FileBasedTrustManagerProvider.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2010 Sun Microsystems, Inc.
* Portions Copyright 2014-2015 ForgeRock AS
*/
/**
* This class defines a trust manager provider that will reference certificates
* stored in a file located on the Directory Server filesystem.
*/
public class FileBasedTrustManagerProvider
{
// The DN of the configuration entry for this trust manager provider.
private DN configEntryDN;
// The PIN needed to access the trust store.
private char[] trustStorePIN;
// The handle to the configuration for this trust manager.
// The path to the trust store backing file.
private String trustStoreFile;
// The trust store type to use.
private String trustStoreType;
/**
* Creates a new instance of this file-based trust manager provider. The
* <CODE>initializeTrustManagerProvider</CODE> method must be called on the
* resulting object before it may be used.
*/
public FileBasedTrustManagerProvider()
{
// No implementation is required.
}
/**
* {@inheritDoc}
*/
public void initializeTrustManagerProvider(
{
// Store the DN of the configuration entry and register to listen for any
// changes to the configuration entry.
// Get the path to the trust store file.
{
throw new InitializationException(message);
}
// Get the trust store type. If none is specified, then use the default
// type.
if (trustStoreType == null)
{
}
try
{
}
catch (KeyStoreException kse)
{
throw new InitializationException(message);
}
// Get the PIN needed to access the contents of the trust store file. We
// will offer several places to look for the PIN, and we will do so in the
// following order:
// - In a specified Java property
// - In a specified environment variable
// - In a specified file on the server filesystem.
// - As the value of a configuration attribute.
// In any case, the PIN must be in the clear. If no PIN is provided, then
// it will be assumed that none is required to access the information in the
// trust store.
if (pinProperty == null)
{
{
if (pinFilePath == null)
{
{
}
else
{
}
}
else
{
{
LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE.get(pinFilePath, configEntryDN);
throw new InitializationException(message);
}
else
{
try
{
}
catch (IOException ioe)
{
}
finally
{
}
{
throw new InitializationException(message);
}
else
{
}
}
}
}
else
{
{
LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET.get(pinProperty, configEntryDN);
throw new InitializationException(message);
}
else
{
}
}
}
else
{
{
LocalizableMessage message = ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET.get(pinProperty, configEntryDN);
throw new InitializationException(message);
}
else
{
}
}
}
/**
* {@inheritDoc}
*/
public void finalizeTrustManagerProvider()
{
}
/**
* {@inheritDoc}
*/
public TrustManager[] getTrustManagers()
throws DirectoryException
{
try
{
inputStream.close();
}
catch (Exception e)
{
logger.traceException(e);
message, e);
}
try
{
{
newTrustManagers[i] = new ExpirationCheckTrustManager(
(X509TrustManager) trustManagers[i]);
}
return newTrustManagers;
}
catch (Exception e)
{
logger.traceException(e);
message, e);
}
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationAcceptable(
{
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationChangeAcceptable(
{
boolean configAcceptable = true;
// Get the path to the trust store file.
try
{
{
configAcceptable = false;
}
}
catch (Exception e)
{
logger.traceException(e);
unacceptableReasons.add(ERR_FILE_TRUSTMANAGER_CANNOT_DETERMINE_FILE.get(cfgEntryDN, getExceptionMessage(e)));
configAcceptable = false;
}
// Check to see if the trust store type is acceptable.
{
try
{
}
catch (KeyStoreException kse)
{
configAcceptable = false;
}
}
// If there is a PIN property, then make sure the corresponding
// property is set.
{
{
configAcceptable = false;
}
}
// If there is a PIN environment variable, then make sure the corresponding
// environment variable is set.
{
{
configAcceptable = false;
}
}
// If there is a PIN file, then make sure the file exists and is readable.
{
if (f.exists())
{
try
{
}
catch (IOException ioe)
{
configAcceptable = false;
}
finally
{
}
{
configAcceptable = false;
}
}
else
{
configAcceptable = false;
}
}
return configAcceptable;
}
/**
* {@inheritDoc}
*/
{
// Get the path to the trust store file.
{
}
// Get the trust store type. If none is specified, then use the default type.
if (newTrustStoreType == null)
{
}
try
{
}
catch (KeyStoreException kse)
{
}
// Get the PIN needed to access the contents of the trust store file. We
// will offer several places to look for the PIN, and we will do so in the
// following order:
// - In a specified Java property
// - In a specified environment variable
// - In a specified file on the server filesystem.
// - As the value of a configuration attribute.
// In any case, the PIN must be in the clear. If no PIN is provided, then
// it will be assumed that none is required to access the information in the
// trust store.
if (newPINProperty == null)
{
if (newPINEnVar == null)
{
if (newPINFile == null)
{
{
}
else
{
}
}
else
{
{
}
else
{
try
{
}
catch (IOException ioe)
{
}
finally
{
}
{
}
else
{
}
}
}
}
else
{
{
}
else
{
}
}
}
else
{
{
}
else
{
}
}
{
}
return ccr;
}
}