argList.add("-p");
argList.add(String.valueOf(getUserData().getServerPort()));
argList.add("--adminConnectorPort");
argList.add(String.valueOf(getUserData().getAdminConnectorPort()));
SecurityOptions sec = getUserData().getSecurityOptions();
// TODO: even if the user does not configure SSL maybe we should choose
// a secure port that is not being used and that we can actually use.
if (sec.getEnableSSL())
{
argList.add("-P");
argList.add(String.valueOf(sec.getSslPort()));
}
if (sec.getEnableStartTLS())
{
argList.add("-q");
}
String aliasInKeyStore = sec.getAliasToUse();
String aliasInTrustStore;
if (aliasInKeyStore == null)
{
aliasInTrustStore = SELF_SIGNED_CERT_ALIAS;
}
else
{
aliasInTrustStore = aliasInKeyStore;
}
switch (sec.getCertificateType())
{
case SELF_SIGNED_CERTIFICATE:
argList.add("-k");
argList.add("cn=JKS,cn=Key Manager Providers,cn=config");
argList.add("-t");
argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
break;
case JKS:
argList.add("-k");
argList.add("cn=JKS,cn=Key Manager Providers,cn=config");
argList.add("-t");
argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
argList.add("-m");
argList.add(sec.getKeystorePath());
if (aliasInKeyStore != null)
{
argList.add("-a");
argList.add(aliasInKeyStore);
}
break;
case JCEKS:
argList.add("-k");
argList.add("cn=JCEKS,cn=Key Manager Providers,cn=config");
argList.add("-t");
argList.add("cn=JCEKS,cn=Trust Manager Providers,cn=config");
argList.add("-m");
argList.add(sec.getKeystorePath());
if (aliasInKeyStore != null)
{
argList.add("-a");
argList.add(aliasInKeyStore);
}
break;
case PKCS12:
argList.add("-k");
argList.add("cn=PKCS12,cn=Key Manager Providers,cn=config");
argList.add("-t");
// We are going to import the PCKS12 certificate in a JKS trust store
argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
argList.add("-m");
argList.add(sec.getKeystorePath());
if (aliasInKeyStore != null)
{
argList.add("-a");
argList.add(aliasInKeyStore);
}
break;
case PKCS11:
argList.add("-k");
argList.add("cn=PKCS11,cn=Key Manager Providers,cn=config");
argList.add("-t");
// We are going to import the PCKS11 certificate in a JKS trust store
argList.add("cn=JKS,cn=Trust Manager Providers,cn=config");
if (aliasInKeyStore != null)
{
argList.add("-a");
argList.add(aliasInKeyStore);
}
break;
case NO_CERTIFICATE:
// Nothing to do.
break;
default:
throw new IllegalStateException("Unknown certificate type: "+
sec.getCertificateType());
}
// For the moment do not enable JMX
if (getUserData().getServerJMXPort() > 0)
{
argList.add("-x");
argList.add(String.valueOf(getUserData().getServerJMXPort()));
}
argList.add("-D");
argList.add(getUserData().getDirectoryManagerDn());
argList.add("-w");
argList.add(getUserData().getDirectoryManagerPwd());
if (createNotReplicatedSuffix())
{
LinkedList<String> baseDns =
getUserData().getNewSuffixOptions().getBaseDns();
for (String baseDn : baseDns)
{
argList.add("-b");
argList.add(baseDn);
}
}
argList.add("-R");
argList.add(getInstallation().getRootDirectory().getAbsolutePath());
final String[] args = new String[argList.size()];
argList.toArray(args);
StringBuilder cmd = new StringBuilder();
boolean nextPassword = false;
for (String s : argList)
{
if (cmd.length() > 0)
{
cmd.append(" ");
}
if (nextPassword)
{
cmd.append("{rootUserPassword}");
}
else
{
cmd.append(s);
}
nextPassword = "-w".equals(s);
}
LOG.log(Level.INFO, "configure DS cmd: "+cmd);
final InstallerHelper helper = new InstallerHelper();
setNotifyListeners(false);
InvokeThread thread = new InvokeThread()
{
@Override
public void run()
{
int result = -1;
try
{
result = helper.invokeConfigureServer(args);
if (result != 0)
{
ae = new ApplicationException(
ReturnCode.CONFIGURATION_ERROR,
INFO_ERROR_CONFIGURING.get(), null);
}
else
{
if (getUserData().getNewSuffixOptions().getBaseDns().isEmpty())
{
helper.deleteBackend(getBackendName());
}
}
} catch (ApplicationException aex)
{
ae = aex;
} catch (Throwable t)
{
ae = new ApplicationException(
ReturnCode.CONFIGURATION_ERROR,
getThrowableMsg(INFO_ERROR_CONFIGURING.get(), t), t);
}
finally
{
setNotifyListeners(true);
}
isOver = true;
}
@Override
public void abort()
{
// TODO: implement the abort
}
};
invokeLongOperation(thread);
notifyListeners(getFormattedDoneWithLineBreak());
checkAbort();
try
{
SecurityOptions.CertificateType certType = sec.getCertificateType();
if (certType != SecurityOptions.CertificateType.NO_CERTIFICATE)
{
notifyListeners(getFormattedWithPoints(
INFO_PROGRESS_UPDATING_CERTIFICATES.get()));
}
CertificateManager certManager;
CertificateManager trustManager;
File f;
switch (certType)
{
case NO_CERTIFICATE:
// Nothing to do
break;
case SELF_SIGNED_CERTIFICATE:
String pwd = getSelfSignedCertificatePwd();
certManager = new CertificateManager(
getSelfSignedKeystorePath(),
CertificateManager.KEY_STORE_TYPE_JKS,
pwd);
certManager.generateSelfSignedCertificate(SELF_SIGNED_CERT_ALIAS,
getSelfSignedCertificateSubjectDN(),
getSelfSignedCertificateValidity());
SetupUtils.exportCertificate(certManager, SELF_SIGNED_CERT_ALIAS,
getTemporaryCertificatePath());
trustManager = new CertificateManager(
getTrustManagerPath(),
CertificateManager.KEY_STORE_TYPE_JKS,
pwd);
trustManager.addCertificate(SELF_SIGNED_CERT_ALIAS,
new File(getTemporaryCertificatePath()));
createProtectedFile(getKeystorePinPath(), pwd);
f = new File(getTemporaryCertificatePath());
f.delete();
break;
case JKS:
certManager = new CertificateManager(
sec.getKeystorePath(),
CertificateManager.KEY_STORE_TYPE_JKS,
sec.getKeystorePassword());
if (aliasInKeyStore != null)
{
SetupUtils.exportCertificate(certManager, aliasInKeyStore,
getTemporaryCertificatePath());
}
else
{
SetupUtils.exportCertificate(certManager,
getTemporaryCertificatePath());
}
trustManager = new CertificateManager(
getTrustManagerPath(),
CertificateManager.KEY_STORE_TYPE_JKS,
sec.getKeystorePassword());
trustManager.addCertificate(aliasInTrustStore,
new File(getTemporaryCertificatePath()));
createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
f = new File(getTemporaryCertificatePath());
f.delete();
break;
case JCEKS:
certManager = new CertificateManager(
sec.getKeystorePath(),
CertificateManager.KEY_STORE_TYPE_JCEKS,
sec.getKeystorePassword());
if (aliasInKeyStore != null)
{
SetupUtils.exportCertificate(certManager, aliasInKeyStore,
getTemporaryCertificatePath());
}
else
{
SetupUtils.exportCertificate(certManager,
getTemporaryCertificatePath());
}
trustManager = new CertificateManager(
getTrustManagerPath(),
CertificateManager.KEY_STORE_TYPE_JCEKS,
sec.getKeystorePassword());
trustManager.addCertificate(aliasInTrustStore,
new File(getTemporaryCertificatePath()));
createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
f = new File(getTemporaryCertificatePath());
f.delete();
break;
case PKCS12:
certManager = new CertificateManager(
sec.getKeystorePath(),
CertificateManager.KEY_STORE_TYPE_PKCS12,
sec.getKeystorePassword());
if (aliasInKeyStore != null)
{
SetupUtils.exportCertificate(certManager, aliasInKeyStore,
getTemporaryCertificatePath());
}
else
{
SetupUtils.exportCertificate(certManager,
getTemporaryCertificatePath());
}
trustManager = new CertificateManager(
getTrustManagerPath(),
CertificateManager.KEY_STORE_TYPE_JKS,
sec.getKeystorePassword());
trustManager.addCertificate(aliasInTrustStore,
new File(getTemporaryCertificatePath()));
createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
f = new File(getTemporaryCertificatePath());
f.delete();
break;
case PKCS11:
certManager = new CertificateManager(
CertificateManager.KEY_STORE_PATH_PKCS11,
CertificateManager.KEY_STORE_TYPE_PKCS11,
sec.getKeystorePassword());
if (aliasInKeyStore != null)
{
SetupUtils.exportCertificate(certManager, aliasInKeyStore,
getTemporaryCertificatePath());
}
else
{
SetupUtils.exportCertificate(certManager,
getTemporaryCertificatePath());
}
trustManager = new CertificateManager(
getTrustManagerPath(),
CertificateManager.KEY_STORE_TYPE_JKS,
sec.getKeystorePassword());
trustManager.addCertificate(aliasInTrustStore,
new File(getTemporaryCertificatePath()));
createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
break;
default:
throw new IllegalStateException("Unknown certificate type: "+certType);
}
if (certType != SecurityOptions.CertificateType.NO_CERTIFICATE)