSGID_TOOL_CONFLICTING_ARGS;
+ String message = getMessage(msgID, trustStorePasswordArg
+ .getLongIdentifier(), trustStorePasswordFileArg.getLongIdentifier());
+ err.println(wrapText(message, MAX_LINE_WIDTH));
+ return returnCode.CONFLICTING_ARGS.getReturnCode();
+ }
+
return ReturnCode.SUCCESSFUL_NOP.getReturnCode();
}
--
Gitblit v1.10.0