Package org.nasutekds.admin.ads.util

Examples of org.nasutekds.admin.ads.util.ApplicationTrustManager

912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
            if (oce != null)
            {
              String authType = null;
              if (trustManager instanceof ApplicationTrustManager)
              {
                ApplicationTrustManager appTrustManager =
                  (ApplicationTrustManager)trustManager;
                authType = appTrustManager.getLastRefusedAuthType();
              }
              if (ci.checkServerCertificate(oce.getChain(), authType,
                  hostName))
              {
                // If the certificate is trusted, update the trust manager.
                trustManager = ci.getTrustManager();

                // Try to connect again.
                continue;
              }
              else
              {
                // Assume user canceled.
                return null;
              }
            }
          }
          if (e.getCause() != null)
          {
            if (!isInteractive() &&
                !ci.isTrustAll())
            {
              if (getCertificateRootException(e) != null ||
                (e.getCause() instanceof SSLHandshakeException))
              {
                Message message =
                  ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_NOT_TRUSTED.get(
                  hostName, String.valueOf(portNumber));
                throw new ClientException(
                  LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
              }
            }
            if (e.getCause() instanceof SSLException)
            {
              Message message =
                ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_WRONG_PORT.get(
                hostName, String.valueOf(portNumber));
              throw new ClientException(
                LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
            }
          }
          String hostPort =
            ServerDescriptor.getServerRepresentation(hostName, portNumber);
          Message message = Utils.getMessageForException(e, hostPort);
          throw new ClientException(
              LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
        }
      }
    }
    else if (ci.useStartTLS())
    {
      String ldapUrl = "ldap://" + hostName + ":" + portNumber;
      while (true)
      {
        try
        {
          ctx = ConnectionUtils.createStartTLSContext(ldapUrl, bindDN,
              bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null,
              trustManager, keyManager, null);
          ctx.reconnect(null);
          break;
        }
        catch (NamingException e)
        {
          if (promptForCertificate)
          {
            OpendsCertificateException oce = getCertificateRootException(e);
            if (oce != null)
            {
              String authType = null;
              if (trustManager instanceof ApplicationTrustManager)
              {
                ApplicationTrustManager appTrustManager =
                  (ApplicationTrustManager)trustManager;
                authType = appTrustManager.getLastRefusedAuthType();
              }

              if (ci.checkServerCertificate(oce.getChain(), authType,
                  hostName))
              {
View Full Code Here
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
        copySecureArgsList.trustStorePasswordArg.addValue(truststorePassword);
        commandBuilder.addObfuscatedArgument(
            copySecureArgsList.trustStorePasswordArg);
      }

      return new ApplicationTrustManager(truststore);
    }
    catch (Exception e)
    {
      throw ArgumentExceptionFactory.unableToReadConnectionParameters(e);
    }
View Full Code Here
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
          }

          // Update the trust manager
          if (trustManager == null)
          {
            trustManager = new ApplicationTrustManager(truststore);
          }
          if ((authType != null) && (host != null))
          {
            // Update the trust manager with the new certificate
            trustManager.acceptCertificate(chain, authType, host);
          }
          else
          {
            // Do a full reset of the contents of the keystore.
            trustManager = new ApplicationTrustManager(truststore);
          }
          if (result.getValue().equals(TrustOption.PERMAMENT.getChoice()))
          {
            ValidationCallback<String> callback =
              new ValidationCallback<String>()
View Full Code Here
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
    {
      if (!Utils.isCli())
      {
        try
        {
          trustManager = new ApplicationTrustManager(UIKeyStore.getInstance());
        }
        catch (Throwable t)
        {
          LOG.log(Level.WARNING, "Error retrieving UI key store: "+t, t);
          trustManager = new ApplicationTrustManager(null);
        }
      }
      else
      {
        trustManager = new ApplicationTrustManager(null);
      }
    }
    return trustManager;
  }
View Full Code Here
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
                OpendsCertificateException oce =
                  (OpendsCertificateException) e.getRootCause().getCause();
                String authType = null;
                if (trustManager instanceof ApplicationTrustManager)
                {
                  ApplicationTrustManager appTrustManager =
                    (ApplicationTrustManager)trustManager;
                  authType = appTrustManager.getLastRefusedAuthType();
                }
                  if (ci.checkServerCertificate(oce.getChain(), authType,
                      hostName))
                  {
                    // If the certificate is trusted, update the trust manager.
                    trustManager = ci.getTrustManager();

                    // Try to connect again.
                    continue ;
                  }
              }
            }
            if (e.getRootCause() != null) {
              if (e.getRootCause().getCause() != null) {
                if (((e.getRootCause().getCause()
                  instanceof OpendsCertificateException)) ||
                  (e.getRootCause() instanceof SSLHandshakeException)) {
                  Message message =
                    ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_NOT_TRUSTED.get(
                    hostName, String.valueOf(portNumber));
                  throw new ClientException(
                    LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
                }
              }
              if (e.getRootCause() instanceof SSLException) {
                Message message =
                  ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT_WRONG_PORT.get(
                  hostName, String.valueOf(portNumber));
                throw new ClientException(
                  LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
              }
            }
            Message message = ERR_DSCFG_ERROR_LDAP_FAILED_TO_CONNECT.get(
              hostName, String.valueOf(portNumber));
            throw new ClientException(
              LDAPResultCode.CLIENT_SIDE_CONNECT_ERROR, message);
          }
        }
      }
      else if (ci.useStartTLS())
      {
        InitialLdapContext ctx;
        String ldapUrl = "ldap://" + hostName + ":" + portNumber;
        while (true)
        {
          try
          {
            ctx = ConnectionUtils.createStartTLSContext(ldapUrl, bindDN,
                bindPassword, ConnectionUtils.getDefaultLDAPTimeout(), null,
                trustManager, keyManager, null);
            ctx.reconnect(null);
            conn = JNDIDirContextAdaptor.adapt(ctx);
            break;
          }
          catch (NamingException e)
          {
            if ( app.isInteractive() && ci.isTrustStoreInMemory())
            {
              if ((e.getRootCause() != null)
                  && (e.getRootCause().getCause()
                      instanceof OpendsCertificateException))
              {
                String authType = null;
                if (trustManager instanceof ApplicationTrustManager)
                {
                  ApplicationTrustManager appTrustManager =
                    (ApplicationTrustManager)trustManager;
                  authType = appTrustManager.getLastRefusedAuthType();
                }
                OpendsCertificateException oce =
                  (OpendsCertificateException) e.getRootCause().getCause();
                  if (ci.checkServerCertificate(oce.getChain(), authType,
                      hostName))
View Full Code Here
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
      }
      try
      {
        if (auth.useSecureConnection())
        {
          ApplicationTrustManager trustManager = getTrustManager();
          trustManager.setHost(auth.getHostName());
          ctx = createLdapsContext(ldapUrl, dn, pwd,
              getConnectTimeout(), null, trustManager);
        }
        else
        {
View Full Code Here
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
        String ldapUrl = getLdapUrl(auth);
        String dn = auth.getDn();
        String pwd = auth.getPwd();
        if (auth.useSecureConnection())
        {
          ApplicationTrustManager trustManager = getTrustManager();
          trustManager.setHost(auth.getHostName());
          remoteCtx = createLdapsContext(ldapUrl, dn, pwd,
              getConnectTimeout(), null, trustManager);
        }
        else
        {
View Full Code Here
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
  {
    host = getHostNameForLdapUrl(host);
    String ldapUrl = "ldaps://"+host+":"+port;
    InitialLdapContext ctx = null;

    ApplicationTrustManager trustManager = getTrustManager();
    trustManager.setHost(host);
    trustManager.resetLastRefusedItems();
    try
    {
      effectiveDn[0] = dn;
      try
      {
        ctx = createLdapsContext(ldapUrl, dn, pwd,
            getConnectTimeout(), null, trustManager);
      }
      catch (Throwable t)
      {
        if (!isCertificateException(t))
        {
          // Try using a global administrator
          dn = ADSContext.getAdministratorDN(dn);
          effectiveDn[0] = dn;
          ctx = createLdapsContext(ldapUrl, dn, pwd,
              getConnectTimeout(), null, trustManager);
        }
        else
        {
          throw t;
        }
      }

      ADSContext adsContext = new ADSContext(ctx);
      if (adsContext.hasAdminData())
      {
        /* Check if there are already global administrators */
        Set<?> administrators = adsContext.readAdministratorRegistry();
        if (administrators.size() > 0)
        {
          hasGlobalAdministrators[0] = true;
        }
        else
        {
          hasGlobalAdministrators[0] = false;
        }
        Set<TopologyCacheException> exceptions =
        updateUserDataWithSuffixesInADS(adsContext, trustManager);
        Set<Message> exceptionMsgs = new LinkedHashSet<Message>();
        /* Check the exceptions and see if we throw them or not. */
        for (TopologyCacheException e : exceptions)
        {
          switch (e.getType())
          {
          case NOT_GLOBAL_ADMINISTRATOR:
            Message errorMsg = INFO_NOT_GLOBAL_ADMINISTRATOR_PROVIDED.get();
            throw new UserDataException(Step.REPLICATION_OPTIONS, errorMsg);
          case GENERIC_CREATING_CONNECTION:
            if ((e.getCause() != null) &&
                isCertificateException(e.getCause()))
            {
              UserDataCertificateException.Type excType;
              ApplicationTrustManager.Cause cause = null;
              if (e.getTrustManager() != null)
              {
                cause = e.getTrustManager().getLastRefusedCause();
              }
              LOG.log(Level.INFO, "Certificate exception cause: "+cause);
              if (cause == ApplicationTrustManager.Cause.NOT_TRUSTED)
              {
                excType = UserDataCertificateException.Type.NOT_TRUSTED;
              }
              else if (cause ==
                ApplicationTrustManager.Cause.HOST_NAME_MISMATCH)
              {
                excType = UserDataCertificateException.Type.HOST_NAME_MISMATCH;
              }
              else
              {
                excType = null;
              }
              if (excType != null)
              {
                String h;
                int p;
                try
                {
                  URI uri = new URI(e.getLdapUrl());
                  h = uri.getHost();
                  p = uri.getPort();
                }
                catch (Throwable t)
                {
                  LOG.log(Level.WARNING,
                      "Error parsing ldap url of TopologyCacheException.", t);
                  h = INFO_NOT_AVAILABLE_LABEL.get().toString();
                  p = -1;
                }
                throw new UserDataCertificateException(
                        Step.REPLICATION_OPTIONS,
                        INFO_CERTIFICATE_EXCEPTION.get(
                                h, String.valueOf(p)),
                        e.getCause(), h, p,
                        e.getTrustManager().getLastRefusedChain(),
                        e.getTrustManager().getLastRefusedAuthType(), excType);
              }
            }
          }
          exceptionMsgs.add(getMessage(e));
        }
        if (exceptionMsgs.size() > 0)
        {
          Message confirmationMsg =
            INFO_ERROR_READING_REGISTERED_SERVERS_CONFIRM.get(
                    getMessageFromCollection(exceptionMsgs, "\n"));
          throw new UserDataConfirmationException(Step.REPLICATION_OPTIONS,
              confirmationMsg);
        }
      }
      else
      {
        updateUserDataWithSuffixesInServer(ctx);
      }
    }
    catch (UserDataException ude)
    {
      throw ude;
    }
    catch (Throwable t)
    {
      LOG.log(Level.INFO, "Error connecting to remote server.", t);
      if (isCertificateException(t))
      {
        UserDataCertificateException.Type excType;
        ApplicationTrustManager.Cause cause =
          trustManager.getLastRefusedCause();
        LOG.log(Level.INFO, "Certificate exception cause: "+cause);
        if (cause == ApplicationTrustManager.Cause.NOT_TRUSTED)
        {
          excType = UserDataCertificateException.Type.NOT_TRUSTED;
        }
        else if (cause == ApplicationTrustManager.Cause.HOST_NAME_MISMATCH)
        {
          excType = UserDataCertificateException.Type.HOST_NAME_MISMATCH;
        }
        else
        {
          excType = null;
        }

        if (excType != null)
        {
          throw new UserDataCertificateException(Step.REPLICATION_OPTIONS,
              INFO_CERTIFICATE_EXCEPTION.get(host, String.valueOf(port)), t,
              host, port, trustManager.getLastRefusedChain(),
              trustManager.getLastRefusedAuthType(), excType);
        }
        else
        {
          qs.displayFieldInvalid(FieldName.REMOTE_SERVER_HOST, true);
          qs.displayFieldInvalid(FieldName.REMOTE_SERVER_PORT, true);
View Full Code Here
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
    {
      instance = new ControlPanelInfo();
      try
      {
        instance.setTrustManager(
            new ApplicationTrustManager(UIKeyStore.getInstance()));
      }
      catch (Throwable t)
      {
        LOG.log(Level.WARNING, "Error retrieving UI key store: "+t, t);
        instance.setTrustManager(new ApplicationTrustManager(null));
      }
    }
    return instance;
  }
View Full Code Here
723
724
725
726
727
728
729
730
731
732
733
  {
    try
    {
      LoginDialog dlg = new LoginDialog(
          org.nasutekds.guitools.controlpanel.util.Utilities.createFrame(),
          new ApplicationTrustManager(null),
          5000);
      dlg.pack();
      dlg.setVisible(true);
    } catch (Exception ex)
    {
View Full Code Here
TOP

Related Classes of org.nasutekds.admin.ads.util.ApplicationTrustManager

  • org.nasutekds.guitools.controlpanel.datamodel.ControlPanelInfo
  • org.nasutekds.guitools.uninstaller.ui.LoginDialog
  • org.nasutekds.guitools.uninstaller.UninstallCliHelper
  • org.nasutekds.quicksetup.Application
  • org.nasutekds.quicksetup.installer.Installer
  • org.nasutekds.server.admin.client.cli.SecureConnectionCliArgs
  • org.nasutekds.server.tools.dsconfig.LDAPManagementContextFactory
  • org.nasutekds.server.tools.dsreplication.ReplicationCliMain
  • org.nasutekds.server.util.cli.ConsoleApplication
  • org.nasutekds.server.util.cli.LDAPConnectionConsoleInteraction
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.