From fa87fb1cb98a015bc660e183262c09c7055e11a0 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Tue, 04 Aug 2009 09:30:22 +0000
Subject: [PATCH] Fix for issue 4160 (Connection issue with new dsreplication interactive mode)
---
opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java | 2 +-
opendj-sdk/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java | 5 +----
opendj-sdk/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java | 14 ++++++++++----
opendj-sdk/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java | 21 ++++++++++++++++++++-
4 files changed, 32 insertions(+), 10 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java b/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
index 775eb4f..64860fc 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/admin/client/cli/SecureConnectionCliArgs.java
@@ -741,7 +741,7 @@
*/
public boolean useSSL()
{
- if (useSSLArg.isPresent())
+ if (useSSLArg.isPresent() || alwaysSSL())
{
return true;
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java b/opendj-sdk/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
index 10f2622..652dee4 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/tools/dsreplication/ReplicationCliMain.java
@@ -439,10 +439,7 @@
}
ci = new LDAPConnectionConsoleInteraction(this,
argParser.getSecureArgsList());
- ci.setDisplayLdapIfSecureParameters(
- !argParser.isInitializeAllReplicationSubcommand() &&
- !argParser.isPreExternalInitializationSubcommand() ||
- !argParser.isPostExternalInitializationSubcommand());
+ ci.setDisplayLdapIfSecureParameters(false);
}
if (returnValue == SUCCESSFUL_NOP)
{
diff --git a/opendj-sdk/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java b/opendj-sdk/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
index 901de32..ceb0491 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/util/cli/ConsoleApplication.java
@@ -929,11 +929,16 @@
}
}
}
- if (e.getRootCause() != null) {
- if (e.getRootCause().getCause() != null) {
+ if (e.getRootCause() != null)
+ {
+ if (e.getRootCause().getCause() != null &&
+ !ci.isTrustStoreInMemory() &&
+ !ci.isTrustAll())
+ {
if (((e.getRootCause().getCause()
instanceof OpendsCertificateException)) ||
- (e.getRootCause() instanceof SSLHandshakeException)) {
+ (e.getRootCause() instanceof SSLHandshakeException))
+ {
Message message =
ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_NOT_TRUSTED.get(
hostName, String.valueOf(portNumber));
@@ -941,7 +946,8 @@
LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
}
}
- if (e.getRootCause() instanceof SSLException) {
+ if (e.getRootCause() instanceof SSLException)
+ {
Message message =
ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_WRONG_PORT.get(
hostName, String.valueOf(portNumber));
diff --git a/opendj-sdk/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java b/opendj-sdk/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
index 26ace2c..7c70f19 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/util/cli/LDAPConnectionConsoleInteraction.java
@@ -97,6 +97,9 @@
// Indicate if the truststore in in memory
private boolean trustStoreInMemory = false;
+ // Indicate if the all certificates are accepted
+ private boolean trustAll = false;
+
// Indicate that the trust manager was created with the parameters provided
private boolean trustManagerInitialized;
@@ -282,6 +285,9 @@
this.app = app;
this.secureArgsList = secureArgs;
this.commandBuilder = new CommandBuilder(null);
+ this.useSSL = secureArgs.useSSL();
+ this.useStartTLS = secureArgs.useStartTLS();
+ this.trustAll = secureArgs.trustAllArg.isPresent();
copySecureArgsList = new SecureConnectionCliArgs(secureArgs.alwaysSSL());
try
{
@@ -343,7 +349,6 @@
||
secureArgsList.keyStorePasswordFileArg.isPresent()
);
-
// Get the LDAP host.
hostName = secureArgsList.hostNameArg.getValue();
final String tmpHostName = hostName;
@@ -403,6 +408,8 @@
useStartTLS = secureArgsList.useStartTLS();
boolean connectionTypeIsSet =
(
+ secureArgsList.alwaysSSL()
+ ||
secureArgsList.useSSLArg.isPresent()
||
secureArgsList.useStartTLSArg.isPresent()
@@ -826,6 +833,8 @@
);
boolean askForTrustStore = false;
+ trustAll = secureArgsList.trustAllArg.isPresent();
+
// Try to use the local instance trustore, to avoid certifacte validation
// when both the CLI and the server are in the same instance.
if (weDontKnowTheTrustMethod) {
@@ -866,6 +875,7 @@
if (result.getValue().equals(TrustMethod.TRUSTALL.getChoice()))
{
commandBuilder.addArgument(copySecureArgsList.trustAllArg);
+ trustAll = true;
// If we have the trustALL flag, don't do anything
// just return null
return null;
@@ -1437,6 +1447,15 @@
}
/**
+ * Indicate if all certificates must be accepted.
+ *
+ * @return true all certificates must be accepted.
+ */
+ public boolean isTrustAll() {
+ return this.trustAll;
+ }
+
+ /**
* Indicate if the certificate chain can be trusted.
*
* @param chain The certificate chain to validate
--
Gitblit v1.10.0