SecureConnectionCliArgs.java revision 2f6d798e90520dd1b83ac30e53838ae6fd41a150
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2007-2010 Sun Microsystems, Inc.
* Portions Copyright 2011-2015 ForgeRock AS
*/
/**
* This is a commodity class that can be used to check the arguments required to
* establish a secure connection in the command line. It can be used to generate
* an ApplicationTrustManager object based on the options provided by the user
* in the command line.
*/
public final class SecureConnectionCliArgs
{
/**
* The 'hostName' global argument.
*/
public StringArgument hostNameArg;
/**
* The 'port' global argument.
*/
public IntegerArgument portArg;
/**
* The 'bindDN' global argument.
*/
public StringArgument bindDnArg;
/**
* The 'adminUID' global argument.
*/
public StringArgument adminUidArg;
/**
* The 'bindPasswordFile' global argument.
*/
public FileBasedArgument bindPasswordFileArg;
/**
* The 'bindPassword' global argument.
*/
public StringArgument bindPasswordArg;
/**
* The 'trustAllArg' global argument.
*/
public BooleanArgument trustAllArg;
/**
* The 'trustStore' global argument.
*/
public StringArgument trustStorePathArg;
/**
* The 'trustStorePassword' global argument.
*/
public StringArgument trustStorePasswordArg;
/**
* The 'trustStorePasswordFile' global argument.
*/
/**
* The 'keyStore' global argument.
*/
public StringArgument keyStorePathArg;
/**
* The 'keyStorePassword' global argument.
*/
public StringArgument keyStorePasswordArg;
/**
* The 'keyStorePasswordFile' global argument.
*/
/**
* The 'certNicknameArg' global argument.
*/
public StringArgument certNicknameArg;
/**
* The 'useSSLArg' global argument.
*/
public BooleanArgument useSSLArg;
/**
* The 'useStartTLSArg' global argument.
*/
public BooleanArgument useStartTLSArg;
/**
* Argument indicating a SASL option.
*/
public StringArgument saslOptionArg;
/**
* Argument to specify the connection timeout.
*/
public IntegerArgument connectTimeoutArg;
/**
* Private container for global arguments.
*/
/** The trust manager. */
private ApplicationTrustManager trustManager;
private boolean configurationInitialized;
/** Defines if the CLI always use the SSL connection type. */
private boolean alwaysSSL;
/**
* Creates a new instance of secure arguments.
*
* @param alwaysSSL If true, always use the SSL connection type. In this case,
* the arguments useSSL and startTLS are not present.
*/
public SecureConnectionCliArgs(boolean alwaysSSL)
{
if (alwaysSSL) {
this.alwaysSSL = true;
}
}
/**
* Indicates whether or not any of the arguments are present.
*
* @return boolean where true indicates that at least one of the
* arguments is present
*/
public boolean argumentsPresent() {
boolean present = false;
present = true;
break;
}
}
}
return present;
}
/**
* Get the admin UID which has to be used for the command.
*
* @return The admin UID specified by the command line argument, or the
* default value, if not specified.
*/
public String getAdministratorUID()
{
if (adminUidArg.isPresent())
{
return adminUidArg.getValue();
}
return adminUidArg.getDefaultValue();
}
/**
* Tells whether this parser uses the Administrator UID (instead of the bind
* DN) or not.
*
* @return {@code true} if this parser uses the Administrator UID and
* {@code false} otherwise.
*/
public boolean useAdminUID()
{
return !adminUidArg.isHidden();
}
/**
* Get the bindDN which has to be used for the command.
*
* @return The bindDN specified by the command line argument, or the
* default value, if not specified.
*/
{
{
}
return bindDnArg.getDefaultValue();
}
/**
* Initialize Global option.
*
* @throws ArgumentException
* If there is a problem with any of the parameters used
* to create this argument.
* @return a ArrayList with the options created.
*/
throws ArgumentException
{
if (!alwaysSSL) {
} else {
// simulate that the useSSL arg has been given in the CLI
useSSLArg.setPresent(true);
}
if (!alwaysSSL) {
}
try {
} catch (Exception e) {
}
portArg =
: INFO_DESCRIPTION_PORT.get());
// It is up to the classes that required admin UID to make this argument
// visible and add it.
OPTION_LONG_ADMIN_UID, false, false, true,
adminUidArg.setHidden(true);
connectTimeoutArg.setHidden(false);
return argList;
}
/**
* Get the host name which has to be used for the command.
*
* @return The host name specified by the command line argument, or
* the default value, if not specified.
*/
public String getHostName()
{
if (hostNameArg.isPresent())
{
return hostNameArg.getValue();
}
return hostNameArg.getDefaultValue();
}
/**
* Get the port which has to be used for the command.
*
* @return The port specified by the command line argument, or the default
* value, if not specified.
*/
{
{
}
return portArg.getDefaultValue();
}
/**
* Indication if provided global options are validate.
*
* @param buf the LocalizableMessageBuilder to write the error messages.
* @return return code.
*/
{
// Couldn't have at the same time bindPassword and bindPasswordFile
}
// Couldn't have at the same time trustAll and
// trustStore related arg
}
}
}
// Couldn't have at the same time trustStorePasswordArg and
// trustStorePasswordFileArg
&& trustStorePasswordFileArg.isPresent()) {
}
if (trustStorePathArg.isPresent())
{
// Check that the path exists and is readable
{
value);
}
}
if (keyStorePathArg.isPresent())
{
// Check that the path exists and is readable
{
value);
}
}
// Couldn't have at the same time startTLSArg and
// useSSLArg
if (useStartTLSArg.isPresent()
}
{
{
{
}
}
return CONFLICTING_ARGS.get();
}
}
/**
* Indicate if the SSL mode is required.
*
* @return True if SSL mode is required
*/
public boolean useSSL()
{
}
/**
* Indicate if the startTLS mode is required.
*
* @return True if startTLS mode is required
*/
public boolean useStartTLS()
{
return useStartTLSArg.isPresent();
}
/**
* Indicate if the SSL mode is always used.
*
* @return True if SSL mode is always used.
*/
public boolean alwaysSSL()
{
return alwaysSSL;
}
/**
* Handle TrustStore.
*
* @return The trustStore manager to be used for the command.
*/
public ApplicationTrustManager getTrustManager()
{
if (trustManager == null)
{
if (trustAllArg.isPresent())
{
// Running a null TrustManager will force createLdapsContext and
// createStartTLSContext to use a bindTrustManager.
return null ;
}
else
if (trustStorePathArg.isPresent())
{
try
{
char[] trustStorePasswordValue = null;
if (trustStorePasswordArg.isPresent())
{
}
else if (trustStorePasswordFileArg.isPresent())
{
}
if (trustStorePasswordStringValue != null)
{
.getProperty("javax.net.ssl.trustStorePassword");
}
if (trustStorePasswordStringValue != null)
{
}
}
{
// Nothing to do: if this occurs we will systematically refuse the
// certificates. Maybe we should avoid this and be strict, but we
// are in a best effort mode.
}
finally
{
}
}
}
return trustManager;
}
/**
* Returns {@code true} if we can read on the provided path and
* {@code false} otherwise.
*
* @param path
* the path.
* @return {@code true} if we can read on the provided path and
* {@code false} otherwise.
*/
{
}
/**
* Returns the absolute path of the trust store file that appears on the
* config. Returns {@code null} if the trust store is not defined or it
* does not exist.
*
* @return the absolute path of the trust store file that appears on the
* config.
* @throws ConfigException
* if there is an error reading the configuration.
*/
{
boolean couldInitializeConfig = configurationInitialized;
// Initialization for admin framework
if (!configurationInitialized) {
}
{
// Get the Directory Server configuration handler and use it.
if (trustManagerCfg instanceof FileBasedTrustManagerProviderCfg) {
// Check the file
} else {
}
{
}
else
{
// Try to get the canonical path.
try
{
}
catch (Throwable t)
{
// We can ignore this error.
}
}
}
}
return truststoreFileAbsolute;
}
/**
* Returns the admin port from the configuration.
*
* @return the admin port from the configuration.
* @throws ConfigException
* if an error occurs reading the configuration.
*/
public int getAdminPortFromConfig() throws ConfigException
{
int port;
// Initialization for admin framework
if (!configurationInitialized) {
}
{
}
else
{
}
return port;
}
private boolean initializeConfiguration() {
// check if the initialization is required
try {
try {
// do nothing
return false;
}
}
configurationInitialized = true;
return true;
}
/**
* Returns the port to be used according to the configuration and the
* arguments provided by the user. This method should be called after the
* arguments have been parsed.
*
* @return the port to be used according to the configuration and the
* arguments provided by the user.
*/
public int getPortFromConfig()
{
int portNumber;
if (alwaysSSL()) {
// Try to get the port from the config file
try
{
} catch (ConfigException ex) {
// Nothing to do
}
} else {
}
return portNumber;
}
/**
* Updates the default values of the port and the trust store with what is
* read in the configuration.
*
* @throws ConfigException
* if there is an error reading the configuration.
*/
public void initArgumentsWithConfiguration() throws ConfigException
{
int portNumber = getPortFromConfig();
if (truststoreFileAbsolute != null)
{
}
}
}