[Pkg-fedora-ds-maintainers] idm-console-framework: Changes to 'master'

Timo Aaltonen tjaalton at moszumanska.debian.org
Tue Mar 10 09:02:16 UTC 2015


 build.properties                                                             |   10 
 build.xml                                                                    |   36 --
 debian/changelog                                                             |    8 
 debian/libidm-console-framework-java.classpath                               |    1 
 debian/libidm-console-framework-java.links                                   |   10 
 idm-console-framework.spec                                                   |   28 -
 src/com/netscape/management/client/ace/ACIEditor.java                        |   69 ---
 src/com/netscape/management/client/ace/ACIManager.java                       |   85 +++-
 src/com/netscape/management/client/ace/RightsTab.java                        |    8 
 src/com/netscape/management/client/comm/CommChannel.java                     |    3 
 src/com/netscape/management/client/comm/CommManager.java                     |   23 +
 src/com/netscape/management/client/comm/HttpChannel.java                     |   11 
 src/com/netscape/management/client/comm/HttpManager.java                     |    5 
 src/com/netscape/management/client/comm/HttpsChannel.java                    |   49 ++
 src/com/netscape/management/client/console/Console.java                      |   11 
 src/com/netscape/management/client/console/LoginDialog.java                  |    4 
 src/com/netscape/management/client/security/CertRequestWizard.java           |   12 
 src/com/netscape/management/client/security/InstallCRLDialog.java            |   21 +
 src/com/netscape/management/client/security/KeyCertWizardResource.properties |    9 
 src/com/netscape/management/client/security/csr/CertRequestInfoPage.java     |   10 
 src/com/netscape/management/client/security/csr/CertRequestKeyPage.java      |  180 ++++++++++
 src/com/netscape/management/client/security/securityResource.properties      |    7 
 src/com/netscape/management/client/topology/DomainNode.java                  |    3 
 src/com/netscape/management/client/topology/NewDomainDialog.java             |    4 
 src/com/netscape/management/client/ug/ChangeDirectoryDialog.java             |    4 
 src/com/netscape/management/client/ug/ResEditorPasswordPage.java             |    6 
 src/com/netscape/management/client/ug/ResEditorUserPage.java                 |    8 
 27 files changed, 432 insertions(+), 193 deletions(-)

New commits:
commit f5a68bc7fd715c457d8fad0f9998af65e308c3d9
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Mar 10 10:52:44 2015 +0200

    releasing package idm-console-framework version 1.1.9-1

diff --git a/debian/changelog b/debian/changelog
index c0c5721..075928f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-idm-console-framework (1.1.9-1) UNRELEASED; urgency=medium
+idm-console-framework (1.1.9-1) unstable; urgency=medium
 
   * New upstream release.
     - add TLS1.1/1.2 support
   * .links: Remove, as versioned jars are not created anymore.
 
- -- Timo Aaltonen <tjaalton at debian.org>  Tue, 10 Mar 2015 10:34:44 +0200
+ -- Timo Aaltonen <tjaalton at debian.org>  Tue, 10 Mar 2015 10:52:29 +0200
 
 idm-console-framework (1.1.7-2) unstable; urgency=low
 

commit 62f457b692f522fb7c246771d05d9b2f6d085a42
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Mar 10 10:52:27 2015 +0200

    update changelog

diff --git a/debian/changelog b/debian/changelog
index 4cabd60..c0c5721 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 idm-console-framework (1.1.9-1) UNRELEASED; urgency=medium
 
   * New upstream release.
+    - add TLS1.1/1.2 support
   * .links: Remove, as versioned jars are not created anymore.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Tue, 10 Mar 2015 10:34:44 +0200

commit 696a56d2632662bcc4017348d104f7733c3eec33
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Mar 10 10:44:57 2015 +0200

    add the classpath file, finally..

diff --git a/debian/libidm-console-framework-java.classpath b/debian/libidm-console-framework-java.classpath
new file mode 100644
index 0000000..10445c6
--- /dev/null
+++ b/debian/libidm-console-framework-java.classpath
@@ -0,0 +1 @@
+usr/share/java/idm-console-base.jar /usr/share/java/jss4.jar /usr/share/java/ldapjdk.jar

commit 88d3a089d15098be64e1e47ea7c946352bfe0b72
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Mar 10 10:44:45 2015 +0200

    .links: Remove, as versioned jars are not created anymore.

diff --git a/debian/changelog b/debian/changelog
index 27fa2a3..4cabd60 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 idm-console-framework (1.1.9-1) UNRELEASED; urgency=medium
 
   * New upstream release.
+  * .links: Remove, as versioned jars are not created anymore.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Tue, 10 Mar 2015 10:34:44 +0200
 
diff --git a/debian/libidm-console-framework-java.links b/debian/libidm-console-framework-java.links
deleted file mode 100644
index e2883cb..0000000
--- a/debian/libidm-console-framework-java.links
+++ /dev/null
@@ -1,10 +0,0 @@
-usr/share/java/idm-console-nmclf-1.1.7.jar usr/share/java/idm-console-nmclf.jar
-usr/share/java/idm-console-mcc-1.1.7.jar usr/share/java/idm-console-mcc.jar
-usr/share/java/idm-console-base-1.1.7.jar usr/share/java/idm-console-base.jar
-usr/share/java/idm-console-base-1.1.7.jar usr/share/java/idm-console-base-1.1.jar
-usr/share/java/idm-console-mcc-1.1.7.jar usr/share/java/idm-console-mcc-1.1.jar
-usr/share/java/idm-console-mcc-1.1.7_en.jar usr/share/java/idm-console-mcc-1.1_en.jar
-usr/share/java/idm-console-mcc-1.1.7_en.jar usr/share/java/idm-console-mcc_en.jar
-usr/share/java/idm-console-nmclf-1.1.7.jar usr/share/java/idm-console-nmclf-1.1.jar
-usr/share/java/idm-console-nmclf-1.1.7_en.jar usr/share/java/idm-console-nmclf-1.1_en.jar
-usr/share/java/idm-console-nmclf-1.1.7_en.jar usr/share/java/idm-console-nmclf_en.jar

commit 6ab6e109b2bc26a42ad9d14a63e355829720e4e3
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Mar 10 10:35:22 2015 +0200

    New upstream release.

diff --git a/debian/changelog b/debian/changelog
index 82ef63f..27fa2a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+idm-console-framework (1.1.9-1) UNRELEASED; urgency=medium
+
+  * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Tue, 10 Mar 2015 10:34:44 +0200
+
 idm-console-framework (1.1.7-2) unstable; urgency=low
 
   * watch: Add a comment about the upstream git tree.

commit 281921d39ff3e99fa5191f070e35be87e8719d1d
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Tue Dec 9 15:25:40 2014 -0800

    Bump version to 1.1.9

diff --git a/build.properties b/build.properties
index 05d856d..005f5eb 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
 
 console.root=.
 console.version=11
-console.dotversion=1.1.8
+console.dotversion=1.1.9
 console.dotgenversion=1.1
 
 mcc.core=idm-console-mcc

commit 5bb09b38580f79cc90b51a4ef3da9468c30eccf2
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Mon Dec 8 13:16:00 2014 -0500

    Ticket 47929 - idm-console-framework - set default min to tls1.0
    
    Description: Need to set the default minimum ot TLS1.0, not TLS1.1.
                 This could break the console when communicating to an
                 older version of DS that does not support TLS1.1 yet.
    
    https://fedorahosted.org/389/ticket/47929
    
    Reviewed by: mreynolds

diff --git a/src/com/netscape/management/client/comm/HttpsChannel.java b/src/com/netscape/management/client/comm/HttpsChannel.java
index 3a92fa6..7a54360 100644
--- a/src/com/netscape/management/client/comm/HttpsChannel.java
+++ b/src/com/netscape/management/client/comm/HttpsChannel.java
@@ -424,7 +424,7 @@ public class HttpsChannel extends HttpChannel implements
             nthPrompt = 0;
 
             // Set our defaults
-            int min = org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1;
+            int min = org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0;
             int max = org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2;
 
             Debug.println("CREATE JSS SSLSocket");

commit f525cda752e27b515eaf845511f90bd15f74b1d2
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Wed Nov 12 14:43:31 2014 -0500

    Ticket 47946 - ACI's are replaced by "ACI_ALL" after editing group of ACI's including invalid one
    
    Bug Description:  When the console processes an aci update, it removes all the aci's and reads
                      the "updated" aci's.  It does something similiar when checking hte syntax, where
                      it removes the aci's and then adds a generic "allow(all)" aci, and the current
                      aci that we want to check the syntax.  If the syntax is invalid, we do not restore
                      the aci's.
    
    Fix Description:  I reworked how we update aci's, where we only "replace" aci's that were modified,
                      instead of removing all aci's and adding them all back.  In order to properly check
                      if an aci has the correct syntax it must be added (somewhere).  Added a new testACI()
                      method that will test if an aci passes the syntax check by adding the aci to the
                      ACL plugin entry, and then removing it right away.  Using this approach we do not
                      automatically delete invalid aci's that were already present in the db, and we do
                      not delete valid aci's that were attempted to be modified into invalid aci's.
    
    https://fedorahosted.org/389/ticket/47946
    
    Reviewed by: nhosoi(Thanks!)

diff --git a/src/com/netscape/management/client/ace/ACIEditor.java b/src/com/netscape/management/client/ace/ACIEditor.java
index 3a52a20..6fae13e 100644
--- a/src/com/netscape/management/client/ace/ACIEditor.java
+++ b/src/com/netscape/management/client/ace/ACIEditor.java
@@ -22,9 +22,12 @@ package com.netscape.management.client.ace;
 import java.awt.*;
 import java.awt.event.*;
 import java.util.*;
+
 import javax.swing.*;
 import javax.swing.event.*;
+
 import netscape.ldap.*;
+
 import com.netscape.management.client.console.*;
 import com.netscape.management.client.components.*;
 import com.netscape.management.client.util.*;
@@ -91,7 +94,8 @@ class ACIEditor extends GenericDialog
     private JButton modeButton = null;
     private JTextArea textArea = null;
     private boolean isInitialized = false;
-    
+    private LDAPAttribute origACIAttr = null;
+
     private static String i18n(String id)
     {
         return i18n.getString("ed", id);
@@ -585,68 +589,29 @@ class ACIEditor extends GenericDialog
     class SyntaxActionListener implements ActionListener
     {
         final String ACI_ALL = "(targetattr=\"*\")(version 3.0; acl \"Allow Everyone\"; allow (all) (userdn = \"ldap:///anyone\") ;)";
+        final String ACL_PLUGIN_DN = "cn=ACL Plugin,cn=plugins,cn=config";
+
         public void actionPerformed(ActionEvent event)
         {
             LDAPAttribute oldACIAttr = null;
             LDAPAttribute testACIAttr = null;
             LDAPModification mod = null;
-            boolean isSyntaxOK = false;
-            try
-            {
-                LDAPEntry entry = aciLdc.read(aciDN, new String[] {"aci"});
-                if (entry != null) 
-                    oldACIAttr = entry.getAttribute("aci");
-                testACIAttr = new LDAPAttribute("aci");
-                testACIAttr.addValue(ACI_ALL);
-                testACIAttr.addValue(getACI());
-                mod = new LDAPModification(LDAPModification.REPLACE, testACIAttr);
-                try
-                {
-                    aciLdc.modify(aciDN, mod);
-                    isSyntaxOK = true;
-                }
-                catch (LDAPException e)
-                {
-                    isSyntaxOK = false;
-                    Debug.println("ACI Write Error: " + e.getLDAPResultCode());
-                    Debug.println("Message: " + e.getLDAPErrorMessage());
-                }
-                try
-                {
-                    if(oldACIAttr != null)
-                        mod = new LDAPModification(LDAPModification.REPLACE, oldACIAttr);
-                    else
-                        mod = new LDAPModification(LDAPModification.DELETE, testACIAttr);
-                    aciLdc.modify(aciDN, mod);
-                }
-                catch (LDAPException e)
-                {
-                    Debug.println("ACI Replace Error: " + e.getLDAPResultCode());
-                }
-                
-                Container parent = SwingUtilities.getAncestorOfClass(JDialog.class, contentPanel);
-                
-                if(isSyntaxOK)
-                {
-                    String title = i18n("syntaxPassedTitle");
-                    String msg = i18n("syntaxPassedMsg");
-                    JOptionPane.showMessageDialog(parent, msg, title, JOptionPane.INFORMATION_MESSAGE);
-                }
-                else
-                {
-                    String title = i18n("syntaxFailedTitle");
-                    String msg = i18n("syntaxFailedMsg");
-                    JOptionPane.showMessageDialog(parent, msg, title, JOptionPane.ERROR_MESSAGE);
-                }
+            Container parent = SwingUtilities.getAncestorOfClass(JDialog.class, contentPanel);
+
+            try {
+                ACIManager.testACI(aciLdc, getACI());
+                String title = i18n("syntaxPassedTitle");
+                String msg = i18n("syntaxPassedMsg");
+                JOptionPane.showMessageDialog(parent, msg, title, JOptionPane.INFORMATION_MESSAGE);
             }
             catch (LDAPException e)
             {
-                Debug.println("ACI Read Error: " + e.getLDAPResultCode());
+                String title = i18n("syntaxFailedTitle");
+                String msg = i18n("syntaxFailedMsg");
+                JOptionPane.showMessageDialog(parent, msg, title, JOptionPane.ERROR_MESSAGE);
             }
-            
         }
     }
-    
 
     class ManualActionListener implements ActionListener
     {
diff --git a/src/com/netscape/management/client/ace/ACIManager.java b/src/com/netscape/management/client/ace/ACIManager.java
index 3c08bc9..4e51912 100644
--- a/src/com/netscape/management/client/ace/ACIManager.java
+++ b/src/com/netscape/management/client/ace/ACIManager.java
@@ -62,6 +62,7 @@ public class ACIManager extends GenericDialog
     private LDAPConnection aciLdc;
     private LDAPConnection ugLdc;
     private Vector extraACITabs = new Vector();
+    private static final String ACL_PLUGIN_DN = "cn=ACL Plugin,cn=plugins,cn=config";
     
     private static String i18n(String id) 
     {
@@ -220,6 +221,30 @@ public class ACIManager extends GenericDialog
             aciVector.addElement(aci);
         }
     }
+
+    public static void testACI( LDAPConnection ldc, String aci) throws LDAPException
+    {
+        // Add the aci to the ACL plugin entry to verify if its syntax is correct.
+        LDAPAttribute testACIAttr = new LDAPAttribute("aci");
+        testACIAttr = new LDAPAttribute("aci");
+        testACIAttr.addValue(aci);
+        LDAPModification mod = null;
+
+        try {
+            mod = new LDAPModification(LDAPModification.ADD, testACIAttr);
+            ldc.modify(ACL_PLUGIN_DN, mod);
+
+            mod = new LDAPModification(LDAPModification.DELETE, testACIAttr);
+            ldc.modify(ACL_PLUGIN_DN, mod);
+        }
+        catch (LDAPException e)
+        {
+            Debug.println("Failed to add/delete aci to testing entry: mod "
+                + mod.toString() + " - Error: " + e.getLDAPResultCode());
+            Debug.println("Message: " + e.getLDAPErrorMessage());
+            throw e;
+        }
+    }
     
     private JPanel createButtonPanel()
     {
@@ -393,16 +418,6 @@ public class ACIManager extends GenericDialog
         try
         {
             writeACIsFromDN(aciDN, aciVector.elements());
-            int length = aciDN.length();
-            for(int i = 0; i < length; i++)
-            {
-                String dn;
-                if(aciDN.charAt(i) == ',')
-                {
-                    dn = aciDN.substring(i+1);
-                    writeACIsFromDN(dn, aciVector.elements());
-                }
-            }
             super.okInvoked();
         }
         catch(LDAPException e)
@@ -452,35 +467,52 @@ public class ACIManager extends GenericDialog
         ACI aci = null;
         try 
         {
-            boolean isDirty = false;
             LDAPAttribute attr = new LDAPAttribute("aci");
             while(aciVector.hasMoreElements())
             {
                 aci = (ACI)aciVector.nextElement();
                 if(aci.getDN().equals(dn))
                 {
-                    if(aci.isModified())
-                       isDirty = true;
-                    
-                    if(!aci.isDeleted())
+                    if(aci.isDeleted() )
                     {
-                        String aciData = aci.getData();
+                        // Delete the original aci
+                        String aciData = aci.getOrigData();
                         attr.addValue(aciData);
+                        LDAPModification mod = new LDAPModification(LDAPModification.DELETE, attr);
+                        aciLdc.modify(dn, mod);
+                    }
+                    else if(aci.isModified())
+                    {
+                        String origData = aci.getOrigData();
+                        String currData = aci.getData();
+
+                        // First check that entry has actually changed
+                        if(!origData.equals(currData)){
+                            // Before we delete the old aci, make sure we can add the new aci.
+                            testACI(aciLdc, currData);
+
+                            // Delete the original aci first
+                            String aciData = aci.getOrigData();
+                            attr.addValue(aciData);
+                            LDAPModification mod = new LDAPModification(LDAPModification.DELETE, attr);
+                            aciLdc.modify(dn, mod);
+
+                            // Add the new/modified aci
+                            attr.removeValue(aciData);
+                            aciData = aci.getData();
+                            attr.addValue(aciData);
+                            mod = new LDAPModification(LDAPModification.ADD, attr);
+                            aciLdc.modify(dn, mod);
+                        }
                     }
                 }
             }
-            if(isDirty)
-            {
-                LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
-                aciLdc.modify(dn, mod);
-            }
         }
         catch (LDAPException e)
         {
             Debug.println("ACI Write Error: " + e.getLDAPResultCode());
             Debug.println("Message: " + e.getLDAPErrorMessage());
             throw e;
-
         }
     }
     
@@ -488,6 +520,7 @@ public class ACIManager extends GenericDialog
     {
         String dn;
         String data;
+        String orig_data;
         String name;
         boolean isInherited = false;
         boolean isModified = false;
@@ -498,6 +531,7 @@ public class ACIManager extends GenericDialog
             this.dn = dn;
             this.isInherited = isInherited;
             setData(data);
+            this.orig_data = new String(data);
             setModified(isModified);
         }
         
@@ -518,10 +552,15 @@ public class ACIManager extends GenericDialog
             return data;
         }
         
+        public String getOrigData()
+        {
+            return orig_data;
+        }
+
         public void setData(String data)
         {
             this.data = data;
-            String aciName = null;
+
             ACIAttribute a = ACIAttribute.getAttribute("acl", ACIAttribute.toArray(ACIParser.getACIAttributes(data)));
             
             //bug 516529 : need to accept either acl or aci for the name

commit d4e10b53f4d7478730feb0dd183361266f3bd3f9
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Mon Nov 10 16:27:40 2014 -0500

    Bump version to 1.1.8

diff --git a/build.properties b/build.properties
index c5968d9..05d856d 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
 
 console.root=.
 console.version=11
-console.dotversion=1.1.7
+console.dotversion=1.1.8
 console.dotgenversion=1.1
 
 mcc.core=idm-console-mcc

commit 14641492a43ef5025d66c4b900fb1b02ef0f53d4
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Wed Oct 29 14:33:00 2014 -0400

    Ticket 47929 - Console - add tls1.1 support
    
    Bug Description:  SSL3 is no longer safe to use.
    
    Fix Description:  Update the console to work with TLS1.1 and up, and the
                      option to set the min/max SSL versions in the Console
                      Preference file:
    
                            sslVersionMin: TLS1.1
                            sslVersionMax: TLS1.2
    
    https://fedorahosted.org/389/ticket/47929
    
    Reviewed by: nhosoi(Thanks!)

diff --git a/src/com/netscape/management/client/comm/CommChannel.java b/src/com/netscape/management/client/comm/CommChannel.java
index 27ea4eb..622c58e 100644
--- a/src/com/netscape/management/client/comm/CommChannel.java
+++ b/src/com/netscape/management/client/comm/CommChannel.java
@@ -20,6 +20,7 @@
 package com.netscape.management.client.comm;
 
 import java.io.IOException;
+import com.netscape.management.client.preferences.Preferences;
 
 /**
  * The CommChannel interface is implemented by any object
@@ -40,6 +41,8 @@ public interface CommChannel {
       */
     public void open() throws IOException;
 
+    public void open(Preferences pref) throws IOException;
+
     /**
      * Closes a communication channel. The channel should be closed
      * and its resources released upon completion.
diff --git a/src/com/netscape/management/client/comm/CommManager.java b/src/com/netscape/management/client/comm/CommManager.java
index f147f46..d462e39 100644
--- a/src/com/netscape/management/client/comm/CommManager.java
+++ b/src/com/netscape/management/client/comm/CommManager.java
@@ -26,6 +26,7 @@ import java.util.Locale;
 import com.netscape.management.client.util.Debug;
 import com.netscape.management.client.util.LinkedList;
 import com.netscape.management.client.util.LinkedListElement;
+import com.netscape.management.client.preferences.Preferences;
 
 /**
  * This abstract class is the superclass of all classes which
@@ -94,13 +95,14 @@ public abstract class CommManager {
       *  that basic auth information will be sent with the transaction; otherwise the transaction will be
       *  first attempted without basic auth, and retried if necessary on receipt of an auth request.
       * @param channelData optional data argument to be passed to the CommChannel.
+      * @param pref preferences containing max and min SSL versions
       * @see CommClient
       * @see CommRecord
       * @see CommChannel
       */
     public synchronized CommRecord send(Object target,
             CommClient client, Object arg, InputStream data,
-            int dataLength, int mode, Object channelData)
+            int dataLength, int mode, Object channelData, Preferences pref)
         throws IOException {
         Debug.println("CommManager> New CommRecord (" + target + ")");
         Debug.println(Debug.TYPE_HTTP,
@@ -124,7 +126,7 @@ public abstract class CommManager {
             CommChannel cc = createChannel(tid,
                     Integer.toString(CommChannelCount++) + ":" +
                     Integer.toString(i));
-            cc.open();
+            cc.open(pref);
             chv.addElement(cc);
         }
 
@@ -143,16 +145,29 @@ public abstract class CommManager {
     public synchronized CommRecord send(Object target,
             CommClient client, Object arg, InputStream data, int dataLength)
         throws IOException {
-        return send(target, client, arg, data, dataLength, 0, null);
+        return send(target, client, arg, data, dataLength, 0, null, null);
     }
 
     public synchronized CommRecord send(Object target,
             CommClient client, Object arg, InputStream data,
             int dataLength, int mode)
         throws IOException {
-        return send(target, client, arg, data, dataLength, mode, null);
+        return send(target, client, arg, data, dataLength, mode, null, null);
+    }
+
+    public synchronized CommRecord send(Object target,
+            CommClient client, Object arg, InputStream data,
+            int dataLength, int mode, String[] headers)
+        throws IOException {
+        return send(target, client, arg, data, dataLength, mode, null, null);
     }
 
+    public synchronized CommRecord send(Object target,
+            CommClient client, Object arg, InputStream data,
+            int dataLength, int mode, Preferences pref)
+        throws IOException {
+        return send(target, client, arg, data, dataLength, mode, null, pref);
+    }
     /**
       * Forcibly terminates a communication request. If the request is in the queue,
       * it is dequeued. If the request is in progress, an attempt is made to halt
diff --git a/src/com/netscape/management/client/comm/HttpChannel.java b/src/com/netscape/management/client/comm/HttpChannel.java
index c72ef02..917e5ee 100644
--- a/src/com/netscape/management/client/comm/HttpChannel.java
+++ b/src/com/netscape/management/client/comm/HttpChannel.java
@@ -20,7 +20,6 @@
 package com.netscape.management.client.comm;
 
 import java.net.Socket;
-import java.net.SocketException;
 import java.net.URL;
 import java.net.URLEncoder;
 import java.io.IOException;
@@ -29,14 +28,10 @@ import java.io.InputStream;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStreamWriter;
 import java.io.InterruptedIOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
-import java.util.BitSet;
 import java.lang.reflect.Method;
-import java.io.UTFDataFormatException;
 
 import com.netscape.management.client.util.*;
 import com.netscape.management.client.util.Debug;
@@ -44,8 +39,8 @@ import com.netscape.management.client.util.IProgressListener;
 import com.netscape.management.client.util.Permissions;
 import com.netscape.management.client.util.URLByteEncoder;
 import com.netscape.management.client.console.VersionInfo;
+import com.netscape.management.client.preferences.Preferences;
 
-import java.util.*;
 
 /**
  * A HTTP protocol handler.
@@ -89,6 +84,10 @@ public class HttpChannel implements Runnable, CommChannel {
     }
 
     public void open() throws IOException {
+        open(null);
+    };
+
+    public void open(Preferences pref) throws IOException {
         Method m = Permissions.getEnablePrivilegeMethod();
 
         if (m != null) {
diff --git a/src/com/netscape/management/client/comm/HttpManager.java b/src/com/netscape/management/client/comm/HttpManager.java
index a4234e1..53403b8 100644
--- a/src/com/netscape/management/client/comm/HttpManager.java
+++ b/src/com/netscape/management/client/comm/HttpManager.java
@@ -25,6 +25,7 @@ import java.io.IOException;
 import java.io.InputStream;
 
 import com.netscape.management.client.util.Debug;
+import com.netscape.management.client.preferences.Preferences;
 
 /**
  * This CommManager subclass implements connection management
@@ -124,6 +125,10 @@ public class HttpManager extends CommManager {
         return send(url, client, arg, null, 0, mode);
     }
     public CommRecord get(URL url, CommClient client, Object arg,
+            int mode, Preferences pref) throws IOException {
+        return send(url, client, arg, null, 0, mode, null, pref);
+    }
+    public CommRecord get(URL url, CommClient client, Object arg,
             String[] hdrs) throws IOException {
         return send(url, client, arg, null, 0, 0, hdrs);
     }
diff --git a/src/com/netscape/management/client/comm/HttpsChannel.java b/src/com/netscape/management/client/comm/HttpsChannel.java
index f67b64d..3a92fa6 100644
--- a/src/com/netscape/management/client/comm/HttpsChannel.java
+++ b/src/com/netscape/management/client/comm/HttpsChannel.java
@@ -31,6 +31,7 @@ import com.netscape.management.client.util.GridBagUtil;
 import com.netscape.management.client.util.RemoteImage;
 import com.netscape.management.client.security.PromptForTrustDialog;
 import com.netscape.management.nmclf.SuiPasswordField;
+import com.netscape.management.client.preferences.Preferences;
 
 import org.mozilla.jss.ssl.SSLSocket;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback.ValidityStatus;
@@ -74,7 +75,6 @@ public class HttpsChannel extends HttpChannel implements
     static HttpsChannel.SelectCertDialog selectCertDialog = null;
     static CertificateFactory cf;
     static ResourceSet resource;
-
     private JFrame _frame; 
 
     final static int MAX_PASSWORD_PROMPT = 10;
@@ -403,11 +403,49 @@ public class HttpsChannel extends HttpChannel implements
         return getPasswordDialog.getPassword();
     }
 
-    public void open() throws IOException {
+    private int getSSLVersionRangeEnum (String rangeString) {
+        if (rangeString == null)
+            return -1;
+        if (rangeString.equalsIgnoreCase("ssl3"))
+            return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.ssl3;
+        else if (rangeString.equalsIgnoreCase("tls1.0"))
+            return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_0;
+        else if (rangeString.equalsIgnoreCase("tls1.1"))
+            return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1;
+        else if (rangeString.equalsIgnoreCase("tls1.2"))
+            return org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2;
+
+        return -1;
+    }
+
+    public void open(Preferences pref) throws IOException {
         cryptoManager.setPasswordCallback(this);
         try {
             nthPrompt = 0;
+
+            // Set our defaults
+            int min = org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_1;
+            int max = org.mozilla.jss.ssl.SSLSocket.SSLVersionRange.tls1_2;
+
             Debug.println("CREATE JSS SSLSocket");
+
+            if(pref != null){
+                // Check if min/max have been a preference
+                int version;
+
+                if ((version = getSSLVersionRangeEnum(pref.getString("sslVersionMin"))) != -1 ){
+                    min = version;
+                }
+                if ((version = getSSLVersionRangeEnum(pref.getString("sslVersionMax"))) != -1){
+                    max = version;
+                }
+            }
+
+            org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range =
+                new org.mozilla.jss.ssl.SSLSocket.SSLVersionRange(min, max);
+
+            SSLSocket.setSSLVersionRangeDefault(org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant.STREAM, range);
+
             socket = new SSLSocket(InetAddress.getByName(getHost()),
                                    getPort(), null, 0, true, this,
                                    this);
diff --git a/src/com/netscape/management/client/console/Console.java b/src/com/netscape/management/client/console/Console.java
index ac4878e..680abff 100644
--- a/src/com/netscape/management/client/console/Console.java
+++ b/src/com/netscape/management/client/console/Console.java
@@ -77,6 +77,8 @@ public class Console implements CommClient {
     public static final String PREFERENCE_LOCAL = "StorePrefsToDisk";
     public static final String PREFERENCE_X = "X";
     public static final String PREFERENCE_Y = "Y";
+    public static final String PREFERENCE_SSL_VERSION_MIN = "sslVersionMin";
+    public static final String PREFERENCE_SSL_VERSION_MAX = "sslVersionMax";
 
     public static final String PREFERENCE_DIR = System.getProperty("user.home") + File.separator +
                               _resource_theme.getString("console","prefsdir") + File.separator;
@@ -1053,7 +1055,7 @@ public class Console implements CommClient {
 
         Hashtable ht = new Hashtable();
 
-        boolean successfulAuth = invoke_task(url, user, pw, ht);
+        boolean successfulAuth = invoke_task(url, user, pw, ht, _preferences);
 
         String param;
 
@@ -1138,6 +1140,11 @@ public class Console implements CommClient {
 
     private synchronized final boolean invoke_task(URL url,
             String user, String pw, Hashtable ht) {
+        return invoke_task(url, user, pw, ht, null);
+    }
+
+    private synchronized final boolean invoke_task(URL url,
+            String user, String pw, Hashtable ht, Preferences pref) {
         HttpManager h = new HttpManager();
 
         InputStream is;
@@ -1146,7 +1153,7 @@ public class Console implements CommClient {
 
         try {
             h.get(url, this, r = new Response(user, pw),
-                    h.FORCE_BASIC_AUTH);
+                    h.FORCE_BASIC_AUTH, pref);
         } catch (Exception ioe) {
             String _url;
             try {

commit ed9240e9407ed0deadc4ee2627d2a818a1a86cda
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Mon Sep 15 14:49:54 2014 -0400

    Ticket 47472 - Entries cannot be highlighted in the "Edit Aci" Rights panel
    
    Bug Description:  The "Rights" table purposely disabled item highlighting, because
                      it said it was misleading and served no purpose.
    
    Fix Description:  In fact highlighting the selected entry is useful because you
                      can use keyboard short cuts to select checkboxes and move up
                      and down in the table.  Removed the highlighting restriction.
    
    https://fedorahosted.org/389/ticket/47472
    
    Reviewed by: rmeggins(Thanks!)

diff --git a/src/com/netscape/management/client/ace/RightsTab.java b/src/com/netscape/management/client/ace/RightsTab.java
index 9bb955d..c34ac58 100644
--- a/src/com/netscape/management/client/ace/RightsTab.java
+++ b/src/com/netscape/management/client/ace/RightsTab.java
@@ -284,13 +284,7 @@ class RightsTab implements IACITab, UIConstants
         gbc.weightx = 1.0;   gbc.weighty = 1.0;
         gbc.fill = GridBagConstraints.BOTH;
         gbc.insets = new Insets(0, 0, 0, 0);
-		
-		// Row highlight color is changed to disable highlighting
-		// it is misleading to allow users to select rows 
-		// unless specific actions can be taken on the selection.
-        rightsTable.setSelectionBackground(rightsTable.getBackground());
-        rightsTable.setSelectionForeground(rightsTable.getForeground());
-		
+
 		TableColumn col = rightsTable.getColumnModel().getColumn(0);
 		col.setMinWidth(30);
 		col.setMaxWidth(30);

commit be022dbd2c35d780bd81c7b793d6d12b1035500d
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Wed Sep 3 14:34:35 2014 -0400

    Ticket 47364 - Console does not support passwords containing
     8-bit characters
    
    Bug Description:  Password fields were only allowing single byte characters.
    
    Fix Description:  Use SuiPasswordField in place of SingleBtyePasswordField.
    
    https://fedorahosted.org/389/ticket/47364
    
    Reviewed by: nhosoi(Thanks!)

diff --git a/src/com/netscape/management/client/comm/HttpsChannel.java b/src/com/netscape/management/client/comm/HttpsChannel.java
index d24a90c..f67b64d 100644
--- a/src/com/netscape/management/client/comm/HttpsChannel.java
+++ b/src/com/netscape/management/client/comm/HttpsChannel.java
@@ -30,6 +30,7 @@ import com.netscape.management.client.util.AbstractDialog;
 import com.netscape.management.client.util.GridBagUtil;
 import com.netscape.management.client.util.RemoteImage;
 import com.netscape.management.client.security.PromptForTrustDialog;
+import com.netscape.management.nmclf.SuiPasswordField;
 
 import org.mozilla.jss.ssl.SSLSocket;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback.ValidityStatus;
@@ -45,8 +46,6 @@ import org.mozilla.jss.crypto.InternalCertificate;
 import javax.swing.JFrame;
 import javax.swing.SwingUtilities;
 
-
-import com.netscape.management.client.util.SingleBytePasswordField;
 import javax.swing.JLabel;
 import javax.swing.JComboBox;
 import javax.swing.JPanel;
@@ -239,7 +238,7 @@ public class HttpsChannel extends HttpChannel implements
     class GetPasswordDialog extends AbstractDialog {
 
         JLabel enterPwdLabel = new JLabel();
-        SingleBytePasswordField pwd;
+        SuiPasswordField pwd;
         public GetPasswordDialog(JFrame parent) {
             super(parent, i18n("getPwdDialogTitle"), true, OK|CANCEL);
 
@@ -253,7 +252,7 @@ public class HttpsChannel extends HttpChannel implements
                                     GridBagConstraints.WEST, GridBagConstraints.HORIZONTAL,
                                     0, 0, 0, 0);
 
-            pwd = new SingleBytePasswordField();
+            pwd = new SuiPasswordField();
             setFocusComponent(pwd);
             GridBagUtil.constrain(p, pwd,
                                     0, ++y, 1, 1,
diff --git a/src/com/netscape/management/client/console/LoginDialog.java b/src/com/netscape/management/client/console/LoginDialog.java
index 8f2ea5f..4b27b28 100644
--- a/src/com/netscape/management/client/console/LoginDialog.java
+++ b/src/com/netscape/management/client/console/LoginDialog.java
@@ -43,7 +43,7 @@ SuiConstants {
 
     JComboBox _urlField;
     JTextField _useridField = new JTextField(22);
-    JTextField _passwordField = new SingleBytePasswordField(22);
+    JTextField _passwordField = new SuiPasswordField(22);
 
     int _x = -1;
     int _y = -1;
diff --git a/src/com/netscape/management/client/topology/DomainNode.java b/src/com/netscape/management/client/topology/DomainNode.java
index 78cd93e..54f6134 100644
--- a/src/com/netscape/management/client/topology/DomainNode.java
+++ b/src/com/netscape/management/client/topology/DomainNode.java
@@ -50,7 +50,6 @@ import com.netscape.management.client.util.Debug;
 import com.netscape.management.client.util.LDAPUtil;
 import com.netscape.management.client.util.RemoteImage;
 import com.netscape.management.client.util.ResourceSet;
-import com.netscape.management.client.util.SingleBytePasswordField;
 import com.netscape.management.nmclf.SuiPasswordField;
 
 
@@ -130,7 +129,7 @@ INodeInfo {
         String name = null;
         String description = null;
         JCheckBox cbSSL = new JCheckBox();
-        SuiPasswordField bindPasswordField = new SingleBytePasswordField();
+        SuiPasswordField bindPasswordField = new SuiPasswordField();
         bindPasswordField.setTransparentBorder(true);
 
         // need to re-read because ldapEntry search was too narrow
diff --git a/src/com/netscape/management/client/topology/NewDomainDialog.java b/src/com/netscape/management/client/topology/NewDomainDialog.java
index 594e2d3..6248d49 100644
--- a/src/com/netscape/management/client/topology/NewDomainDialog.java
+++ b/src/com/netscape/management/client/topology/NewDomainDialog.java
@@ -50,7 +50,7 @@ public class NewDomainDialog extends AbstractDialog {
     JTextField _baseDN;
     JTextField _username;
     JTextField _ownerDN;
-    SingleBytePasswordField _password;
+    SuiPasswordField _password;
     ConsoleInfo _info;
 
     /**
@@ -157,7 +157,7 @@ public class NewDomainDialog extends AbstractDialog {
                               GridBagConstraints.WEST, GridBagConstraints.HORIZONTAL,
                               SuiConstants.SEPARATED_COMPONENT_SPACE, 0, 0, 0);
 
-        _password = new SingleBytePasswordField();
+        _password = new SuiPasswordField();
         label.setLabelFor(_password);
         GridBagUtil.constrain(panel, _password, 1, 5,
                               GridBagConstraints.REMAINDER, 1, 1.0, 0.0,
diff --git a/src/com/netscape/management/client/ug/ChangeDirectoryDialog.java b/src/com/netscape/management/client/ug/ChangeDirectoryDialog.java
index d0fd80d..5549158 100644
--- a/src/com/netscape/management/client/ug/ChangeDirectoryDialog.java
+++ b/src/com/netscape/management/client/ug/ChangeDirectoryDialog.java
@@ -67,7 +67,7 @@ public class ChangeDirectoryDialog extends AbstractDialog {
     JTextField _port;
     JTextField _baseDN;
     JTextField _username;
-    SingleBytePasswordField _password;
+    SuiPasswordField _password;
 
     ResourceSet _resource = TopologyInitializer._resource;
     static final String _sChangeDirectory = "ChangeDirectory";
@@ -192,7 +192,7 @@ public class ChangeDirectoryDialog extends AbstractDialog {
                               SuiConstants.SEPARATED_COMPONENT_SPACE,
                               SuiConstants.DIFFERENT_COMPONENT_SPACE, 0, 0);
 
-        _password = new SingleBytePasswordField();
+        _password = new SuiPasswordField();
         lblPassword.setLabelFor(_password);
         _password.setText(_info.getAuthenticationPassword());
         GridBagUtil.constrain(p, _password, 1, 4,
diff --git a/src/com/netscape/management/client/ug/ResEditorPasswordPage.java b/src/com/netscape/management/client/ug/ResEditorPasswordPage.java
index 2ac821e..1266591 100644
--- a/src/com/netscape/management/client/ug/ResEditorPasswordPage.java
+++ b/src/com/netscape/management/client/ug/ResEditorPasswordPage.java
@@ -47,7 +47,7 @@ Observer {
     PickerEditorResourceSet _resource = new PickerEditorResourceSet();
     private String ID;
 
-    SingleBytePasswordField _newPassword, _confirmPassword;
+    SuiPasswordField _newPassword, _confirmPassword;
 
     String _password;
 
@@ -103,9 +103,9 @@ Observer {
                 SwingConstants.RIGHT);
         JLabel blankLabel = new JLabel(""); // Prevents components of this panel from centering
 
-        _newPassword = new SingleBytePasswordField("");
+        _newPassword = new SuiPasswordField("");
         passwordLabel.setLabelFor(_newPassword);
-        _confirmPassword = new SingleBytePasswordField("");
+        _confirmPassword = new SuiPasswordField("");
         confirmPasswordLabel.setLabelFor(_confirmPassword);
         _confirmPassword.addFocusListener(_focusAdaptor); // Only want to update when new == confirm
 
diff --git a/src/com/netscape/management/client/ug/ResEditorUserPage.java b/src/com/netscape/management/client/ug/ResEditorUserPage.java
index bda0490..e006edd 100644
--- a/src/com/netscape/management/client/ug/ResEditorUserPage.java
+++ b/src/com/netscape/management/client/ug/ResEditorUserPage.java
@@ -63,8 +63,8 @@ Observer, DocumentListener {
     JTextArea _email;
     JTextArea _phone;
     JTextArea _fax;
-    SingleBytePasswordField _newPassword;



More information about the Pkg-fedora-ds-maintainers mailing list