From 48b56b98806c177323d38bcdfdc75c7e98ddf70f Mon Sep 17 00:00:00 2001
From: Jean-Noël Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Tue, 23 Aug 2016 07:51:57 +0000
Subject: [PATCH] OPENDJ-3257 Error uninstalling servers configured with ssl enabled
---
opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ApplicationTrustManager.java | 2 +-
opendj-server-legacy/src/main/java/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java | 49 +++++++++++++++++++++----------------------------
2 files changed, 22 insertions(+), 29 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ApplicationTrustManager.java b/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ApplicationTrustManager.java
index 29271c9..4d66575 100644
--- a/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ApplicationTrustManager.java
+++ b/opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -364,7 +364,7 @@
try
{
DN dn = DN.valueOf(subjectX500Principal.getName());
- String value = dn.rdn(dn.size() - 1).getFirstAVA().getAttributeValue().toString();
+ String value = dn.rdn().getFirstAVA().getAttributeValue().toString();
matches = hostMatch(value, host);
if (!matches)
{
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java b/opendj-server-legacy/src/main/java/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
index 640f524..4e34adb 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
@@ -344,50 +344,43 @@
{
if (trustManager == null)
{
- KeyStore truststore = null;
if (trustAllArg.isPresent())
{
- // Running a null TrustManager will force createLdapsContext and
- // createStartTLSContext to use a bindTrustManager.
+ // force to use a blindTrustManager
return null;
}
else if (trustStorePathArg.isPresent())
{
- try (final FileInputStream fos = new FileInputStream(trustStorePathArg.getValue()))
+ String passwordStr = null;
+ if (trustStorePasswordArg.isPresent())
{
- String trustStorePasswordStringValue = null;
- if (trustStorePasswordArg.isPresent())
- {
- trustStorePasswordStringValue = trustStorePasswordArg.getValue();
- }
- else if (trustStorePasswordFileArg.isPresent())
- {
- trustStorePasswordStringValue = trustStorePasswordFileArg.getValue();
- }
+ passwordStr = trustStorePasswordArg.getValue();
+ }
+ else if (trustStorePasswordFileArg.isPresent())
+ {
+ passwordStr = trustStorePasswordFileArg.getValue();
+ }
+ if (passwordStr == null)
+ {
+ passwordStr = System.getProperty("javax.net.ssl.trustStorePassword");
+ }
- if (trustStorePasswordStringValue != null)
- {
- trustStorePasswordStringValue = System.getProperty("javax.net.ssl.trustStorePassword");
- }
+ char[] password = passwordStr != null ? passwordStr.toCharArray() : null;
- char[] trustStorePasswordValue = null;
- if (trustStorePasswordStringValue != null)
- {
- trustStorePasswordValue = trustStorePasswordStringValue.toCharArray();
- }
-
+ KeyStore truststore = null;
+ try (final FileInputStream fis = new FileInputStream(trustStorePathArg.getValue()))
+ {
truststore = KeyStore.getInstance(KeyStore.getDefaultType());
- truststore.load(fos, trustStorePasswordValue);
+ truststore.load(fis, password);
}
catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e)
{
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we
- // are in a best effort mode.
+ // Nothing to do: if this occurs we will systematically refuse the certificates.
+ // Maybe we should avoid this and be strict, but we are in a best effort mode.
logger.warn(LocalizableMessage.raw("Error with the truststore"), e);
}
+ trustManager = new ApplicationTrustManager(truststore);
}
- trustManager = new ApplicationTrustManager(truststore);
}
return trustManager;
}
--
Gitblit v1.10.0