From e6b68159bff34d85aca3c5349b5eb4559ddb0d67 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Mon, 26 Sep 2016 20:12:52 +0000
Subject: [PATCH] Minor cleanup: factor out method for parsing key store PIN configuration
---
opendj-server-legacy/src/test/java/org/opends/server/util/CertificateManagerTestCase.java | 4
opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java | 293 +++++-----
opendj-server-legacy/src/main/java/org/opends/server/util/CertificateManager.java | 50 +
opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java | 498 +++--------------
opendj-server-legacy/src/main/java/org/opends/server/backends/TrustStoreBackend.java | 313 +++--------
opendj-server-legacy/src/main/java/org/opends/server/extensions/PKCS11KeyManagerProvider.java | 427 +++------------
6 files changed, 452 insertions(+), 1,133 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/TrustStoreBackend.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/TrustStoreBackend.java
index 88c4c45..5d6fc06 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/TrustStoreBackend.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/TrustStoreBackend.java
@@ -101,7 +101,6 @@
implements ConfigurationChangeListener<TrustStoreBackendCfg>
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
-
/** The current configuration state. */
private TrustStoreBackendCfg configuration;
/** The set of base DNs for this backend. */
@@ -178,12 +177,9 @@
trustStoreType, configEntryDN, getExceptionMessage(kse)));
}
- trustStorePIN = getTrustStorePIN(configEntryDN);
-
- certificateManager =
- new CertificateManager(getFileForPath(trustStoreFile).getPath(),
- trustStoreType,
- new String(trustStorePIN));
+ trustStorePIN = getTrustStorePIN(configuration, true);
+ final String keyStorePath = getFileForPath(trustStoreFile).getPath();
+ certificateManager = new CertificateManager(keyStorePath, trustStoreType, trustStorePIN);
// Generate a self-signed certificate, if there is none.
generateInstanceCertificateIfAbsent();
@@ -218,71 +214,85 @@
}
/**
- * Get the PIN needed to access the contents of the trust store file. We will offer several places
- * to look for the PIN, and we will do so in the following order:
+ * Returns the PIN needed to access the contents of a key store. We will offer several places to look for the PIN,
+ * and we will do so in the following order:
* <ol>
- * <li>In a specified Java property</li>
- * <li>In a specified environment variable</li>
- * <li>In a specified file on the server filesystem</li>
- * <li>As the value of a configuration attribute</li>
+ * <li>In a specified Java property</li>
+ * <li>In a specified environment variable</li>
+ * <li>In a specified file on the server filesystem</li>
+ * <li>As the value of a configuration attribute.</li>
* </ol>
- * In any case, the PIN must be in the clear. If no PIN is provided, then it will be assumed that
- * none is required to access the information in the trust store.
+ * In any case, the PIN must be in the clear.
+ * <p>
+ * It is acceptable to have no PIN (OPENDJ-18).
*/
- private char[] getTrustStorePIN(DN configEntryDN) throws InitializationException
- {
- final String pinProperty = configuration.getTrustStorePinProperty();
+ private static char[] getTrustStorePIN(TrustStoreBackendCfg cfg, boolean createPinFileIfNeeded)
+ throws InitializationException {
+ final String pinProperty = cfg.getTrustStorePinProperty();
if (pinProperty != null)
{
- String pinStr = System.getProperty(pinProperty);
- if (pinStr == null)
- {
- throw new InitializationException(ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(pinProperty, configEntryDN));
- }
- return pinStr.toCharArray();
+ final String pin = System.getProperty(pinProperty);
+ if (pin == null)
+ {
+ throw new InitializationException(ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(pinProperty, cfg.dn()));
+ }
+ return pin.toCharArray();
}
- final String pinEnVar = configuration.getTrustStorePinEnvironmentVariable();
- if (pinEnVar != null)
+ final String pinEnvVar = cfg.getTrustStorePinEnvironmentVariable();
+ if (pinEnvVar != null)
{
- String pinStr = System.getenv(pinEnVar);
- if (pinStr == null)
- {
- throw new InitializationException(ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(pinProperty, configEntryDN));
- }
- return pinStr.toCharArray();
+ final String pin = System.getenv(pinEnvVar);
+ if (pin == null)
+ {
+ throw new InitializationException(ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(pinEnvVar, cfg.dn()));
+ }
+ return pin.toCharArray();
}
- final String pinFilePath = configuration.getTrustStorePinFile();
- if (pinFilePath != null)
+ final String pinFileName = cfg.getTrustStorePinFile();
+ if (pinFileName != null)
{
- File pinFile = getFileForPath(pinFilePath);
+ final File pinFile = getFileForPath(pinFileName);
if (pinFile.exists())
{
- String pinStr = readPinFromFile(pinFile, configEntryDN);
- if (pinStr == null)
+ String pin;
+ try (BufferedReader br = new BufferedReader(new FileReader(pinFile)))
{
- throw new InitializationException(ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(pinFilePath, configEntryDN));
+ pin = br.readLine();
}
- return pinStr.toCharArray();
+ catch (IOException e)
+ {
+ final LocalizableMessage msg = ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(pinFileName,
+ cfg.dn(), getExceptionMessage(e));
+ throw new InitializationException(msg, e);
+ }
+ if (pin == null)
+ {
+ throw new InitializationException(ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(pinFileName, cfg.dn()));
+ }
+ return pin.toCharArray();
}
-
- try
+ else if (createPinFileIfNeeded)
{
- // Generate and store the PIN in the pin file.
- final char[] trustStorePIN = createKeystorePassword();
- createPINFile(pinFile.getPath(), new String(trustStorePIN));
- return trustStorePIN;
+ try
+ {
+ // Generate and store the PIN in the pin file.
+ final char[] trustStorePIN1 = createKeystorePassword();
+ createPINFile(pinFile.getPath(), new String(trustStorePIN1));
+ return trustStorePIN1;
+ }
+ catch (Exception e)
+ {
+ throw new InitializationException(ERR_TRUSTSTORE_PIN_FILE_CANNOT_CREATE.get(pinFileName, cfg.dn()));
+ }
}
- catch (Exception e)
+ else
{
- throw new InitializationException(ERR_TRUSTSTORE_PIN_FILE_CANNOT_CREATE.get(pinFilePath, configEntryDN));
+ return null;
}
}
-
- String pinStr = configuration.getTrustStorePin();
- // else branch should be an Error. Otherwise, programs fails. Is there a Unit Test?
- return pinStr != null ? pinStr.toCharArray() : null;
+ return cfg.getTrustStorePin() != null ? cfg.getTrustStorePin().toCharArray() : null;
}
@Override
@@ -663,7 +673,6 @@
public boolean isConfigurationChangeAcceptable(
TrustStoreBackendCfg configuration, List<LocalizableMessage> unacceptableReasons)
{
- final ConfigChangeResult ccr = new ConfigChangeResult();
final DN cfgEntryDN = configuration.dn();
// Get the path to the trust store file.
@@ -673,14 +682,14 @@
File f = getFileForPath(newTrustStoreFile);
if (!f.exists() || !f.isFile())
{
- ccr.addMessage(ERR_TRUSTSTORE_NO_SUCH_FILE.get(newTrustStoreFile, cfgEntryDN));
+ unacceptableReasons.add(ERR_TRUSTSTORE_NO_SUCH_FILE.get(newTrustStoreFile, cfgEntryDN));
}
}
catch (Exception e)
{
logger.traceException(e);
- ccr.addMessage(ERR_TRUSTSTORE_CANNOT_DETERMINE_FILE.get(cfgEntryDN, getExceptionMessage(e)));
+ unacceptableReasons.add(ERR_TRUSTSTORE_CANNOT_DETERMINE_FILE.get(cfgEntryDN, getExceptionMessage(e)));
}
// Check to see if the trust store type is acceptable.
@@ -695,44 +704,20 @@
{
logger.traceException(kse);
- ccr.addMessage(ERR_TRUSTSTORE_INVALID_TYPE.get(storeType, cfgEntryDN, getExceptionMessage(kse)));
+ unacceptableReasons.add(ERR_TRUSTSTORE_INVALID_TYPE.get(storeType, cfgEntryDN, getExceptionMessage(kse)));
}
}
- // If there is a PIN property, then make sure the corresponding
- // property is set.
- String pinProp = configuration.getTrustStorePinProperty();
- if (pinProp != null && System.getProperty(pinProp) == null)
+ try
{
- ccr.addMessage(ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(pinProp, cfgEntryDN));
+ getTrustStorePIN(configuration, false);
+ }
+ catch (InitializationException e)
+ {
+ unacceptableReasons.add(e.getMessageObject());
}
- // If there is a PIN environment variable, then make sure the corresponding
- // environment variable is set.
- String pinEnVar = configuration.getTrustStorePinEnvironmentVariable();
- if (pinEnVar != null && System.getenv(pinEnVar) == null)
- {
- ccr.addMessage(ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(pinEnVar, cfgEntryDN));
- }
-
- // If there is a PIN file, then make sure the file is readable if it exists.
- String pinFile = configuration.getTrustStorePinFile();
- if (pinFile != null)
- {
- File f = new File(pinFile);
- if (f.exists())
- {
- String pinStr = readPinFromFile2(f, cfgEntryDN, ccr);
- if (pinStr == null)
- {
- ccr.addMessage(ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(pinFile, cfgEntryDN));
- }
- }
- }
-
- final List<LocalizableMessage> messages = ccr.getMessages();
- unacceptableReasons.addAll(messages);
- return messages.isEmpty();
+ return unacceptableReasons.isEmpty();
}
@Override
@@ -770,7 +755,16 @@
ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
}
- char[] newPIN = getTrustStorePIN2(cfg, ccr);
+ char[] newPIN = null;
+ try
+ {
+ newPIN = getTrustStorePIN(cfg, true);
+ }
+ catch (InitializationException e)
+ {
+ ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
+ ccr.addMessage(e.getMessageObject());
+ }
if (ccr.getResultCode() == ResultCode.SUCCESS)
{
@@ -778,142 +772,14 @@
trustStoreType = newTrustStoreType;
trustStorePIN = newPIN;
configuration = cfg;
- certificateManager =
- new CertificateManager(getFileForPath(trustStoreFile).getPath(),
- trustStoreType,
- new String(trustStorePIN));
+ final String keyStorePath = getFileForPath(trustStoreFile).getPath();
+ certificateManager = new CertificateManager(keyStorePath, trustStoreType, trustStorePIN);
}
return ccr;
}
- /**
- * Get the PIN needed to access the contents of the trust store file. We will offer several places
- * to look for the PIN, and we will do so in the following order:
- * <ol>
- * <li>In a specified Java property</li>
- * <li>In a specified environment variable</li>
- * <li>In a specified file on the server filesystem.</li>
- * <li>As the value of a configuration attribute.</li>
- * </ol>
- * In any case, the PIN must be in the clear. If no PIN is provided, then it will be assumed that
- * none is required to access the information in the trust store.
- */
- private char[] getTrustStorePIN2(TrustStoreBackendCfg cfg, ConfigChangeResult ccr)
- {
- String newPINProperty = cfg.getTrustStorePinProperty();
- if (newPINProperty == null)
- {
- String newPINEnVar = cfg.getTrustStorePinEnvironmentVariable();
- if (newPINEnVar == null)
- {
- String newPINFile = cfg.getTrustStorePinFile();
- if (newPINFile == null)
- {
- String pinStr = cfg.getTrustStorePin();
- return pinStr != null ? pinStr.toCharArray() : null;
- }
- else
- {
- File pinFile = getFileForPath(newPINFile);
- if (! pinFile.exists())
- {
- try
- {
- // Generate and store a PIN in the pin file.
- final char[] newPIN = createKeystorePassword();
- createPINFile(pinFile.getPath(), new String(newPIN));
- return newPIN;
- }
- catch (Exception e)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_TRUSTSTORE_PIN_FILE_CANNOT_CREATE.get(newPINFile, cfg.dn()));
- }
- }
- else
- {
- String pinStr = readPinFromFile2(pinFile, cfg.dn(), ccr);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(newPINFile, cfg.dn()));
- }
- else
- {
- return pinStr.toCharArray();
- }
- }
- }
- }
- else
- {
- String pinStr = System.getenv(newPINEnVar);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(newPINEnVar, cfg.dn()));
- }
- else
- {
- return pinStr.toCharArray();
- }
- }
- }
- else
- {
- String pinStr = System.getProperty(newPINProperty);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(newPINProperty, cfg.dn()));
- }
- else
- {
- return pinStr.toCharArray();
- }
- }
- return null;
- }
-
- private String readPinFromFile(File pinFile, DN cfgEntryDN) throws InitializationException
- {
- try (BufferedReader br = new BufferedReader(new FileReader(pinFile)))
- {
- return br.readLine();
- }
- catch (IOException ioe)
- {
- LocalizableMessage message =
- ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(pinFile, cfgEntryDN, getExceptionMessage(ioe));
- throw new InitializationException(message, ioe);
- }
- }
-
- private String readPinFromFile2(File pinFile, DN cfgEntryDN, ConfigChangeResult ccr)
- {
- try (BufferedReader br = new BufferedReader(new FileReader(pinFile)))
- {
- return br.readLine();
- }
- catch (IOException ioe)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(pinFile, cfgEntryDN, getExceptionMessage(ioe)));
- return null;
- }
- }
-
- /**
- * Create a new child DN from a given parent DN. The child RDN is formed
- * from a given attribute type and string value.
- * @param parentDN The DN of the parent.
- * @param rdnAttrType The attribute type of the RDN.
- * @param rdnStringValue The string value of the RDN.
- * @return A new child DN.
- */
- public static DN makeChildDN(DN parentDN, AttributeType rdnAttrType,
- String rdnStringValue)
+ private static DN makeChildDN(DN parentDN, AttributeType rdnAttrType, String rdnStringValue)
{
ByteString attrValue = ByteString.valueOfUtf8(rdnStringValue);
return parentDN.child(new RDN(rdnAttrType, attrValue));
@@ -1264,13 +1130,7 @@
return random.nextInt() & modulo;
}
- /**
- * Creates a PIN file on the specified path.
- * @param path the path where the PIN file will be created.
- * @param pin The PIN to store in the file.
- * @throws IOException if something goes wrong.
- */
- public static void createPINFile(String path, String pin)
+ private static void createPINFile(String path, String pin)
throws IOException
{
try (final FileWriter file = new FileWriter(path);
@@ -1281,8 +1141,7 @@
}
try {
- if (!FilePermission.setPermissions(new File(path),
- new FilePermission(0600)))
+ if (!FilePermission.setPermissions(new File(path), new FilePermission(0600)))
{
// Log a warning that the permissions were not set.
logger.warn(WARN_TRUSTSTORE_SET_PERMISSIONS_FAILED, path);
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java
index efcca04..747fe1e 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedKeyManagerProvider.java
@@ -33,15 +33,17 @@
import javax.net.ssl.KeyManagerFactory;
import org.forgerock.i18n.LocalizableMessage;
+import org.forgerock.i18n.LocalizableMessageDescriptor.Arg2;
+import org.forgerock.i18n.LocalizableMessageDescriptor.Arg3;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
+import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.server.config.server.FileBasedKeyManagerProviderCfg;
import org.opends.server.api.KeyManagerProvider;
import org.opends.server.core.DirectoryServer;
-import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
@@ -55,8 +57,6 @@
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
- /** The DN of the configuration entry for this key manager provider. */
- private DN configEntryDN;
/** The configuration for this key manager provider. */
private FileBasedKeyManagerProviderCfg currentConfig;
@@ -78,21 +78,21 @@
}
@Override
- public void initializeKeyManagerProvider(
- FileBasedKeyManagerProviderCfg configuration)
- throws ConfigException, InitializationException {
- // Store the DN of the configuration entry and register as a change listener
- currentConfig = configuration;
- configEntryDN = configuration.dn();
- configuration.addFileBasedChangeListener(this);
-
+ public void initializeKeyManagerProvider(FileBasedKeyManagerProviderCfg cfg)
+ throws ConfigException, InitializationException
+ {
final ConfigChangeResult ccr = new ConfigChangeResult();
- keyStoreFile = getKeyStoreFile(configuration, configEntryDN, ccr);
- keyStoreType = getKeyStoreType(configuration, configEntryDN, ccr);
- keyStorePIN = getKeyStorePIN(configuration, configEntryDN, ccr);
- if (!ccr.getMessages().isEmpty()) {
+
+ currentConfig = cfg;
+ keyStoreFile = getKeyStoreFile(cfg, ccr);
+ keyStoreType = getKeyStoreType(cfg, ccr);
+ keyStorePIN = getKeyStorePIN(cfg, ccr);
+ if (!ccr.getMessages().isEmpty())
+ {
throw new InitializationException(ccr.getMessages().get(0));
}
+
+ cfg.addFileBasedChangeListener(this);
}
@Override
@@ -102,20 +102,26 @@
}
@Override
- public boolean containsKeyWithAlias(String alias) {
- try {
+ public boolean containsKeyWithAlias(String alias)
+ {
+ try
+ {
KeyStore keyStore = getKeystore();
Enumeration<String> aliases = keyStore.aliases();
- while (aliases.hasMoreElements()) {
+ while (aliases.hasMoreElements())
+ {
String theAlias = aliases.nextElement();
- if (alias.equals(theAlias) && keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
+ if (alias.equals(theAlias) && keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class))
+ {
return true;
}
}
}
- catch (DirectoryException | KeyStoreException e) {
+ catch (DirectoryException | KeyStoreException e)
+ {
+ // Ignore.
+ logger.traceException(e);
}
-
return false;
}
@@ -133,10 +139,7 @@
}
catch (Exception e)
{
- logger.traceException(e);
-
- LocalizableMessage message = ERR_FILE_KEYMANAGER_CANNOT_LOAD.get(
- keyStoreFile, getExceptionMessage(e));
+ LocalizableMessage message = ERR_FILE_KEYMANAGER_CANNOT_LOAD.get(keyStoreFile, getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
}
@@ -155,8 +158,7 @@
}
String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory keyManagerFactory =
- KeyManagerFactory.getInstance(keyManagerAlgorithm);
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerAlgorithm);
keyManagerFactory.init(keyStore, keyStorePIN);
return keyManagerFactory.getKeyManagers();
}
@@ -164,8 +166,7 @@
{
logger.traceException(e);
- LocalizableMessage message = ERR_FILE_KEYMANAGER_CANNOT_CREATE_FACTORY.get(
- keyStoreFile, getExceptionMessage(e));
+ LocalizableMessage message = ERR_FILE_KEYMANAGER_CANNOT_CREATE_FACTORY.get(keyStoreFile, getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
}
@@ -198,42 +199,38 @@
}
@Override
- public boolean isConfigurationAcceptable(
- FileBasedKeyManagerProviderCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
+ public boolean isConfigurationAcceptable(FileBasedKeyManagerProviderCfg cfg,
+ List<LocalizableMessage> unacceptableReasons)
{
- return isConfigurationChangeAcceptable(configuration, unacceptableReasons);
+ return isConfigurationChangeAcceptable(cfg, unacceptableReasons);
}
@Override
- public boolean isConfigurationChangeAcceptable(
- FileBasedKeyManagerProviderCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
+ public boolean isConfigurationChangeAcceptable(FileBasedKeyManagerProviderCfg cfg,
+ List<LocalizableMessage> unacceptableReasons)
{
int startSize = unacceptableReasons.size();
- DN cfgEntryDN = configuration.dn();
final ConfigChangeResult ccr = new ConfigChangeResult();
- getKeyStoreFile(configuration, cfgEntryDN, ccr);
- getKeyStoreType(configuration, cfgEntryDN, ccr);
- getKeyStorePIN(configuration, cfgEntryDN, ccr);
+ getKeyStoreFile(cfg, ccr);
+ getKeyStoreType(cfg, ccr);
+ getKeyStorePIN(cfg, ccr);
unacceptableReasons.addAll(ccr.getMessages());
return startSize == unacceptableReasons.size();
}
@Override
- public ConfigChangeResult applyConfigurationChange(
- FileBasedKeyManagerProviderCfg configuration)
+ public ConfigChangeResult applyConfigurationChange(FileBasedKeyManagerProviderCfg cfg)
{
final ConfigChangeResult ccr = new ConfigChangeResult();
- String newKeyStoreFile = getKeyStoreFile(configuration, configEntryDN, ccr);
- String newKeyStoreType = getKeyStoreType(configuration, configEntryDN, ccr);
- char[] newPIN = getKeyStorePIN(configuration, configEntryDN, ccr);
+ String newKeyStoreFile = getKeyStoreFile(cfg, ccr);
+ String newKeyStoreType = getKeyStoreType(cfg, ccr);
+ char[] newPIN = getKeyStorePIN(cfg, ccr);
if (ccr.getResultCode() == ResultCode.SUCCESS)
{
- currentConfig = configuration;
+ currentConfig = cfg;
keyStorePIN = newPIN;
keyStoreFile = newKeyStoreFile;
keyStoreType = newKeyStoreType;
@@ -243,141 +240,127 @@
}
/** Get the path to the key store file. */
- private String getKeyStoreFile(FileBasedKeyManagerProviderCfg configuration, DN cfgEntryDN,
- final ConfigChangeResult ccr)
+ private String getKeyStoreFile(FileBasedKeyManagerProviderCfg cfg, ConfigChangeResult ccr)
{
- String keyStoreFile = configuration.getKeyStoreFile();
- try
+ String keyStoreFile = cfg.getKeyStoreFile();
+ File f = getFileForPath(keyStoreFile);
+ if (!f.exists() || !f.isFile())
{
- File f = getFileForPath(keyStoreFile);
- if (!f.exists() || !f.isFile())
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_NO_SUCH_FILE.get(keyStoreFile, cfgEntryDN));
- }
- }
- catch (Exception e)
- {
- logger.traceException(e);
-
ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_CANNOT_DETERMINE_FILE.get(cfgEntryDN, getExceptionMessage(e)));
+ ccr.addMessage(ERR_FILE_KEYMANAGER_NO_SUCH_FILE.get(keyStoreFile, cfg.dn()));
}
return keyStoreFile;
}
/** Get the keystore type. If none is specified, then use the default type. */
- private String getKeyStoreType(FileBasedKeyManagerProviderCfg configuration, DN cfgEntryDN,
- final ConfigChangeResult ccr)
+ private String getKeyStoreType(FileBasedKeyManagerProviderCfg cfg, ConfigChangeResult ccr)
{
- if (configuration.getKeyStoreType() != null)
+ if (cfg.getKeyStoreType() != null)
{
try
{
- KeyStore.getInstance(configuration.getKeyStoreType());
- return configuration.getKeyStoreType();
+ KeyStore.getInstance(cfg.getKeyStoreType());
+ return cfg.getKeyStoreType();
}
- catch (KeyStoreException kse)
+ catch (KeyStoreException e)
{
- logger.traceException(kse);
-
+ logger.traceException(e);
ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_INVALID_TYPE.get(
- configuration.getKeyStoreType(), cfgEntryDN, getExceptionMessage(kse)));
+ ccr.addMessage(ERR_FILE_KEYMANAGER_INVALID_TYPE.get(cfg.getKeyStoreType(), cfg.dn(), getExceptionMessage(e)));
}
}
return KeyStore.getDefaultType();
}
- /**
- * Get the PIN needed to access the contents of the keystore file.
- * <p>
- * We will offer several places to look for the PIN, and we will do so in the following order:
- * <ol>
- * <li>In a specified Java property</li>
- * <li>In a specified environment variable</li>
- * <li>In a specified file on the server filesystem</li>
- * <li>As the value of a configuration attribute.</li>
- * <ol>
- * In any case, the PIN must be in the clear.
- * <p>
- * It is acceptable to have no PIN (OPENDJ-18)
- */
- private char[] getKeyStorePIN(FileBasedKeyManagerProviderCfg configuration, DN cfgEntryDN,
- final ConfigChangeResult ccr)
+ private char[] getKeyStorePIN(FileBasedKeyManagerProviderCfg cfg, ConfigChangeResult ccr)
{
- if (configuration.getKeyStorePinProperty() != null)
+ try
{
- String propertyName = configuration.getKeyStorePinProperty();
- String pinStr = System.getProperty(propertyName);
-
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_PIN_PROPERTY_NOT_SET.get(propertyName, cfgEntryDN));
- }
- else
- {
- return pinStr.toCharArray();
- }
+ return getKeyStorePIN(cfg.getKeyStorePinProperty(),
+ cfg.getKeyStorePinEnvironmentVariable(),
+ cfg.getKeyStorePinFile(),
+ cfg.getKeyStorePin(),
+ cfg.dn(),
+ ERR_FILE_KEYMANAGER_PIN_PROPERTY_NOT_SET,
+ ERR_FILE_KEYMANAGER_PIN_ENVAR_NOT_SET,
+ ERR_FILE_KEYMANAGER_PIN_NO_SUCH_FILE,
+ ERR_FILE_KEYMANAGER_PIN_FILE_CANNOT_READ,
+ ERR_FILE_KEYMANAGER_PIN_FILE_EMPTY);
}
- else if (configuration.getKeyStorePinEnvironmentVariable() != null)
- {
- String enVarName = configuration.getKeyStorePinEnvironmentVariable();
- String pinStr = System.getenv(enVarName);
-
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_PIN_ENVAR_NOT_SET.get(enVarName, cfgEntryDN));
- }
- else
- {
- return pinStr.toCharArray();
- }
- }
- else if (configuration.getKeyStorePinFile() != null)
- {
- String fileName = configuration.getKeyStorePinFile();
- File pinFile = getFileForPath(fileName);
-
- if (!pinFile.exists())
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_PIN_NO_SUCH_FILE.get(fileName, cfgEntryDN));
- }
- else
- {
- String pinStr = readPinFromFile(pinFile, fileName, ccr);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_PIN_FILE_EMPTY.get(fileName, cfgEntryDN));
- }
- else
- {
- return pinStr.toCharArray();
- }
- }
- }
- else if (configuration.getKeyStorePin() != null)
- {
- return configuration.getKeyStorePin().toCharArray();
- }
- return null;
- }
-
- private String readPinFromFile(File pinFile, String fileName, ConfigChangeResult ccr)
- {
- try (BufferedReader br = new BufferedReader(new FileReader(pinFile)))
- {
- return br.readLine();
- }
- catch (IOException ioe)
+ catch (InitializationException e)
{
ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_KEYMANAGER_PIN_FILE_CANNOT_READ.get(fileName, configEntryDN, getExceptionMessage(ioe)));
+ ccr.addMessage(e.getMessageObject());
return null;
}
}
+
+ /**
+ * Returns the PIN needed to access the contents of a key store. We will offer several places to look for the PIN,
+ * and we will do so in the following order:
+ * <ol>
+ * <li>In a specified Java property</li>
+ * <li>In a specified environment variable</li>
+ * <li>In a specified file on the server filesystem</li>
+ * <li>As the value of a configuration attribute.</li>
+ * </ol>
+ * In any case, the PIN must be in the clear.
+ * <p>
+ * It is acceptable to have no PIN (OPENDJ-18).
+ */
+ static char[] getKeyStorePIN(final String pinProperty, final String pinEnvVar, final String pinFileName,
+ final String pinString, final DN cfgDN, final Arg2<Object, Object> propertyNotSetMsg,
+ final Arg2<Object, Object> envVarNotSetMsg, final Arg2<Object, Object> noSuchFileMsg,
+ final Arg3<Object, Object, Object> fileCannotReadMsg,
+ final Arg2<Object, Object> fileEmptyMsg) throws InitializationException
+ {
+ if (pinProperty != null)
+ {
+ final String pin = System.getProperty(pinProperty);
+ if (pin == null)
+ {
+ throw new InitializationException(propertyNotSetMsg.get(pinProperty, cfgDN));
+ }
+ return pin.toCharArray();
+ }
+
+ if (pinEnvVar != null)
+ {
+ final String pin = System.getenv(pinEnvVar);
+ if (pin == null)
+ {
+ throw new InitializationException(envVarNotSetMsg.get(pinEnvVar, cfgDN));
+ }
+ return pin.toCharArray();
+ }
+
+ if (pinFileName != null)
+ {
+ final File pinFile = getFileForPath(pinFileName);
+ if (pinFile.exists())
+ {
+ String pin;
+ try (BufferedReader br = new BufferedReader(new FileReader(pinFile)))
+ {
+ pin = br.readLine();
+ }
+ catch (IOException e)
+ {
+ final LocalizableMessage msg = fileCannotReadMsg.get(pinFileName, cfgDN, getExceptionMessage(e));
+ throw new InitializationException(msg, e);
+ }
+ if (pin == null)
+ {
+ throw new InitializationException(fileEmptyMsg.get(pinFileName, cfgDN));
+ }
+ return pin.toCharArray();
+ }
+ else
+ {
+ throw new InitializationException(noSuchFileMsg.get(pinFileName, cfgDN));
+ }
+ }
+
+ return pinString != null ? pinString.toCharArray() : null;
+ }
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
index fb842ff..dc67410 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/FileBasedTrustManagerProvider.java
@@ -17,12 +17,10 @@
package org.opends.server.extensions;
import org.forgerock.i18n.LocalizableMessage;
-import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
-import java.io.FileReader;
-import java.io.IOException;
-import java.security.*;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -36,13 +34,13 @@
import org.opends.server.core.DirectoryServer;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.opends.server.types.DirectoryException;
-import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.InitializationException;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.util.ExpirationCheckTrustManager;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import static org.opends.messages.ExtensionMessages.*;
+import static org.opends.server.extensions.FileBasedKeyManagerProvider.getKeyStorePIN;
import static org.opends.server.util.StaticUtils.*;
/**
@@ -55,9 +53,6 @@
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
- /** The DN of the configuration entry for this trust manager provider. */
- private DN configEntryDN;
-
/** The PIN needed to access the trust store. */
private char[] trustStorePIN;
@@ -81,143 +76,21 @@
}
@Override
- public void initializeTrustManagerProvider(
- FileBasedTrustManagerProviderCfg configuration)
- throws ConfigException, InitializationException
+ public void initializeTrustManagerProvider(FileBasedTrustManagerProviderCfg cfg)
+ throws ConfigException, InitializationException
{
- // Store the DN of the configuration entry and register to listen for any
- // changes to the configuration entry.
- currentConfig = configuration;
- configEntryDN = configuration.dn();
- configuration.addFileBasedChangeListener(this);
+ final ConfigChangeResult ccr = new ConfigChangeResult();
- // Get the path to the trust store file.
- trustStoreFile = configuration.getTrustStoreFile();
- File f = getFileForPath(trustStoreFile);
- if (!f.exists() || !f.isFile())
+ currentConfig = cfg;
+ trustStoreFile = getTrustStoreFile(cfg, ccr);
+ trustStoreType = getTrustStoreType(cfg, ccr);
+ trustStorePIN = getTrustStorePIN(cfg, ccr);
+ if (!ccr.getMessages().isEmpty())
{
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_NO_SUCH_FILE.get(trustStoreFile, configEntryDN);
- throw new InitializationException(message);
+ throw new InitializationException(ccr.getMessages().get(0));
}
- // Get the trust store type. If none is specified, then use the default
- // type.
- trustStoreType = configuration.getTrustStoreType();
- if (trustStoreType == null)
- {
- trustStoreType = KeyStore.getDefaultType();
- }
-
- try
- {
- KeyStore.getInstance(trustStoreType);
- }
- catch (KeyStoreException kse)
- {
- logger.traceException(kse);
-
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_INVALID_TYPE.
- get(trustStoreType, configEntryDN, getExceptionMessage(kse));
- throw new InitializationException(message);
- }
-
- // Get the PIN needed to access the contents of the trust store file. We
- // will offer several places to look for the PIN, and we will do so in the
- // following order:
- // - In a specified Java property
- // - In a specified environment variable
- // - In a specified file on the server filesystem.
- // - As the value of a configuration attribute.
- // In any case, the PIN must be in the clear. If no PIN is provided, then
- // it will be assumed that none is required to access the information in the
- // trust store.
- String pinProperty = configuration.getTrustStorePinProperty();
- if (pinProperty == null)
- {
- String pinEnVar = configuration.getTrustStorePinEnvironmentVariable();
- if (pinEnVar == null)
- {
- String pinFilePath = configuration.getTrustStorePinFile();
- if (pinFilePath == null)
- {
- String pinStr = configuration.getTrustStorePin();
- if (pinStr == null)
- {
- trustStorePIN = null;
- }
- else
- {
- trustStorePIN = pinStr.toCharArray();
- }
- }
- else
- {
- File pinFile = getFileForPath(pinFilePath);
- if (! pinFile.exists())
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE.get(pinFilePath, configEntryDN);
- throw new InitializationException(message);
- }
- else
- {
- String pinStr;
-
- BufferedReader br = null;
- try
- {
- br = new BufferedReader(new FileReader(pinFile));
- pinStr = br.readLine();
- }
- catch (IOException ioe)
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_FILE_CANNOT_READ.
- get(pinFilePath, configEntryDN, getExceptionMessage(ioe));
- throw new InitializationException(message, ioe);
- }
- finally
- {
- close(br);
- }
-
- if (pinStr == null)
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_FILE_EMPTY.get(pinFilePath, configEntryDN);
- throw new InitializationException(message);
- }
- else
- {
- trustStorePIN = pinStr.toCharArray();
- }
- }
- }
- }
- else
- {
- String pinStr = System.getenv(pinEnVar);
- if (pinStr == null)
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET.get(pinProperty, configEntryDN);
- throw new InitializationException(message);
- }
- else
- {
- trustStorePIN = pinStr.toCharArray();
- }
- }
- }
- else
- {
- String pinStr = System.getProperty(pinProperty);
- if (pinStr == null)
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET.get(pinProperty, configEntryDN);
- throw new InitializationException(message);
- }
- else
- {
- trustStorePIN = pinStr.toCharArray();
- }
- }
+ cfg.addFileBasedChangeListener(this);
}
@Override
@@ -227,41 +100,31 @@
}
@Override
- public TrustManager[] getTrustManagers()
- throws DirectoryException
+ public TrustManager[] getTrustManagers() throws DirectoryException
{
KeyStore trustStore;
- try
+ try (FileInputStream inputStream = new FileInputStream(getFileForPath(trustStoreFile)))
{
trustStore = KeyStore.getInstance(trustStoreType);
-
- FileInputStream inputStream =
- new FileInputStream(getFileForPath(trustStoreFile));
trustStore.load(inputStream, trustStorePIN);
- inputStream.close();
}
catch (Exception e)
{
logger.traceException(e);
-
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_CANNOT_LOAD.get(
- trustStoreFile, getExceptionMessage(e));
- throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
- message, e);
+ LocalizableMessage message = ERR_FILE_TRUSTMANAGER_CANNOT_LOAD.get(trustStoreFile, getExceptionMessage(e));
+ throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
try
{
String trustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory trustManagerFactory =
- TrustManagerFactory.getInstance(trustManagerAlgorithm);
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithm);
trustManagerFactory.init(trustStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
TrustManager[] newTrustManagers = new TrustManager[trustManagers.length];
for (int i=0; i < trustManagers.length; i++)
{
- newTrustManagers[i] = new ExpirationCheckTrustManager(
- (X509TrustManager) trustManagers[i]);
+ newTrustManagers[i] = new ExpirationCheckTrustManager((X509TrustManager) trustManagers[i]);
}
return newTrustManagers;
}
@@ -269,272 +132,107 @@
{
logger.traceException(e);
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_CANNOT_CREATE_FACTORY.get(
- trustStoreFile, getExceptionMessage(e));
- throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
- message, e);
+ LocalizableMessage message =
+ ERR_FILE_TRUSTMANAGER_CANNOT_CREATE_FACTORY.get(trustStoreFile, getExceptionMessage(e));
+ throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
}
@Override
- public boolean isConfigurationAcceptable(
- TrustManagerProviderCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
+ public boolean isConfigurationAcceptable(TrustManagerProviderCfg cfg, List<LocalizableMessage> unacceptableReasons)
{
- FileBasedTrustManagerProviderCfg config =
- (FileBasedTrustManagerProviderCfg) configuration;
+ FileBasedTrustManagerProviderCfg config = (FileBasedTrustManagerProviderCfg) cfg;
return isConfigurationChangeAcceptable(config, unacceptableReasons);
}
@Override
- public boolean isConfigurationChangeAcceptable(
- FileBasedTrustManagerProviderCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
+ public boolean isConfigurationChangeAcceptable(FileBasedTrustManagerProviderCfg cfg,
+ List<LocalizableMessage> unacceptableReasons)
{
- boolean configAcceptable = true;
- DN cfgEntryDN = configuration.dn();
+ int startSize = unacceptableReasons.size();
- // Get the path to the trust store file.
- String newTrustStoreFile = configuration.getTrustStoreFile();
- try
- {
- File f = getFileForPath(newTrustStoreFile);
- if (!f.exists() || !f.isFile())
- {
- unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_NO_SUCH_FILE.get(newTrustStoreFile, cfgEntryDN));
- configAcceptable = false;
- }
- }
- catch (Exception e)
- {
- logger.traceException(e);
+ final ConfigChangeResult ccr = new ConfigChangeResult();
+ getTrustStoreFile(cfg, ccr);
+ getTrustStoreType(cfg, ccr);
+ getTrustStorePIN(cfg, ccr);
+ unacceptableReasons.addAll(ccr.getMessages());
- unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_CANNOT_DETERMINE_FILE.get(cfgEntryDN, getExceptionMessage(e)));
- configAcceptable = false;
- }
-
- // Check to see if the trust store type is acceptable.
- String storeType = configuration.getTrustStoreType();
- if (storeType != null)
- {
- try
- {
- KeyStore.getInstance(storeType);
- }
- catch (KeyStoreException kse)
- {
- logger.traceException(kse);
-
- unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_INVALID_TYPE.get(
- storeType, cfgEntryDN, getExceptionMessage(kse)));
- configAcceptable = false;
- }
- }
-
- // If there is a PIN property, then make sure the corresponding
- // property is set.
- String pinProp = configuration.getTrustStorePinProperty();
- if (pinProp != null && System.getProperty(pinProp) == null)
- {
- unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET.get(pinProp, cfgEntryDN));
- configAcceptable = false;
- }
-
- // If there is a PIN environment variable, then make sure the corresponding
- // environment variable is set.
- String pinEnVar = configuration.getTrustStorePinEnvironmentVariable();
- if (pinEnVar != null && System.getenv(pinEnVar) == null)
- {
- unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET.get(pinEnVar, cfgEntryDN));
- configAcceptable = false;
- }
-
- // If there is a PIN file, then make sure the file exists and is readable.
- String pinFile = configuration.getTrustStorePinFile();
- if (pinFile != null)
- {
- File f = getFileForPath(pinFile);
- if (f.exists())
- {
- String pinStr = null;
-
- BufferedReader br = null;
- try
- {
- br = new BufferedReader(new FileReader(f));
- pinStr = br.readLine();
- }
- catch (IOException ioe)
- {
- unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_PIN_FILE_CANNOT_READ.get(
- pinFile, cfgEntryDN, getExceptionMessage(ioe)));
- configAcceptable = false;
- }
- finally
- {
- close(br);
- }
-
- if (pinStr == null)
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_FILE_EMPTY.get(pinFile, cfgEntryDN);
- unacceptableReasons.add(message);
- configAcceptable = false;
- }
- }
- else
- {
- LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE.get(pinFile, cfgEntryDN);
- unacceptableReasons.add(message);
- configAcceptable = false;
- }
- }
-
- return configAcceptable;
+ return startSize == unacceptableReasons.size();
}
@Override
- public ConfigChangeResult applyConfigurationChange(
- FileBasedTrustManagerProviderCfg configuration)
+ public ConfigChangeResult applyConfigurationChange(FileBasedTrustManagerProviderCfg cfg)
{
final ConfigChangeResult ccr = new ConfigChangeResult();
-
- // Get the path to the trust store file.
- String newTrustStoreFile = configuration.getTrustStoreFile();
- File f = getFileForPath(newTrustStoreFile);
- if (!f.exists() || !f.isFile())
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_NO_SUCH_FILE.get(newTrustStoreFile, configEntryDN));
- }
-
- // Get the trust store type. If none is specified, then use the default type.
- String newTrustStoreType = configuration.getTrustStoreType();
- if (newTrustStoreType == null)
- {
- newTrustStoreType = KeyStore.getDefaultType();
- }
-
- try
- {
- KeyStore.getInstance(newTrustStoreType);
- }
- catch (KeyStoreException kse)
- {
- logger.traceException(kse);
-
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_INVALID_TYPE.get(
- newTrustStoreType, configEntryDN, getExceptionMessage(kse)));
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- }
-
- // Get the PIN needed to access the contents of the trust store file. We
- // will offer several places to look for the PIN, and we will do so in the
- // following order:
- // - In a specified Java property
- // - In a specified environment variable
- // - In a specified file on the server filesystem.
- // - As the value of a configuration attribute.
- // In any case, the PIN must be in the clear. If no PIN is provided, then
- // it will be assumed that none is required to access the information in the
- // trust store.
- char[] newPIN = null;
- String newPINProperty = configuration.getTrustStorePinProperty();
- if (newPINProperty == null)
- {
- String newPINEnVar = configuration.getTrustStorePinEnvironmentVariable();
- if (newPINEnVar == null)
- {
- String newPINFile = configuration.getTrustStorePinFile();
- if (newPINFile == null)
- {
- String pinStr = configuration.getTrustStorePin();
- if (pinStr == null)
- {
- newPIN = null;
- }
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
- else
- {
- File pinFile = getFileForPath(newPINFile);
- if (! pinFile.exists())
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE.get(newPINFile, configEntryDN));
- }
- else
- {
- String pinStr = null;
-
- BufferedReader br = null;
- try
- {
- br = new BufferedReader(new FileReader(pinFile));
- pinStr = br.readLine();
- }
- catch (IOException ioe)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_PIN_FILE_CANNOT_READ.get(
- newPINFile, configEntryDN, getExceptionMessage(ioe)));
- }
- finally
- {
- close(br);
- }
-
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_PIN_FILE_EMPTY.get(newPINFile, configEntryDN));
- }
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
- }
- }
- else
- {
- String pinStr = System.getenv(newPINEnVar);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET.get(newPINEnVar, configEntryDN));
- }
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
- }
- else
- {
- String pinStr = System.getProperty(newPINProperty);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET.get(newPINProperty, configEntryDN));
- }
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
+ String newTrustStoreFile = getTrustStoreFile(cfg, ccr);
+ String newTrustStoreType = getTrustStoreType(cfg, ccr);
+ char[] newPIN = getTrustStorePIN(cfg, ccr);
if (ccr.getResultCode() == ResultCode.SUCCESS)
{
- trustStoreFile = newTrustStoreFile;
- trustStoreType = newTrustStoreType;
- trustStorePIN = newPIN;
- currentConfig = configuration;
+ currentConfig = cfg;
+ trustStorePIN = newPIN;
+ trustStoreFile = newTrustStoreFile;
+ trustStoreType = newTrustStoreType;
}
return ccr;
}
+
+ /** Get the path to the key store file. */
+ private String getTrustStoreFile(FileBasedTrustManagerProviderCfg cfg, ConfigChangeResult ccr)
+ {
+ final String keyStoreFile = cfg.getTrustStoreFile();
+ final File f = getFileForPath(keyStoreFile);
+ if (!f.exists() || !f.isFile())
+ {
+ ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
+ ccr.addMessage(ERR_FILE_TRUSTMANAGER_NO_SUCH_FILE.get(keyStoreFile, cfg.dn()));
+ }
+ return keyStoreFile;
+ }
+
+ /** Get the keystore type. If none is specified, then use the default type. */
+ private String getTrustStoreType(FileBasedTrustManagerProviderCfg cfg, ConfigChangeResult ccr)
+ {
+ final String trustStoreType = cfg.getTrustStoreType();
+ if (trustStoreType != null)
+ {
+ try
+ {
+ KeyStore.getInstance(trustStoreType);
+ return trustStoreType;
+ }
+ catch (KeyStoreException e)
+ {
+ logger.traceException(e);
+ ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
+ ccr.addMessage(ERR_FILE_TRUSTMANAGER_INVALID_TYPE.get(trustStoreType, cfg.dn(), getExceptionMessage(e)));
+ }
+ }
+ return KeyStore.getDefaultType();
+ }
+
+ private char[] getTrustStorePIN(FileBasedTrustManagerProviderCfg cfg, ConfigChangeResult ccr)
+ {
+ try
+ {
+ return getKeyStorePIN(cfg.getTrustStorePinProperty(),
+ cfg.getTrustStorePinEnvironmentVariable(),
+ cfg.getTrustStorePinFile(),
+ cfg.getTrustStorePin(),
+ cfg.dn(),
+ ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET,
+ ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET,
+ ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE,
+ ERR_FILE_TRUSTMANAGER_PIN_FILE_CANNOT_READ,
+ ERR_FILE_TRUSTMANAGER_PIN_FILE_EMPTY);
+ }
+ catch (InitializationException e)
+ {
+ ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
+ ccr.addMessage(e.getMessageObject());
+ return null;
+ }
+ }
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PKCS11KeyManagerProvider.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PKCS11KeyManagerProvider.java
index 771fd7d..bf07ed8 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PKCS11KeyManagerProvider.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PKCS11KeyManagerProvider.java
@@ -19,10 +19,6 @@
import static org.opends.messages.ExtensionMessages.*;
import static org.opends.server.util.StaticUtils.*;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
import java.security.KeyStore;
import java.util.List;
@@ -34,377 +30,136 @@
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
-import org.forgerock.opendj.ldap.DN;
-import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.server.config.server.PKCS11KeyManagerProviderCfg;
import org.opends.server.api.KeyManagerProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
-import org.opends.server.util.StaticUtils;
/**
* This class defines a key manager provider that will access keys stored on a
* PKCS#11 device. It will use the Java PKCS#11 interface, which may need to be
* configured on the underlying system.
*/
-public class PKCS11KeyManagerProvider
- extends KeyManagerProvider<PKCS11KeyManagerProviderCfg>
- implements ConfigurationChangeListener<PKCS11KeyManagerProviderCfg>
+public class PKCS11KeyManagerProvider extends KeyManagerProvider<PKCS11KeyManagerProviderCfg> implements
+ ConfigurationChangeListener<PKCS11KeyManagerProviderCfg>
{
- private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
+ private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
+ /** The keystore type to use when accessing the PKCS#11 keystore. */
+ private static final String PKCS11_KEYSTORE_TYPE = "PKCS11";
+ /** The PIN needed to access the keystore. */
+ private char[] keyStorePIN;
+ /** The current configuration for this key manager provider. */
+ private PKCS11KeyManagerProviderCfg currentConfig;
- /** The keystore type to use when accessing the PKCS#11 keystore. */
- public static final String PKCS11_KEYSTORE_TYPE = "PKCS11";
-
- /** The DN of the configuration entry for this key manager provider. */
- private DN configEntryDN;
-
- /** The PIN needed to access the keystore. */
- private char[] keyStorePIN;
-
- /** The current configuration for this key manager provider. */
- private PKCS11KeyManagerProviderCfg currentConfig;
-
- /**
- * Creates a new instance of this PKCS#11 key manager provider. The
- * <CODE>initializeKeyManagerProvider</CODE> method must be called on the
- * resulting object before it may be used.
- */
- public PKCS11KeyManagerProvider()
- {
- // No implementation is required.
- }
-
- @Override
- public void initializeKeyManagerProvider(
- PKCS11KeyManagerProviderCfg configuration)
- throws ConfigException, InitializationException
- {
- // Store the DN of the configuration entry and register to be notified of
- // configuration changes.
- currentConfig = configuration;
- configEntryDN = configuration.dn();
- configuration.addPKCS11ChangeListener(this);
-
- // Get the PIN needed to access the contents of the PKCS#11
- // keystore. We will offer several places to look for the PIN, and
- // we will do so in the following order:
- //
- // - In a specified Java property
- // - In a specified environment variable
- // - In a specified file on the server filesystem.
- // - As the value of a configuration attribute.
- //
- // In any case, the PIN must be in the clear.
- keyStorePIN = null;
-
- if (configuration.getKeyStorePinProperty() != null) {
- String propertyName = configuration.getKeyStorePinProperty();
- String pinStr = System.getProperty(propertyName);
-
- if (pinStr == null) {
- LocalizableMessage message = ERR_PKCS11_KEYMANAGER_PIN_PROPERTY_NOT_SET.get(
- propertyName, configEntryDN);
- throw new InitializationException(message);
- }
-
- keyStorePIN = pinStr.toCharArray();
- } else if (configuration.getKeyStorePinEnvironmentVariable() != null) {
- String enVarName = configuration
- .getKeyStorePinEnvironmentVariable();
- String pinStr = System.getenv(enVarName);
-
- if (pinStr == null) {
- LocalizableMessage message = ERR_PKCS11_KEYMANAGER_PIN_ENVAR_NOT_SET.get(
- enVarName, configEntryDN);
- throw new InitializationException(message);
- }
-
- keyStorePIN = pinStr.toCharArray();
- } else if (configuration.getKeyStorePinFile() != null) {
- String fileName = configuration.getKeyStorePinFile();
- File pinFile = getFileForPath(fileName);
-
- if (!pinFile.exists()) {
- LocalizableMessage message = ERR_PKCS11_KEYMANAGER_PIN_NO_SUCH_FILE.get(fileName, configEntryDN);
- throw new InitializationException(message);
- }
-
- String pinStr;
- try {
- BufferedReader br = new BufferedReader(
- new FileReader(pinFile));
- pinStr = br.readLine();
- br.close();
- } catch (IOException ioe) {
- logger.traceException(ioe);
-
- LocalizableMessage message = ERR_PKCS11_KEYMANAGER_PIN_FILE_CANNOT_READ.
- get(fileName, configEntryDN, getExceptionMessage(ioe));
- throw new InitializationException(message, ioe);
- }
-
- if (pinStr == null) {
- LocalizableMessage message = ERR_PKCS11_KEYMANAGER_PIN_FILE_EMPTY.get(fileName, configEntryDN);
- throw new InitializationException(message);
- }
-
- keyStorePIN = pinStr.toCharArray();
- } else if (configuration.getKeyStorePin() != null) {
- keyStorePIN = configuration.getKeyStorePin().toCharArray();
- }
- }
-
- @Override
- public void finalizeKeyManagerProvider()
- {
- currentConfig.removePKCS11ChangeListener(this);
- }
-
- @Override
- public KeyManager[] getKeyManagers()
- throws DirectoryException
- {
- KeyStore keyStore;
- try
- {
- keyStore = KeyStore.getInstance(PKCS11_KEYSTORE_TYPE);
- keyStore.load(null, keyStorePIN);
- }
- catch (Exception e)
- {
- logger.traceException(e);
-
- LocalizableMessage message =
- ERR_PKCS11_KEYMANAGER_CANNOT_LOAD.get(getExceptionMessage(e));
- throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
- message, e);
+ /**
+ * Creates a new instance of this PKCS#11 key manager provider. The
+ * <CODE>initializeKeyManagerProvider</CODE> method must be called on the
+ * resulting object before it may be used.
+ */
+ public PKCS11KeyManagerProvider() {
+ // No implementation is required.
}
- try
+ @Override
+ public void initializeKeyManagerProvider(PKCS11KeyManagerProviderCfg configuration)
+ throws ConfigException, InitializationException
{
- String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory keyManagerFactory =
- KeyManagerFactory.getInstance(keyManagerAlgorithm);
- keyManagerFactory.init(keyStore, keyStorePIN);
- return keyManagerFactory.getKeyManagers();
+ currentConfig = configuration;
+ keyStorePIN = getKeyStorePIN(configuration);
+ configuration.addPKCS11ChangeListener(this);
}
- catch (Exception e)
- {
- logger.traceException(e);
- LocalizableMessage message = ERR_PKCS11_KEYMANAGER_CANNOT_CREATE_FACTORY.get(
- getExceptionMessage(e));
- throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
- message, e);
+ private char[] getKeyStorePIN(PKCS11KeyManagerProviderCfg cfg) throws InitializationException
+ {
+ return FileBasedKeyManagerProvider.getKeyStorePIN(cfg.getKeyStorePinProperty(),
+ cfg.getKeyStorePinEnvironmentVariable(),
+ cfg.getKeyStorePinFile(),
+ cfg.getKeyStorePin(),
+ cfg.dn(),
+ ERR_PKCS11_KEYMANAGER_PIN_PROPERTY_NOT_SET,
+ ERR_PKCS11_KEYMANAGER_PIN_ENVAR_NOT_SET,
+ ERR_PKCS11_KEYMANAGER_PIN_NO_SUCH_FILE,
+ ERR_PKCS11_KEYMANAGER_PIN_FILE_CANNOT_READ,
+ ERR_PKCS11_KEYMANAGER_PIN_FILE_EMPTY);
}
- }
- @Override
- public boolean isConfigurationAcceptable(
- PKCS11KeyManagerProviderCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- return isConfigurationChangeAcceptable(configuration, unacceptableReasons);
- }
-
- @Override
- public boolean isConfigurationChangeAcceptable(
- PKCS11KeyManagerProviderCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- boolean configAcceptable = true;
- DN cfgEntryDN = configuration.dn();
-
-
- // Get the PIN needed to access the contents of the keystore file.
- //
- // We will offer several places to look for the PIN, and we will
- // do so in the following order:
- //
- // - In a specified Java property
- // - In a specified environment variable
- // - In a specified file on the server filesystem.
- // - As the value of a configuration attribute.
- //
- // In any case, the PIN must be in the clear.
- //
- // It is acceptable to have no PIN (OPENDJ-18)
- if (configuration.getKeyStorePinProperty() != null)
+ @Override
+ public void finalizeKeyManagerProvider()
{
- String propertyName = configuration.getKeyStorePinProperty();
- String pinStr = System.getProperty(propertyName);
-
- if (pinStr == null)
- {
- unacceptableReasons.add(ERR_PKCS11_KEYMANAGER_PIN_PROPERTY_NOT_SET.get(propertyName, cfgEntryDN));
- configAcceptable = false;
- }
+ currentConfig.removePKCS11ChangeListener(this);
}
- else if (configuration.getKeyStorePinEnvironmentVariable() != null)
- {
- String enVarName = configuration.getKeyStorePinEnvironmentVariable();
- String pinStr = System.getenv(enVarName);
- if (pinStr == null)
- {
- unacceptableReasons.add(ERR_PKCS11_KEYMANAGER_PIN_ENVAR_NOT_SET.get(enVarName, configEntryDN));
- configAcceptable = false;
- }
- }
- else if (configuration.getKeyStorePinFile() != null)
+ @Override
+ public KeyManager[] getKeyManagers() throws DirectoryException
{
- String fileName = configuration.getKeyStorePinFile();
- File pinFile = getFileForPath(fileName);
-
- if (!pinFile.exists())
- {
- unacceptableReasons.add(ERR_PKCS11_KEYMANAGER_PIN_NO_SUCH_FILE.get(fileName, configEntryDN));
- configAcceptable = false;
- }
- else
- {
- String pinStr = null;
- BufferedReader br = null;
- try {
- br = new BufferedReader(new FileReader(pinFile));
- pinStr = br.readLine();
- }
- catch (IOException ioe)
+ KeyStore keyStore;
+ try
{
- unacceptableReasons.add(
- ERR_PKCS11_KEYMANAGER_PIN_FILE_CANNOT_READ.get(
- fileName, cfgEntryDN, getExceptionMessage(ioe)));
- configAcceptable = false;
+ keyStore = KeyStore.getInstance(PKCS11_KEYSTORE_TYPE);
+ keyStore.load(null, keyStorePIN);
}
- finally
+ catch (Exception e)
{
- StaticUtils.close(br);
+ logger.traceException(e);
+
+ LocalizableMessage message = ERR_PKCS11_KEYMANAGER_CANNOT_LOAD.get(getExceptionMessage(e));
+ throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
- if (pinStr == null)
+ try
{
- unacceptableReasons.add(ERR_PKCS11_KEYMANAGER_PIN_FILE_EMPTY.get(fileName, configEntryDN));
- configAcceptable = false;
+ String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerAlgorithm);
+ keyManagerFactory.init(keyStore, keyStorePIN);
+ return keyManagerFactory.getKeyManagers();
}
- }
- }
- else if (configuration.getKeyStorePin() != null)
- {
- String pinStr = configuration.getKeyStorePin();
- if (pinStr == null)
- {
- // We should have a pin from the configuration, but no.
- unacceptableReasons.add(
- ERR_PKCS11_KEYMANAGER_CANNOT_DETERMINE_PIN_FROM_ATTR.get(cfgEntryDN, null));
- configAcceptable = false;
- }
- }
-
- return configAcceptable;
- }
-
- @Override
- public ConfigChangeResult applyConfigurationChange(
- PKCS11KeyManagerProviderCfg configuration)
- {
- final ConfigChangeResult ccr = new ConfigChangeResult();
-
- // Get the PIN needed to access the contents of the keystore file.
- //
- // We will offer several places to look for the PIN, and we will
- // do so in the following order:
- //
- // - In a specified Java property
- // - In a specified environment variable
- // - In a specified file on the server filesystem.
- // - As the value of a configuration attribute.
- //
- // In any case, the PIN must be in the clear.
- char[] newPIN = null;
-
- if (configuration.getKeyStorePinProperty() != null)
- {
- String propertyName = configuration.getKeyStorePinProperty();
- String pinStr = System.getProperty(propertyName);
-
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_PKCS11_KEYMANAGER_PIN_PROPERTY_NOT_SET.get(propertyName, configEntryDN));
- }
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
- else if (configuration.getKeyStorePinEnvironmentVariable() != null)
- {
- String enVarName = configuration.getKeyStorePinEnvironmentVariable();
- String pinStr = System.getenv(enVarName);
-
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_PKCS11_KEYMANAGER_PIN_ENVAR_NOT_SET.get(enVarName, configEntryDN));
- }
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
- else if (configuration.getKeyStorePinFile() != null)
- {
- String fileName = configuration.getKeyStorePinFile();
- File pinFile = getFileForPath(fileName);
-
- if (!pinFile.exists())
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_PKCS11_KEYMANAGER_PIN_NO_SUCH_FILE.get(fileName, configEntryDN));
- }
- else
- {
- String pinStr = null;
- BufferedReader br = null;
- try {
- br = new BufferedReader(new FileReader(pinFile));
- pinStr = br.readLine();
- }
- catch (IOException ioe)
+ catch (Exception e)
{
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_PKCS11_KEYMANAGER_PIN_FILE_CANNOT_READ.get(
- fileName, configEntryDN, getExceptionMessage(ioe)));
- }
- finally
- {
- StaticUtils.close(br);
- }
+ logger.traceException(e);
- if (pinStr == null)
- {
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(ERR_PKCS11_KEYMANAGER_PIN_FILE_EMPTY.get(fileName, configEntryDN));
+ LocalizableMessage message = ERR_PKCS11_KEYMANAGER_CANNOT_CREATE_FACTORY.get(getExceptionMessage(e));
+ throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
}
- else
- {
- newPIN = pinStr.toCharArray();
- }
- }
}
- else if (configuration.getKeyStorePin() != null)
+
+ @Override
+ public boolean isConfigurationAcceptable(PKCS11KeyManagerProviderCfg configuration,
+ List<LocalizableMessage> unacceptableReasons)
{
- newPIN = configuration.getKeyStorePin().toCharArray();
+ return isConfigurationChangeAcceptable(configuration, unacceptableReasons);
}
- if (ccr.getResultCode() == ResultCode.SUCCESS)
+ @Override
+ public boolean isConfigurationChangeAcceptable(PKCS11KeyManagerProviderCfg configuration,
+ List<LocalizableMessage> unacceptableReasons)
{
- currentConfig = configuration;
- keyStorePIN = newPIN;
+ try
+ {
+ getKeyStorePIN(configuration);
+ return true;
+ }
+ catch (InitializationException e)
+ {
+ unacceptableReasons.add(e.getMessageObject());
+ return false;
+ }
}
- return ccr;
- }
+ @Override
+ public ConfigChangeResult applyConfigurationChange(PKCS11KeyManagerProviderCfg configuration)
+ {
+ final ConfigChangeResult ccr = new ConfigChangeResult();
+ try
+ {
+ keyStorePIN = getKeyStorePIN(configuration);
+ currentConfig = configuration;
+ }
+ catch (InitializationException e)
+ {
+ ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
+ ccr.addMessage(e.getMessageObject());
+ }
+ return ccr;
+ }
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/util/CertificateManager.java b/opendj-server-legacy/src/main/java/org/opends/server/util/CertificateManager.java
index f57212a..dd453b0 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/util/CertificateManager.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/util/CertificateManager.java
@@ -12,12 +12,14 @@
* information: "Portions Copyright [year] [name of copyright owner]".
*
* Copyright 2008-2010 Sun Microsystems, Inc.
- * Portions Copyright 2013-2015 ForgeRock AS.
+ * Portions Copyright 2013-2016 ForgeRock AS.
*/
package org.opends.server.util;
-import java.io.*;
-import java.security.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
@@ -95,7 +97,32 @@
return true;
}
-
+ /**
+ * Creates a new certificate manager instance with the provided information.
+ *
+ * @param keyStorePath The path to the key store file, or "NONE" if the key
+ * store type is "PKCS11". For the other key store
+ * types, the file does not need to exist if a new
+ * self-signed certificate or certificate signing
+ * request is to be generated, although the directory
+ * containing the file must exist. The key store file
+ * must exist if import or export operations are to be
+ * performed.
+ * @param keyStoreType The key store type to use. It should be one of
+ * {@code KEY_STORE_TYPE_JKS},
+ * {@code KEY_STORE_TYPE_JCEKS},
+ * {@code KEY_STORE_TYPE_PKCS11}, or
+ * {@code KEY_STORE_TYPE_PKCS12}.
+ * @param keyStorePassword The password required to access the key store.
+ * It may be {@code null}.
+ * @throws IllegalArgumentException If an argument is invalid or {@code null}.
+ *
+ */
+ public CertificateManager(String keyStorePath, String keyStoreType, String keyStorePassword)
+ throws IllegalArgumentException
+ {
+ this(keyStorePath, keyStoreType, keyStorePassword == null ? null : keyStorePassword.toCharArray());
+ }
/**
* Creates a new certificate manager instance with the provided information.
@@ -114,13 +141,12 @@
* {@code KEY_STORE_TYPE_PKCS11}, or
* {@code KEY_STORE_TYPE_PKCS12}.
* @param keyStorePassword The password required to access the key store.
- * It must not be {@code null}.
+ * It may be {@code null}.
* @throws IllegalArgumentException If an argument is invalid or {@code null}.
*
*/
- public CertificateManager(String keyStorePath, String keyStoreType,
- String keyStorePassword)
- throws IllegalArgumentException {
+ public CertificateManager(String keyStorePath, String keyStoreType, char[] keyStorePassword)
+ throws IllegalArgumentException {
ensureValid(keyStorePath, KEYSTORE_PATH_MSG);
ensureValid(keyStoreType, KEYSTORE_TYPE_MSG);
if (keyStoreType.equals(KEY_STORE_TYPE_PKCS11)) {
@@ -153,9 +179,8 @@
}
this.keyStorePath = keyStorePath;
this.keyStoreType = keyStoreType;
- this.password =
- keyStorePassword == null ? null : keyStorePassword.toCharArray();
- keyStore = null;
+ this.password = keyStorePassword;
+ this.keyStore = null;
}
@@ -418,8 +443,7 @@
}
else
{
- CertificateManager certManager2 = new CertificateManager(keyStorePath,
- keyStoreType, new String(password));
+ CertificateManager certManager2 = new CertificateManager(keyStorePath, keyStoreType, password);
String[] aliases2 = certManager2.getCertificateAliases();
if (aliases2 != null && aliases2.length == 1)
{
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/util/CertificateManagerTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/util/CertificateManagerTestCase.java
index c7d2e72..abd17ed 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/util/CertificateManagerTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/util/CertificateManagerTestCase.java
@@ -12,7 +12,7 @@
* information: "Portions Copyright [year] [name of copyright owner]".
*
* Copyright 2008-2010 Sun Microsystems, Inc.
- * Portions Copyright 2013-2015 ForgeRock AS.
+ * Portions Copyright 2013-2016 ForgeRock AS.
*/
package org.opends.server.util;
@@ -230,7 +230,7 @@
public void testConstructorNullPIN()
throws Exception
{
- assertNotNull(new CertificateManager(JKS_KEY_STORE_PATH, "JKS", null));
+ assertNotNull(new CertificateManager(JKS_KEY_STORE_PATH, "JKS", (String) null));
}
--
Gitblit v1.10.0