FileBasedTrustManagerProvider.java revision f4d85fde4c95d5f49f683641815e0463d6166720
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
/**
* This class defines a trust manager provider that will reference certificates
* stored in a file located on the Directory Server filesystem.
*/
public class FileBasedTrustManagerProvider
extends TrustManagerProvider
implements ConfigurableComponent
{
// The DN of the configuration entry for this trust manager provider.
private DN configEntryDN;
// The PIN needed to access the trust store.
private char[] trustStorePIN;
// The path to the trust store backing file.
private String trustStoreFile;
// The name of the environment variable containing the trust store PIN.
private String trustStorePINEnVar;
// The path to the file containing the trust store PIN.
private String trustStorePINFile;
// The name of the Java property containing the trust store PIN.
private String trustStorePINProperty;
// The trust store type to use.
private String trustStoreType;
/**
* Creates a new instance of this file-based trust manager provider. The
* <CODE>initializeTrustManagerProvider</CODE> method must be called on the
* resulting object before it may be used.
*/
public FileBasedTrustManagerProvider()
{
// No implementation is required.
}
/**
* Initializes this trust manager provider based on the information in the
* provided configuration entry.
*
* @param configEntry The configuration entry that contains the information
* to use to initialize this trust manager provider.
*
* @throws ConfigException If an unrecoverable problem arises in the
* process of performing the initialization as a
* result of the server configuration.
*
* @throws InitializationException If a problem occurs during initialization
* that is not related to the server
* configuration.
*/
{
// Store the DN of the configuration entry.
// Get the path to the trust store file.
true, false, false);
try
{
{
}
{
}
}
catch (ConfigException ce)
{
if (debugEnabled())
{
}
throw ce;
}
catch (InitializationException ie)
{
if (debugEnabled())
{
}
throw ie;
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
// Get the trust store type. If none is specified, then use the default
// type.
false, false, false);
try
{
{
// A trust store type was specified, so make sure it is valid.
try
{
}
catch (KeyStoreException kse)
{
if (debugEnabled())
{
}
}
}
}
catch (InitializationException ie)
{
if (debugEnabled())
{
}
throw ie;
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
// Get the PIN needed to access the contents of the trust store file. We
// will offer several places to look for the PIN, and we will do so in the
// following order:
// - In a specified Java property
// - In a specified environment variable
// - In a specified file on the server filesystem.
// - As the value of a configuration attribute.
// In any case, the PIN must be in the clear. If no PIN is provided, then
// it will be assumed that none is required to access the information in the
// trust store.
{
getMessage(msgID), false, false, false);
try
{
if (pinPropertyAttr != null)
{
{
}
else
{
break pinSelection;
}
}
}
catch (InitializationException ie)
{
if (debugEnabled())
{
}
throw ie;
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
getMessage(msgID), false, false, false);
try
{
if (pinEnVarAttr != null)
{
{
}
else
{
break pinSelection;
}
}
}
catch (InitializationException ie)
{
if (debugEnabled())
{
}
throw ie;
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
getMessage(msgID), false, false, false);
try
{
if (pinFileAttr != null)
{
{
}
else
{
try
{
}
catch (IOException ioe)
{
}
{
}
else
{
break pinSelection;
}
}
}
}
catch (InitializationException ie)
{
if (debugEnabled())
{
}
throw ie;
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
false, false, false);
try
{
{
break pinSelection;
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
}
}
/**
* Performs any finalization that may be necessary for this trust manager
* provider.
*/
public void finalizeTrustManagerProvider()
{
}
/**
* Retrieves a set of <CODE>TrustManager</CODE> objects that may be used for
* interactions requiring access to a trust manager.
*
* @return A set of <CODE>TrustManager</CODE> objects that may be used for
* interactions requiring access to a trust manager.
*
* @throws DirectoryException If a problem occurs while attempting to obtain
* the set of trust managers.
*/
public TrustManager[] getTrustManagers()
throws DirectoryException
{
try
{
inputStream.close();
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
try
{
return trustManagerFactory.getTrustManagers();
}
catch (Exception e)
{
if (debugEnabled())
{
}
}
}
/**
* Retrieves the DN of the configuration entry with which this component is
* associated.
*
* @return The DN of the configuration entry with which this component is
* associated.
*/
public DN getConfigurableComponentEntryDN()
{
return configEntryDN;
}
/**
* Retrieves the set of configuration attributes that are associated with this
* configurable component.
*
* @return The set of configuration attributes that are associated with this
* configurable component.
*/
{
true, false, false, trustStoreFile);
true, false, false, trustStoreType);
getMessage(msgID), false, false, false,
getMessage(msgID), false, false, false,
getMessage(msgID), false, false, false,
(trustStorePINFile == null))
{
}
else
{
}
false, false, false, pinString);
return attrList;
}
/**
* Indicates whether the provided configuration entry has an acceptable
* configuration for this component. If it does not, then detailed
* information about the problem(s) should be added to the provided list.
*
* @param configEntry The configuration entry for which to make the
* determination.
* @param unacceptableReasons A list that can be used to hold messages about
* why the provided entry does not have an
* acceptable configuration.
*
* @return <CODE>true</CODE> if the provided entry has an acceptable
* configuration for this component, or <CODE>false</CODE> if not.
*/
{
// Make sure that a trust store file was provided.
true, false, false);
try
{
{
}
{
return false;
}
}
catch (ConfigException ce)
{
if (debugEnabled())
{
}
return false;
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
// See if a trust store type was provided. It is optional, but if one was
// provided, then it must be a valid type.
false, false, false);
try
{
{
// A trust store type was specified, so make sure it is valid.
try
{
}
catch (KeyStoreException kse)
{
if (debugEnabled())
{
}
return false;
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
// Make sure that there is some way to determine the PIN. Look for the PIN
// in a property, environment variable, file, or configuration attribute, in
// that order.
{
getMessage(msgID), false, false, false);
try
{
if (pinPropertyAttr != null)
{
{
return false;
}
else
{
break pinSelection;
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
getMessage(msgID), false, false, false);
try
{
if (pinEnVarAttr != null)
{
{
return false;
}
else
{
break pinSelection;
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
getMessage(msgID), false, false, false);
try
{
if (pinFileAttr != null)
{
{
return false;
}
else
{
try
{
}
catch (IOException ioe)
{
return false;
}
{
return false;
}
else
{
break pinSelection;
}
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
false, false, false);
try
{
{
break pinSelection;
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
return false;
}
}
// If we've gotten here, then everything looks OK.
return true;
}
/**
* Makes a best-effort attempt to apply the configuration contained in the
* provided entry. Information about the result of this processing should be
* added to the provided message list. Information should always be added to
* this list if a configuration change could not be applied. If detailed
* results are requested, then information about the changes applied
* successfully (and optionally about parameters that were not changed) should
* also be included.
*
* @param configEntry The entry containing the new configuration to
* apply for this component.
* @param detailedResults Indicates whether detailed information about the
* processing should be added to the list.
*
* @return Information about the result of the configuration update.
*/
boolean detailedResults)
{
boolean adminActionRequired = false;
// Make sure that a trust store file was provided.
true, false, false);
try
{
{
}
{
{
}
}
}
catch (ConfigException ce)
{
if (debugEnabled())
{
}
{
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
{
}
}
// See if a trust store type was provided. It is optional, but if one was
// provided, then it must be a valid type.
false, false, false);
try
{
{
// A trust store type was specified, so make sure it is valid.
try
{
}
catch (KeyStoreException kse)
{
if (debugEnabled())
{
}
{
}
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
{
}
}
// Make sure that there is some way to determine the PIN. Look for the PIN
// in a property, environment variable, file, or configuration attribute, in
// that order.
char[] newTrustStorePIN = null;
{
getMessage(msgID), false, false, false);
try
{
if (pinPropertyAttr != null)
{
{
{
}
break pinSelection;
}
else
{
break pinSelection;
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
{
}
break pinSelection;
}
getMessage(msgID), false, false, false);
try
{
if (pinEnVarAttr != null)
{
{
{
}
break pinSelection;
}
else
{
break pinSelection;
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
{
}
break pinSelection;
}
getMessage(msgID), false, false, false);
try
{
if (pinFileAttr != null)
{
{
{
}
break pinSelection;
}
else
{
try
{
}
catch (IOException ioe)
{
{
}
break pinSelection;
}
{
{
}
break pinSelection;
}
else
{
break pinSelection;
}
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
{
}
break pinSelection;
}
false, false, false);
try
{
{
break pinSelection;
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
{
}
break pinSelection;
}
}
// If everything looks successful, then apply the changes.
{
{
if (detailedResults)
{
}
}
{
if (detailedResults)
{
}
}
{
if (detailedResults)
{
}
}
}
}
}