/** {@inheritDoc} */ @Override public Entry getEntry(DN entryDN) throws DirectoryException { // If the requested entry was null, then throw an exception. if (entryDN == null) { throw new DirectoryException( DirectoryServer.getServerErrorResultCode(), ERR_BACKEND_GET_ENTRY_NULL.get(getBackendID())); } // If the requested entry was the backend base entry, then retrieve it. if (entryDN.equals(backupBaseDN)) { return backupBaseEntry.duplicate(true); } // See if the requested entry was one level below the backend base entry. // If so, then it must point to a backup directory. Otherwise, it must be // two levels below the backup base entry and must point to a specific // backup. DN parentDN = entryDN.getParentDNInSuffix(); if (parentDN == null) { Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN)); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message); } else if (parentDN.equals(backupBaseDN)) { return getBackupDirectoryEntry(entryDN); } else if (backupBaseDN.equals(parentDN.getParentDNInSuffix())) { return getBackupEntry(entryDN); } else { Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN)); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, backupBaseDN, null); } }
/** {@inheritDoc} */ public boolean isConfigurationChangeAcceptable( RootDNUserCfg configuration, List<Message> unacceptableReasons) { boolean configAcceptable = true; // There must not be any new alternate bind DNs that are already in use by // other root users. for (DN altBindDN : configuration.getAlternateBindDN()) { DN existingRootDN = DirectoryServer.getActualRootBindDN(altBindDN); if ((existingRootDN != null) && (!existingRootDN.equals(configuration.dn()))) { Message message = ERR_CONFIG_ROOTDN_CONFLICTING_MAPPING.get( String.valueOf(altBindDN), String.valueOf(configuration.dn()), String.valueOf(existingRootDN)); unacceptableReasons.add(message); configAcceptable = false; } } return configAcceptable; }
/** * Test the attribute types of the search filter for access. This method supports the search * right. * * @param container The container used in the access evaluation. * @param filter The filter to check access on. * @return True if all attribute types in the filter have access. * @throws DirectoryException If there is a problem matching the entry using the provided filter. */ private boolean testFilter(AciLDAPOperationContainer container, SearchFilter filter) throws DirectoryException { boolean ret = true; // If the resource entry has a dn equal to "cn=debugsearch" and it // contains the special attribute type "debugsearchindex", then the // resource entry is a pseudo entry created for debug purposes. // Return true if that is the case. if (debugSearchIndexDN.equals(container.getResourceDN()) && container.getResourceEntry().hasAttribute(debugSearchIndex)) { return true; } switch (filter.getFilterType()) { case AND: case OR: { for (SearchFilter f : filter.getFilterComponents()) { if (!testFilter(container, f)) { return false; } } break; } case NOT: { SearchFilter f = filter.getNotComponent(); ret = testFilter(container, f); break; } default: { AttributeType attrType = filter.getAttributeType(); container.setCurrentAttributeType(attrType); ret = accessAllowed(container); } } return ret; }
/** * Check access using the specified container. This container will have all of the information to * gather applicable ACIs and perform evaluation on them. * * @param container An ACI operation container which has all of the information needed to check * access. * @return True if access is allowed. */ boolean accessAllowed(AciContainer container) { DN dn = container.getResourceEntry().getDN(); // For ACI_WRITE_ADD and ACI_WRITE_DELETE set the ACI_WRITE // right. if (container.hasRights(ACI_WRITE_ADD) || container.hasRights(ACI_WRITE_DELETE)) { container.setRights(container.getRights() | ACI_WRITE); } // Check if the ACI_SELF right needs to be set (selfwrite right). // Only done if the right is ACI_WRITE, an attribute value is set // and that attribute value is a DN. if ((container.getCurrentAttributeValue() != null) && (container.hasRights(ACI_WRITE)) && (isAttributeDN(container.getCurrentAttributeType()))) { String DNString = null; try { DNString = container.getCurrentAttributeValue().getValue().toString(); DN tmpDN = DN.decode(DNString); // Have a valid DN, compare to clientDN to see if the ACI_SELF // right should be set. if (tmpDN.equals(container.getClientDN())) { container.setRights(container.getRights() | ACI_SELF); } } catch (DirectoryException ex) { // Log a message and keep going. Message message = WARN_ACI_NOT_VALID_DN.get(DNString); logError(message); } } // Check proxy authorization only if the entry has not already been // processed (working on a new entry). If working on a new entry, // then only do a proxy check if the right is not set to ACI_PROXY // and the proxied authorization control has been decoded. if (!container.hasSeenEntry()) { if (container.isProxiedAuthorization() && !container.hasRights(ACI_PROXY) && !container.hasRights(ACI_SKIP_PROXY_CHECK)) { int currentRights = container.getRights(); // Save the current rights so they can be put back if on // success. container.setRights(ACI_PROXY); // Switch to the original authorization entry, not the proxied // one. container.useOrigAuthorizationEntry(true); if (!accessAllowed(container)) { return false; } // Access is ok, put the original rights back. container.setRights(currentRights); // Put the proxied authorization entry back to the current // authorization entry. container.useOrigAuthorizationEntry(false); } // Set the seen flag so proxy processing is not performed for this // entry again. container.setSeenEntry(true); } /* * First get all allowed candidate ACIs. */ LinkedList<Aci> candidates = aciList.getCandidateAcis(dn); /* * Create an applicable list of ACIs by target matching each * candidate ACI against the container's target match view. */ createApplicableList(candidates, container); /* * Evaluate the applicable list. */ boolean ret = testApplicableLists(container); // Build summary string if doing geteffectiverights eval. if (container.isGetEffectiveRightsEval()) { AciEffectiveRights.createSummary(container, ret, "main"); } return ret; }
/** {@inheritDoc} */ @Override public void search(SearchOperation searchOperation) throws DirectoryException { // Get the base entry for the search, if possible. If it doesn't exist, // then this will throw an exception. DN baseDN = searchOperation.getBaseDN(); Entry baseEntry = getEntry(baseDN); // Look at the base DN and see if it's the backup base DN, a backup // directory entry DN, or a backup entry DN. DN parentDN; SearchScope scope = searchOperation.getScope(); SearchFilter filter = searchOperation.getFilter(); if (backupBaseDN.equals(baseDN)) { if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(baseEntry)) { searchOperation.returnEntry(baseEntry, null); } if (scope != SearchScope.BASE_OBJECT && !backupDirectories.isEmpty()) { AttributeType backupPathType = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); for (File f : backupDirectories) { // Check to see if the descriptor file exists. If not, then skip this // backup directory. File descriptorFile = new File(f, BACKUP_DIRECTORY_DESCRIPTOR_FILE); if (!descriptorFile.exists()) { continue; } DN backupDirDN = makeChildDN(backupBaseDN, backupPathType, f.getAbsolutePath()); Entry backupDirEntry; try { backupDirEntry = getBackupDirectoryEntry(backupDirDN); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } continue; } if (filter.matchesEntry(backupDirEntry)) { searchOperation.returnEntry(backupDirEntry, null); } if (scope != SearchScope.SINGLE_LEVEL) { List<Attribute> attrList = backupDirEntry.getAttribute(backupPathType); if (attrList != null && !attrList.isEmpty()) { for (AttributeValue v : attrList.get(0)) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true); for (String backupID : backupDirectory.getBackups().keySet()) { DN backupEntryDN = makeChildDN(backupDirDN, idType, backupID); Entry backupEntry = getBackupEntry(backupEntryDN); if (filter.matchesEntry(backupEntry)) { searchOperation.returnEntry(backupEntry, null); } } } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } continue; } } } } } } } else if (backupBaseDN.equals(parentDN = baseDN.getParentDNInSuffix())) { Entry backupDirEntry = getBackupDirectoryEntry(baseDN); if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(backupDirEntry)) { searchOperation.returnEntry(backupDirEntry, null); } if (scope != SearchScope.BASE_OBJECT) { AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); List<Attribute> attrList = backupDirEntry.getAttribute(t); if (attrList != null && !attrList.isEmpty()) { for (AttributeValue v : attrList.get(0)) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true); for (String backupID : backupDirectory.getBackups().keySet()) { DN backupEntryDN = makeChildDN(baseDN, idType, backupID); Entry backupEntry = getBackupEntry(backupEntryDN); if (filter.matchesEntry(backupEntry)) { searchOperation.returnEntry(backupEntry, null); } } } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } continue; } } } } } else { if (parentDN == null || !backupBaseDN.equals(parentDN.getParentDNInSuffix())) { Message message = ERR_BACKUP_NO_SUCH_ENTRY.get(String.valueOf(backupBaseDN)); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message); } if (scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) { Entry backupEntry = getBackupEntry(baseDN); if (backupEntry == null) { Message message = ERR_BACKUP_NO_SUCH_ENTRY.get(String.valueOf(backupBaseDN)); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message); } if (filter.matchesEntry(backupEntry)) { searchOperation.returnEntry(backupEntry, null); } } } }
/** {@inheritDoc} */ @Override public long numSubordinates(DN entryDN, boolean subtree) throws DirectoryException { // If the requested entry was null, then return undefined. if (entryDN == null) { return -1; } // If the requested entry was the backend base entry, then return // the number of backup directories. if (backupBaseDN.equals(entryDN)) { long count = 0; for (File f : backupDirectories) { // Check to see if the descriptor file exists. If not, then skip this // backup directory. File descriptorFile = new File(f, BACKUP_DIRECTORY_DESCRIPTOR_FILE); if (!descriptorFile.exists()) { continue; } // If subtree is included, count the number of entries for each // backup directory. if (subtree) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(f.getPath()); count += backupDirectory.getBackups().keySet().size(); } catch (Exception e) { return -1; } } count++; } return count; } // See if the requested entry was one level below the backend base entry. // If so, then it must point to a backup directory. Otherwise, it must be // two levels below the backup base entry and must point to a specific // backup. DN parentDN = entryDN.getParentDNInSuffix(); if (parentDN == null) { return -1; } else if (backupBaseDN.equals(parentDN)) { long count = 0; Entry backupDirEntry = getBackupDirectoryEntry(entryDN); AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); List<Attribute> attrList = backupDirEntry.getAttribute(t); if (attrList != null && !attrList.isEmpty()) { for (AttributeValue v : attrList.get(0)) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); count += backupDirectory.getBackups().keySet().size(); } catch (Exception e) { return -1; } } } return count; } else if (backupBaseDN.equals(parentDN.getParentDNInSuffix())) { return 0; } else { return -1; } }
/** {@inheritDoc} */ public ConfigChangeResult applyConfigurationChange(LocalDBBackendCfg newCfg) { ConfigChangeResult ccr; ResultCode resultCode = ResultCode.SUCCESS; ArrayList<Message> messages = new ArrayList<Message>(); try { if (rootContainer != null) { DN[] newBaseDNs = new DN[newCfg.getBaseDN().size()]; newBaseDNs = newCfg.getBaseDN().toArray(newBaseDNs); // Check for changes to the base DNs. for (DN baseDN : cfg.getBaseDN()) { boolean found = false; for (DN dn : newBaseDNs) { if (dn.equals(baseDN)) { found = true; } } if (!found) { // The base DN was deleted. DirectoryServer.deregisterBaseDN(baseDN); EntryContainer ec = rootContainer.unregisterEntryContainer(baseDN); ec.close(); ec.delete(); } } for (DN baseDN : newBaseDNs) { if (!rootContainer.getBaseDNs().contains(baseDN)) { try { // The base DN was added. EntryContainer ec = rootContainer.openEntryContainer(baseDN, null); rootContainer.registerEntryContainer(baseDN, ec); DirectoryServer.registerBaseDN(baseDN, this, false); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } resultCode = DirectoryServer.getServerErrorResultCode(); messages.add( ERR_BACKEND_CANNOT_REGISTER_BASEDN.get( String.valueOf(baseDN), String.valueOf(e))); ccr = new ConfigChangeResult(resultCode, false, messages); return ccr; } } } baseDNs = newBaseDNs; } if (cfg.getDiskFullThreshold() != newCfg.getDiskFullThreshold() || cfg.getDiskLowThreshold() != newCfg.getDiskLowThreshold()) { diskMonitor.setFullThreshold(newCfg.getDiskFullThreshold()); diskMonitor.setLowThreshold(newCfg.getDiskLowThreshold()); } // Put the new configuration in place. this.cfg = newCfg; } catch (Exception e) { messages.add(Message.raw(stackTraceToSingleLineString(e))); ccr = new ConfigChangeResult(DirectoryServer.getServerErrorResultCode(), false, messages); return ccr; } ccr = new ConfigChangeResult(resultCode, false, messages); return ccr; }
/** * Parses the provided command-line arguments and makes the appropriate changes to the Directory * Server configuration. * * @param args The command-line arguments provided to this program. * @param outStream Output stream. * @param errStream Error stream. * @return The exit code from the configuration processing. A nonzero value indicates that there * was some kind of problem during the configuration processing. */ public static int configMain(String[] args, OutputStream outStream, OutputStream errStream) { BooleanArgument showUsage; BooleanArgument enableStartTLS; FileBasedArgument rootPasswordFile; StringArgument hostName; IntegerArgument ldapPort; IntegerArgument adminConnectorPort; IntegerArgument ldapsPort; IntegerArgument jmxPort; StringArgument baseDNString; StringArgument configClass; StringArgument configFile; StringArgument rootDNString; StringArgument rootPassword; StringArgument keyManagerProviderDN; StringArgument trustManagerProviderDN; StringArgument certNickName; StringArgument keyManagerPath; StringArgument serverRoot; PrintStream out, err; if (outStream != null) { out = new PrintStream(outStream); } else { out = NullOutputStream.printStream(); } if (errStream != null) { err = new PrintStream(errStream); } else { err = NullOutputStream.printStream(); } Message toolDescription = INFO_CONFIGDS_TOOL_DESCRIPTION.get(); ArgumentParser argParser = new ArgumentParser(CLASS_NAME, toolDescription, false); try { configFile = new StringArgument( "configfile", 'c', "configFile", true, false, true, INFO_CONFIGFILE_PLACEHOLDER.get(), null, null, INFO_DESCRIPTION_CONFIG_FILE.get()); configFile.setHidden(true); argParser.addArgument(configFile); configClass = new StringArgument( "configclass", OPTION_SHORT_CONFIG_CLASS, OPTION_LONG_CONFIG_CLASS, false, false, true, INFO_CONFIGCLASS_PLACEHOLDER.get(), ConfigFileHandler.class.getName(), null, INFO_DESCRIPTION_CONFIG_CLASS.get()); configClass.setHidden(true); argParser.addArgument(configClass); String defaultHostName; try { defaultHostName = InetAddress.getLocalHost().getHostName(); } catch (Exception e) { // Not much we can do here. defaultHostName = "localhost"; } hostName = new StringArgument( OPTION_LONG_HOST.toLowerCase(), OPTION_SHORT_HOST, OPTION_LONG_HOST, false, false, true, INFO_HOST_PLACEHOLDER.get(), defaultHostName, null, INFO_INSTALLDS_DESCRIPTION_HOST_NAME.get()); argParser.addArgument(hostName); ldapPort = new IntegerArgument( "ldapport", OPTION_SHORT_PORT, "ldapPort", false, false, true, INFO_LDAPPORT_PLACEHOLDER.get(), 389, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_LDAP_PORT.get()); argParser.addArgument(ldapPort); adminConnectorPort = new IntegerArgument( "adminConnectorPort".toLowerCase(), null, "adminConnectorPort", false, false, true, INFO_PORT_PLACEHOLDER.get(), 4444, "adminConnectorPort", true, 1, true, 65535, INFO_INSTALLDS_DESCRIPTION_ADMINCONNECTORPORT.get()); argParser.addArgument(adminConnectorPort); ldapsPort = new IntegerArgument( "ldapsPort", 'P', "ldapsPort", false, false, true, INFO_LDAPPORT_PLACEHOLDER.get(), 636, null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_LDAPS_PORT.get()); argParser.addArgument(ldapsPort); enableStartTLS = new BooleanArgument( "enableStartTLS", OPTION_SHORT_START_TLS, "enableStartTLS", INFO_CONFIGDS_DESCRIPTION_ENABLE_START_TLS.get()); argParser.addArgument(enableStartTLS); jmxPort = new IntegerArgument( "jmxport", 'x', "jmxPort", false, false, true, INFO_JMXPORT_PLACEHOLDER.get(), SetupUtils.getDefaultJMXPort(), null, true, 1, true, 65535, INFO_CONFIGDS_DESCRIPTION_JMX_PORT.get()); argParser.addArgument(jmxPort); keyManagerProviderDN = new StringArgument( "keymanagerproviderdn", 'k', "keyManagerProviderDN", false, false, true, INFO_KEY_MANAGER_PROVIDER_DN_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PROVIDER_DN.get()); argParser.addArgument(keyManagerProviderDN); trustManagerProviderDN = new StringArgument( "trustmanagerproviderdn", 't', "trustManagerProviderDN", false, false, true, INFO_TRUST_MANAGER_PROVIDER_DN_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_TRUSTMANAGER_PROVIDER_DN.get()); argParser.addArgument(trustManagerProviderDN); keyManagerPath = new StringArgument( "keymanagerpath", 'm', "keyManagerPath", false, false, true, INFO_KEY_MANAGER_PATH_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PATH.get()); argParser.addArgument(keyManagerPath); certNickName = new StringArgument( "certnickname", 'a', "certNickName", false, false, true, INFO_NICKNAME_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_CERTNICKNAME.get()); argParser.addArgument(certNickName); baseDNString = new StringArgument( "basedn", OPTION_SHORT_BASEDN, OPTION_LONG_BASEDN, false, true, true, INFO_BASEDN_PLACEHOLDER.get(), "dc=example,dc=com", null, INFO_CONFIGDS_DESCRIPTION_BASE_DN.get()); argParser.addArgument(baseDNString); rootDNString = new StringArgument( "rootdn", OPTION_SHORT_ROOT_USER_DN, OPTION_LONG_ROOT_USER_DN, false, false, true, INFO_ROOT_USER_DN_PLACEHOLDER.get(), "cn=Directory Manager", null, INFO_CONFIGDS_DESCRIPTION_ROOT_DN.get()); argParser.addArgument(rootDNString); rootPassword = new StringArgument( "rootpw", OPTION_SHORT_BINDPWD, "rootPassword", false, false, true, INFO_ROOT_USER_PWD_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_ROOT_PW.get()); argParser.addArgument(rootPassword); rootPasswordFile = new FileBasedArgument( "rootpwfile", OPTION_SHORT_BINDPWD_FILE, "rootPasswordFile", false, false, INFO_FILE_PLACEHOLDER.get(), null, null, INFO_CONFIGDS_DESCRIPTION_ROOT_PW_FILE.get()); argParser.addArgument(rootPasswordFile); showUsage = new BooleanArgument( "showusage", OPTION_SHORT_HELP, OPTION_LONG_HELP, INFO_DESCRIPTION_USAGE.get()); argParser.addArgument(showUsage); argParser.setUsageArgument(showUsage); serverRoot = new StringArgument( "serverRoot", ToolConstants.OPTION_SHORT_SERVER_ROOT, ToolConstants.OPTION_LONG_SERVER_ROOT, false, false, true, INFO_SERVER_ROOT_DIR_PLACEHOLDER.get(), null, null, null); serverRoot.setHidden(true); argParser.addArgument(serverRoot); } catch (ArgumentException ae) { Message message = ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } // Parse the command-line arguments provided to the program. try { argParser.parseArguments(args); } catch (ArgumentException ae) { Message message = ERR_ERROR_PARSING_ARGS.get(ae.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return LDAPResultCode.CLIENT_SIDE_PARAM_ERROR; } // If we should just display usage or version information, // then print it and exit. if (argParser.usageOrVersionDisplayed()) { return 0; } // Make sure that the user actually tried to configure something. if (!(baseDNString.isPresent() || ldapPort.isPresent() || jmxPort.isPresent() || rootDNString.isPresent())) { Message message = ERR_CONFIGDS_NO_CONFIG_CHANGES.get(); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } try { Set<Integer> ports = new HashSet<Integer>(); if (ldapPort.isPresent()) { ports.add(ldapPort.getIntValue()); } if (adminConnectorPort.isPresent()) { if (ports.contains(adminConnectorPort.getIntValue())) { Message message = ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get( String.valueOf(adminConnectorPort.getIntValue())); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } else { ports.add(adminConnectorPort.getIntValue()); } } if (ldapsPort.isPresent()) { if (ports.contains(ldapsPort.getIntValue())) { Message message = ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(String.valueOf(ldapsPort.getIntValue())); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } else { ports.add(ldapsPort.getIntValue()); } } if (jmxPort.isPresent()) { if (ports.contains(jmxPort.getIntValue())) { Message message = ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(String.valueOf(jmxPort.getIntValue())); err.println(wrapText(message, MAX_LINE_WIDTH)); err.println(argParser.getUsage()); return 1; } else { ports.add(jmxPort.getIntValue()); } } } catch (ArgumentException ae) { Message message = ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (serverRoot.isPresent()) { DirectoryEnvironmentConfig env = DirectoryServer.getEnvironmentConfig(); String root = serverRoot.getValue(); try { env.setServerRoot(new File(serverRoot.getValue())); } catch (InitializationException e) { ERR_INITIALIZE_SERVER_ROOT.get(root, e.getMessageObject()); } } // Initialize the Directory Server configuration handler using the // information that was provided. DirectoryServer directoryServer = DirectoryServer.getInstance(); DirectoryServer.bootstrapClient(); try { DirectoryServer.initializeJMX(); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_INITIALIZE_JMX.get( String.valueOf(configFile.getValue()), e.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } try { directoryServer.initializeConfiguration(configClass.getValue(), configFile.getValue()); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_INITIALIZE_CONFIG.get( String.valueOf(configFile.getValue()), e.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } try { directoryServer.initializeSchema(); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_INITIALIZE_SCHEMA.get( String.valueOf(configFile.getValue()), e.getMessage()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } // Make sure that we can get an exclusive lock for the Directory Server, so // that no other operation will be allowed while this is in progress. String serverLockFileName = LockFileManager.getServerLockFileName(); StringBuilder failureReason = new StringBuilder(); if (!LockFileManager.acquireExclusiveLock(serverLockFileName, failureReason)) { Message message = ERR_CONFIGDS_CANNOT_ACQUIRE_SERVER_LOCK.get( String.valueOf(serverLockFileName), String.valueOf(failureReason)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } try { // If one or more base DNs were provided, then make sure that they can be // parsed as valid DNs. LinkedList<DN> baseDNs = null; if (baseDNString.isPresent()) { baseDNs = new LinkedList<DN>(); for (String dnString : baseDNString.getValues()) { try { baseDNs.add(DN.decode(dnString)); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_BASE_DN.get( String.valueOf(dnString), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } // If a root user DN was provided, then make sure it can be parsed. Also, // make sure that either a password or password file was specified. DN rootDN = null; String rootPW = null; if (rootDNString.isPresent()) { try { rootDN = DN.decode(rootDNString.getValue()); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_ROOT_DN.get( String.valueOf(rootDNString.getValue()), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (rootPassword.isPresent()) { rootPW = rootPassword.getValue(); } else if (rootPasswordFile.isPresent()) { rootPW = rootPasswordFile.getValue(); } else { Message message = ERR_CONFIGDS_NO_ROOT_PW.get(); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Get the Directory Server configuration handler and use it to make the // appropriate configuration changes. ConfigHandler configHandler = DirectoryServer.getConfigHandler(); // Check that the key manager provided is valid. if (keyManagerProviderDN.isPresent()) { DN dn = null; DN JCEKSProviderDN = null; try { dn = DN.decode(keyManagerProviderDN.getValue()); JCEKSProviderDN = DN.decode("cn=JCEKS,cn=Key Manager Providers,cn=config"); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_KEYMANAGER_PROVIDER_DN.get( keyManagerProviderDN.getValue(), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (dn.equals(JCEKSProviderDN)) { // Create the JCEKSProvider entry try { String ldif = "dn: cn=JCEKS,cn=Key Manager Providers,cn=config\n" + "objectClass: top\n" + "objectClass: ds-cfg-key-manager-provider\n" + "objectClass: ds-cfg-file-based-key-manager-provider\n" + "cn: JCEKS\n" + "ds-cfg-java-class: org.opends.server.extensions." + "FileBasedKeyManagerProvider\n" + "ds-cfg-enabled: true\n" + "ds-cfg-key-store-type: JCEKS\n" + "ds-cfg-key-store-file: config/keystore.jceks\n" + "ds-cfg-key-store-pin-file: config/keystore.pin"; LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif)); LDIFReader reader = new LDIFReader(ldifImportConfig); Entry providerConfigEntry; while ((providerConfigEntry = reader.readEntry()) != null) { configHandler.addEntry(providerConfigEntry, null); } } catch (Exception e) { Message message = ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } else { try { configHandler.getConfigEntry(dn); } catch (Exception e) { Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } // Check that the trust manager provided is valid. if (trustManagerProviderDN.isPresent()) { DN dn = null; DN JCEKSTrustManagerDN = null; try { dn = DN.decode(trustManagerProviderDN.getValue()); JCEKSTrustManagerDN = DN.decode("cn=JCEKS,cn=Trust Manager Providers,cn=config"); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_PARSE_TRUSTMANAGER_PROVIDER_DN.get( trustManagerProviderDN.getValue(), de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (dn.equals(JCEKSTrustManagerDN)) { try { String ldif = "dn: cn=JCEKS,cn=Trust Manager Providers,cn=config\n" + "objectClass: top\n" + "objectClass: ds-cfg-trust-manager-provider\n" + "objectClass: ds-cfg-file-based-trust-manager-provider\n" + "cn: JCEKS\n" + "ds-cfg-java-class: org.opends.server.extensions." + "FileBasedTrustManagerProvider\n" + "ds-cfg-enabled: false\n" + "ds-cfg-trust-store-type: JCEKS\n" + "ds-cfg-trust-store-file: config/truststore\n"; LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif)); LDIFReader reader = new LDIFReader(ldifImportConfig); Entry trustManagerConfigEntry; while ((trustManagerConfigEntry = reader.readEntry()) != null) { configHandler.addEntry(trustManagerConfigEntry, null); } } catch (Exception e) { Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } else { try { configHandler.getConfigEntry(dn); } catch (Exception e) { Message message = ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } // Check that the keystore path values are valid. if (keyManagerPath.isPresent()) { if (!keyManagerProviderDN.isPresent()) { Message message = ERR_CONFIGDS_KEYMANAGER_PROVIDER_DN_REQUIRED.get( keyManagerProviderDN.getLongIdentifier(), keyManagerPath.getLongIdentifier()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If one or more base DNs were specified, then update the config // accordingly. if (baseDNs != null) { try { DN jeBackendDN = DN.decode(DN_JE_BACKEND); ConfigEntry configEntry = configHandler.getConfigEntry(jeBackendDN); DNConfigAttribute baseDNAttr = new DNConfigAttribute( ATTR_BACKEND_BASE_DN, INFO_CONFIG_BACKEND_ATTR_DESCRIPTION_BASE_DNS.get(), true, true, false, baseDNs); configEntry.putConfigAttribute(baseDNAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_BASE_DN.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an LDAP port was specified, then update the config accordingly. if (ldapPort.isPresent()) { try { DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, ldapPort.getIntValue()); configEntry.putConfigAttribute(portAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_LDAP_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an Admin Connector port was specified, then update the config // accordingly. if (adminConnectorPort.isPresent()) { try { DN adminConnectorDN = DN.decode(DN_ADMIN_CONNECTOR); ConfigEntry configEntry = configHandler.getConfigEntry(adminConnectorDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, adminConnectorPort.getIntValue()); configEntry.putConfigAttribute(portAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_ADMIN_CONNECTOR_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an LDAPS port was specified, then update the config accordingly. if (ldapsPort.isPresent()) { try { DN ldapListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, ldapsPort.getIntValue()); configEntry.putConfigAttribute(portAttr); BooleanConfigAttribute enablePortAttr = new BooleanConfigAttribute( ATTR_CONNECTION_HANDLER_ENABLED, INFO_LDAPS_CONNHANDLER_DESCRIPTION_ENABLE.get(), true, true); configEntry.putConfigAttribute(enablePortAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_LDAPS_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If an JMX port was specified, then update the config accordingly. if (jmxPort.isPresent()) { try { DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(jmxListenerDN); IntegerConfigAttribute portAttr = new IntegerConfigAttribute( ATTR_LISTEN_PORT, INFO_JMX_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(), true, false, true, true, 1, true, 65535, jmxPort.getIntValue()); configEntry.putConfigAttribute(portAttr); BooleanConfigAttribute enablePortAttr = new BooleanConfigAttribute( ATTR_CONNECTION_HANDLER_ENABLED, INFO_JMX_CONNHANDLER_DESCRIPTION_ENABLE.get(), true, true); configEntry.putConfigAttribute(enablePortAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_JMX_PORT.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Start TLS configuration if (enableStartTLS.isPresent()) { try { DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); BooleanConfigAttribute startTLS = new BooleanConfigAttribute( ATTR_ALLOW_STARTTLS, INFO_LDAP_CONNHANDLER_DESCRIPTION_ALLOW_STARTTLS.get(), true, true); configEntry.putConfigAttribute(startTLS); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_ENABLE_STARTTLS.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Key manager provider if (keyManagerProviderDN.isPresent()) { if (enableStartTLS.isPresent() || ldapsPort.isPresent()) { try { // Enable the key manager DN dn = DN.decode(keyManagerProviderDN.getValue()); ConfigEntry configEntry = configHandler.getConfigEntry(dn); BooleanConfigAttribute enableAttr = new BooleanConfigAttribute( ATTR_KEYMANAGER_ENABLED, INFO_CONFIG_KEYMANAGER_DESCRIPTION_ENABLED.get(), true, true); configEntry.putConfigAttribute(enableAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_ENABLE_KEYMANAGER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } try { if (enableStartTLS.isPresent()) { // Use the key manager specified for the LDAP connection handler. DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); StringConfigAttribute keyManagerProviderAttr = new StringConfigAttribute( ATTR_KEYMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(), false, false, true, keyManagerProviderDN.getValue()); configEntry.putConfigAttribute(keyManagerProviderAttr); } if (ldapsPort.isPresent()) { // Use the key manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapsListenerDN); StringConfigAttribute keyManagerProviderAttr = new StringConfigAttribute( ATTR_KEYMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(), false, false, true, keyManagerProviderDN.getValue()); configEntry.putConfigAttribute(keyManagerProviderAttr); } } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_KEYMANAGER_REFERENCE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } if (keyManagerPath.isPresent()) { try { // Enable the key manager DN dn = DN.decode(keyManagerProviderDN.getValue()); ConfigEntry configEntry = configHandler.getConfigEntry(dn); StringConfigAttribute pathAttr = new StringConfigAttribute( ATTR_KEYSTORE_FILE, INFO_FILE_KEYMANAGER_DESCRIPTION_FILE.get(), true, true, true, keyManagerPath.getValue()); configEntry.putConfigAttribute(pathAttr); } catch (Exception e) { String message = String.valueOf(e); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } if (trustManagerProviderDN.isPresent()) { if (enableStartTLS.isPresent() || ldapsPort.isPresent()) { // Enable the trust manager try { DN dn = DN.decode(trustManagerProviderDN.getValue()); ConfigEntry configEntry = configHandler.getConfigEntry(dn); BooleanConfigAttribute enableAttr = new BooleanConfigAttribute( ATTR_TRUSTMANAGER_ENABLED, ERR_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED.get(), true, true); configEntry.putConfigAttribute(enableAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_ENABLE_TRUSTMANAGER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } try { if (enableStartTLS.isPresent()) { // Use the trust manager specified for the LDAP connection handler. DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); StringConfigAttribute trustManagerProviderAttr = new StringConfigAttribute( ATTR_TRUSTMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(), false, false, true, trustManagerProviderDN.getValue()); configEntry.putConfigAttribute(trustManagerProviderAttr); } if (ldapsPort.isPresent()) { // Use the trust manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapsListenerDN); StringConfigAttribute trustManagerProviderAttr = new StringConfigAttribute( ATTR_TRUSTMANAGER_DN, INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(), false, false, true, trustManagerProviderDN.getValue()); configEntry.putConfigAttribute(trustManagerProviderAttr); } } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } if (certNickName.isPresent()) { try { StringConfigAttribute certNickNameAttr = new StringConfigAttribute( ATTR_SSL_CERT_NICKNAME, INFO_LDAP_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(), false, false, true, certNickName.getValue()); DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); if (ldapPort.isPresent()) { // Use the key manager specified for the LDAP connection handler. configEntry.putConfigAttribute(certNickNameAttr); } else { configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } // Use the key manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(ldapsListenerDN); if (ldapsPort.isPresent()) { configEntry.putConfigAttribute(certNickNameAttr); } else { configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } certNickNameAttr = new StringConfigAttribute( ATTR_SSL_CERT_NICKNAME, INFO_JMX_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(), false, false, true, certNickName.getValue()); // Use the key manager specified for the JMX connection handler. DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(jmxListenerDN); if (jmxPort.isPresent()) { configEntry.putConfigAttribute(certNickNameAttr); } else { configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } else { try { // Use the key manager specified for the LDAP connection handler. DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER); ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN); configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); // Use the key manager specified for the LDAPS connection handler. DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(ldapsListenerDN); configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); // Use the key manager specified for the JMX connection handler. DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER); configEntry = configHandler.getConfigEntry(jmxListenerDN); configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase()); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // If a root user DN and password were specified, then update the config // accordingly. if (rootDN != null) { try { DN rootUserDN = DN.decode(DN_ROOT_USER); ConfigEntry configEntry = configHandler.getConfigEntry(rootUserDN); DNConfigAttribute bindDNAttr = new DNConfigAttribute( ATTR_ROOTDN_ALTERNATE_BIND_DN, INFO_CONFIG_ROOTDN_DESCRIPTION_ALTERNATE_BIND_DN.get(), false, true, false, rootDN); configEntry.putConfigAttribute(bindDNAttr); byte[] rootPWBytes = getBytes(rootPW); String encodedPassword = SaltedSHA512PasswordStorageScheme.encodeOffline(rootPWBytes); StringConfigAttribute bindPWAttr = new StringConfigAttribute( ATTR_USER_PASSWORD, Message.EMPTY, false, false, false, encodedPassword); configEntry.putConfigAttribute(bindPWAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_ROOT_USER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } // Set the FQDN for the DIGEST-MD5 SASL mechanism. try { DN digestMD5DN = DN.decode(DN_DIGEST_MD5_SASL_MECHANISM); ConfigEntry configEntry = configHandler.getConfigEntry(digestMD5DN); StringConfigAttribute fqdnAttr = new StringConfigAttribute( "ds-cfg-server-fqdn", Message.EMPTY, false, false, false, hostName.getValue()); configEntry.putConfigAttribute(fqdnAttr); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_DIGEST_MD5_FQDN.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } // Check that the cipher specified is supported. This is intended to // fix issues with JVM that do not support the default cipher (see // issue 3075 for instance). CryptoManagerCfgDefn cryptoManager = CryptoManagerCfgDefn.getInstance(); StringPropertyDefinition prop = cryptoManager.getKeyWrappingTransformationPropertyDefinition(); String defaultCipher = null; DefaultBehaviorProvider<?> p = prop.getDefaultBehaviorProvider(); if (p instanceof DefinedDefaultBehaviorProvider) { Collection<?> defaultValues = ((DefinedDefaultBehaviorProvider<?>) p).getDefaultValues(); if (!defaultValues.isEmpty()) { defaultCipher = defaultValues.iterator().next().toString(); } } if (defaultCipher != null) { // Check that the default cipher is supported by the JVM. try { Cipher.getInstance(defaultCipher); } catch (GeneralSecurityException ex) { // The cipher is not supported: try to find an alternative one. String alternativeCipher = getAlternativeCipher(); if (alternativeCipher != null) { try { DN cipherDN = DN.decode(DN_CRYPTO_MANAGER); ConfigEntry configEntry = configHandler.getConfigEntry(cipherDN); // Set the alternative cipher StringConfigAttribute keyWrappingTransformation = new StringConfigAttribute( ATTR_CRYPTO_CIPHER_KEY_WRAPPING_TRANSFORMATION, Message.EMPTY, false, false, true, alternativeCipher); configEntry.putConfigAttribute(keyWrappingTransformation); } catch (Exception e) { Message message = ERR_CONFIGDS_CANNOT_UPDATE_CRYPTO_MANAGER.get(String.valueOf(e)); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } } } // Write the updated configuration. try { configHandler.writeUpdatedConfig(); Message message = INFO_CONFIGDS_WROTE_UPDATED_CONFIG.get(); out.println(wrapText(message, MAX_LINE_WIDTH)); } catch (DirectoryException de) { Message message = ERR_CONFIGDS_CANNOT_WRITE_UPDATED_CONFIG.get(de.getMessageObject()); err.println(wrapText(message, MAX_LINE_WIDTH)); return 1; } } finally { LockFileManager.releaseLock(serverLockFileName, failureReason); } // If we've gotten here, then everything was successful. return 0; }