001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2006-2009 Sun Microsystems, Inc. 025 * Portions Copyright 2012-2015 ForgeRock AS. 026 */ 027package org.opends.server.tools; 028 029import static org.opends.messages.ConfigMessages.*; 030import static org.opends.messages.ExtensionMessages.*; 031import static org.opends.messages.ProtocolMessages.*; 032import static org.opends.messages.ToolMessages.*; 033import static org.opends.server.config.ConfigConstants.*; 034import static org.opends.server.util.ServerConstants.*; 035import static org.opends.server.util.StaticUtils.*; 036 037import static com.forgerock.opendj.cli.ArgumentConstants.*; 038import static com.forgerock.opendj.cli.Utils.*; 039 040import java.io.File; 041import java.io.OutputStream; 042import java.io.PrintStream; 043import java.io.StringReader; 044import java.net.InetAddress; 045import java.security.GeneralSecurityException; 046import java.util.Collection; 047import java.util.HashSet; 048import java.util.LinkedList; 049import java.util.List; 050import java.util.Set; 051 052import javax.crypto.Cipher; 053 054import org.forgerock.i18n.LocalizableMessage; 055import org.forgerock.opendj.config.ManagedObjectDefinition; 056import org.forgerock.opendj.server.config.client.BackendCfgClient; 057import org.forgerock.opendj.server.config.server.BackendCfg; 058import org.opends.quicksetup.installer.Installer; 059import org.opends.server.admin.DefaultBehaviorProvider; 060import org.opends.server.admin.DefinedDefaultBehaviorProvider; 061import org.opends.server.admin.StringPropertyDefinition; 062import org.opends.server.admin.std.meta.CryptoManagerCfgDefn; 063import org.opends.server.api.ConfigHandler; 064import org.opends.server.config.BooleanConfigAttribute; 065import org.opends.server.config.ConfigEntry; 066import org.opends.server.config.DNConfigAttribute; 067import org.opends.server.config.IntegerConfigAttribute; 068import org.opends.server.config.StringConfigAttribute; 069import org.opends.server.core.DirectoryServer; 070import org.opends.server.core.LockFileManager; 071import org.opends.server.extensions.ConfigFileHandler; 072import org.opends.server.extensions.SaltedSHA512PasswordStorageScheme; 073import org.opends.server.protocols.ldap.LDAPResultCode; 074import org.opends.server.types.DN; 075import org.opends.server.types.DirectoryEnvironmentConfig; 076import org.opends.server.types.DirectoryException; 077import org.opends.server.types.Entry; 078import org.opends.server.types.InitializationException; 079import org.opends.server.types.LDIFImportConfig; 080import org.opends.server.types.NullOutputStream; 081import org.opends.server.util.LDIFReader; 082 083import com.forgerock.opendj.cli.Argument; 084import com.forgerock.opendj.cli.ArgumentException; 085import com.forgerock.opendj.cli.ArgumentParser; 086import com.forgerock.opendj.cli.BooleanArgument; 087import com.forgerock.opendj.cli.CliConstants; 088import com.forgerock.opendj.cli.CommonArguments; 089import com.forgerock.opendj.cli.FileBasedArgument; 090import com.forgerock.opendj.cli.IntegerArgument; 091import com.forgerock.opendj.cli.StringArgument; 092 093/** 094 * This class provides a very basic tool that can be used to configure some of 095 * the most important settings in the Directory Server. This configuration is 096 * performed by editing the server's configuration files and therefore the 097 * Directory Server must be offline. This utility will be used during the 098 * Directory Server installation process. 099 * <BR><BR> 100 * The options that this tool can currently set include: 101 * <BR> 102 * <UL> 103 * <LI>The port on which the server will listen for LDAP communication</LI> 104 * <LI>The DN and password for the initial root user. 105 * <LI>The set of base DNs for user data</LI> 106 * </UL> 107 */ 108public class ConfigureDS 109{ 110 private static final boolean WRONG_USAGE = true; 111 112 /** Private exception class to handle error message printing. */ 113 @SuppressWarnings("serial") 114 private class ConfigureDSException extends Exception 115 { 116 private final int returnedErrorCode; 117 private final LocalizableMessage errorMessage; 118 private final boolean wrongUsage; 119 120 ConfigureDSException(final LocalizableMessage errorMessage) 121 { 122 this(new Exception("An error occured in ConfigureDS: " + errorMessage), errorMessage, false); 123 } 124 125 ConfigureDSException(final Exception parentException, final LocalizableMessage errorMessage) 126 { 127 this(parentException, errorMessage, false); 128 } 129 130 ConfigureDSException(final LocalizableMessage errorMessage, final boolean showUsage) 131 { 132 this(new Exception("An error occured in ConfigureDS: " + errorMessage), errorMessage, showUsage); 133 } 134 135 ConfigureDSException(final Exception parentException, final LocalizableMessage errorMessage, 136 final boolean showUsage) 137 { 138 this(parentException, errorMessage, showUsage, ERROR); 139 } 140 141 ConfigureDSException(final Exception parentException, final LocalizableMessage errorMessage, 142 final boolean wrongUsage, final int retCode) 143 { 144 super(parentException); 145 this.errorMessage = errorMessage; 146 this.wrongUsage = wrongUsage; 147 returnedErrorCode = retCode; 148 } 149 150 private LocalizableMessage getErrorMessage() 151 { 152 return errorMessage; 153 } 154 155 private boolean isWrongUsage() 156 { 157 return wrongUsage; 158 } 159 160 private int getErrorCode() 161 { 162 return returnedErrorCode; 163 } 164 } 165 166 //FIXME: Find a better way to do to prevent hardcoded ldif entries. 167 private static final String NEW_LINE = System.getProperty("line.separator"); 168 169 private static final String JCKES_KEY_MANAGER_DN = "cn=JCEKS,cn=Key Manager Providers,cn=config"; 170 private static final String JCKES_KEY_MANAGER_LDIF_ENTRY = 171 "dn: " + JCKES_KEY_MANAGER_DN + NEW_LINE 172 + "objectClass: top" + NEW_LINE 173 + "objectClass: ds-cfg-key-manager-provider" + NEW_LINE 174 + "objectClass: ds-cfg-file-based-key-manager-provider" + NEW_LINE 175 + "cn: JCEKS" + NEW_LINE 176 + "ds-cfg-java-class: org.opends.server.extensions.FileBasedKeyManagerProvider" + NEW_LINE 177 + "ds-cfg-enabled: true" + NEW_LINE 178 + "ds-cfg-key-store-type: JCEKS" + NEW_LINE 179 + "ds-cfg-key-store-file: config/keystore.jceks" + NEW_LINE 180 + "ds-cfg-key-store-pin-file: config/keystore.pin" + NEW_LINE; 181 182 private static final String JCKES_TRUST_MANAGER_DN = "cn=JCEKS,cn=Trust Manager Providers,cn=config"; 183 private static final String JCKES_TRUST_MANAGER_LDIF_ENTRY = 184 "dn: " + JCKES_TRUST_MANAGER_DN + NEW_LINE 185 + "objectClass: top" + NEW_LINE 186 + "objectClass: ds-cfg-trust-manager-provider" + NEW_LINE 187 + "objectClass: ds-cfg-file-based-trust-manager-provider" + NEW_LINE 188 + "cn: JCEKS" + NEW_LINE 189 + "ds-cfg-java-class: org.opends.server.extensions.FileBasedTrustManagerProvider" + NEW_LINE 190 + "ds-cfg-enabled: false" + NEW_LINE 191 + "ds-cfg-trust-store-type: JCEKS" + NEW_LINE 192 + "ds-cfg-trust-store-file: config/truststore" + NEW_LINE; 193 194 /** The fully-qualified name of this class. */ 195 private static final String CLASS_NAME = "org.opends.server.tools.ConfigureDS"; 196 197 /** The DN of the configuration entry defining the LDAP connection handler. */ 198 public static final String DN_LDAP_CONNECTION_HANDLER = "cn=LDAP Connection Handler," + DN_CONNHANDLER_BASE; 199 200 /** The DN of the configuration entry defining the Administration connector. */ 201 public static final String DN_ADMIN_CONNECTOR = "cn=Administration Connector," + DN_CONFIG_ROOT; 202 203 /** The DN of the configuration entry defining the LDAPS connection handler. */ 204 private static final String DN_LDAPS_CONNECTION_HANDLER = "cn=LDAPS Connection Handler," + DN_CONNHANDLER_BASE; 205 206 /** The DN of the configuration entry defining the HTTP connection handler. */ 207 private static final String DN_HTTP_CONNECTION_HANDLER = 208 "cn=HTTP Connection Handler,cn=Connection Handlers,cn=config"; 209 210 /** The DN of the configuration entry defining the JMX connection handler. */ 211 private static final String DN_JMX_CONNECTION_HANDLER = "cn=JMX Connection Handler," + DN_CONNHANDLER_BASE; 212 213 /** The DN of the configuration entry defining the initial root user. */ 214 public static final String DN_ROOT_USER = "cn=Directory Manager," + DN_ROOT_DN_CONFIG_BASE; 215 216 /** The DN of the Crypto Manager. */ 217 public static final String DN_CRYPTO_MANAGER = "cn=Crypto Manager,cn=config"; 218 219 /** The DN of the DIGEST-MD5 SASL mechanism handler. */ 220 public static final String DN_DIGEST_MD5_SASL_MECHANISM = "cn=DIGEST-MD5,cn=SASL Mechanisms,cn=config"; 221 222 private static int SUCCESS = 0; 223 private static int ERROR = 1; 224 225 /** 226 * Provides the command-line arguments to the <CODE>configMain</CODE> method 227 * for processing. 228 * 229 * @param args The set of command-line arguments provided to this program. 230 */ 231 public static void main(String[] args) 232 { 233 final int exitCode = configMain(args, System.out, System.err); 234 if (exitCode != SUCCESS) 235 { 236 System.exit(filterExitCode(exitCode)); 237 } 238 } 239 240 /** 241 * Parses the provided command-line arguments and makes the appropriate 242 * changes to the Directory Server configuration. 243 * 244 * @param args The command-line arguments provided to this program. 245 * 246 * @param outStream Output stream. 247 * @param errStream Error stream. 248 * @return The exit code from the configuration processing. A nonzero value 249 * indicates that there was some kind of problem during the 250 * configuration processing. 251 */ 252 public static int configMain(final String[] args, final OutputStream outStream, final OutputStream errStream) 253 { 254 final ConfigureDS tool = new ConfigureDS(args, outStream, errStream); 255 return tool.run(); 256 } 257 258 private final String[] arguments; 259 private final PrintStream out; 260 private final PrintStream err; 261 262 private final ArgumentParser argParser; 263 264 private BooleanArgument showUsage; 265 private BooleanArgument enableStartTLS; 266 private FileBasedArgument rootPasswordFile; 267 private StringArgument hostName; 268 private IntegerArgument ldapPort; 269 private IntegerArgument adminConnectorPort; 270 private IntegerArgument ldapsPort; 271 private IntegerArgument jmxPort; 272 private StringArgument baseDNString; 273 private StringArgument configClass; 274 private StringArgument configFile; 275 private StringArgument rootDNString; 276 private StringArgument rootPassword; 277 private StringArgument keyManagerProviderDN; 278 private StringArgument trustManagerProviderDN; 279 private StringArgument certNickNames; 280 private StringArgument keyManagerPath; 281 private StringArgument serverRoot; 282 private StringArgument backendType; 283 284 private final String serverLockFileName = LockFileManager.getServerLockFileName(); 285 private final StringBuilder failureReason = new StringBuilder(); 286 private ConfigHandler<?> configHandler; 287 288 private ConfigureDS(final String[] args, final OutputStream outStream, final OutputStream errStream) 289 { 290 arguments = args; 291 out = NullOutputStream.wrapOrNullStream(outStream); 292 err = NullOutputStream.wrapOrNullStream(errStream); 293 argParser = new ArgumentParser(CLASS_NAME, INFO_CONFIGDS_TOOL_DESCRIPTION.get(), false); 294 } 295 296 private int run() 297 { 298 try 299 { 300 initializeArguments(); 301 parseArguments(); 302 if (argParser.usageOrVersionDisplayed()) 303 { 304 return SUCCESS; 305 } 306 307 checkArgumentsConsistency(); 308 checkPortArguments(); 309 310 tryAcquireExclusiveLocks(); 311 updateBaseDNs(parseProvidedBaseDNs()); 312 313 initializeDirectoryServer(); 314 315 final DN rootDN = parseRootDN(); 316 final String rootPW = parseRootDNPassword(); 317 318 // Get the Directory Server configuration handler and use it to make the 319 // appropriate configuration changes. 320 configHandler = DirectoryServer.getConfigHandler(); 321 322 checkManagerProvider(keyManagerProviderDN, JCKES_KEY_MANAGER_DN, JCKES_KEY_MANAGER_LDIF_ENTRY, true); 323 checkManagerProvider(trustManagerProviderDN, JCKES_TRUST_MANAGER_DN, JCKES_TRUST_MANAGER_LDIF_ENTRY, false); 324 // Check that the keystore path values are valid. 325 if (keyManagerPath.isPresent() && !keyManagerProviderDN.isPresent()) 326 { 327 final LocalizableMessage message = ERR_CONFIGDS_KEYMANAGER_PROVIDER_DN_REQUIRED.get( 328 keyManagerProviderDN.getLongIdentifier(), keyManagerPath.getLongIdentifier()); 329 throw new ConfigureDSException(message); 330 } 331 332 updateLdapPort(); 333 updateAdminConnectorPort(); 334 updateLdapSecurePort(); 335 updateJMXport(); 336 updateStartTLS(); 337 updateKeyManager(); 338 updateTrustManager(); 339 updateRootUser(rootDN, rootPW); 340 addFQDNDigestMD5(); 341 updateCryptoCipher(); 342 writeUpdatedConfiguration(); 343 344 return SUCCESS; 345 } 346 catch (final ConfigureDSException e) 347 { 348 if (e.isWrongUsage()) 349 { 350 argParser.displayMessageAndUsageReference(err, e.getErrorMessage()); 351 } 352 else 353 { 354 printWrappedText(err, e.getErrorMessage()); 355 } 356 return e.getErrorCode(); 357 } 358 finally 359 { 360 LockFileManager.releaseLock(serverLockFileName, failureReason); 361 } 362 } 363 364 private void initializeArguments() throws ConfigureDSException 365 { 366 try 367 { 368 configFile = new StringArgument( 369 "configfile", 'c', "configFile", 370 true, false, true, INFO_CONFIGFILE_PLACEHOLDER.get(), 371 null, null, INFO_DESCRIPTION_CONFIG_FILE.get()); 372 configFile.setHidden(true); 373 argParser.addArgument(configFile); 374 375 configClass = new StringArgument( 376 "configclass", OPTION_SHORT_CONFIG_CLASS, OPTION_LONG_CONFIG_CLASS, 377 false, false, true, INFO_CONFIGCLASS_PLACEHOLDER.get(), 378 ConfigFileHandler.class.getName(), null, INFO_DESCRIPTION_CONFIG_CLASS.get()); 379 configClass.setHidden(true); 380 argParser.addArgument(configClass); 381 382 String defaultHostName; 383 try 384 { 385 defaultHostName = InetAddress.getLocalHost().getHostName(); 386 } 387 catch (final Exception e) 388 { 389 // Not much we can do here. 390 defaultHostName = "localhost"; 391 } 392 393 hostName = new StringArgument( 394 OPTION_LONG_HOST.toLowerCase(), OPTION_SHORT_HOST, OPTION_LONG_HOST, 395 false, false, true, INFO_HOST_PLACEHOLDER.get(), 396 defaultHostName, null, INFO_INSTALLDS_DESCRIPTION_HOST_NAME.get()); 397 argParser.addArgument(hostName); 398 399 ldapPort = new IntegerArgument( 400 "ldapport", OPTION_SHORT_PORT, "ldapPort", 401 false, false, true, INFO_LDAPPORT_PLACEHOLDER.get(), 402 389, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_LDAP_PORT.get()); 403 argParser.addArgument(ldapPort); 404 405 adminConnectorPort = new IntegerArgument( 406 "adminConnectorPort".toLowerCase(), null, "adminConnectorPort", 407 false, false, true, INFO_PORT_PLACEHOLDER.get(), 408 4444, "adminConnectorPort", true, 1, true, 65535, INFO_INSTALLDS_DESCRIPTION_ADMINCONNECTORPORT.get()); 409 argParser.addArgument(adminConnectorPort); 410 411 ldapsPort = new IntegerArgument( 412 "ldapsPort", 'P', "ldapsPort", 413 false, false, true, INFO_LDAPPORT_PLACEHOLDER.get(), 414 636, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_LDAPS_PORT.get()); 415 argParser.addArgument(ldapsPort); 416 417 enableStartTLS = new BooleanArgument( 418 "enableStartTLS", OPTION_SHORT_START_TLS, "enableStartTLS", 419 INFO_CONFIGDS_DESCRIPTION_ENABLE_START_TLS.get()); 420 argParser.addArgument(enableStartTLS); 421 422 jmxPort = new IntegerArgument( 423 "jmxport", 'x', "jmxPort", 424 false, false, true, INFO_JMXPORT_PLACEHOLDER.get(), 425 CliConstants.DEFAULT_JMX_PORT, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_JMX_PORT.get()); 426 argParser.addArgument(jmxPort); 427 428 keyManagerProviderDN = new StringArgument( 429 "keymanagerproviderdn", 'k', "keyManagerProviderDN", 430 false, false, true, INFO_KEY_MANAGER_PROVIDER_DN_PLACEHOLDER.get(), 431 null, null, INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PROVIDER_DN.get()); 432 argParser.addArgument(keyManagerProviderDN); 433 434 trustManagerProviderDN = new StringArgument( 435 "trustmanagerproviderdn", 't', "trustManagerProviderDN", 436 false, false, true, INFO_TRUST_MANAGER_PROVIDER_DN_PLACEHOLDER.get(), 437 null, null, INFO_CONFIGDS_DESCRIPTION_TRUSTMANAGER_PROVIDER_DN.get()); 438 argParser.addArgument(trustManagerProviderDN); 439 440 keyManagerPath = new StringArgument( 441 "keymanagerpath", 'm', "keyManagerPath", 442 false, false, true, INFO_KEY_MANAGER_PATH_PLACEHOLDER.get(), 443 null, null, INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PATH.get()); 444 argParser.addArgument(keyManagerPath); 445 446 certNickNames = new StringArgument( 447 "certnickname", 'a', "certNickName", 448 false, true, true, INFO_NICKNAME_PLACEHOLDER.get(), 449 null, null, INFO_CONFIGDS_DESCRIPTION_CERTNICKNAME.get()); 450 argParser.addArgument(certNickNames); 451 452 baseDNString = new StringArgument( 453 "basedn", OPTION_SHORT_BASEDN, OPTION_LONG_BASEDN, 454 false, true, true, INFO_BASEDN_PLACEHOLDER.get(), 455 "dc=example,dc=com", null, INFO_CONFIGDS_DESCRIPTION_BASE_DN.get()); 456 argParser.addArgument(baseDNString); 457 458 rootDNString = new StringArgument( 459 "rootdn", OPTION_SHORT_ROOT_USER_DN, OPTION_LONG_ROOT_USER_DN, 460 false, false, true, INFO_ROOT_USER_DN_PLACEHOLDER.get(), 461 "cn=Directory Manager", null, INFO_CONFIGDS_DESCRIPTION_ROOT_DN.get()); 462 argParser.addArgument(rootDNString); 463 464 rootPassword = new StringArgument( 465 "rootpw", OPTION_SHORT_BINDPWD, "rootPassword", 466 false, false, true, INFO_ROOT_USER_PWD_PLACEHOLDER.get(), 467 null, null, INFO_CONFIGDS_DESCRIPTION_ROOT_PW.get()); 468 argParser.addArgument(rootPassword); 469 470 rootPasswordFile = new FileBasedArgument( 471 "rootpwfile", OPTION_SHORT_BINDPWD_FILE, "rootPasswordFile", 472 false, false, INFO_FILE_PLACEHOLDER.get(), 473 null, null, INFO_CONFIGDS_DESCRIPTION_ROOT_PW_FILE.get()); 474 argParser.addArgument(rootPasswordFile); 475 476 showUsage = CommonArguments.getShowUsage(); 477 argParser.addArgument(showUsage); 478 argParser.setUsageArgument(showUsage); 479 480 serverRoot = new StringArgument( 481 "serverRoot", OPTION_SHORT_SERVER_ROOT, OPTION_LONG_SERVER_ROOT, 482 false, false, true, INFO_SERVER_ROOT_DIR_PLACEHOLDER.get(), 483 null, null, null); 484 serverRoot.setHidden(true); 485 argParser.addArgument(serverRoot); 486 487 backendType = new StringArgument( 488 OPTION_LONG_BACKEND_TYPE.toLowerCase(), null, OPTION_LONG_BACKEND_TYPE, 489 false, false, true, INFO_INSTALLDS_BACKEND_TYPE_PLACEHOLDER.get(), 490 null, OPTION_LONG_BACKEND_TYPE, INFO_INSTALLDS_DESCRIPTION_BACKEND_TYPE.get() 491 ); 492 argParser.addArgument(backendType); 493 } 494 catch (final ArgumentException ae) 495 { 496 throw new ConfigureDSException(ae, ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage())); 497 } 498 } 499 500 private int parseArguments() throws ConfigureDSException 501 { 502 try 503 { 504 argParser.parseArguments(arguments); 505 return SUCCESS; 506 } 507 catch (final ArgumentException ae) 508 { 509 throw new ConfigureDSException(ae, ERR_ERROR_PARSING_ARGS.get(ae.getMessage()), 510 WRONG_USAGE, LDAPResultCode.CLIENT_SIDE_PARAM_ERROR); 511 } 512 } 513 514 /** Make sure that the user actually tried to configure something. */ 515 private void checkArgumentsConsistency() throws ConfigureDSException 516 { 517 if (!baseDNString.isPresent() 518 && !ldapPort.isPresent() 519 && !jmxPort.isPresent() 520 && !rootDNString.isPresent()) 521 { 522 throw new ConfigureDSException(ERR_CONFIGDS_NO_CONFIG_CHANGES.get(), WRONG_USAGE); 523 } 524 } 525 526 private void checkPortArguments() throws ConfigureDSException 527 { 528 try 529 { 530 final IntegerArgument[] portArgs = {ldapPort, adminConnectorPort, ldapsPort, jmxPort}; 531 final Set<Integer> portsAdded = new HashSet<>(); 532 533 for (final IntegerArgument portArg : portArgs) 534 { 535 if (portArg.isPresent()) 536 { 537 final int portNumber = portArg.getIntValue(); 538 if (portsAdded.contains(portNumber)) 539 { 540 throw new ConfigureDSException(ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(portArg.getIntValue()), WRONG_USAGE); 541 } 542 portsAdded.add(portNumber); 543 } 544 } 545 } 546 catch (final ArgumentException ae) 547 { 548 throw new ConfigureDSException(ae, ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage())); 549 } 550 } 551 552 private void initializeDirectoryServer() throws ConfigureDSException 553 { 554 if (serverRoot.isPresent()) { 555 final DirectoryEnvironmentConfig env = DirectoryServer.getEnvironmentConfig(); 556 final String root = serverRoot.getValue(); 557 try { 558 env.setServerRoot(new File(serverRoot.getValue())); 559 } catch (final InitializationException e) { 560 ERR_INITIALIZE_SERVER_ROOT.get(root, e.getMessageObject()); 561 } 562 } 563 564 // Initialize the Directory Server configuration handler using the 565 // information that was provided. 566 final DirectoryServer directoryServer = DirectoryServer.getInstance(); 567 DirectoryServer.bootstrapClient(); 568 569 try 570 { 571 DirectoryServer.initializeJMX(); 572 } 573 catch (final Exception e) 574 { 575 final LocalizableMessage msg = ERR_CONFIGDS_CANNOT_INITIALIZE_JMX.get(configFile.getValue(), e.getMessage()); 576 throw new ConfigureDSException(e, msg); 577 } 578 579 try 580 { 581 directoryServer.initializeConfiguration(configClass.getValue(), configFile.getValue()); 582 } 583 catch (final Exception e) 584 { 585 final LocalizableMessage msg = ERR_CONFIGDS_CANNOT_INITIALIZE_CONFIG.get(configFile.getValue(), e.getMessage()); 586 throw new ConfigureDSException(e, msg); 587 } 588 589 try 590 { 591 directoryServer.initializeSchema(); 592 } 593 catch (final Exception e) 594 { 595 final LocalizableMessage msg = ERR_CONFIGDS_CANNOT_INITIALIZE_SCHEMA.get(configFile.getValue(), e.getMessage()); 596 throw new ConfigureDSException(e, msg); 597 } 598 } 599 600 /** 601 * Make sure that we can get an exclusive lock for the Directory Server, so 602 * that no other operation will be allowed while this is in progress. 603 * 604 * @throws ConfigureDSException 605 */ 606 private void tryAcquireExclusiveLocks() throws ConfigureDSException 607 { 608 if (! LockFileManager.acquireExclusiveLock(serverLockFileName, failureReason)) 609 { 610 throw new ConfigureDSException(ERR_CONFIGDS_CANNOT_ACQUIRE_SERVER_LOCK.get(serverLockFileName, failureReason)); 611 } 612 } 613 614 private LinkedList<org.forgerock.opendj.ldap.DN> parseProvidedBaseDNs() throws ConfigureDSException 615 { 616 LinkedList<org.forgerock.opendj.ldap.DN> baseDNs = new LinkedList<>(); 617 if (baseDNString.isPresent()) 618 { 619 for (final String dnString : baseDNString.getValues()) 620 { 621 try 622 { 623 baseDNs.add(org.forgerock.opendj.ldap.DN.valueOf(dnString)); 624 } 625 catch (final Exception e) 626 { 627 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_PARSE_BASE_DN.get(dnString, e.getMessage())); 628 } 629 } 630 } 631 632 return baseDNs; 633 } 634 635 private DN parseRootDN() throws ConfigureDSException 636 { 637 DN rootDN = null; 638 if (rootDNString.isPresent()) 639 { 640 try 641 { 642 rootDN = DN.valueOf(rootDNString.getValue()); 643 } 644 catch (final DirectoryException de) 645 { 646 final LocalizableMessage msg = ERR_CONFIGDS_CANNOT_PARSE_ROOT_DN.get( 647 rootDNString.getValue(), de.getMessageObject()); 648 throw new ConfigureDSException(de, msg); 649 } 650 } 651 return rootDN; 652 } 653 654 private String parseRootDNPassword() throws ConfigureDSException 655 { 656 String rootPW = null; 657 if (rootDNString.isPresent()) 658 { 659 if (rootPassword.isPresent()) 660 { 661 rootPW = rootPassword.getValue(); 662 } 663 else if (rootPasswordFile.isPresent()) 664 { 665 rootPW = rootPasswordFile.getValue(); 666 } 667 else 668 { 669 throw new ConfigureDSException(ERR_CONFIGDS_NO_ROOT_PW.get()); 670 } 671 } 672 return rootPW; 673 } 674 675 private void checkManagerProvider(final Argument arg, final String jckesDN, final String ldifEntry, 676 final boolean isKeyManager) throws ConfigureDSException 677 { 678 if (arg.isPresent()) 679 { 680 DN dn = null; 681 DN JCEKSManagerDN = null; 682 try 683 { 684 dn = DN.valueOf(trustManagerProviderDN.getValue()); 685 JCEKSManagerDN = DN.valueOf(jckesDN); 686 } 687 catch (final DirectoryException de) 688 { 689 final String value = trustManagerProviderDN.getValue(); 690 final LocalizableMessage errorMessage = de.getMessageObject(); 691 final LocalizableMessage message = 692 isKeyManager ? ERR_CONFIGDS_CANNOT_PARSE_KEYMANAGER_PROVIDER_DN.get(value, errorMessage) 693 : ERR_CONFIGDS_CANNOT_PARSE_TRUSTMANAGER_PROVIDER_DN.get(value, errorMessage); 694 throw new ConfigureDSException(de, message); 695 } 696 697 if (dn.equals(JCEKSManagerDN)) 698 { 699 LDIFReader reader = null; 700 try 701 { 702 703 final String ldif = ldifEntry; 704 final LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif)); 705 reader = new LDIFReader(ldifImportConfig); 706 Entry mangerConfigEntry; 707 while ((mangerConfigEntry = reader.readEntry()) != null) 708 { 709 configHandler.addEntry(mangerConfigEntry, null); 710 } 711 } 712 catch (final Exception e) 713 { 714 final LocalizableMessage message = isKeyManager ? ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER.get(e) 715 : ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(e); 716 throw new ConfigureDSException(e, message); 717 } 718 finally 719 { 720 close(reader); 721 } 722 } 723 else 724 { 725 try 726 { 727 configHandler.getConfigEntry(dn); 728 } 729 catch (final Exception e) 730 { 731 final LocalizableMessage message = isKeyManager ? ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(e) 732 : ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(e); 733 throw new ConfigureDSException(e, message); 734 } 735 } 736 } 737 } 738 739 @SuppressWarnings("unchecked") 740 private void updateBaseDNs(final List<org.forgerock.opendj.ldap.DN> baseDNs) throws ConfigureDSException 741 { 742 if (!baseDNs.isEmpty()) 743 { 744 final String backendTypeName = backendType.getValue(); 745 final BackendTypeHelper backendTypeHelper = new BackendTypeHelper(); 746 final ManagedObjectDefinition<?, ?> backend = backendTypeHelper.retrieveBackendTypeFromName(backendTypeName); 747 if (backend == null) 748 { 749 throw new ConfigureDSException( 750 ERR_CONFIGDS_BACKEND_TYPE_UNKNOWN.get(backendTypeName, backendTypeHelper.getPrintableBackendTypeNames())); 751 } 752 753 try 754 { 755 BackendCreationHelper.createBackendOffline(Installer.ROOT_BACKEND_NAME, baseDNs, 756 (ManagedObjectDefinition<? extends BackendCfgClient, ? extends BackendCfg>) backend); 757 } 758 catch (Exception e) 759 { 760 throw new ConfigureDSException(ERR_CONFIGDS_SET_BACKEND_TYPE.get(backendTypeName, e.getMessage())); 761 } 762 } 763 } 764 765 private void updateLdapPort() throws ConfigureDSException 766 { 767 if (ldapPort.isPresent()) 768 { 769 try 770 { 771 final IntegerConfigAttribute portAttr = new IntegerConfigAttribute( 772 ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), 773 true, false, true, true, 1, true, 65535, ldapPort.getIntValue()); 774 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_LDAP_CONNECTION_HANDLER)); 775 configEntry.putConfigAttribute(portAttr); 776 } 777 catch (final Exception e) 778 { 779 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_LDAP_PORT.get(e)); 780 } 781 } 782 } 783 784 private void updateAdminConnectorPort() throws ConfigureDSException 785 { 786 if (adminConnectorPort.isPresent()) 787 { 788 try 789 { 790 final IntegerConfigAttribute portAttr = new IntegerConfigAttribute( 791 ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), 792 true, false, true, true, 1, true, 65535, adminConnectorPort.getIntValue()); 793 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_ADMIN_CONNECTOR)); 794 configEntry.putConfigAttribute(portAttr); 795 } 796 catch (final Exception e) 797 { 798 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_ADMIN_CONNECTOR_PORT.get(e)); 799 } 800 } 801 } 802 803 private void updateLdapSecurePort() throws ConfigureDSException 804 { 805 if (ldapsPort.isPresent()) 806 { 807 try 808 { 809 final IntegerConfigAttribute portAttr = new IntegerConfigAttribute( 810 ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), 811 true, false, true, true, 1, true, 65535, ldapsPort.getIntValue()); 812 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_LDAPS_CONNECTION_HANDLER)); 813 configEntry.putConfigAttribute(portAttr); 814 815 final BooleanConfigAttribute enablePortAttr = new BooleanConfigAttribute( 816 ATTR_CONNECTION_HANDLER_ENABLED, INFO_LDAPS_CONNHANDLER_DESCRIPTION_ENABLE.get(), true, true); 817 configEntry.putConfigAttribute(enablePortAttr); 818 } 819 catch (final Exception e) 820 { 821 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_LDAPS_PORT.get(e)); 822 } 823 } 824 } 825 826 private void updateJMXport() throws ConfigureDSException 827 { 828 if (jmxPort.isPresent()) 829 { 830 try 831 { 832 833 final IntegerConfigAttribute portAttr = new IntegerConfigAttribute( 834 ATTR_LISTEN_PORT, INFO_JMX_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), 835 true, false, true, true, 1, true, 65535, jmxPort.getIntValue()); 836 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_JMX_CONNECTION_HANDLER)); 837 configEntry.putConfigAttribute(portAttr); 838 839 final BooleanConfigAttribute enablePortAttr = new BooleanConfigAttribute( 840 ATTR_CONNECTION_HANDLER_ENABLED, INFO_JMX_CONNHANDLER_DESCRIPTION_ENABLE.get(), true, true); 841 configEntry.putConfigAttribute(enablePortAttr); 842 } 843 catch (final Exception e) 844 { 845 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_JMX_PORT.get(e)); 846 } 847 } 848 } 849 850 private void updateStartTLS() throws ConfigureDSException 851 { 852 if (enableStartTLS.isPresent()) 853 { 854 try 855 { 856 final BooleanConfigAttribute startTLS = new BooleanConfigAttribute( 857 ATTR_ALLOW_STARTTLS, INFO_LDAP_CONNHANDLER_DESCRIPTION_ALLOW_STARTTLS.get(), true, true); 858 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_LDAP_CONNECTION_HANDLER)); 859 configEntry.putConfigAttribute(startTLS); 860 } 861 catch (final Exception e) 862 { 863 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_ENABLE_STARTTLS.get(e)); 864 } 865 } 866 } 867 868 private void updateKeyManager() throws ConfigureDSException 869 { 870 if (keyManagerProviderDN.isPresent()) 871 { 872 if (enableStartTLS.isPresent() || ldapsPort.isPresent()) 873 { 874 try 875 { 876 // Enable the key manager 877 final BooleanConfigAttribute enableAttr = new BooleanConfigAttribute( 878 ATTR_KEYMANAGER_ENABLED, INFO_CONFIG_KEYMANAGER_DESCRIPTION_ENABLED.get(), true, true); 879 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(keyManagerProviderDN.getValue())); 880 configEntry.putConfigAttribute(enableAttr); 881 } 882 catch (final Exception e) 883 { 884 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_ENABLE_KEYMANAGER.get(e)); 885 } 886 } 887 888 putKeyManagerConfigAttribute(enableStartTLS, DN_LDAP_CONNECTION_HANDLER); 889 putKeyManagerConfigAttribute(ldapsPort, DN_LDAPS_CONNECTION_HANDLER); 890 putKeyManagerConfigAttribute(ldapsPort, DN_HTTP_CONNECTION_HANDLER); 891 892 if (keyManagerPath.isPresent()) 893 { 894 try 895 { 896 final StringConfigAttribute pathAttr = new StringConfigAttribute( 897 ATTR_KEYSTORE_FILE, INFO_FILE_KEYMANAGER_DESCRIPTION_FILE.get(), 898 true, true, true, keyManagerPath.getValue()); 899 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(keyManagerProviderDN.getValue())); 900 configEntry.putConfigAttribute(pathAttr); 901 } 902 catch (final Exception e) 903 { 904 throw new ConfigureDSException(e, LocalizableMessage.raw(e.toString())); 905 } 906 } 907 } 908 } 909 910 private void putKeyManagerConfigAttribute(final Argument arg, final String attributeDN) 911 throws ConfigureDSException 912 { 913 if (arg.isPresent()) 914 { 915 try 916 { 917 final StringConfigAttribute keyManagerProviderAttr = new StringConfigAttribute( 918 ATTR_KEYMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(), 919 false, false, true, keyManagerProviderDN.getValue()); 920 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(attributeDN)); 921 configEntry.putConfigAttribute(keyManagerProviderAttr); 922 } 923 catch (final Exception e) 924 { 925 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_KEYMANAGER_REFERENCE.get(e)); 926 } 927 } 928 } 929 930 private void updateTrustManager() throws ConfigureDSException 931 { 932 if (trustManagerProviderDN.isPresent()) 933 { 934 if (enableStartTLS.isPresent() || ldapsPort.isPresent()) 935 { 936 try 937 { 938 final BooleanConfigAttribute enableAttr = new BooleanConfigAttribute( 939 ATTR_TRUSTMANAGER_ENABLED, ERR_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED.get(), true, true); 940 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(trustManagerProviderDN.getValue())); 941 configEntry.putConfigAttribute(enableAttr); 942 } 943 catch (final Exception e) 944 { 945 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_ENABLE_TRUSTMANAGER.get(e)); 946 } 947 } 948 putTrustManagerAttribute(enableStartTLS, DN_LDAP_CONNECTION_HANDLER); 949 putTrustManagerAttribute(ldapsPort, DN_LDAPS_CONNECTION_HANDLER); 950 putTrustManagerAttribute(ldapsPort, DN_HTTP_CONNECTION_HANDLER); 951 } 952 953 if (certNickNames.isPresent()) 954 { 955 final StringConfigAttribute certNickNamesAttr = new StringConfigAttribute( 956 ATTR_SSL_CERT_NICKNAME, INFO_LDAP_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(), 957 false, true, true, certNickNames.getValues()); 958 updateCertNicknameEntry(ldapPort, DN_LDAP_CONNECTION_HANDLER, certNickNamesAttr); 959 updateCertNicknameEntry(ldapsPort, DN_LDAPS_CONNECTION_HANDLER, certNickNamesAttr); 960 updateCertNicknameEntry(certNickNames, DN_HTTP_CONNECTION_HANDLER, certNickNamesAttr); 961 962 final StringConfigAttribute certNickNamesJmxAttr = new StringConfigAttribute( 963 ATTR_SSL_CERT_NICKNAME, INFO_JMX_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(), 964 false, false, true, certNickNames.getValues()); 965 updateCertNicknameEntry(jmxPort, DN_JMX_CONNECTION_HANDLER, certNickNamesJmxAttr); 966 } 967 else 968 { 969 // Use the key manager specified for connection handlers 970 removeSSLCertNicknameAttribute(DN_LDAP_CONNECTION_HANDLER); 971 removeSSLCertNicknameAttribute(DN_LDAPS_CONNECTION_HANDLER); 972 removeSSLCertNicknameAttribute(DN_HTTP_CONNECTION_HANDLER); 973 removeSSLCertNicknameAttribute(DN_JMX_CONNECTION_HANDLER); 974 } 975 } 976 977 private void putTrustManagerAttribute(final Argument arg, final String attributeDN) throws ConfigureDSException 978 { 979 if (arg.isPresent()) 980 { 981 try 982 { 983 final StringConfigAttribute trustManagerProviderAttr = new StringConfigAttribute( 984 ATTR_TRUSTMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(), 985 false, false, true, trustManagerProviderDN.getValue()); 986 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(attributeDN)); 987 configEntry.putConfigAttribute(trustManagerProviderAttr); 988 } 989 catch (final Exception e) 990 { 991 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(e)); 992 } 993 } 994 } 995 996 private void updateCertNicknameEntry(final Argument arg, final String attributeDN, 997 final StringConfigAttribute configAttr) throws ConfigureDSException 998 { 999 try 1000 { 1001 ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(attributeDN)); 1002 if (arg.isPresent()) 1003 { 1004 configEntry.putConfigAttribute(configAttr); 1005 } 1006 else 1007 { 1008 configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME); 1009 } 1010 } 1011 catch (final Exception e) 1012 { 1013 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(e)); 1014 } 1015 } 1016 1017 private void removeSSLCertNicknameAttribute(final String attributeDN) throws ConfigureDSException 1018 { 1019 try 1020 { 1021 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(attributeDN)); 1022 configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); 1023 } 1024 catch (final Exception e) 1025 { 1026 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(e)); 1027 } 1028 } 1029 1030 private void updateRootUser(final DN rootDN, final String rootPW) throws ConfigureDSException 1031 { 1032 if (rootDN != null) 1033 { 1034 try 1035 { 1036 final DNConfigAttribute bindDNAttr = new DNConfigAttribute( 1037 ATTR_ROOTDN_ALTERNATE_BIND_DN, INFO_CONFIG_ROOTDN_DESCRIPTION_ALTERNATE_BIND_DN.get(), 1038 false, true, false, rootDN); 1039 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_ROOT_USER)); 1040 configEntry.putConfigAttribute(bindDNAttr); 1041 1042 final String encodedPassword = SaltedSHA512PasswordStorageScheme.encodeOffline(getBytes(rootPW)); 1043 final StringConfigAttribute bindPWAttr = new StringConfigAttribute( 1044 ATTR_USER_PASSWORD, LocalizableMessage.EMPTY, false, false, false, encodedPassword); 1045 configEntry.putConfigAttribute(bindPWAttr); 1046 } 1047 catch (final Exception e) 1048 { 1049 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_ROOT_USER.get(e)); 1050 } 1051 } 1052 } 1053 1054 /** Set the FQDN for the DIGEST-MD5 SASL mechanism. */ 1055 private void addFQDNDigestMD5() throws ConfigureDSException 1056 { 1057 try 1058 { 1059 final StringConfigAttribute fqdnAttr = new StringConfigAttribute( 1060 "ds-cfg-server-fqdn", LocalizableMessage.EMPTY, false, false, false, hostName.getValue()); 1061 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_DIGEST_MD5_SASL_MECHANISM)); 1062 configEntry.putConfigAttribute(fqdnAttr); 1063 } 1064 catch (final Exception e) 1065 { 1066 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_DIGEST_MD5_FQDN.get(e)); 1067 } 1068 } 1069 1070 /** 1071 * Check that the cipher specified is supported. This is intended to fix 1072 * issues with JVM that do not support the default cipher (see issue 3075 for 1073 * instance). 1074 * 1075 * @throws ConfigureDSException 1076 */ 1077 private void updateCryptoCipher() throws ConfigureDSException 1078 { 1079 final CryptoManagerCfgDefn cryptoManager = CryptoManagerCfgDefn.getInstance(); 1080 final StringPropertyDefinition prop = cryptoManager.getKeyWrappingTransformationPropertyDefinition(); 1081 String defaultCipher = null; 1082 1083 final DefaultBehaviorProvider<?> p = prop.getDefaultBehaviorProvider(); 1084 if (p instanceof DefinedDefaultBehaviorProvider) 1085 { 1086 final Collection<?> defaultValues = ((DefinedDefaultBehaviorProvider<?>) p).getDefaultValues(); 1087 if (!defaultValues.isEmpty()) 1088 { 1089 defaultCipher = defaultValues.iterator().next().toString(); 1090 } 1091 } 1092 1093 if (defaultCipher != null) 1094 { 1095 // Check that the default cipher is supported by the JVM. 1096 try 1097 { 1098 Cipher.getInstance(defaultCipher); 1099 } 1100 catch (final GeneralSecurityException ex) 1101 { 1102 // The cipher is not supported: try to find an alternative one. 1103 final String alternativeCipher = getAlternativeCipher(); 1104 if (alternativeCipher != null) 1105 { 1106 try 1107 { 1108 final StringConfigAttribute keyWrappingTransformation = new StringConfigAttribute( 1109 ATTR_CRYPTO_CIPHER_KEY_WRAPPING_TRANSFORMATION, LocalizableMessage.EMPTY, 1110 false, false, true, alternativeCipher); 1111 final ConfigEntry configEntry = configHandler.getConfigEntry(DN.valueOf(DN_CRYPTO_MANAGER)); 1112 configEntry.putConfigAttribute(keyWrappingTransformation); 1113 } 1114 catch (final Exception e) 1115 { 1116 throw new ConfigureDSException(e, ERR_CONFIGDS_CANNOT_UPDATE_CRYPTO_MANAGER.get(e)); 1117 } 1118 } 1119 } 1120 } 1121 } 1122 1123 private void writeUpdatedConfiguration() throws ConfigureDSException 1124 { 1125 try 1126 { 1127 configHandler.writeUpdatedConfig(); 1128 printWrappedText(out, INFO_CONFIGDS_WROTE_UPDATED_CONFIG.get()); 1129 } 1130 catch (final DirectoryException de) 1131 { 1132 throw new ConfigureDSException(de, ERR_CONFIGDS_CANNOT_WRITE_UPDATED_CONFIG.get(de.getMessageObject())); 1133 } 1134 } 1135 1136 /** 1137 * Returns a cipher that is supported by the JVM we are running at. 1138 * Returns <CODE>null</CODE> if no alternative cipher could be found. 1139 * @return a cipher that is supported by the JVM we are running at. 1140 */ 1141 public static String getAlternativeCipher() 1142 { 1143 final String[] preferredAlternativeCiphers = 1144 { 1145 "RSA/ECB/OAEPWITHSHA1ANDMGF1PADDING", 1146 "RSA/ECB/PKCS1Padding" 1147 }; 1148 String alternativeCipher = null; 1149 for (final String cipher : preferredAlternativeCiphers) 1150 { 1151 try 1152 { 1153 Cipher.getInstance(cipher); 1154 alternativeCipher = cipher; 1155 break; 1156 } 1157 catch (final Throwable t) 1158 { 1159 } 1160 } 1161 return alternativeCipher; 1162 } 1163} 1164