/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * trunk/opends/resource/legal-notices/OpenDS.LICENSE * or https://OpenDS.dev.java.net/OpenDS.LICENSE. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Copyright 2009 Sun Microsystems, Inc. */ package com.sun.opends.sdk.tools; import static com.sun.opends.sdk.messages.Messages.*; import static com.sun.opends.sdk.tools.ToolConstants.*; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.net.InetAddress; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.logging.Logger; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509KeyManager; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import org.opends.sdk.*; import org.opends.sdk.ldap.LDAPConnectionFactory; import org.opends.sdk.ldap.LDAPConnectionOptions; import org.opends.sdk.requests.BindRequest; import org.opends.sdk.requests.Requests; import org.opends.sdk.sasl.*; import com.sun.opends.sdk.util.SSLUtils; import com.sun.opends.sdk.util.StaticUtils; /** * A connection factory designed for use with command line tools. */ final class ArgumentParserConnectionFactory extends AbstractConnectionFactory implements ConnectionFactory { /** * End Of Line. */ static final String EOL = System.getProperty("line.separator"); /** * The Logger. */ static final Logger LOG = Logger .getLogger(ArgumentParserConnectionFactory.class.getName()); /** * The 'hostName' global argument. */ private StringArgument hostNameArg = null; /** * The 'port' global argument. */ private IntegerArgument portArg = null; /** * The 'bindDN' global argument. */ private StringArgument bindDnArg = null; /** * The 'bindPasswordFile' global argument. */ private FileBasedArgument bindPasswordFileArg = null; /** * The 'bindPassword' global argument. */ private StringArgument bindPasswordArg = null; /** * The 'trustAllArg' global argument. */ private BooleanArgument trustAllArg = null; /** * The 'trustStore' global argument. */ private StringArgument trustStorePathArg = null; /** * The 'trustStorePassword' global argument. */ private StringArgument trustStorePasswordArg = null; /** * The 'trustStorePasswordFile' global argument. */ private FileBasedArgument trustStorePasswordFileArg = null; /** * The 'keyStore' global argument. */ private StringArgument keyStorePathArg = null; /** * The 'keyStorePassword' global argument. */ private StringArgument keyStorePasswordArg = null; /** * The 'keyStorePasswordFile' global argument. */ private FileBasedArgument keyStorePasswordFileArg = null; /** * The 'certNicknameArg' global argument. */ private StringArgument certNicknameArg = null; /** * The 'useSSLArg' global argument. */ private BooleanArgument useSSLArg = null; /** * The 'useStartTLSArg' global argument. */ private BooleanArgument useStartTLSArg = null; /** * Argument indicating a SASL option. */ private StringArgument saslOptionArg = null; /** * Whether to request that the server return the authorization ID in * the bind response. */ private final BooleanArgument reportAuthzID; /** * Whether to use the password policy control in the bind request. */ private final BooleanArgument usePasswordPolicyControl; private int port = 389; private SSLContext sslContext; private ConnectionFactory connFactory; private BindRequest bindRequest = null; private final ConsoleApplication app; public ArgumentParserConnectionFactory(ArgumentParser argumentParser, ConsoleApplication app) throws ArgumentException { this(argumentParser, app, "cn=Directory Manager", 389, false); } public ArgumentParserConnectionFactory(ArgumentParser argumentParser, ConsoleApplication app, String defaultBindDN, int defaultPort, boolean alwaysSSL) throws ArgumentException { this.app = app; useSSLArg = new BooleanArgument("useSSL", OPTION_SHORT_USE_SSL, OPTION_LONG_USE_SSL, INFO_DESCRIPTION_USE_SSL.get()); useSSLArg.setPropertyName(OPTION_LONG_USE_SSL); if (!alwaysSSL) { argumentParser.addLdapConnectionArgument(useSSLArg); } else { // simulate that the useSSL arg has been given in the CLI useSSLArg.setPresent(true); } useStartTLSArg = new BooleanArgument("startTLS", OPTION_SHORT_START_TLS, OPTION_LONG_START_TLS, INFO_DESCRIPTION_START_TLS.get()); useStartTLSArg.setPropertyName(OPTION_LONG_START_TLS); if (!alwaysSSL) { argumentParser.addLdapConnectionArgument(useStartTLSArg); } String defaultHostName; try { defaultHostName = InetAddress.getLocalHost().getHostName(); } catch (Exception e) { defaultHostName = "Unknown (" + e + ")"; } hostNameArg = new StringArgument("host", OPTION_SHORT_HOST, OPTION_LONG_HOST, false, false, true, INFO_HOST_PLACEHOLDER .get(), defaultHostName, null, INFO_DESCRIPTION_HOST.get()); hostNameArg.setPropertyName(OPTION_LONG_HOST); argumentParser.addLdapConnectionArgument(hostNameArg); LocalizableMessage portDescription = INFO_DESCRIPTION_PORT.get(); if (alwaysSSL) { portDescription = INFO_DESCRIPTION_ADMIN_PORT.get(); } portArg = new IntegerArgument("port", OPTION_SHORT_PORT, OPTION_LONG_PORT, false, false, true, INFO_PORT_PLACEHOLDER .get(), defaultPort, null, portDescription); portArg.setPropertyName(OPTION_LONG_PORT); argumentParser.addLdapConnectionArgument(portArg); bindDnArg = new StringArgument("bindDN", OPTION_SHORT_BINDDN, OPTION_LONG_BINDDN, false, false, true, INFO_BINDDN_PLACEHOLDER .get(), defaultBindDN, null, INFO_DESCRIPTION_BINDDN.get()); bindDnArg.setPropertyName(OPTION_LONG_BINDDN); argumentParser.addLdapConnectionArgument(bindDnArg); bindPasswordArg = new StringArgument("bindPassword", OPTION_SHORT_BINDPWD, OPTION_LONG_BINDPWD, false, false, true, INFO_BINDPWD_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_BINDPASSWORD.get()); bindPasswordArg.setPropertyName(OPTION_LONG_BINDPWD); argumentParser.addLdapConnectionArgument(bindPasswordArg); bindPasswordFileArg = new FileBasedArgument("bindPasswordFile", OPTION_SHORT_BINDPWD_FILE, OPTION_LONG_BINDPWD_FILE, false, false, INFO_BINDPWD_FILE_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_BINDPASSWORDFILE.get()); bindPasswordFileArg.setPropertyName(OPTION_LONG_BINDPWD_FILE); argumentParser.addLdapConnectionArgument(bindPasswordFileArg); saslOptionArg = new StringArgument("sasloption", OPTION_SHORT_SASLOPTION, OPTION_LONG_SASLOPTION, false, true, true, INFO_SASL_OPTION_PLACEHOLDER.get(), null, null, INFO_LDAP_CONN_DESCRIPTION_SASLOPTIONS.get()); saslOptionArg.setPropertyName(OPTION_LONG_SASLOPTION); argumentParser.addLdapConnectionArgument(saslOptionArg); trustAllArg = new BooleanArgument("trustAll", OPTION_SHORT_TRUSTALL, OPTION_LONG_TRUSTALL, INFO_DESCRIPTION_TRUSTALL.get()); trustAllArg.setPropertyName(OPTION_LONG_TRUSTALL); argumentParser.addLdapConnectionArgument(trustAllArg); trustStorePathArg = new StringArgument("trustStorePath", OPTION_SHORT_TRUSTSTOREPATH, OPTION_LONG_TRUSTSTOREPATH, false, false, true, INFO_TRUSTSTOREPATH_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_TRUSTSTOREPATH.get()); trustStorePathArg.setPropertyName(OPTION_LONG_TRUSTSTOREPATH); argumentParser.addLdapConnectionArgument(trustStorePathArg); trustStorePasswordArg = new StringArgument("trustStorePassword", OPTION_SHORT_TRUSTSTORE_PWD, OPTION_LONG_TRUSTSTORE_PWD, false, false, true, INFO_TRUSTSTORE_PWD_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_TRUSTSTOREPASSWORD.get()); trustStorePasswordArg.setPropertyName(OPTION_LONG_TRUSTSTORE_PWD); argumentParser.addLdapConnectionArgument(trustStorePasswordArg); trustStorePasswordFileArg = new FileBasedArgument( "trustStorePasswordFile", OPTION_SHORT_TRUSTSTORE_PWD_FILE, OPTION_LONG_TRUSTSTORE_PWD_FILE, false, false, INFO_TRUSTSTORE_PWD_FILE_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_TRUSTSTOREPASSWORD_FILE.get()); trustStorePasswordFileArg .setPropertyName(OPTION_LONG_TRUSTSTORE_PWD_FILE); argumentParser.addLdapConnectionArgument(trustStorePasswordFileArg); keyStorePathArg = new StringArgument("keyStorePath", OPTION_SHORT_KEYSTOREPATH, OPTION_LONG_KEYSTOREPATH, false, false, true, INFO_KEYSTOREPATH_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_KEYSTOREPATH.get()); keyStorePathArg.setPropertyName(OPTION_LONG_KEYSTOREPATH); argumentParser.addLdapConnectionArgument(keyStorePathArg); keyStorePasswordArg = new StringArgument("keyStorePassword", OPTION_SHORT_KEYSTORE_PWD, OPTION_LONG_KEYSTORE_PWD, false, false, true, INFO_KEYSTORE_PWD_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_KEYSTOREPASSWORD.get()); keyStorePasswordArg.setPropertyName(OPTION_LONG_KEYSTORE_PWD); argumentParser.addLdapConnectionArgument(keyStorePasswordArg); keyStorePasswordFileArg = new FileBasedArgument( "keystorePasswordFile", OPTION_SHORT_KEYSTORE_PWD_FILE, OPTION_LONG_KEYSTORE_PWD_FILE, false, false, INFO_KEYSTORE_PWD_FILE_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_KEYSTOREPASSWORD_FILE.get()); keyStorePasswordFileArg .setPropertyName(OPTION_LONG_KEYSTORE_PWD_FILE); argumentParser.addLdapConnectionArgument(keyStorePasswordFileArg); certNicknameArg = new StringArgument("certNickname", OPTION_SHORT_CERT_NICKNAME, OPTION_LONG_CERT_NICKNAME, false, false, true, INFO_NICKNAME_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_CERT_NICKNAME.get()); certNicknameArg.setPropertyName(OPTION_LONG_CERT_NICKNAME); argumentParser.addLdapConnectionArgument(certNicknameArg); reportAuthzID = new BooleanArgument("reportauthzid", 'E', OPTION_LONG_REPORT_AUTHZ_ID, INFO_DESCRIPTION_REPORT_AUTHZID .get()); reportAuthzID.setPropertyName(OPTION_LONG_REPORT_AUTHZ_ID); argumentParser.addArgument(reportAuthzID); usePasswordPolicyControl = new BooleanArgument( "usepwpolicycontrol", null, OPTION_LONG_USE_PW_POLICY_CTL, INFO_DESCRIPTION_USE_PWP_CONTROL.get()); usePasswordPolicyControl .setPropertyName(OPTION_LONG_USE_PW_POLICY_CTL); argumentParser.addArgument(usePasswordPolicyControl); } /** * {@inheritDoc} */ public FutureResult getAsynchronousConnection( ResultHandler handler) { return connFactory.getAsynchronousConnection(handler); } public void validate() throws ArgumentException { port = portArg.getIntValue(); // Couldn't have at the same time bindPassword and bindPasswordFile if (bindPasswordArg.isPresent() && bindPasswordFileArg.isPresent()) { LocalizableMessage message = ERR_TOOL_CONFLICTING_ARGS.get( bindPasswordArg.getLongIdentifier(), bindPasswordFileArg .getLongIdentifier()); throw new ArgumentException(message); } // Couldn't have at the same time trustAll and // trustStore related arg if (trustAllArg.isPresent() && trustStorePathArg.isPresent()) { LocalizableMessage message = ERR_TOOL_CONFLICTING_ARGS.get( trustAllArg.getLongIdentifier(), trustStorePathArg .getLongIdentifier()); throw new ArgumentException(message); } if (trustAllArg.isPresent() && trustStorePasswordArg.isPresent()) { LocalizableMessage message = ERR_TOOL_CONFLICTING_ARGS.get( trustAllArg.getLongIdentifier(), trustStorePasswordArg .getLongIdentifier()); throw new ArgumentException(message); } if (trustAllArg.isPresent() && trustStorePasswordFileArg.isPresent()) { LocalizableMessage message = ERR_TOOL_CONFLICTING_ARGS.get( trustAllArg.getLongIdentifier(), trustStorePasswordFileArg .getLongIdentifier()); throw new ArgumentException(message); } // Couldn't have at the same time trustStorePasswordArg and // trustStorePasswordFileArg if (trustStorePasswordArg.isPresent() && trustStorePasswordFileArg.isPresent()) { LocalizableMessage message = ERR_TOOL_CONFLICTING_ARGS.get( trustStorePasswordArg.getLongIdentifier(), trustStorePasswordFileArg.getLongIdentifier()); throw new ArgumentException(message); } if (trustStorePathArg.isPresent()) { // Check that the path exists and is readable String value = trustStorePathArg.getValue(); if (!canRead(trustStorePathArg.getValue())) { LocalizableMessage message = ERR_CANNOT_READ_TRUSTSTORE .get(value); throw new ArgumentException(message); } } if (keyStorePathArg.isPresent()) { // Check that the path exists and is readable String value = keyStorePathArg.getValue(); if (!canRead(trustStorePathArg.getValue())) { LocalizableMessage message = ERR_CANNOT_READ_KEYSTORE .get(value); throw new ArgumentException(message); } } // Couldn't have at the same time startTLSArg and // useSSLArg if (useStartTLSArg.isPresent() && useSSLArg.isPresent()) { LocalizableMessage message = ERR_TOOL_CONFLICTING_ARGS.get( useStartTLSArg.getLongIdentifier(), useSSLArg .getLongIdentifier()); throw new ArgumentException(message); } try { if (useSSLArg.isPresent() || useStartTLSArg.isPresent()) { String clientAlias; if (certNicknameArg.isPresent()) { clientAlias = certNicknameArg.getValue(); } else { clientAlias = null; } if (sslContext == null) { TrustManager trustManager = getTrustManager(); KeyManager keyManager = null; X509KeyManager akm = getKeyManager(keyStorePathArg.getValue()); if (keyManager != null && clientAlias != null) { keyManager = new SelectableCertificateKeyManager(akm, clientAlias); } sslContext = SSLUtils.getSSLContext(trustManager, keyManager); } } } catch (Exception e) { throw new ArgumentException(ERR_LDAP_CONN_CANNOT_INITIALIZE_SSL .get(e.toString()), e); } if (sslContext != null) { LDAPConnectionOptions options = LDAPConnectionOptions .defaultOptions().setSSLContext(sslContext).setUseStartTLS( useStartTLSArg.isPresent()); connFactory = new LDAPConnectionFactory(hostNameArg.getValue(), port, options); } else { connFactory = new LDAPConnectionFactory(hostNameArg.getValue(), port); } try { bindRequest = getBindRequest(); } catch (CLIException e) { throw new ArgumentException(LocalizableMessage .raw("Error reading input: " + e.toString())); } if (bindRequest != null) { connFactory = new AuthenticatedConnectionFactory(connFactory, bindRequest).setRebindAllowed(true); } } private BindRequest getBindRequest() throws CLIException, ArgumentException { String mech = null; for (String s : saslOptionArg.getValues()) { if (s.startsWith(SASL_PROPERTY_MECH)) { mech = parseSASLOptionValue(s); break; } } if (mech == null) { if (bindDnArg.isPresent() || bindPasswordFileArg.isPresent() || bindPasswordArg.isPresent()) { return Requests .newSimpleBindRequest(getBindDN(), getPassword()); } return null; } if (mech.equals(DigestMD5SASLBindRequest.SASL_MECHANISM_DIGEST_MD5)) { return new DigestMD5SASLBindRequest( getAuthID(DigestMD5SASLBindRequest.SASL_MECHANISM_DIGEST_MD5), getAuthzID(), getPassword(), getRealm()); } if (mech.equals(CRAMMD5SASLBindRequest.SASL_MECHANISM_CRAM_MD5)) { return new CRAMMD5SASLBindRequest( getAuthID(CRAMMD5SASLBindRequest.SASL_MECHANISM_CRAM_MD5), getPassword()); } if (mech.equals(GSSAPISASLBindRequest.SASL_MECHANISM_GSSAPI)) { try { Subject subject = GSSAPISASLBindRequest.Kerberos5Login( getAuthID(GSSAPISASLBindRequest.SASL_MECHANISM_GSSAPI), getPassword(), getRealm(), getKDC()); return new GSSAPISASLBindRequest(subject, getAuthzID()); } catch (LoginException e) { LocalizableMessage message = ERR_LDAPAUTH_GSSAPI_LOCAL_AUTHENTICATION_FAILED .get(StaticUtils.getExceptionMessage(e)); throw new ArgumentException(message, e); } } if (mech.equals(ExternalSASLBindRequest.SASL_MECHANISM_EXTERNAL)) { if (sslContext == null) { LocalizableMessage message = ERR_TOOL_SASLEXTERNAL_NEEDS_SSL_OR_TLS .get(); throw new ArgumentException(message); } if (!keyStorePathArg.isPresent() && getKeyStore() == null) { LocalizableMessage message = ERR_TOOL_SASLEXTERNAL_NEEDS_KEYSTORE .get(); throw new ArgumentException(message); } return new ExternalSASLBindRequest(getAuthzID()); } if (mech.equals(PlainSASLBindRequest.SASL_MECHANISM_PLAIN)) { return new PlainSASLBindRequest( getAuthID(PlainSASLBindRequest.SASL_MECHANISM_PLAIN), getAuthzID(), getPassword()); } throw new ArgumentException(ERR_LDAPAUTH_UNSUPPORTED_SASL_MECHANISM .get(mech)); } private DN getBindDN() throws CLIException, ArgumentException { String value = ""; if (bindDnArg.isPresent()) { value = bindDnArg.getValue(); } else if (app.isInteractive()) { value = app.readInput(LocalizableMessage.raw("Bind DN:"), bindDnArg.getDefaultValue() == null ? value : bindDnArg .getDefaultValue()); } try { return DN.valueOf(value); } catch (LocalizedIllegalArgumentException e) { throw new ArgumentException(e.getMessageObject()); } } private String getAuthID(String mech) throws CLIException, ArgumentException { String value = null; for (String s : saslOptionArg.getValues()) { if (s.startsWith(SASL_PROPERTY_AUTHID)) { value = parseSASLOptionValue(s); break; } } if (value == null && bindDnArg.isPresent()) { value = "dn: " + bindDnArg.getValue(); } if (value == null && app.isInteractive()) { value = app.readInput(LocalizableMessage .raw("Authentication ID:"), bindDnArg.getDefaultValue() == null ? null : "dn: " + bindDnArg.getDefaultValue()); } if (value == null) { LocalizableMessage message = ERR_LDAPAUTH_SASL_AUTHID_REQUIRED .get(mech); throw new ArgumentException(message); } return value; } private String getAuthzID() throws CLIException, ArgumentException { String value = null; for (String s : saslOptionArg.getValues()) { if (s.startsWith(SASL_PROPERTY_AUTHZID)) { value = parseSASLOptionValue(s); break; } } return value; } /** * Get the password which has to be used for the command. If no * password was specified, return null. * * @return The password stored into the specified file on by the * command line argument, or null it if not specified. */ private ByteString getPassword() throws CLIException { String value = ""; if (bindPasswordArg.isPresent()) { value = bindPasswordArg.getValue(); } else if (bindPasswordFileArg.isPresent()) { value = bindPasswordFileArg.getValue(); } if (value.length() == 0 && app.isInteractive()) { value = app.readLineOfInput(LocalizableMessage .raw("Bind Password:")); } return ByteString.valueOf(value); } private String getRealm() throws ArgumentException, CLIException { String value = null; for (String s : saslOptionArg.getValues()) { if (s.startsWith(SASL_PROPERTY_REALM)) { value = parseSASLOptionValue(s); break; } } return value; } private String getKDC() throws ArgumentException, CLIException { String value = null; for (String s : saslOptionArg.getValues()) { if (s.startsWith(SASL_PROPERTY_KDC)) { value = parseSASLOptionValue(s); break; } } return value; } /** * Returns true if we can read on the provided path and * false otherwise. * * @param path * the path. * @return true if we can read on the provided path and * false otherwise. */ private boolean canRead(String path) { boolean canRead; File file = new File(path); canRead = file.exists() && file.canRead(); return canRead; } /** * Retrieves a TrustManager object that may be used for * interactions requiring access to a trust manager. * * @return A set of TrustManager objects that may be used * for interactions requiring access to a trust manager. * @throws KeyStoreException * If a problem occurs while interacting with the trust * store. */ private TrustManager getTrustManager() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { if (trustAllArg.isPresent()) { return new TrustAllTrustManager(); } TrustStoreTrustManager tm = null; if (trustStorePathArg.isPresent() && trustStorePathArg.getValue().length() > 0) { tm = new TrustStoreTrustManager(trustStorePathArg.getValue(), getTrustStorePIN(), hostNameArg.getValue(), true); } else if (getTrustStore() != null) { tm = new TrustStoreTrustManager(getTrustStore(), getTrustStorePIN(), hostNameArg.getValue(), true); } if (app != null && !app.isQuiet()) { return new PromptingTrustManager(app, tm); } return null; } /** * Retrieves a KeyManager object that may be used for * interactions requiring access to a key manager. * * @param keyStoreFile * The path to the file containing the key store data. * @return A set of KeyManager objects that may be used * for interactions requiring access to a key manager. * @throws java.security.KeyStoreException * If a problem occurs while interacting with the key store. */ private X509KeyManager getKeyManager(String keyStoreFile) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { if (keyStoreFile == null) { // Lookup the file name through the JDK property. keyStoreFile = getKeyStore(); } if (keyStoreFile == null) { return null; } String keyStorePass = getKeyStorePIN(); char[] keyStorePIN = null; if (keyStorePass != null) { keyStorePIN = keyStorePass.toCharArray(); } FileInputStream fos = new FileInputStream(keyStoreFile); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fos, keyStorePIN); fos.close(); return new ApplicationKeyManager(keystore, keyStorePIN); } /** * Read the KeyStore PIN from the JSSE system property. * * @return The PIN that should be used to access the key store. */ private String getKeyStorePIN() { String pwd; if (keyStorePasswordArg.isPresent()) { pwd = keyStorePasswordArg.getValue(); } else if (keyStorePasswordFileArg.isPresent()) { pwd = keyStorePasswordFileArg.getValue(); } else { pwd = System.getProperty("javax.net.ssl.keyStorePassword"); } return pwd; } /** * Read the TrustStore PIN from the JSSE system property. * * @return The PIN that should be used to access the trust store. */ private String getTrustStorePIN() { String pwd; if (trustStorePasswordArg.isPresent()) { pwd = trustStorePasswordArg.getValue(); } else if (trustStorePasswordFileArg.isPresent()) { pwd = trustStorePasswordFileArg.getValue(); } else { pwd = System.getProperty("javax.net.ssl.trustStorePassword"); } return pwd; } /** * Read the KeyStore from the JSSE system property. * * @return The path to the key store file. */ private String getKeyStore() { return System.getProperty("javax.net.ssl.keyStore"); } /** * Read the TrustStore from the JSSE system property. * * @return The path to the trust store file. */ private String getTrustStore() { return System.getProperty("javax.net.ssl.trustStore"); } private String parseSASLOptionValue(String option) throws ArgumentException { int equalPos = option.indexOf('='); if (equalPos <= 0) { LocalizableMessage message = ERR_LDAP_CONN_CANNOT_PARSE_SASL_OPTION .get(option); throw new ArgumentException(message); } return option.substring(equalPos + 1, option.length()); } }