/** * Parses the provided command-line arguments and makes the appropriate changes to the Directory * Server configuration. * * @param args The command-line arguments provided to this program. * @param outStream Output stream. * @param errStream Error stream. * @return The exit code from the configuration processing. A nonzero value indicates that there * was some kind of problem during the configuration processing. */ public static int configMain(String[] args, OutputStream outStream, OutputStream errStream) { BooleanArgument showUsage; BooleanArgument enableStartTLS; FileBasedArgument rootPasswordFile; StringArgument hostName; IntegerArgument ldapPort; IntegerArgument adminConnectorPort; IntegerArgument ldapsPort; IntegerArgument jmxPort; StringArgument baseDNString; StringArgument configClass; StringArgument configFile; StringArgument rootDNString; StringArgument rootPassword; StringArgument keyManagerProviderDN; StringArgument trustManagerProviderDN; StringArgument certNickName; StringArgument keyManagerPath; StringArgument serverRoot; PrintStream out, err; if (outStream != null) { out = new PrintStream(outStream); } else { out = NullOutputStream.printStream(); } if (errStream != null) { err = new PrintStream(errStream); } else { err = NullOutputStream.printStream(); } Message toolDescription = INFO_CONFIGDS_TOOL_DESCRIPTION.get(); ArgumentParser argParser = new ArgumentParser(CLASS_NAME, toolDescription, false); try { configFile = new StringArgument( "configfile", 'c', "configFile", true, false, true, INFO_CONFIGFILE_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_CONFIG_FILE.get()); configFile.setHidden(true); argParser.addArgument(configFile); configClass = new StringArgument( "configclass", OPTION_SHORT_CONFIG_CLASS, OPTION_LONG_CONFIG_CLASS, false, false, true, INFO_CONFIGCLASS_PLACEHOLDER.get(), ConfigFileHandler.class.getName(), null, INFO_DESCRIPTION_CONFIG_CLASS.get()); configClass.setHidden(true); argParser.addArgument(configClass); String defaultHostName; try { defaultHostName = InetAddress.getLocalHost().getHostName(); } catch (Exception e) { // Not much we can do here. defaultHostName = "localhost"; } hostName = new StringArgument( OPTION_LONG_HOST.toLowerCase(), OPTION_SHORT_HOST, OPTION_LONG_HOST, false, false, true, INFO_HOST_PLACEHOLDER.get(), defaultHostName, null, INFO_INSTALLDS_DESCRIPTION_HOST_NAME.get()); argParser.addArgument(hostName); ldapPort = new IntegerArgument( "ldapport", OPTION_SHORT_PORT, "ldapPort", false, false, true, INFO_LDAPPORT_PLACEHOLDER.get(), 389, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_LDAP_PORT.get()); argParser.addArgument(ldapPort); adminConnectorPort = new IntegerArgument( "adminConnectorPort".toLowerCase(), null, "adminConnectorPort", false, false, true, INFO_PORT_PLACEHOLDER.get(), 4444, "adminConnectorPort", true, 1, true, 65535, INFO_INSTALLDS_DESCRIPTION_ADMINCONNECTORPORT.get()); argParser.addArgument(adminConnectorPort); ldapsPort = new IntegerArgument( "ldapsPort", 'P', "ldapsPort", false, false, true, INFO_LDAPPORT_PLACEHOLDER.get(), 636, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_LDAPS_PORT.get()); argParser.addArgument(ldapsPort); enableStartTLS = new BooleanArgument( "enableStartTLS", OPTION_SHORT_START_TLS, "enableStartTLS", INFO_CONFIGDS_DESCRIPTION_ENABLE_START_TLS.get()); argParser.addArgument(enableStartTLS); jmxPort = new IntegerArgument( "jmxport", 'x', "jmxPort", false, false, true, INFO_JMXPORT_PLACEHOLDER.get(), SetupUtils.getDefaultJMXPort(), null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_JMX_PORT.get()); argParser.addArgument(jmxPort); keyManagerProviderDN = new StringArgument( "keymanagerproviderdn", 'k', "keyManagerProviderDN", false, false, true, INFO_KEY_MANAGER_PROVIDER_DN_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PROVIDER_DN.get()); argParser.addArgument(keyManagerProviderDN); trustManagerProviderDN = new StringArgument( "trustmanagerproviderdn", 't', "trustManagerProviderDN", false, false, true, INFO_TRUST_MANAGER_PROVIDER_DN_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_TRUSTMANAGER_PROVIDER_DN.get()); argParser.addArgument(trustManagerProviderDN); keyManagerPath = new StringArgument( "keymanagerpath", 'm', "keyManagerPath", false, false, true, INFO_KEY_MANAGER_PATH_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PATH.get()); argParser.addArgument(keyManagerPath); certNickName = new StringArgument( "certnickname", 'a', "certNickName", false, false, true, INFO_NICKNAME_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_CERTNICKNAME.get()); argParser.addArgument(certNickName); baseDNString = new StringArgument( "basedn", OPTION_SHORT_BASEDN, OPTION_LONG_BASEDN, false, true, true, INFO_BASEDN_PLACEHOLDER.get(), "dc=example,dc=com", null, INFO_CONFIGDS_DESCRIPTION_BASE_DN.get()); argParser.addArgument(baseDNString); rootDNString = new StringArgument( "rootdn", OPTION_SHORT_ROOT_USER_DN, OPTION_LONG_ROOT_USER_DN, false, false, true, INFO_ROOT_USER_DN_PLACEHOLDER.get(), "cn=Directory Manager", null, INFO_CONFIGDS_DESCRIPTION_ROOT_DN.get()); argParser.addArgument(rootDNString); rootPassword = new StringArgument( "rootpw", OPTION_SHORT_BINDPWD, "rootPassword", false, false, true, INFO_ROOT_USER_PWD_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_ROOT_PW.get()); argParser.addArgument(rootPassword); rootPasswordFile = new FileBasedArgument( "rootpwfile", OPTION_SHORT_BINDPWD_FILE, "rootPasswordFile", false, false, INFO_FILE_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_ROOT_PW_FILE.get()); argParser.addArgument(rootPasswordFile); showUsage = new BooleanArgument( "showusage", OPTION_SHORT_HELP, OPTION_LONG_HELP, INFO_DESCRIPTION_USAGE.get()); argParser.addArgument(showUsage); argParser.setUsageArgument(showUsage); serverRoot = new StringArgument( "serverRoot", ToolConstants.OPTION_SHORT_SERVER_ROOT, ToolConstants.OPTION_LONG_SERVER_ROOT, false, false, true, INFO_SERVER_ROOT_DIR_PLACEHOLDER.get(), null, null, null); serverRoot.setHidden(true); argParser.addArgument(serverRoot); } catch (ArgumentException ae) { Message message = ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } // Parse the command-line arguments provided to the program. try { argParser.parseArguments(args); } catch (ArgumentException ae) { Message message = ERR_ERROR_PARSING_ARGS.get(ae.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return LDAPResultCode.CLIENT_SIDE_PARAM_ERROR; } // If we should just display usage or version information, // then print it and exit. if (argParser.usageOrVersionDisplayed()) { return 0; } // Make sure that the user actually tried to configure something. if (!(baseDNString.isPresent() || ldapPort.isPresent() || jmxPort.isPresent() || rootDNString.isPresent())) { Message message = ERR_CONFIGDS_NO_CONFIG_CHANGES.get(); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } try { Set<Integer> ports = new HashSet<Integer>(); if (ldapPort.isPresent()) { ports.add(ldapPort.getIntValue()); } if (adminConnectorPort.isPresent()) { if (ports.contains(adminConnectorPort.getIntValue())) { Message message = ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get( String.valueOf(adminConnectorPort.getIntValue())); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } else { ports.add(adminConnectorPort.getIntValue()); } } if (ldapsPort.isPresent()) { if (ports.contains(ldapsPort.getIntValue())) { Message message = ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(String.valueOf(ldapsPort.getIntValue())); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } else { ports.add(ldapsPort.getIntValue()); } } if (jmxPort.isPresent()) { if (ports.contains(jmxPort.getIntValue())) { Message message = ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(String.valueOf(jmxPort.getIntValue())); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } else { ports.add(jmxPort.getIntValue()); } } } catch (ArgumentException ae) { Message message = ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (serverRoot.isPresent()) { DirectoryEnvironmentConfig env = DirectoryServer.getEnvironmentConfig(); String root = serverRoot.getValue(); try { env.setServerRoot(new File(serverRoot.getValue())); } catch (InitializationException e) { ERR_INITIALIZE_SERVER_ROOT.get(root, e.getMessageObject()); } } // Initialize the Directory Server configuration handler using the // information that was provided. DirectoryServer directoryServer = DirectoryServer.getInstance(); DirectoryServer.bootstrapClient(); try { DirectoryServer.initializeJMX(); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_INITIALIZE_JMX.get( String.valueOf(configFile.getValue()), e.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } try { directoryServer.initializeConfiguration(configClass.getValue(), configFile.getValue()); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_INITIALIZE_CONFIG.get( String.valueOf(configFile.getValue()), e.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } try { directoryServer.initializeSchema(); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_INITIALIZE_SCHEMA.get( String.valueOf(configFile.getValue()), e.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } // Make sure that we can get an exclusive lock for the Directory Server, so // that no other operation will be allowed while this is in progress. String serverLockFileName = LockFileManager.getServerLockFileName(); StringBuilder failureReason = new StringBuilder(); if (!LockFileManager.acquireExclusiveLock(serverLockFileName, failureReason)) { Message message = ERR_CONFIGDS_CANNOT_ACQUIRE_SERVER_LOCK.get( String.valueOf(serverLockFileName), String.valueOf(failureReason)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } try { // If one or more base DNs were provided, then make sure that they can be // parsed as valid DNs. LinkedList<DN> baseDNs = null; if (baseDNString.isPresent()) { baseDNs = new LinkedList<DN>(); for (String dnString : baseDNString.getValues()) { try { baseDNs.add(DN.decode(dnString)); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_BASE_DN.get( String.valueOf(dnString), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } // If a root user DN was provided, then make sure it can be parsed. Also, // make sure that either a password or password file was specified. DN rootDN = null; String rootPW = null; if (rootDNString.isPresent()) { try { rootDN = DN.decode(rootDNString.getValue()); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_ROOT_DN.get( String.valueOf(rootDNString.getValue()), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (rootPassword.isPresent()) { rootPW = rootPassword.getValue(); } else if (rootPasswordFile.isPresent()) { rootPW = rootPasswordFile.getValue(); } else { Message message = ERR_CONFIGDS_NO_ROOT_PW.get(); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Get the Directory Server configuration handler and use it to make the // appropriate configuration changes. ConfigHandler configHandler = DirectoryServer.getConfigHandler(); // Check that the key manager provided is valid. if (keyManagerProviderDN.isPresent()) { DN dn = null; DN JCEKSProviderDN = null; try { dn = DN.decode(keyManagerProviderDN.getValue()); JCEKSProviderDN = DN.decode("cn=JCEKS,cn=Key Manager Providers,cn=config"); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_KEYMANAGER_PROVIDER_DN.get( keyManagerProviderDN.getValue(), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (dn.equals(JCEKSProviderDN)) { // Create the JCEKSProvider entry try { String ldif = "dn: cn=JCEKS,cn=Key Manager Providers,cn=config\n" + "objectClass: top\n" + "objectClass: ds-cfg-key-manager-provider\n" + "objectClass: ds-cfg-file-based-key-manager-provider\n" + "cn: JCEKS\n" + "ds-cfg-java-class: org.opends.server.extensions." + "FileBasedKeyManagerProvider\n" + "ds-cfg-enabled: true\n" + "ds-cfg-key-store-type: JCEKS\n" + "ds-cfg-key-store-file: config/keystore.jceks\n" + "ds-cfg-key-store-pin-file: config/keystore.pin"; LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif)); LDIFReader reader = new LDIFReader(ldifImportConfig); Entry providerConfigEntry; while ((providerConfigEntry = reader.readEntry()) != null) { configHandler.addEntry(providerConfigEntry, null); } } catch (Exception e) { Message message = ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } else { try { configHandler.getConfigEntry(dn); } catch (Exception e) { Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } // Check that the trust manager provided is valid. if (trustManagerProviderDN.isPresent()) { DN dn = null; DN JCEKSTrustManagerDN = null; try { dn = DN.decode(trustManagerProviderDN.getValue()); JCEKSTrustManagerDN = DN.decode("cn=JCEKS,cn=Trust Manager Providers,cn=config"); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_TRUSTMANAGER_PROVIDER_DN.get( trustManagerProviderDN.getValue(), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (dn.equals(JCEKSTrustManagerDN)) { try { String ldif = "dn: cn=JCEKS,cn=Trust Manager Providers,cn=config\n" + "objectClass: top\n" + "objectClass: ds-cfg-trust-manager-provider\n" + "objectClass: ds-cfg-file-based-trust-manager-provider\n" + "cn: JCEKS\n" + "ds-cfg-java-class: org.opends.server.extensions." + "FileBasedTrustManagerProvider\n" + "ds-cfg-enabled: false\n" + "ds-cfg-trust-store-type: JCEKS\n" + "ds-cfg-trust-store-file: config/truststore\n"; LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif)); LDIFReader reader = new LDIFReader(ldifImportConfig); Entry trustManagerConfigEntry; while ((trustManagerConfigEntry = reader.readEntry()) != null) { configHandler.addEntry(trustManagerConfigEntry, null); } } catch (Exception e) { Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } else { try { configHandler.getConfigEntry(dn); } catch (Exception e) { Message message = ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } // Check that the keystore path values are valid. if (keyManagerPath.isPresent()) { if (!keyManagerProviderDN.isPresent()) { Message message = ERR_CONFIGDS_KEYMANAGER_PROVIDER_DN_REQUIRED.get( keyManagerProviderDN.getLongIdentifier(), keyManagerPath.getLongIdentifier()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If one or more base DNs were specified, then update the config // accordingly. if (baseDNs != null) { try { DN jeBackendDN = DN.decode(DN_JE_BACKEND); ConfigEntry configEntry = configHandler.getConfigEntry(jeBackendDN); DNConfigAttribute baseDNAttr = new DNConfigAttribute( ATTR_BACKEND_BASE_DN, INFO_CONFIG_BACKEND_ATTR_DESCRIPTION_BASE_DNS.get(), true, true, false, baseDNs); configEntry.putConfigAttribute(baseDNAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_BASE_DN.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an LDAP port was specified, then update the config accordingly. if (ldapPort.isPresent()) { try { DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, ldapPort.getIntValue()); configEntry.putConfigAttribute(portAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_LDAP_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an Admin Connector port was specified, then update the config // accordingly. if (adminConnectorPort.isPresent()) { try { DN adminConnectorDN = DN.decode(DN_ADMIN_CONNECTOR); ConfigEntry configEntry = configHandler.getConfigEntry(adminConnectorDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, adminConnectorPort.getIntValue()); configEntry.putConfigAttribute(portAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_ADMIN_CONNECTOR_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an LDAPS port was specified, then update the config accordingly. if (ldapsPort.isPresent()) { try { DN ldapListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, ldapsPort.getIntValue()); configEntry.putConfigAttribute(portAttr); BooleanConfigAttribute enablePortAttr = new BooleanConfigAttribute( ATTR_CONNECTION_HANDLER_ENABLED, INFO_LDAPS_CONNHANDLER_DESCRIPTION_ENABLE.get(), true, true); configEntry.putConfigAttribute(enablePortAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_LDAPS_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an JMX port was specified, then update the config accordingly. if (jmxPort.isPresent()) { try { DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(jmxListenerDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_JMX_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, jmxPort.getIntValue()); configEntry.putConfigAttribute(portAttr); BooleanConfigAttribute enablePortAttr = new BooleanConfigAttribute( ATTR_CONNECTION_HANDLER_ENABLED, INFO_JMX_CONNHANDLER_DESCRIPTION_ENABLE.get(), true, true); configEntry.putConfigAttribute(enablePortAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_JMX_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Start TLS configuration if (enableStartTLS.isPresent()) { try { DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); BooleanConfigAttribute startTLS = new BooleanConfigAttribute( ATTR_ALLOW_STARTTLS, INFO_LDAP_CONNHANDLER_DESCRIPTION_ALLOW_STARTTLS.get(), true, true); configEntry.putConfigAttribute(startTLS); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_ENABLE_STARTTLS.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Key manager provider if (keyManagerProviderDN.isPresent()) { if (enableStartTLS.isPresent() || ldapsPort.isPresent()) { try { // Enable the key manager DN dn = DN.decode(keyManagerProviderDN.getValue()); ConfigEntry configEntry = configHandler.getConfigEntry(dn); BooleanConfigAttribute enableAttr = new BooleanConfigAttribute( ATTR_KEYMANAGER_ENABLED, INFO_CONFIG_KEYMANAGER_DESCRIPTION_ENABLED.get(), true, true); configEntry.putConfigAttribute(enableAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_ENABLE_KEYMANAGER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } try { if (enableStartTLS.isPresent()) { // Use the key manager specified for the LDAP connection handler. DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); StringConfigAttribute keyManagerProviderAttr = new StringConfigAttribute( ATTR_KEYMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(), false, false, true, keyManagerProviderDN.getValue()); configEntry.putConfigAttribute(keyManagerProviderAttr); } if (ldapsPort.isPresent()) { // Use the key manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapsListenerDN); StringConfigAttribute keyManagerProviderAttr = new StringConfigAttribute( ATTR_KEYMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(), false, false, true, keyManagerProviderDN.getValue()); configEntry.putConfigAttribute(keyManagerProviderAttr); } } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_KEYMANAGER_REFERENCE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (keyManagerPath.isPresent()) { try { // Enable the key manager DN dn = DN.decode(keyManagerProviderDN.getValue()); ConfigEntry configEntry = configHandler.getConfigEntry(dn); StringConfigAttribute pathAttr = new StringConfigAttribute( ATTR_KEYSTORE_FILE, INFO_FILE_KEYMANAGER_DESCRIPTION_FILE.get(), true, true, true, keyManagerPath.getValue()); configEntry.putConfigAttribute(pathAttr); } catch (Exception e) { String message = String.valueOf(e); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } if (trustManagerProviderDN.isPresent()) { if (enableStartTLS.isPresent() || ldapsPort.isPresent()) { // Enable the trust manager try { DN dn = DN.decode(trustManagerProviderDN.getValue()); ConfigEntry configEntry = configHandler.getConfigEntry(dn); BooleanConfigAttribute enableAttr = new BooleanConfigAttribute( ATTR_TRUSTMANAGER_ENABLED, ERR_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED.get(), true, true); configEntry.putConfigAttribute(enableAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_ENABLE_TRUSTMANAGER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } try { if (enableStartTLS.isPresent()) { // Use the trust manager specified for the LDAP connection handler. DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); StringConfigAttribute trustManagerProviderAttr = new StringConfigAttribute( ATTR_TRUSTMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(), false, false, true, trustManagerProviderDN.getValue()); configEntry.putConfigAttribute(trustManagerProviderAttr); } if (ldapsPort.isPresent()) { // Use the trust manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapsListenerDN); StringConfigAttribute trustManagerProviderAttr = new StringConfigAttribute( ATTR_TRUSTMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(), false, false, true, trustManagerProviderDN.getValue()); configEntry.putConfigAttribute(trustManagerProviderAttr); } } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } if (certNickName.isPresent()) { try { StringConfigAttribute certNickNameAttr = new StringConfigAttribute( ATTR_SSL_CERT_NICKNAME, INFO_LDAP_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(), false, false, true, certNickName.getValue()); DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); if (ldapPort.isPresent()) { // Use the key manager specified for the LDAP connection handler. configEntry.putConfigAttribute(certNickNameAttr); } else { configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } // Use the key manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(ldapsListenerDN); if (ldapsPort.isPresent()) { configEntry.putConfigAttribute(certNickNameAttr); } else { configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } certNickNameAttr = new StringConfigAttribute( ATTR_SSL_CERT_NICKNAME, INFO_JMX_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(), false, false, true, certNickName.getValue()); // Use the key manager specified for the JMX connection handler. DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(jmxListenerDN); if (jmxPort.isPresent()) { configEntry.putConfigAttribute(certNickNameAttr); } else { configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } else { try { // Use the key manager specified for the LDAP connection handler. DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); // Use the key manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(ldapsListenerDN); configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); // Use the key manager specified for the JMX connection handler. DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(jmxListenerDN); configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If a root user DN and password were specified, then update the config // accordingly. if (rootDN != null) { try { DN rootUserDN = DN.decode(DN_ROOT_USER); ConfigEntry configEntry = configHandler.getConfigEntry(rootUserDN); DNConfigAttribute bindDNAttr = new DNConfigAttribute( ATTR_ROOTDN_ALTERNATE_BIND_DN, INFO_CONFIG_ROOTDN_DESCRIPTION_ALTERNATE_BIND_DN.get(), false, true, false, rootDN); configEntry.putConfigAttribute(bindDNAttr); byte[] rootPWBytes = getBytes(rootPW); String encodedPassword = SaltedSHA512PasswordStorageScheme.encodeOffline(rootPWBytes); StringConfigAttribute bindPWAttr = new StringConfigAttribute( ATTR_USER_PASSWORD, Message.EMPTY, false, false, false, encodedPassword); configEntry.putConfigAttribute(bindPWAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_ROOT_USER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Set the FQDN for the DIGEST-MD5 SASL mechanism. try { DN digestMD5DN = DN.decode(DN_DIGEST_MD5_SASL_MECHANISM); ConfigEntry configEntry = configHandler.getConfigEntry(digestMD5DN); StringConfigAttribute fqdnAttr = new StringConfigAttribute( "ds-cfg-server-fqdn", Message.EMPTY, false, false, false, hostName.getValue()); configEntry.putConfigAttribute(fqdnAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_DIGEST_MD5_FQDN.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } // Check that the cipher specified is supported. This is intended to // fix issues with JVM that do not support the default cipher (see // issue 3075 for instance). CryptoManagerCfgDefn cryptoManager = CryptoManagerCfgDefn.getInstance(); StringPropertyDefinition prop = cryptoManager.getKeyWrappingTransformationPropertyDefinition(); String defaultCipher = null; DefaultBehaviorProvider<?> p = prop.getDefaultBehaviorProvider(); if (p instanceof DefinedDefaultBehaviorProvider) { Collection<?> defaultValues = ((DefinedDefaultBehaviorProvider<?>) p).getDefaultValues(); if (!defaultValues.isEmpty()) { defaultCipher = defaultValues.iterator().next().toString(); } } if (defaultCipher != null) { // Check that the default cipher is supported by the JVM. try { Cipher.getInstance(defaultCipher); } catch (GeneralSecurityException ex) { // The cipher is not supported: try to find an alternative one. String alternativeCipher = getAlternativeCipher(); if (alternativeCipher != null) { try { DN cipherDN = DN.decode(DN_CRYPTO_MANAGER); ConfigEntry configEntry = configHandler.getConfigEntry(cipherDN); // Set the alternative cipher StringConfigAttribute keyWrappingTransformation = new StringConfigAttribute( ATTR_CRYPTO_CIPHER_KEY_WRAPPING_TRANSFORMATION, Message.EMPTY, false, false, true, alternativeCipher); configEntry.putConfigAttribute(keyWrappingTransformation); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_CRYPTO_MANAGER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } } // Write the updated configuration. try { configHandler.writeUpdatedConfig(); Message message = INFO_CONFIGDS_WROTE_UPDATED_CONFIG.get(); out.println(wrapText(message, MAX_LINE_WIDTH)); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_WRITE_UPDATED_CONFIG.get(de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } finally { LockFileManager.releaseLock(serverLockFileName, failureReason); } // If we've gotten here, then everything was successful. return 0; }
/** {@inheritDoc} */ @Override protected int processLocal(boolean initializeServer, PrintStream out, PrintStream err) { // Perform the initial bootstrap of the Directory Server and process the // configuration. DirectoryServer directoryServer = DirectoryServer.getInstance(); if (initializeServer) { try { DirectoryServer.bootstrapClient(); DirectoryServer.initializeJMX(); } catch (Exception e) { printWrappedText(err, ERR_SERVER_BOOTSTRAP_ERROR.get(getExceptionMessage(e))); return 1; } try { directoryServer.initializeConfiguration(configClass.getValue(), configFile.getValue()); } catch (InitializationException ie) { printWrappedText(err, ERR_CANNOT_LOAD_CONFIG.get(ie.getMessage())); return 1; } catch (Exception e) { printWrappedText(err, ERR_CANNOT_LOAD_CONFIG.get(getExceptionMessage(e))); return 1; } // Initialize the Directory Server schema elements. try { directoryServer.initializeSchema(); } catch (ConfigException | InitializationException e) { printWrappedText(err, ERR_CANNOT_LOAD_SCHEMA.get(e.getMessage())); return 1; } catch (Exception e) { printWrappedText(err, ERR_CANNOT_LOAD_SCHEMA.get(getExceptionMessage(e))); return 1; } // Initialize the Directory Server core configuration. try { CoreConfigManager coreConfigManager = new CoreConfigManager(directoryServer.getServerContext()); coreConfigManager.initializeCoreConfig(); } catch (ConfigException | InitializationException e) { printWrappedText(err, ERR_CANNOT_INITIALIZE_CORE_CONFIG.get(e.getMessage())); return 1; } catch (Exception e) { printWrappedText(err, ERR_CANNOT_INITIALIZE_CORE_CONFIG.get(getExceptionMessage(e))); return 1; } // Initialize the Directory Server crypto manager. try { directoryServer.initializeCryptoManager(); } catch (ConfigException | InitializationException e) { printWrappedText(err, ERR_CANNOT_INITIALIZE_CRYPTO_MANAGER.get(e.getMessage())); return 1; } catch (Exception e) { printWrappedText(err, ERR_CANNOT_INITIALIZE_CRYPTO_MANAGER.get(getExceptionMessage(e))); return 1; } try { ErrorLogPublisher errorLogPublisher = TextErrorLogPublisher.getToolStartupTextErrorPublisher(new TextWriter.STREAM(out)); ErrorLogger.getInstance().addLogPublisher(errorLogPublisher); DebugLogger.getInstance().addPublisherIfRequired(new TextWriter.STREAM(out)); } catch (Exception e) { err.println("Error installing the custom error logger: " + stackTraceToSingleLineString(e)); } // Make sure that the Directory Server plugin initialization is performed. try { HashSet<PluginType> pluginTypes = new HashSet<>(1); pluginTypes.add(PluginType.LDIF_EXPORT); directoryServer.initializePlugins(pluginTypes); } catch (ConfigException | InitializationException e) { printWrappedText(err, ERR_LDIFEXPORT_CANNOT_INITIALIZE_PLUGINS.get(e.getMessage())); return 1; } catch (Exception e) { printWrappedText(err, ERR_LDIFEXPORT_CANNOT_INITIALIZE_PLUGINS.get(getExceptionMessage(e))); return 1; } } // See if there were any user-defined sets of include/exclude attributes or // filters. If so, then process them. Set<AttributeType> excludeAttributes = toAttributeTypes(excludeAttributeStrings); Set<AttributeType> includeAttributes = toAttributeTypes(includeAttributeStrings); ArrayList<SearchFilter> excludeFilters; if (excludeFilterStrings == null) { excludeFilters = null; } else { excludeFilters = new ArrayList<>(); for (String filterString : excludeFilterStrings.getValues()) { try { excludeFilters.add(SearchFilter.createFilterFromString(filterString)); } catch (DirectoryException de) { logger.error( ERR_LDIFEXPORT_CANNOT_PARSE_EXCLUDE_FILTER, filterString, de.getMessageObject()); return 1; } catch (Exception e) { logger.error( ERR_LDIFEXPORT_CANNOT_PARSE_EXCLUDE_FILTER, filterString, getExceptionMessage(e)); return 1; } } } ArrayList<SearchFilter> includeFilters; if (includeFilterStrings == null) { includeFilters = null; } else { includeFilters = new ArrayList<>(); for (String filterString : includeFilterStrings.getValues()) { try { includeFilters.add(SearchFilter.createFilterFromString(filterString)); } catch (DirectoryException de) { logger.error( ERR_LDIFEXPORT_CANNOT_PARSE_INCLUDE_FILTER, filterString, de.getMessageObject()); return 1; } catch (Exception e) { logger.error( ERR_LDIFEXPORT_CANNOT_PARSE_INCLUDE_FILTER, filterString, getExceptionMessage(e)); return 1; } } } // Get information about the backends defined in the server. Iterate // through them, finding the one backend that should be used for the export, // and also finding backends with subordinate base DNs that should be // excluded from the export. Backend backend = null; List<DN> baseDNList = null; List<DN> defaultIncludeBranches = null; ArrayList<DN> excludeBranches = null; ArrayList<Backend> backendList = new ArrayList<>(); ArrayList<BackendCfg> entryList = new ArrayList<>(); ArrayList<List<DN>> dnList = new ArrayList<>(); BackendToolUtils.getBackends(backendList, entryList, dnList); int numBackends = backendList.size(); for (int i = 0; i < numBackends; i++) { Backend b = backendList.get(i); if (!backendID.getValue().equals(b.getBackendID())) { continue; } if (backend == null) { backend = b; baseDNList = dnList.get(i); defaultIncludeBranches = dnList.get(i); } else { logger.error(ERR_LDIFEXPORT_MULTIPLE_BACKENDS_FOR_ID, backendID.getValue()); return 1; } } if (backend == null) { logger.error(ERR_LDIFEXPORT_NO_BACKENDS_FOR_ID, backendID.getValue()); return 1; } else if (!backend.supports(BackendOperation.RESTORE)) { logger.error(ERR_LDIFEXPORT_CANNOT_EXPORT_BACKEND, backendID.getValue()); return 1; } if (excludeBranchStrings.isPresent()) { excludeBranches = new ArrayList<>(); for (String s : excludeBranchStrings.getValues()) { DN excludeBranch; try { excludeBranch = DN.valueOf(s); } catch (DirectoryException de) { logger.error(ERR_LDIFEXPORT_CANNOT_DECODE_EXCLUDE_BASE, s, de.getMessageObject()); return 1; } catch (Exception e) { logger.error(ERR_LDIFEXPORT_CANNOT_DECODE_EXCLUDE_BASE, s, getExceptionMessage(e)); return 1; } if (!excludeBranches.contains(excludeBranch)) { excludeBranches.add(excludeBranch); } } } List<DN> includeBranches; if (includeBranchStrings.isPresent()) { includeBranches = new ArrayList<>(); for (String s : includeBranchStrings.getValues()) { DN includeBranch; try { includeBranch = DN.valueOf(s); } catch (DirectoryException de) { logger.error(ERR_LDIFIMPORT_CANNOT_DECODE_INCLUDE_BASE, s, de.getMessageObject()); return 1; } catch (Exception e) { logger.error(ERR_LDIFIMPORT_CANNOT_DECODE_INCLUDE_BASE, s, getExceptionMessage(e)); return 1; } if (!Backend.handlesEntry(includeBranch, defaultIncludeBranches, excludeBranches)) { logger.error(ERR_LDIFEXPORT_INVALID_INCLUDE_BASE, s, backendID.getValue()); return 1; } includeBranches.add(includeBranch); } } else { includeBranches = defaultIncludeBranches; } // Create the LDIF export configuration to use when reading the LDIF. ExistingFileBehavior existingBehavior; if (appendToLDIF.isPresent()) { existingBehavior = ExistingFileBehavior.APPEND; } else { existingBehavior = ExistingFileBehavior.OVERWRITE; } LDIFExportConfig exportConfig = new LDIFExportConfig(ldifFile.getValue(), existingBehavior); exportConfig.setCompressData(compressLDIF.isPresent()); exportConfig.setEncryptData(encryptLDIF.isPresent()); exportConfig.setExcludeAttributes(excludeAttributes); exportConfig.setExcludeBranches(excludeBranches); exportConfig.setExcludeFilters(excludeFilters); exportConfig.setIncludeAttributes(includeAttributes); exportConfig.setIncludeBranches(includeBranches); exportConfig.setIncludeFilters(includeFilters); exportConfig.setSignHash(signHash.isPresent()); exportConfig.setIncludeOperationalAttributes(!excludeOperationalAttrs.isPresent()); // FIXME -- Should this be conditional? exportConfig.setInvokeExportPlugins(true); try { exportConfig.setWrapColumn(wrapColumn.getIntValue()); } catch (ArgumentException ae) { logger.error(ERR_LDIFEXPORT_CANNOT_DECODE_WRAP_COLUMN_AS_INTEGER, wrapColumn.getValue()); return 1; } // Get the set of base DNs for the backend as an array. DN[] baseDNs = new DN[baseDNList.size()]; baseDNList.toArray(baseDNs); // Acquire a shared lock for the backend. try { String lockFile = LockFileManager.getBackendLockFileName(backend); StringBuilder failureReason = new StringBuilder(); if (!LockFileManager.acquireSharedLock(lockFile, failureReason)) { logger.error(ERR_LDIFEXPORT_CANNOT_LOCK_BACKEND, backend.getBackendID(), failureReason); return 1; } } catch (Exception e) { logger.error( ERR_LDIFEXPORT_CANNOT_LOCK_BACKEND, backend.getBackendID(), getExceptionMessage(e)); return 1; } boolean errorOccurred = false; // Launch the export. try { backend.exportLDIF(exportConfig); } catch (DirectoryException de) { logger.error(ERR_LDIFEXPORT_ERROR_DURING_EXPORT, de.getMessageObject()); errorOccurred = true; } catch (Exception e) { logger.error(ERR_LDIFEXPORT_ERROR_DURING_EXPORT, getExceptionMessage(e)); errorOccurred = true; } // Release the shared lock on the backend. try { String lockFile = LockFileManager.getBackendLockFileName(backend); StringBuilder failureReason = new StringBuilder(); if (!LockFileManager.releaseLock(lockFile, failureReason)) { logger.warn(WARN_LDIFEXPORT_CANNOT_UNLOCK_BACKEND, backend.getBackendID(), failureReason); } } catch (Exception e) { logger.warn( WARN_LDIFEXPORT_CANNOT_UNLOCK_BACKEND, backend.getBackendID(), getExceptionMessage(e)); } // Clean up after the export by closing the export config. exportConfig.close(); return !errorOccurred ? 0 : 1; }