From bb10a6bd50dc26325086697451d76ca6b7d95772 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 26 Sep 2007 18:57:15 +0000
Subject: [PATCH] Fix for 2306: configure replication encryption on or off in dsreplication and setup-gui
---
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/InstallerHelper.java | 37 ++
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java | 83 +++++-
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/ui/FieldName.java | 13
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/DataReplicationOptions.java | 122 +++++++--
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java | 28 ++
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Constants.java | 2
opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/EnableReplicationUserData.java | 46 +++
opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliArgumentParser.java | 42 +++
opendj-sdk/opends/src/messages/messages/admin_tool.properties | 43 ++
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/UserData.java | 53 +---
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ConfiguredReplication.java | 18 +
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/InstallReviewPanel.java | 31 +
opendj-sdk/opends/src/ads/org/opends/admin/ads/ServerDescriptor.java | 49 +++
opendj-sdk/opends/src/messages/messages/quicksetup.properties | 4
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/DataReplicationPanel.java | 29 ++
opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliMain.java | 107 ++++++--
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/RemoteReplicationPortsPanel.java | 42 ++
17 files changed, 607 insertions(+), 142 deletions(-)
diff --git a/opendj-sdk/opends/src/ads/org/opends/admin/ads/ServerDescriptor.java b/opendj-sdk/opends/src/ads/org/opends/admin/ads/ServerDescriptor.java
index 35aebfb..361b086 100644
--- a/opendj-sdk/opends/src/ads/org/opends/admin/ads/ServerDescriptor.java
+++ b/opendj-sdk/opends/src/ads/org/opends/admin/ads/ServerDescriptor.java
@@ -113,6 +113,10 @@
*/
IS_REPLICATION_ENABLED,
/**
+ * The associated value is a Boolean.
+ */
+ IS_REPLICATION_SECURE,
+ /**
* List of servers specified in the Replication Server configuration.
* This is a Set of String.
*/
@@ -245,6 +249,27 @@
}
/**
+ * Returns whether the communication with the replication port on the server
+ * is encrypted or not.
+ * @return <CODE>true</CODE> if the communication with the replication port on
+ * the server is encrypted and <CODE>false</CODE> otherwise.
+ */
+ public boolean isReplicationSecure()
+ {
+ boolean isReplicationSecure;
+ if (isReplicationServer())
+ {
+ isReplicationSecure = Boolean.TRUE.equals(serverProperties.get(
+ ServerProperty.IS_REPLICATION_SECURE));
+ }
+ else
+ {
+ isReplicationSecure = false;
+ }
+ return isReplicationSecure;
+ }
+
+ /**
* Sets the ADS properties of the server.
* @param adsProperties a Map containing the ADS properties of the server.
*/
@@ -873,6 +898,30 @@
{
}
}
+
+ boolean replicationSecure = false;
+ if (replicationEnabled)
+ {
+ ctls = new SearchControls();
+ ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
+ ctls.setReturningAttributes(
+ new String[] {"ds-cfg-ssl-encryption"});
+ filter = "(objectclass=ds-cfg-crypto-manager)";
+
+ jndiName = new LdapName("cn=Crypto Manager,cn=config");
+
+ NamingEnumeration entries = ctx.search(jndiName, filter, ctls);
+
+ while(entries.hasMore())
+ {
+ SearchResult sr = (SearchResult)entries.next();
+
+ String v = getFirstValue(sr, "ds-cfg-ssl-encryption");
+ replicationSecure = "true".equalsIgnoreCase(v);
+ }
+ }
+ desc.serverProperties.put(ServerProperty.IS_REPLICATION_SECURE,
+ replicationSecure ? Boolean.TRUE : Boolean.FALSE);
}
/**
diff --git a/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/EnableReplicationUserData.java b/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/EnableReplicationUserData.java
index a15aa92..3020754 100644
--- a/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/EnableReplicationUserData.java
+++ b/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/EnableReplicationUserData.java
@@ -42,6 +42,7 @@
private boolean useStartTLS1;
private boolean useSSL1;
private int replicationPort1;
+ private boolean secureReplication1;
private String hostName2;
private int port2;
private String pwd2;
@@ -49,6 +50,7 @@
private boolean useStartTLS2;
private boolean useSSL2;
private int replicationPort2;
+ private boolean secureReplication2;
private boolean replicateSchema = true;
/**
@@ -343,4 +345,48 @@
{
this.replicateSchema = replicateSchema;
}
+
+ /**
+ * Returns <CODE>true</CODE> if the user asked to have secure replication
+ * communication with the first server and <CODE>false</CODE> otherwise.
+ * @return <CODE>true</CODE> if the user asked to have secure replication
+ * communication with the first server and <CODE>false</CODE> otherwise.
+ */
+ public boolean isSecureReplication1()
+ {
+ return secureReplication1;
+ }
+
+ /**
+ * Sets whether to have secure replication communication with the first server
+ * or not.
+ * @param secureReplication1 whether to have secure replication communication
+ * with the first server or not.
+ */
+ public void setSecureReplication1(boolean secureReplication1)
+ {
+ this.secureReplication1 = secureReplication1;
+ }
+
+ /**
+ * Returns <CODE>true</CODE> if the user asked to have secure replication
+ * communication with the second server and <CODE>false</CODE> otherwise.
+ * @return <CODE>true</CODE> if the user asked to have secure replication
+ * communication with the second server and <CODE>false</CODE> otherwise.
+ */
+ public boolean isSecureReplication2()
+ {
+ return secureReplication2;
+ }
+
+ /**
+ * Sets whether to have secure replication communication with the second
+ * server or not.
+ * @param secureReplication2 whether to have secure replication communication
+ * with the second server or not.
+ */
+ public void setSecureReplication2(boolean secureReplication2)
+ {
+ this.secureReplication2 = secureReplication2;
+ }
}
diff --git a/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliArgumentParser.java b/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliArgumentParser.java
index 234fb31..118a07e 100644
--- a/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliArgumentParser.java
+++ b/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliArgumentParser.java
@@ -104,6 +104,11 @@
private IntegerArgument replicationPort1Arg = null;
/**
+ * The 'secureReplication' argument for the first server.
+ */
+ private BooleanArgument secureReplication1Arg = null;
+
+ /**
* The 'hostName' argument for the second server.
*/
private StringArgument hostName2Arg = null;
@@ -144,6 +149,11 @@
private IntegerArgument replicationPort2Arg = null;
/**
+ * The 'secureReplication' argument for the second server.
+ */
+ private BooleanArgument secureReplication2Arg = null;
+
+ /**
* The 'skipPortCheckArg' argument to not check replication ports.
*/
private BooleanArgument skipPortCheckArg;
@@ -471,6 +481,10 @@
"replicationPort1", false, false, true, OPTION_VALUE_PORT, 8989, null,
INFO_DESCRIPTION_ENABLE_REPLICATION_PORT1.get());
+ secureReplication1Arg = new BooleanArgument("secureReplication1", null,
+ "secureReplication1",
+ INFO_DESCRIPTION_ENABLE_SECURE_REPLICATION1.get());
+
hostName2Arg = new StringArgument("host2", 'O',
"host2", false, false, true, OPTION_VALUE_HOST, "localhost",
null, INFO_DESCRIPTION_ENABLE_REPLICATION_HOST2.get());
@@ -505,6 +519,10 @@
"replicationPort2", false, false, true, OPTION_VALUE_PORT, 8989, null,
INFO_DESCRIPTION_ENABLE_REPLICATION_PORT2.get());
+ secureReplication2Arg = new BooleanArgument("secureReplication2", null,
+ "secureReplication2",
+ INFO_DESCRIPTION_ENABLE_SECURE_REPLICATION2.get());
+
skipPortCheckArg = new BooleanArgument(
"skipportcheck", 'S', "skipPortCheck",
INFO_DESCRIPTION_ENABLE_REPLICATION_SKIPPORT.get());
@@ -520,8 +538,10 @@
Argument[] argsToAdd = {
hostName1Arg, port1Arg, bindDn1Arg, bindPassword1Arg,
bindPasswordFile1Arg, useStartTLS1Arg, useSSL1Arg, replicationPort1Arg,
+ secureReplication1Arg,
hostName2Arg, port2Arg, bindDn2Arg, bindPassword2Arg,
bindPasswordFile2Arg, useStartTLS2Arg, useSSL2Arg, replicationPort2Arg,
+ secureReplication2Arg,
skipPortCheckArg, noSchemaReplicationArg
};
for (int i=0; i<argsToAdd.length; i++)
@@ -1030,6 +1050,17 @@
}
/**
+ * Returns whether the user asked to have replication communication with the
+ * first server or not.
+ * @return <CODE>true</CODE> the user asked to have replication communication
+ * with the first server and <CODE>false</CODE> otherwise.
+ */
+ public boolean isSecureReplication1()
+ {
+ return secureReplication1Arg.isPresent();
+ }
+
+ /**
* Returns the second host name explicitly provided in the enable replication
* subcommand.
* @return the second host name explicitly provided in the enable replication
@@ -1119,6 +1150,17 @@
}
/**
+ * Returns whether the user asked to have replication communication with the
+ * second server or not.
+ * @return <CODE>true</CODE> the user asked to have replication communication
+ * with the second server and <CODE>false</CODE> otherwise.
+ */
+ public boolean isSecureReplication2()
+ {
+ return secureReplication2Arg.isPresent();
+ }
+
+ /**
* Returns whether the user asked to skip the replication port checks (if the
* ports are free) or not.
* @return <CODE>true</CODE> the user asked to skip the replication port
diff --git a/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliMain.java b/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliMain.java
index a12b707..6b93164 100644
--- a/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliMain.java
+++ b/opendj-sdk/opends/src/guitools/org/opends/guitools/replicationcli/ReplicationCliMain.java
@@ -599,6 +599,7 @@
uData.setUseStartTLS1(useStartTLS1);
}
int replicationPort1 = -1;
+ boolean secureReplication1 = argParser.isSecureReplication1();
if (ctx1 != null)
{
// Try to get the replication port for server 1 only if it is required.
@@ -642,6 +643,12 @@
}
}
}
+ if (!secureReplication1)
+ {
+ secureReplication1 =
+ confirm(INFO_REPLICATION_ENABLE_SECURE1_PROMPT.get(
+ String.valueOf(replicationPort1)), false);
+ }
}
// If the server contains an ADS. Try to load it and only load it: if
// there are issues with the ADS they will be encountered in the
@@ -657,6 +664,7 @@
}
}
uData.setReplicationPort1(replicationPort1);
+ uData.setSecureReplication1(secureReplication1);
/*
* Prompt for information on the second server.
@@ -802,6 +810,7 @@
uData.setUseStartTLS2(useStartTLS2);
}
int replicationPort2 = -1;
+ boolean secureReplication2 = argParser.isSecureReplication2();
if (ctx2 != null)
{
if (!hasReplicationPort(ctx2))
@@ -845,16 +854,23 @@
}
if (host1.equalsIgnoreCase(host2))
{
- if (replicationPort1 == replicationPort2)
+ if ((replicationPort1 > 0) &&
+ (replicationPort1 == replicationPort2))
{
printLineBreak();
printErrorMessage(ERR_REPLICATION_SAME_REPLICATION_PORT.get(
- String.valueOf(replicationPort1), host1));
+ String.valueOf(replicationPort2), host1));
printLineBreak();
replicationPort2 = -1;
}
}
}
+ if (!secureReplication2)
+ {
+ secureReplication2 =
+ confirm(INFO_REPLICATION_ENABLE_SECURE2_PROMPT.get(
+ String.valueOf(replicationPort2)), false);
+ }
}
// If the server contains an ADS. Try to load it and only load it: if
// there are issues with the ADS they will be encountered in the
@@ -869,6 +885,7 @@
}
}
uData.setReplicationPort2(replicationPort2);
+ uData.setSecureReplication2(secureReplication2);
// If the adminUid and adminPwd are not set in the EnableReplicationUserData
// object, that means that there are no administrators and that they
@@ -1721,6 +1738,7 @@
int replicationPort1 = getValue(argParser.getReplicationPort1(),
argParser.getDefaultReplicationPort1());
uData.setReplicationPort1(replicationPort1);
+ uData.setSecureReplication1(argParser.isSecureReplication1());
String host2Name = getValue(argParser.getHostName2(),
argParser.getDefaultHostName2());
@@ -1760,6 +1778,7 @@
int replicationPort2 = getValue(argParser.getReplicationPort2(),
argParser.getDefaultReplicationPort2());
uData.setReplicationPort2(replicationPort2);
+ uData.setSecureReplication2(argParser.isSecureReplication2());
uData.setReplicateSchema(!argParser.noSchemaReplication());
}
@@ -1887,9 +1906,6 @@
ReplicationSynchronizationProviderCfgClient sync = null;
sync = (ReplicationSynchronizationProviderCfgClient)
root.getSynchronizationProvider("Multimaster Synchronization");
- /*
- * Configure the replication server.
- */
if (sync.hasReplicationServer())
{
ReplicationServerCfgClient replicationServer =
@@ -3482,7 +3498,8 @@
try
{
configureAsReplicationServer(ctx1, uData.getReplicationPort1(),
- allRepServers, usedReplicationServerIds);
+ uData.isSecureReplication1(), allRepServers,
+ usedReplicationServerIds);
}
catch (OpenDsException ode)
{
@@ -3512,7 +3529,8 @@
try
{
configureAsReplicationServer(ctx2, uData.getReplicationPort2(),
- allRepServers, usedReplicationServerIds);
+ uData.isSecureReplication2(), allRepServers,
+ usedReplicationServerIds);
}
catch (OpenDsException ode)
{
@@ -3897,27 +3915,28 @@
}
}
}
- int nCols;
final int SERVERPORT = 0;
final int NUMBER_ENTRIES = 1;
final int MISSING_CHANGES = 2;
final int AGE_OF_OLDEST_MISSING_CHANGE = 3;
+ final int REPLICATION_PORT = 4;
+ final int SECURE = 5;
Message[] headers;
if (scriptFriendly)
{
if (isReplicated)
{
- nCols = 4;
headers = new Message[] {
INFO_REPLICATION_STATUS_LABEL_SERVERPORT.get(),
INFO_REPLICATION_STATUS_LABEL_NUMBER_ENTRIES.get(),
INFO_REPLICATION_STATUS_LABEL_MISSING_CHANGES.get(),
- INFO_REPLICATION_STATUS_LABEL_AGE_OF_OLDEST_MISSING_CHANGE.get()
+ INFO_REPLICATION_STATUS_LABEL_AGE_OF_OLDEST_MISSING_CHANGE.get(),
+ INFO_REPLICATION_STATUS_LABEL_REPLICATION_PORT.get(),
+ INFO_REPLICATION_STATUS_LABEL_SECURE.get()
};
}
else
{
- nCols = 2;
headers = new Message[] {
INFO_REPLICATION_STATUS_LABEL_SERVERPORT.get(),
INFO_REPLICATION_STATUS_LABEL_NUMBER_ENTRIES.get()
@@ -3928,26 +3947,26 @@
{
if (isReplicated)
{
- nCols = 4;
headers = new Message[] {
INFO_REPLICATION_STATUS_HEADER_SERVERPORT.get(),
INFO_REPLICATION_STATUS_HEADER_NUMBER_ENTRIES.get(),
INFO_REPLICATION_STATUS_HEADER_MISSING_CHANGES.get(),
- INFO_REPLICATION_STATUS_HEADER_AGE_OF_OLDEST_MISSING_CHANGE.get()
+ INFO_REPLICATION_STATUS_HEADER_AGE_OF_OLDEST_MISSING_CHANGE.get(),
+ INFO_REPLICATION_STATUS_HEADER_REPLICATION_PORT.get(),
+ INFO_REPLICATION_STATUS_HEADER_SECURE.get()
};
}
else
{
- nCols = 2;
headers = new Message[] {
INFO_REPLICATION_STATUS_HEADER_SERVERPORT.get(),
INFO_REPLICATION_STATUS_HEADER_NUMBER_ENTRIES.get()
};
}
}
- Message[][] values = new Message[orderedReplicas.size()][nCols];
+ Message[][] values = new Message[orderedReplicas.size()][headers.length];
- int[] maxWidths = new int[nCols];
+ int[] maxWidths = new int[headers.length];
int i;
for (i=0; i<maxWidths.length; i++)
{
@@ -3958,7 +3977,7 @@
for (ReplicaDescriptor replica : orderedReplicas)
{
Message v;
- for (int j=0; j<nCols; j++)
+ for (int j=0; j<headers.length; j++)
{
switch (j)
{
@@ -3973,7 +3992,7 @@
}
else
{
- v = INFO_NOT_AVAILABLE_LABEL.get();
+ v = INFO_NOT_AVAILABLE_SHORT_LABEL.get();
}
break;
case MISSING_CHANGES:
@@ -3984,7 +4003,7 @@
}
else
{
- v = INFO_NOT_AVAILABLE_LABEL.get();
+ v = INFO_NOT_AVAILABLE_SHORT_LABEL.get();
}
break;
case AGE_OF_OLDEST_MISSING_CHANGE:
@@ -3995,7 +4014,28 @@
}
else
{
- v = INFO_NOT_AVAILABLE_LABEL.get();
+ v = INFO_NOT_AVAILABLE_SHORT_LABEL.get();
+ }
+ break;
+ case REPLICATION_PORT:
+ int replicationPort = replica.getServer().getReplicationServerPort();
+ if (replicationPort >= 0)
+ {
+ v = Message.raw(String.valueOf(replicationPort));
+ }
+ else
+ {
+ v = INFO_NOT_AVAILABLE_SHORT_LABEL.get();
+ }
+ break;
+ case SECURE:
+ if (replica.getServer().isReplicationSecure())
+ {
+ v = INFO_REPLICATION_STATUS_SECURITY_ENABLED.get();
+ }
+ else
+ {
+ v = INFO_REPLICATION_STATUS_SECURITY_DISABLED.get();
}
break;
default:
@@ -4031,7 +4071,7 @@
};
for (i=0; i<labels.length; i++)
{
- printProgressMessage(labels[i]+": "+vs[i]);
+ printProgressMessage(labels[i]+" "+vs[i]);
printProgressLineBreak();
}
@@ -4041,7 +4081,7 @@
printProgressLineBreak();
for (int j=0; j<values[i].length; j++)
{
- printProgressMessage(headers[j]+": "+values[i][j]);
+ printProgressMessage(headers[j]+" "+values[i][j]);
printProgressLineBreak();
}
}
@@ -4050,13 +4090,13 @@
{
if (isReplicated)
{
- printProgressMessage(
+ printProgressMessageNoWrap(
INFO_REPLICATION_STATUS_REPLICATED.get(dn));
printProgressLineBreak();
}
else
{
- printProgressMessage(
+ printProgressMessageNoWrap(
INFO_REPLICATION_STATUS_NOT_REPLICATED.get(dn));
printProgressLineBreak();
}
@@ -4077,16 +4117,16 @@
{
builder.append("=");
}
- printProgressMessage(builder.toString());
+ printProgressMessageNoWrap(builder.toString());
printProgressLineBreak();
- printProgressMessage(headerLine.toMessage());
+ printProgressMessageNoWrap(headerLine.toMessage());
printProgressLineBreak();
builder = new StringBuilder();
for (i=0; i<headerLine.length(); i++)
{
builder.append("-");
}
- printProgressMessage(builder.toString());
+ printProgressMessageNoWrap(builder.toString());
printProgressLineBreak();
for (i=0; i<values.length; i++)
@@ -4102,7 +4142,7 @@
line.append(" ");
}
}
- printProgressMessage(line.toMessage());
+ printProgressMessageNoWrap(line.toMessage());
printProgressLineBreak();
}
}
@@ -4233,6 +4273,8 @@
* port.
* @param ctx the context connected to the server that we want to configure.
* @param replicationPort the replication port of the replication server.
+ * @param useSecureReplication whether to have encrypted communication with
+ * the replication port or not.
* @param replicationServers the list of replication servers to which the
* replication server will communicate with.
* @param usedReplicationServerIds the set of replication server IDs that
@@ -4241,7 +4283,8 @@
* @throws OpenDsException if there is an error updating the configuration.
*/
private void configureAsReplicationServer(InitialLdapContext ctx,
- int replicationPort, LinkedHashSet<String> replicationServers,
+ int replicationPort, boolean useSecureReplication,
+ LinkedHashSet<String> replicationServers,
Set<Integer> usedReplicationServerIds) throws OpenDsException
{
printProgressMessage(formatter.getFormattedWithPoints(
@@ -4296,6 +4339,12 @@
if (!sync.hasReplicationServer())
{
+ CryptoManagerCfgClient crypto = root.getCryptoManager();
+ if (useSecureReplication != crypto.isSSLEncryption())
+ {
+ crypto.setSSLEncryption(useSecureReplication);
+ crypto.commit();
+ }
int id = InstallerHelper.getReplicationId(usedReplicationServerIds);
usedReplicationServerIds.add(id);
replicationServer = sync.createReplicationServer(
diff --git a/opendj-sdk/opends/src/messages/messages/admin_tool.properties b/opendj-sdk/opends/src/messages/messages/admin_tool.properties
index b64e3b6..edb1cbd 100644
--- a/opendj-sdk/opends/src/messages/messages/admin_tool.properties
+++ b/opendj-sdk/opends/src/messages/messages/admin_tool.properties
@@ -242,6 +242,7 @@
INFO_NO_LISTENERS_FOUND=-No Listener Ports Found-
INFO_NOT_APPLICABLE_LABEL=--
INFO_NOT_AVAILABLE_AUTHENTICATION_REQUIRED_CLI_LABEL=<not available> (*)
+INFO_NOT_AVAILABLE_SHORT_LABEL=N/A
INFO_NOT_AVAILABLE_AUTHENTICATION_REQUIRED_CLI_LEGEND=* Information only \
available if you provide authentication information when launching the status \
command.
@@ -411,6 +412,10 @@
the replication mechanism in the first server to communicate with the other \
servers. You have to specify this option only if replication was not \
previously configured in the first server.
+INFO_DESCRIPTION_ENABLE_SECURE_REPLICATION1=Specifies whether or not the \
+ communication through the replication port of the first server is encrypted \
+ or not. This option will only be taken into account the first time \
+ replication is configured on the first server.
INFO_DESCRIPTION_ENABLE_REPLICATION_HOST2=Directory server hostname or IP \
address of the second server whose contents will be replicated
INFO_DESCRIPTION_ENABLE_REPLICATION_SERVER_PORT2=Directory server port \
@@ -432,10 +437,14 @@
password of the global administrator will be used to bind
INFO_DESCRIPTION_ENABLE_REPLICATION_USE_SSL2=Use SSL for secure \
communication with the second server
-INFO_DESCRIPTION_ENABLE_REPLICATION_PORT2=Specifies the port that will be used by \
- the replication mechanism in the second server to communicate with the other \
- servers. You have to specify this option only if replication was not \
+INFO_DESCRIPTION_ENABLE_REPLICATION_PORT2=Specifies the port that will be used \
+ by the replication mechanism in the second server to communicate with the \
+ other servers. You have to specify this option only if replication was not \
previously configured in the second server.
+INFO_DESCRIPTION_ENABLE_SECURE_REPLICATION2=Specifies whether or not the \
+ communication through the replication port of the second server is encrypted \
+ or not. This option will only be taken into account the first time \
+ replication is configured on the second server.
INFO_DESCRIPTION_ENABLE_REPLICATION_STARTTLS2=Use StartTLS to secure \
communication with the second server
INFO_DESCRIPTION_REPLICATION_BASEDNS=Specifies the Base DN of \
@@ -547,6 +556,8 @@
INFO_REPLICATION_ENABLE_PORT1_PROMPT=LDAP port of the first server
INFO_REPLICATION_ENABLE_REPLICATIONPORT1_PROMPT=Replication port for the first \
server (the port must be free)
+INFO_REPLICATION_ENABLE_SECURE1_PROMPT=Use encrypted communication with \
+ replication port %s for the first server?
INFO_REPLICATION_ENABLE_BINDDN1_PROMPT=Bind DN for the first server
INFO_REPLICATION_ENABLE_PASSWORD1_PROMPT=Password for %s on the first server:
INFO_REPLICATION_ENABLE_USESSL1_PROMPT=Use SSL to connect to the first server?
@@ -556,6 +567,8 @@
INFO_REPLICATION_ENABLE_PORT2_PROMPT=LDAP port of the second server
INFO_REPLICATION_ENABLE_REPLICATIONPORT2_PROMPT=Replication port for the \
second server (the port must be free)
+INFO_REPLICATION_ENABLE_SECURE2_PROMPT=Use encrypted communication with \
+ replication port %s for the second server?
INFO_REPLICATION_ENABLE_BINDDN2_PROMPT=Bind DN for the second server
INFO_REPLICATION_ENABLE_PASSWORD2_PROMPT=Password for %s on the second server:
INFO_REPLICATION_ENABLE_USESSL2_PROMPT=Use SSL to connect to the second server?
@@ -688,17 +701,27 @@
INFO_REPLICATION_STATUS_IS_REPLICATED=Replication
INFO_REPLICATION_STATUS_REPLICATED=%s - Replication Enabled
INFO_REPLICATION_STATUS_NOT_REPLICATED=%s - Replication Disabled
-INFO_REPLICATION_STATUS_HEADER_SERVERPORT=Server:port
+INFO_REPLICATION_STATUS_HEADER_SERVERPORT=Server
INFO_REPLICATION_STATUS_HEADER_NUMBER_ENTRIES=Entries
-INFO_REPLICATION_STATUS_HEADER_MISSING_CHANGES=Missing Changes (1)
+INFO_REPLICATION_STATUS_HEADER_MISSING_CHANGES=M.C. (1)
INFO_REPLICATION_STATUS_HEADER_AGE_OF_OLDEST_MISSING_CHANGE=A.O.M.C. (2)
+INFO_REPLICATION_STATUS_HEADER_REPLICATION_PORT=Port (3)
+INFO_REPLICATION_STATUS_HEADER_SECURE=Security (4)
INFO_REPLICATION_STATUS_REPLICATED_LEGEND=[1] The number of changes that are \
still missing on this server (and that have been at least applied to one of \
the other servers).%n[2] Age of oldest missing change: the age (in \
- seconds) of the oldest change that has not arrived to this server.
-INFO_REPLICATION_STATUS_LABEL_SERVERPORT=Server
-INFO_REPLICATION_STATUS_LABEL_NUMBER_ENTRIES=Entries
-INFO_REPLICATION_STATUS_LABEL_MISSING_CHANGES=Missing Changes
+ seconds) of the oldest change that has not arrived to this server.%n[3] The \
+ port used to communicate between the servers whose contents are being \
+ replicated.%n[4] Whether the replication communication through the \
+ replication port is encrypted or not.
+INFO_REPLICATION_STATUS_LABEL_SERVERPORT=Server:
+INFO_REPLICATION_STATUS_LABEL_NUMBER_ENTRIES=Entries:
+INFO_REPLICATION_STATUS_LABEL_MISSING_CHANGES=Missing Changes:
INFO_REPLICATION_STATUS_LABEL_AGE_OF_OLDEST_MISSING_CHANGE=Age of oldest \
-missing change
+missing change:
+INFO_REPLICATION_STATUS_LABEL_REPLICATION_PORT=Replication Port:
+INFO_REPLICATION_STATUS_LABEL_SECURE=Security:
+INFO_REPLICATION_STATUS_SECURITY_ENABLED=Enabled
+INFO_REPLICATION_STATUS_SECURITY_DISABLED=Disabled
+
diff --git a/opendj-sdk/opends/src/messages/messages/quicksetup.properties b/opendj-sdk/opends/src/messages/messages/quicksetup.properties
index e69cf1b..37cf004 100644
--- a/opendj-sdk/opends/src/messages/messages/quicksetup.properties
+++ b/opendj-sdk/opends/src/messages/messages/quicksetup.properties
@@ -1008,6 +1008,10 @@
INFO_TOPOLOGY_EXISTS_LABEL=There is already a server in the topology
INFO_TOPOLOGY_EXISTS_TOOLTIP=Check this if you already created a server that \
you want to replicate data with.
+INFO_SECURE_REPLICATION_PORT_LABEL=%s (Secure)
+INFO_SECURE_REPLICATION_LABEL=Configure as Secure
+INFO_SECURE_REPLICATION_TOOLTIP=Check this if you want to encrypt the \
+ communication when other servers connect to this replication port.
INFO_UPGRADE_BUILD_ID_LABEL=Build Version:
INFO_UPGRADE_BUILD_ID_TOOLTIP=The ID of the build version installed in the \
above location
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java
index 9626672..2ffd756 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java
@@ -580,6 +580,34 @@
Utils.getCommandLineMaxLineWidth()));
out.flush();
}
+ LOG.log(Level.INFO, msg);
+ }
+
+ /**
+ * Displays a progress message in the error output.
+ * @param msg the error message to be displayed.
+ */
+ protected void printProgressMessageNoWrap(String msg)
+ {
+ if (!isQuiet())
+ {
+ out.print(msg);
+ out.flush();
+ }
+ LOG.log(Level.INFO, msg);
+ }
+
+ /**
+ * Displays a progress message in the error output.
+ * @param msg the error message to be displayed.
+ */
+ protected void printProgressMessageNoWrap(Message msg)
+ {
+ if (!isQuiet())
+ {
+ out.print(msg);
+ out.flush();
+ }
LOG.log(Level.INFO, msg.toString());
}
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Constants.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Constants.java
index 9602fe1..ece0003 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Constants.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/Constants.java
@@ -91,4 +91,6 @@
/** The cli java system property. */
public static final String CLI_JAVA_PROPERTY = "org.opends.quicksetup.cli";
+ /** The default replication port. */
+ public static final int DEFAULT_REPLICATION_PORT = 8989;
}
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/UserData.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/UserData.java
index 2e9dfed..08e406c 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/UserData.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/UserData.java
@@ -80,7 +80,7 @@
private SuffixesToReplicateOptions suffixesToReplicateOptions;
- private Map<ServerDescriptor, Integer> remoteWithNoReplicationPort;
+ private Map<ServerDescriptor, AuthenticationData> remoteWithNoReplicationPort;
private boolean quiet;
@@ -119,12 +119,7 @@
setDirectoryManagerDn(Constants.DIRECTORY_MANAGER_DN);
setNewSuffixOptions(defaultNewSuffixOptions);
- AuthenticationData data = new AuthenticationData();
- data.setDn(Constants.DIRECTORY_MANAGER_DN);
- data.setPort(389);
- DataReplicationOptions repl = new DataReplicationOptions(
- DataReplicationOptions.Type.STANDALONE, data,
- getDefaultReplicationPort());
+ DataReplicationOptions repl = DataReplicationOptions.createStandalone();
setReplicationOptions(repl);
setGlobalAdministratorUID(Constants.GLOBAL_ADMIN_UID);
@@ -138,7 +133,8 @@
sec.setSslPort(getDefaultSslPort());
setSecurityOptions(sec);
- remoteWithNoReplicationPort = new HashMap<ServerDescriptor, Integer>();
+ remoteWithNoReplicationPort =
+ new HashMap<ServerDescriptor, AuthenticationData>();
}
/**
@@ -596,29 +592,6 @@
}
/**
- * Provides the port that will be proposed to the user in the replication
- * options panel of the installation wizard. It will check whether we can use
- * ports of type X989 and if not it will return -1.
- *
- * @return the free port of type X989 if it is available and we can use and -1
- * if not.
- */
- static int getDefaultReplicationPort()
- {
- int defaultPort = -1;
-
- for (int i=0;i<10000 && (defaultPort == -1);i+=1000)
- {
- int port = i + 8989;
- if (Utils.canUseAsPort(port))
- {
- defaultPort = port;
- }
- }
- return defaultPort;
- }
-
- /**
* Provides the default host name that will be displayed.
*/
private String getDefaultHostName()
@@ -639,13 +612,15 @@
* corresponding to the Replication Port chosen by the user.
*
* Only the servers that have no replication port appear on this map.
- * @return a Map containing as key a ServerDescriptor and as value an Integer
- * corresponding to the Replication Port chosen by the user.
+ * @return a Map containing as key a ServerDescriptor and as value an
+ * AuthenticationData corresponding to the Replication Port chosen by the
+ * user.
*/
- public Map<ServerDescriptor, Integer> getRemoteWithNoReplicationPort()
+ public Map<ServerDescriptor, AuthenticationData>
+ getRemoteWithNoReplicationPort()
{
- HashMap<ServerDescriptor, Integer> copy =
- new HashMap<ServerDescriptor, Integer>();
+ HashMap<ServerDescriptor, AuthenticationData> copy =
+ new HashMap<ServerDescriptor, AuthenticationData>();
copy.putAll(remoteWithNoReplicationPort);
return copy;
}
@@ -653,11 +628,11 @@
/**
* Sets a the Replication Ports chosen by the user in the remote servers.
* @param remoteWithNoReplicationPort the Map containing as key a
- * ServerDescriptor and as value an Integer corresponding to the Replication
- * Port chosen by the user.
+ * ServerDescriptor and as value an AuthenticationData corresponding to the
+ * Replication Port chosen by the user.
*/
public void setRemoteWithNoReplicationPort(
- Map<ServerDescriptor, Integer> remoteWithNoReplicationPort)
+ Map<ServerDescriptor, AuthenticationData> remoteWithNoReplicationPort)
{
this.remoteWithNoReplicationPort.clear();
this.remoteWithNoReplicationPort.putAll(remoteWithNoReplicationPort);
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ConfiguredReplication.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ConfiguredReplication.java
index 0215b6d..4ab223b 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ConfiguredReplication.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ConfiguredReplication.java
@@ -39,6 +39,7 @@
{
private boolean synchProviderCreated;
private boolean synchProviderEnabled;
+ private boolean secureReplicationEnabled;
private boolean replicationServerCreated;
private Set<String> newReplicationServers;
private Set<ConfiguredDomain> domainsConf;
@@ -49,6 +50,8 @@
* created or not.
* @param synchProviderEnabled whether the synchronization provider was
* enabled or not.
+ * @param secureReplicationEnabled whether we enabled security for
+ * replication.
* @param replicationServerCreated whether the replication server was
* created or not.
* @param newReplicationServers the set of replication servers added to
@@ -58,11 +61,13 @@
*/
ConfiguredReplication(boolean synchProviderCreated,
boolean synchProviderEnabled, boolean replicationServerCreated,
- Set<String> newReplicationServers, Set<ConfiguredDomain> domainsConf)
+ boolean secureReplicationEnabled, Set<String> newReplicationServers,
+ Set<ConfiguredDomain> domainsConf)
{
this.synchProviderCreated = synchProviderCreated;
this.synchProviderEnabled = synchProviderEnabled;
this.replicationServerCreated = replicationServerCreated;
+ this.secureReplicationEnabled = secureReplicationEnabled;
this.newReplicationServers = new HashSet<String>();
this.newReplicationServers.addAll(newReplicationServers);
this.domainsConf = new HashSet<ConfiguredDomain>();
@@ -104,6 +109,17 @@
}
/**
+ * Returns <CODE>true</CODE> if the Security was enabled for replication and
+ * <CODE>false</CODE> otherwise.
+ * @return <CODE>true</CODE> if the Security was enabled for replication and
+ * <CODE>false</CODE> otherwise.
+ */
+ boolean isSecureReplicationEnabled()
+ {
+ return secureReplicationEnabled;
+ }
+
+ /**
* Returns <CODE>true</CODE> if the Synchronization Provider was created and
* <CODE>false</CODE> otherwise.
* @return <CODE>true</CODE> if the Synchronization Provider was created and
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/DataReplicationOptions.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/DataReplicationOptions.java
index 8a78b43..889277d 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/DataReplicationOptions.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/DataReplicationOptions.java
@@ -28,6 +28,9 @@
package org.opends.quicksetup.installer;
+import org.opends.quicksetup.Constants;
+import org.opends.quicksetup.util.Utils;
+
/**
* This class is used to provide a data model for the Data Replication
* Options panel of the installer.
@@ -57,41 +60,67 @@
}
private Type type;
- private int replicationPort;
- private AuthenticationData authenticationData;
+ private int replicationPort = getDefaultReplicationPort();
+ private boolean secureReplication;
+ private AuthenticationData authenticationData = new AuthenticationData();
+ {
+ authenticationData.setDn(Constants.DIRECTORY_MANAGER_DN);
+ authenticationData.setPort(389);
+ };
/**
- * Constructor for the DataReplicationOptions object.
- *
- * If the Data Replication Options is STANDALONE or FIRST_IN_TOPOLOGY no
- * args are considered.
- *
- * If the Data Options is IN_EXISTING_TOPOLOGY the args is the authentication
- * data on the remote server (AuthenticationData object).
- *
- * @param type the Type of DataReplicationOptions.
- * @param args the different argument objects (depending on the Type
- * specified)
+ * Private constructor for the DataReplicationOptions object.
*/
- public DataReplicationOptions(Type type, Object... args)
+ private DataReplicationOptions()
{
- this.type = type;
+ }
- switch (type)
- {
- case IN_EXISTING_TOPOLOGY:
- authenticationData = (AuthenticationData)args[0];
- replicationPort = (Integer)args[1];
- break;
+ /**
+ * Construct an FIRST_IN_TOPOLOGY object.
+ * @param replicationPort the replication port.
+ * @param secureReplication whether servers must encrypt data for the
+ * replication communication with this server.
+ * @return the FIRST_IN_TOPOLOGY object.
+ */
+ public static DataReplicationOptions createFirstInTopology(
+ int replicationPort, boolean secureReplication)
+ {
+ DataReplicationOptions options = new DataReplicationOptions();
+ options.type = Type.FIRST_IN_TOPOLOGY;
+ options.replicationPort = replicationPort;
+ options.secureReplication = secureReplication;
+ return options;
+ }
- default:
- // If there is something put it.
- if ((args != null) && (args.length > 0))
- {
- authenticationData = (AuthenticationData)args[0];
- replicationPort = (Integer)args[1];
- }
- }
+ /**
+ * Construct an STANDALONE object.
+ * @return the STANDALONE object.
+ */
+ public static DataReplicationOptions createStandalone()
+ {
+ DataReplicationOptions options = new DataReplicationOptions();
+ options.type = Type.STANDALONE;
+ return options;
+ }
+
+ /**
+ * Construct an IN_EXISTING_TOPOLOGY object.
+ * @param authenticationData the authentication data.
+ * @param replicationPort the replication port.
+ * @param secureReplication whether servers must encrypt data for the
+ * replication communication with this server.
+ * @return the IN_EXISTING_TOPOLOGY object.
+ */
+ public static DataReplicationOptions createInExistingTopology(
+ AuthenticationData authenticationData, int replicationPort,
+ boolean secureReplication)
+ {
+ DataReplicationOptions options = new DataReplicationOptions();
+ options.type = Type.IN_EXISTING_TOPOLOGY;
+ options.authenticationData = authenticationData;
+ options.replicationPort = replicationPort;
+ options.secureReplication = secureReplication;
+ return options;
}
/**
@@ -125,5 +154,40 @@
{
return replicationPort;
}
+
+ /**
+ * Returns whether servers must encrypt data for the replication communication
+ * with this server.
+ *
+ * @return <CODE>true</CODE> if the servers must encrypt data for the
+ * replication communication and <CODE>false</CODE> otherwise.
+ */
+ public boolean useSecureReplication()
+ {
+ return secureReplication;
+ }
+
+ /**
+ * Provides the port that will be proposed to the user in the replication
+ * options panel of the installation wizard. It will check whether we can use
+ * ports of type X989 and if not it will return -1.
+ *
+ * @return the free port of type X989 if it is available and we can use and -1
+ * if not.
+ */
+ static int getDefaultReplicationPort()
+ {
+ int defaultPort = -1;
+
+ for (int i=0;i<10000 && (defaultPort == -1);i+=1000)
+ {
+ int port = i + Constants.DEFAULT_REPLICATION_PORT;
+ if (Utils.canUseAsPort(port))
+ {
+ defaultPort = port;
+ }
+ }
+ return defaultPort;
+ }
}
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
index b308ee7..e51b652 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
@@ -1400,12 +1400,12 @@
for (ReplicaDescriptor replica : suffix.getReplicas())
{
ServerDescriptor server = replica.getServer();
- Integer replicationPort
+ AuthenticationData repPort
= getUserData().getRemoteWithNoReplicationPort().get(server);
- if (replicationPort != null)
+ if (repPort != null)
{
- h.add(server.getHostName()+":"+replicationPort);
- adsServers.add(server.getHostName()+":"+replicationPort);
+ h.add(server.getHostName()+":"+repPort.getPort());
+ adsServers.add(server.getHostName()+":"+repPort.getPort());
}
}
replicationServers.put(suffix.getDN(), h);
@@ -1422,6 +1422,7 @@
ctx = createLocalContext();
helper.configureReplication(ctx, dns, replicationServers,
getUserData().getReplicationOptions().getReplicationPort(),
+ getUserData().getReplicationOptions().useSecureReplication(),
getLocalHostPort(),
knownReplicationServerIds, knownServerIds);
}
@@ -1480,14 +1481,28 @@
Integer v = (Integer)server.getServerProperties().get(
ServerDescriptor.ServerProperty.REPLICATION_SERVER_PORT);
int replicationPort;
+ boolean enableSecureReplication;
if (v != null)
{
replicationPort = v;
+ enableSecureReplication = false;
}
else
{
- replicationPort =
+ AuthenticationData authData =
getUserData().getRemoteWithNoReplicationPort().get(server);
+ if (authData != null)
+ {
+ replicationPort = authData.getPort();
+ enableSecureReplication = authData.useSecureConnection();
+ }
+ else
+ {
+ replicationPort = Constants.DEFAULT_REPLICATION_PORT;
+ enableSecureReplication = false;
+ LOG.log(Level.WARNING, "Could not find replication port for: "+
+ server.getHostPort(true));
+ }
}
dns = new HashSet<String>();
for (ReplicaDescriptor replica : hm.get(server))
@@ -1499,8 +1514,9 @@
ctx = getRemoteConnection(server, getTrustManager());
ConfiguredReplication repl =
helper.configureReplication(ctx, dns, replicationServers,
- replicationPort, server.getHostPort(true),
- knownReplicationServerIds, knownServerIds);
+ replicationPort, enableSecureReplication,
+ server.getHostPort(true), knownReplicationServerIds,
+ knownServerIds);
hmConfiguredRemoteReplication.put(server, repl);
try
@@ -2610,6 +2626,7 @@
throws UserDataException {
boolean hasGlobalAdministrators = false;
Integer replicationPort = -1;
+ boolean secureReplication = false;
String host = null;
Integer port = null;
String dn = null;
@@ -2628,6 +2645,8 @@
{
// Check replication port
replicationPort = checkReplicationPort(qs, errorMsgs);
+ secureReplication =
+ (Boolean)qs.getFieldValue(FieldName.REPLICATION_SECURE);
}
UserDataConfirmationException confirmEx = null;
@@ -2693,8 +2712,30 @@
auth.setPwd(pwd);
auth.setUseSecureConnection(isSecure);
- DataReplicationOptions repl = new DataReplicationOptions(type,
- auth, replicationPort);
+ DataReplicationOptions repl;
+ switch (type)
+ {
+ case IN_EXISTING_TOPOLOGY:
+ {
+ repl = DataReplicationOptions.createInExistingTopology(auth,
+ replicationPort, secureReplication);
+ break;
+ }
+ case STANDALONE:
+ {
+ repl = DataReplicationOptions.createStandalone();
+ break;
+ }
+ case FIRST_IN_TOPOLOGY:
+ {
+ repl = DataReplicationOptions.createFirstInTopology(replicationPort,
+ secureReplication);
+ break;
+ }
+ default:
+ throw new IllegalStateException("Do not know what to do with type: "+
+ type);
+ }
getUserData().setReplicationOptions(repl);
getUserData().createAdministrator(!hasGlobalAdministrators &&
@@ -3205,13 +3246,15 @@
throws UserDataException
{
ArrayList<Message> errorMsgs = new ArrayList<Message>();
- Map<ServerDescriptor, Integer> servers =
+ Map<ServerDescriptor, AuthenticationData> servers =
getUserData().getRemoteWithNoReplicationPort();
Map hm = (Map) qs.getFieldValue(FieldName.REMOTE_REPLICATION_PORT);
+ Map hmSecure = (Map) qs.getFieldValue(FieldName.REMOTE_REPLICATION_SECURE);
for (ServerDescriptor server : servers.keySet())
{
String hostName = server.getHostName();
int replicationPort = -1;
+ boolean secureReplication = (Boolean)hmSecure.get(server.getId());
String sPort = (String)hm.get(server.getId());
try
{
@@ -3242,7 +3285,10 @@
.get(server.getHostPort(true)));
}
}
- servers.put(server, replicationPort);
+ AuthenticationData authData = new AuthenticationData();
+ authData.setPort(replicationPort);
+ authData.setUseSecureConnection(secureReplication);
+ servers.put(server, authData);
} catch (NumberFormatException nfe)
{
errorMsgs.add(INFO_INVALID_REMOTE_REPLICATION_PORT_VALUE_RANGE.get(
@@ -3656,11 +3702,11 @@
return generatedChar;
}
- private Map<ServerDescriptor, Integer> getRemoteWithNoReplicationPort(
- UserData userData)
+ private Map<ServerDescriptor, AuthenticationData>
+ getRemoteWithNoReplicationPort(UserData userData)
{
- Map<ServerDescriptor, Integer> servers =
- new HashMap<ServerDescriptor, Integer>();
+ Map<ServerDescriptor, AuthenticationData> servers =
+ new HashMap<ServerDescriptor, AuthenticationData>();
Set<SuffixDescriptor> suffixes =
userData.getSuffixesToReplicateOptions().getSuffixes();
for (SuffixDescriptor suffix : suffixes)
@@ -3672,7 +3718,10 @@
ServerDescriptor.ServerProperty.IS_REPLICATION_SERVER);
if (!Boolean.TRUE.equals(v))
{
- servers.put(server, 8989);
+ AuthenticationData authData = new AuthenticationData();
+ authData.setPort(Constants.DEFAULT_REPLICATION_PORT);
+ authData.setUseSecureConnection(false);
+ servers.put(server, authData);
}
}
}
@@ -4101,9 +4150,7 @@
"ds-task-log-message",
"ds-task-state"
});
- Message lastDisplayedMsg = null;
String lastLogMsg = null;
- long lastTimeMsgDisplayed = -1;
while (!isOver)
{
try
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/InstallerHelper.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/InstallerHelper.java
index 1e210e4..1b73493 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/InstallerHelper.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/InstallerHelper.java
@@ -218,6 +218,8 @@
* the value is the list of replication servers for that base dn (or domain).
* @param replicationPort the replicationPort of the server that is being
* configured (it might not exist and the user specified it in the setup).
+ * @param useSecureReplication whether to encrypt connections with the
+ * replication port or not.
* @param serverDisplay the server display.
* @param usedReplicationServerIds the list of replication server ids that
* are already used.
@@ -229,13 +231,14 @@
public ConfiguredReplication configureReplication(
InitialLdapContext remoteCtx, Set<String> dns,
Map<String,Set<String>> replicationServers,
- int replicationPort, String serverDisplay,
+ int replicationPort, boolean useSecureReplication, String serverDisplay,
Set<Integer> usedReplicationServerIds, Set<Integer> usedServerIds)
throws ApplicationException
{
boolean synchProviderCreated;
boolean synchProviderEnabled;
boolean replicationServerCreated;
+ boolean secureReplicationEnabled;
try
{
ManagementContext mCtx = LDAPManagementContext.createFromContext(
@@ -291,6 +294,25 @@
if (!sync.hasReplicationServer())
{
+ if (useSecureReplication)
+ {
+ CryptoManagerCfgClient crypto = root.getCryptoManager();
+ if (!crypto.isSSLEncryption())
+ {
+ crypto.setSSLEncryption(true);
+ crypto.commit();
+ secureReplicationEnabled = true;
+ }
+ else
+ {
+ // Only mark as true if we actually change the configuration
+ secureReplicationEnabled = false;
+ }
+ }
+ else
+ {
+ secureReplicationEnabled = false;
+ }
int id = getReplicationId(usedReplicationServerIds);
usedReplicationServerIds.add(id);
replicationServer = sync.createReplicationServer(
@@ -302,6 +324,7 @@
}
else
{
+ secureReplicationEnabled = false;
replicationServer = sync.getReplicationServer();
usedReplicationServerIds.add(
replicationServer.getReplicationServerId());
@@ -390,7 +413,8 @@
domainsConf.add(domainConf);
}
return new ConfiguredReplication(synchProviderCreated,
- synchProviderEnabled, replicationServerCreated, newReplicationServers,
+ synchProviderEnabled, replicationServerCreated,
+ secureReplicationEnabled, newReplicationServers,
domainsConf);
}
catch (Throwable t)
@@ -496,6 +520,15 @@
// It does not exist.
}
}
+ if (replConf.isSecureReplicationEnabled())
+ {
+ CryptoManagerCfgClient crypto = root.getCryptoManager();
+ if (crypto.isSSLEncryption())
+ {
+ crypto.setSSLEncryption(false);
+ crypto.commit();
+ }
+ }
}
catch (Throwable t)
{
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/DataReplicationPanel.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/DataReplicationPanel.java
index 424c8b5..e7a042b 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/DataReplicationPanel.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/DataReplicationPanel.java
@@ -72,6 +72,7 @@
private JRadioButton rbStandalone;
private JRadioButton rbReplicated;
+ private JCheckBox cbSecureReplication;
private JCheckBox cbTopologyExists;
private JCheckBox cbRemoteServerPortSecure;
private HashMap<FieldName, JLabel> hmLabels =
@@ -128,6 +129,17 @@
value = Boolean.FALSE;
}
}
+ else if (fieldName == FieldName.REPLICATION_SECURE)
+ {
+ if (cbSecureReplication.isSelected())
+ {
+ value = Boolean.TRUE;
+ }
+ else
+ {
+ value = Boolean.FALSE;
+ }
+ }
else
{
JTextComponent field = getField(fieldName);
@@ -187,18 +199,23 @@
panel.add(auxPanel, gbc);
panel.add(cbTopologyExists, gbc);
gbc.insets = UIFactory.getEmptyInsets();
- gbc.gridwidth = 3;
+ gbc.gridwidth = 4;
gbc.weightx = 0.0;
gbc.insets.left = 0;
gbc.anchor = GridBagConstraints.WEST;
auxPanel.add(getLabel(FieldName.REPLICATION_PORT), gbc);
- gbc.gridwidth = GridBagConstraints.RELATIVE;
+ gbc.gridwidth--;
gbc.insets.left = UIFactory.LEFT_INSET_SECONDARY_FIELD;
gbc.fill = GridBagConstraints.HORIZONTAL;
gbc.weightx = 0.0;
auxPanel.add(getField(FieldName.REPLICATION_PORT), gbc);
+ gbc.gridwidth = GridBagConstraints.RELATIVE;
+ gbc.fill = GridBagConstraints.HORIZONTAL;
+ gbc.weightx = 0.0;
+ auxPanel.add(cbSecureReplication, gbc);
+
gbc.gridwidth = GridBagConstraints.REMAINDER;
gbc.insets.left = 0;
gbc.weightx = 1.0;
@@ -482,6 +499,12 @@
DataReplicationOptions.Type.STANDALONE);
rbReplicated.setSelected(type !=
DataReplicationOptions.Type.STANDALONE);
+ cbSecureReplication = UIFactory.makeJCheckBox(
+ INFO_SECURE_REPLICATION_LABEL.get(),
+ INFO_SECURE_REPLICATION_TOOLTIP.get(),
+ UIFactory.TextStyle.SECONDARY_FIELD_VALID);
+ cbSecureReplication.setSelected(
+ defaultUserData.getReplicationOptions().useSecureReplication());
cbTopologyExists.setSelected(type ==
DataReplicationOptions.Type.IN_EXISTING_TOPOLOGY);
cbRemoteServerPortSecure = UIFactory.makeJCheckBox(
@@ -564,6 +587,7 @@
rbReplicated.addFocusListener(l);
rbStandalone.addFocusListener(l);
cbTopologyExists.addFocusListener(l);
+ cbSecureReplication.addFocusListener(l);
lastFocusComponent = rbStandalone;
}
@@ -619,6 +643,7 @@
cbTopologyExists.setEnabled(rbReplicated.isSelected());
getLabel(FieldName.REPLICATION_PORT).setEnabled(rbReplicated.isSelected());
getField(FieldName.REPLICATION_PORT).setEnabled(rbReplicated.isSelected());
+ cbSecureReplication.setEnabled(rbReplicated.isSelected());
cbRemoteServerPortSecure.setEnabled(enableFields);
}
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/InstallReviewPanel.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/InstallReviewPanel.java
index 7df31a8..b46ca9d 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/InstallReviewPanel.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/InstallReviewPanel.java
@@ -356,7 +356,7 @@
SuffixesToReplicateOptions suf =
userInstallData.getSuffixesToReplicateOptions();
- Map<ServerDescriptor, Integer> remotePorts =
+ Map<ServerDescriptor, AuthenticationData> remotePorts =
userInstallData.getRemoteWithNoReplicationPort();
if ((repl.getType() == DataReplicationOptions.Type.IN_EXISTING_TOPOLOGY) &&
@@ -375,9 +375,19 @@
{
serverToConnectDisplay = "";
}
- buf.append(String.valueOf(
- userInstallData.getReplicationOptions()
- .getReplicationPort()));
+ String s;
+ if (userInstallData.getReplicationOptions().useSecureReplication())
+ {
+ s = INFO_SECURE_REPLICATION_PORT_LABEL.get(
+ String.valueOf(userInstallData.getReplicationOptions()
+ .getReplicationPort())).toString();
+ }
+ else
+ {
+ s = String.valueOf(userInstallData.getReplicationOptions()
+ .getReplicationPort());
+ }
+ buf.append(s);
TreeSet<Message> remoteServerLines = new TreeSet<Message>();
for (ServerDescriptor server : remotePorts.keySet())
{
@@ -390,8 +400,17 @@
{
serverDisplay = server.getHostPort(true);
}
- remoteServerLines.add(INFO_REMOTE_SERVER_REPLICATION_PORT.get(
- String.valueOf(remotePorts.get(server)),
+ AuthenticationData repPort = remotePorts.get(server);
+ if (repPort.useSecureConnection())
+ {
+ s = INFO_SECURE_REPLICATION_PORT_LABEL.get(
+ String.valueOf(repPort.getPort())).toString();
+ }
+ else
+ {
+ s = String.valueOf(repPort.getPort());
+ }
+ remoteServerLines.add(INFO_REMOTE_SERVER_REPLICATION_PORT.get(s,
serverDisplay));
}
for (Message line : remoteServerLines)
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/RemoteReplicationPortsPanel.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/RemoteReplicationPortsPanel.java
index 1d97efc..318e48d 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/RemoteReplicationPortsPanel.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/ui/RemoteReplicationPortsPanel.java
@@ -42,6 +42,7 @@
import java.util.TreeSet;
import javax.swing.Box;
+import javax.swing.JCheckBox;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
@@ -71,6 +72,8 @@
new HashMap<String, JLabel>();
private HashMap<String, JTextComponent> hmFields =
new HashMap<String, JTextComponent>();
+ private HashMap<String, JCheckBox> hmCbs =
+ new HashMap<String, JCheckBox>();
private JScrollPane scroll;
private JPanel fieldsPanel;
private TreeSet<ServerDescriptor> orderedServers =
@@ -105,6 +108,15 @@
}
value = hm;
}
+ else if (fieldName == FieldName.REMOTE_REPLICATION_SECURE)
+ {
+ Map<String, Boolean> hm = new HashMap<String, Boolean>();
+ for (String id : hmCbs.keySet())
+ {
+ hm.put(id, hmCbs.get(id).isSelected());
+ }
+ value = hm;
+ }
return value;
}
@@ -243,9 +255,16 @@
{
hmOldValues.put(id, hmFields.get(id).getText());
}
+ HashMap<String, Boolean> hmOldSecureValues =
+ new HashMap<String, Boolean>();
+ for (String id : hmCbs.keySet())
+ {
+ hmOldSecureValues.put(id, hmCbs.get(id).isSelected());
+ }
orderedServers.clear();
orderedServers.addAll(array);
hmFields.clear();
+ hmCbs.clear();
hmLabels.clear();
for (ServerDescriptor server : orderedServers)
{
@@ -264,10 +283,10 @@
LabelFieldDescriptor.FieldType.TEXTFIELD,
LabelFieldDescriptor.LabelType.PRIMARY,
UIFactory.PORT_FIELD_SIZE);
- Integer defaultValue =
+ AuthenticationData auth =
data.getRemoteWithNoReplicationPort().get(server);
JTextComponent field = UIFactory.makeJTextComponent(desc,
- String.valueOf(defaultValue));
+ String.valueOf(auth.getPort()));
String oldValue = hmOldValues.get(server.getId());
if (oldValue != null)
{
@@ -285,6 +304,18 @@
}
hmLabels.put(server.getId(), label);
+
+ JCheckBox cb = UIFactory.makeJCheckBox(
+ INFO_SECURE_REPLICATION_LABEL.get(),
+ INFO_SECURE_REPLICATION_TOOLTIP.get(),
+ UIFactory.TextStyle.SECONDARY_FIELD_VALID);
+ cb.setSelected(auth.useSecureConnection());
+ Boolean oldSecureValue = hmOldSecureValues.get(server.getId());
+ if (oldSecureValue != null)
+ {
+ cb.setSelected(oldSecureValue);
+ }
+ hmCbs.put(server.getId(), cb);
}
populateFieldsPanel();
}
@@ -316,11 +347,14 @@
{
gbc.insets.top = UIFactory.TOP_INSET_SECONDARY_FIELD;
}
- gbc.gridwidth = 3;
+ gbc.gridwidth = 4;
fieldsPanel.add(hmLabels.get(server.getId()), gbc);
gbc.insets.left = UIFactory.LEFT_INSET_PRIMARY_FIELD;
- gbc.gridwidth = GridBagConstraints.RELATIVE;
+ gbc.gridwidth--;
fieldsPanel.add(hmFields.get(server.getId()), gbc);
+ gbc.insets.left = UIFactory.LEFT_INSET_SECONDARY_FIELD;
+ gbc.gridwidth = GridBagConstraints.RELATIVE;
+ fieldsPanel.add(hmCbs.get(server.getId()), gbc);
gbc.gridwidth = GridBagConstraints.REMAINDER;
gbc.weightx = 1.0;
fieldsPanel.add(Box.createHorizontalGlue(), gbc);
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/ui/FieldName.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/ui/FieldName.java
index 9f3d014..252af42 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/ui/FieldName.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/ui/FieldName.java
@@ -110,6 +110,10 @@
*/
SUFFIXES_TO_REPLICATE,
/**
+ * The value associated with this is a Boolean.
+ */
+ REPLICATION_SECURE,
+ /**
* The value associated with this is a String.
*/
REPLICATION_PORT,
@@ -147,11 +151,16 @@
*/
GLOBAL_ADMINISTRATOR_PWD_CONFIRM,
/**
- * The value associated with this is a Map where the key is a ServerDescriptor
- * and the value an Integer.
+ * The value associated with this is a Map where the key is a String and the
+ * value a String.
*/
REMOTE_REPLICATION_PORT,
/**
+ * The value associated with this is a Map where the key is a String and the
+ * value a Boolean.
+ */
+ REMOTE_REPLICATION_SECURE,
+ /**
* The value associated with this is a Boolean.
*/
SERVER_START,
--
Gitblit v1.10.0