From a580643228270cf86620c8c0128c203cb94ecea5 Mon Sep 17 00:00:00 2001 From: maximthomas Date: Tue, 18 Nov 2025 16:02:11 +0300 Subject: [PATCH 1/4] Set BouncyCastle native libs install dir to `java.io.tmpdir` value --- .../main/java/com/forgerock/opendj/util/FipsStaticUtils.java | 4 ++++ .../src/main/java/org/opends/server/util/Platform.java | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java b/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java index 7f2758e761..e0aa55b63a 100644 --- a/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java +++ b/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java @@ -29,6 +29,10 @@ public static void registerBcProvider(boolean force) { return; } + if(System.getProperty("org.bouncycastle.native.loader.install_dir") == null) { + System.setProperty("org.bouncycastle.native.loader.install_dir", System.getProperty("java.io.tmpdir")); + } + String providerName = BC_PROVIDER_NAME; String className = BC_GENERIC_PROVIDER_CLASS_NAME; diff --git a/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java b/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java index 9289f99dc0..4fe9fba827 100644 --- a/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java +++ b/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java @@ -37,6 +37,7 @@ import java.time.temporal.ChronoUnit; import java.util.Date; +import com.forgerock.opendj.util.FipsStaticUtils; import com.forgerock.opendj.util.StaticUtils; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.cert.X509CertificateHolder; @@ -198,7 +199,7 @@ private static final KeyStore generateSelfSignedCertificate(KeyStore ks, { if(!isFips) { - Security.addProvider(new BouncyCastleFipsProvider()); + FipsStaticUtils.registerBcProvider(true); } if (ks == null) { From 7fa65cfc8f5f1916aeecf39ddbcc834a3f62d1a7 Mon Sep 17 00:00:00 2001 From: maximthomas Date: Wed, 19 Nov 2025 12:06:30 +0300 Subject: [PATCH 2/4] Set OpenDJ tmp dir to an installation directory --- .github/workflows/build.yml | 8 ++++---- .../com/forgerock/opendj/util/FipsStaticUtils.java | 4 ---- opendj-server-legacy/resource/bin/_script-util.bat | 10 ++++++++++ opendj-server-legacy/resource/bin/_script-util.sh | 9 +++++++++ 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8e0f3df70c..cbd8ea22f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -69,7 +69,7 @@ jobs: opendj-server-legacy/target/package/opendj/bin/rebuild-index --bindDN "cn=Directory Manager" --bindPassword password --baseDN "dc=example2,dc=com" --rebuildAll --trustAll opendj-server-legacy/target/package/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example2,dc=com" --searchScope sub "(uid=user.*)" dn | grep ^dn: | wc -l | grep -q 10000 opendj-server-legacy/target/package/opendj/bin/stop-ds - rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs} + rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs,tmp} - name: Test on Unix FIPS if: runner.os != 'Windows' @@ -125,7 +125,7 @@ jobs: opendj-server-legacy/target/package/opendj/bin/rebuild-index --bindDN "cn=Directory Manager" --bindPassword password --baseDN "dc=example2,dc=com" --rebuildAll --trustAll opendj-server-legacy/target/package/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example2,dc=com" --searchScope sub "(uid=user.*)" dn | grep ^dn: | wc -l | grep -q 10000 opendj-server-legacy/target/package/opendj/bin/stop-ds - rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs} + rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs,tmp} - name: Test LDAP in Cassandra if: runner.os == 'Linux' run: | @@ -140,7 +140,7 @@ jobs: opendj-server-legacy/target/package/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1 opendj-server-legacy/target/package/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example,dc=com" --searchScope sub "(uid=user.*)" dn | grep ^dn: | wc -l | grep -q 10000 opendj-server-legacy/target/package/opendj/bin/stop-ds - rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs} + rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs,tmp} - name: Test LDAP in Postgres if: runner.os == 'Linux' run: | @@ -155,7 +155,7 @@ jobs: opendj-server-legacy/target/package/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1 opendj-server-legacy/target/package/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "ou=people,dc=example,dc=com" --searchScope sub "(uid=user.*)" dn | grep ^dn: | wc -l | grep -q 10000 opendj-server-legacy/target/package/opendj/bin/stop-ds - rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs} + rm -rf opendj-server-legacy/target/package/opendj/{config,db,changelogDb,logs,tmp} - name: Test on Windows if: runner.os == 'Windows' run: | diff --git a/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java b/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java index e0aa55b63a..7f2758e761 100644 --- a/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java +++ b/opendj-core/src/main/java/com/forgerock/opendj/util/FipsStaticUtils.java @@ -29,10 +29,6 @@ public static void registerBcProvider(boolean force) { return; } - if(System.getProperty("org.bouncycastle.native.loader.install_dir") == null) { - System.setProperty("org.bouncycastle.native.loader.install_dir", System.getProperty("java.io.tmpdir")); - } - String providerName = BC_PROVIDER_NAME; String className = BC_GENERIC_PROVIDER_CLASS_NAME; diff --git a/opendj-server-legacy/resource/bin/_script-util.bat b/opendj-server-legacy/resource/bin/_script-util.bat index 785a4bd345..e66596667f 100644 --- a/opendj-server-legacy/resource/bin/_script-util.bat +++ b/opendj-server-legacy/resource/bin/_script-util.bat @@ -18,6 +18,7 @@ rem Portions Copyright 2020-2025 3A Systems, LLC. set SET_JAVA_HOME_AND_ARGS_DONE=false set SET_ENVIRONMENT_VARS_DONE=false set SET_CLASSPATH_DONE=false +set SET_TEMP_DIR_DONE=false if "%INSTALL_ROOT%" == "" goto setInstanceRoot @@ -85,6 +86,7 @@ goto end if "%SET_JAVA_HOME_AND_ARGS_DONE%" == "false" goto setJavaHomeAndArgs if "%SET_CLASSPATH_DONE%" == "false" goto setClassPath if "%SET_ENVIRONMENT_VARS_DONE%" == "false" goto setEnvironmentVars +if "%SET_TEMP_DIR_DONE%" == "false" goto setTempDir goto testJava :setFullServerEnvironmentAndTestJava @@ -173,6 +175,14 @@ set RESULT_CODE=%errorlevel% if %RESULT_CODE% == 0 set OPENDJ_JAVA_ARGS=%OPENDJ_JAVA_ARGS% --add-opens java.base/jdk.internal.loader=ALL-UNNAMED goto scriptBegin +:setTempDir +if %SET_TEMP_DIR_DONE% == "true" goto end +set OPENDJ_TMP_DIR=%INSTANCE_ROOT%\tmp +if not exist "%OPENDJ_TMP_DIR%" mkdir "%OPENDJ_TMP_DIR%" +set OPENDJ_JAVA_ARGS=%OPENDJ_JAVA_ARGS% -Djava.io.tmpdir=%OPENDJ_TMP_DIR% +set SET_TEMP_DIR_DONE=true +goto scriptBegin + :testJava if "%OPENDJ_JAVA_ARGS%" == "" goto checkLegacyArgs :continueTestJava diff --git a/opendj-server-legacy/resource/bin/_script-util.sh b/opendj-server-legacy/resource/bin/_script-util.sh index 43b67cc0fe..0fb0d21267 100644 --- a/opendj-server-legacy/resource/bin/_script-util.sh +++ b/opendj-server-legacy/resource/bin/_script-util.sh @@ -83,6 +83,14 @@ set_opendj_java_bin() { export OPENDJ_JAVA_BIN } +set_temp_dir() { + OPENDJ_TMP_DIR="${INSTANCE_ROOT}/tmp" + if [ ! -d "${OPENDJ_TMP_DIR}" ]; then + mkdir ${OPENDJ_TMP_DIR} + fi + OPENDJ_JAVA_ARGS="${OPENDJ_JAVA_ARGS} -Djava.io.tmpdir=${OPENDJ_TMP_DIR}" +} + # # function that sets the java home # @@ -101,6 +109,7 @@ set_java_home_and_args() { OPENDJ_JAVA_ARGS="${PROPERTY_VALUE}" fi fi + set_temp_dir set_opendj_java_bin } From 17223a7144d11ede4b3916282e6b02346951b480 Mon Sep 17 00:00:00 2001 From: maximthomas Date: Wed, 19 Nov 2025 15:08:39 +0300 Subject: [PATCH 3/4] cleanup the tmp directory on start --- opendj-server-legacy/resource/bin/start-ds | 6 ++++++ opendj-server-legacy/resource/bin/start-ds.bat | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/opendj-server-legacy/resource/bin/start-ds b/opendj-server-legacy/resource/bin/start-ds index 5519340574..d567cc21c4 100644 --- a/opendj-server-legacy/resource/bin/start-ds +++ b/opendj-server-legacy/resource/bin/start-ds @@ -14,6 +14,7 @@ # # Copyright 2006-2009 Sun Microsystems, Inc. # Portions Copyright 2011-2014 ForgeRock AS. +# Portions Copyright 2025 3A Systems LLC. # Capture the current working directory so that we can change to it later. @@ -72,6 +73,11 @@ PID_FILE=${INSTANCE_ROOT}/logs/server.pid LOG_FILE=${INSTANCE_ROOT}/logs/server.out STARTING_FILE=${INSTANCE_ROOT}/logs/server.starting +# Cleanup the tmp directory +OPENDJ_TMP_DIR="${INSTANCE_ROOT}/tmp" +if [ -d "${OPENDJ_TMP_DIR}" ]; then + rm -r ${OPENDJ_TMP_DIR}/* +fi # See if the provided set of arguments were sufficient for us to be able to # start the server or perform the requested operation. An exit code of 99 diff --git a/opendj-server-legacy/resource/bin/start-ds.bat b/opendj-server-legacy/resource/bin/start-ds.bat index d0b10a58c0..7f7be60d89 100644 --- a/opendj-server-legacy/resource/bin/start-ds.bat +++ b/opendj-server-legacy/resource/bin/start-ds.bat @@ -14,6 +14,7 @@ rem information: "Portions Copyright [year] [name of copyright owner]". rem rem Copyright 2006-2010 Sun Microsystems, Inc. rem Portions Copyright 2011-2014 ForgeRock AS. +rem Portions Copyright 2025 3A Systems LLC. setlocal set DIR_HOME=%~dp0.. @@ -57,6 +58,15 @@ echo %SCRIPT%: CLASSPATH=%CLASSPATH% >> %LOG% echo %SCRIPT%: PATH=%PATH% >> %LOG% +rem cleanup the tmp directory +set CUR_DIR=%CD% +set OPENDJ_TMP_DIR=%INSTANCE_ROOT%\tmp +dir /b /s /a %OPENDJ_TMP_DIR% | findstr .>nul && ( + cd /d %OPENDJ_TMP_DIR% + for /F "delims=" %%i in ('dir /b') do (rmdir "%%i" /s/q>NUL 2>&1 || del "%%i" /s/q>NUL 2>&1) + cd /d %CUR_DIR% +) + "%OPENDJ_JAVA_BIN%" -client %SCRIPT_NAME_ARG% org.opends.server.core.DirectoryServer --configFile "%INSTANCE_ROOT%\config\config.ldif" --checkStartability %* if %errorlevel% == 98 goto serverAlreadyStarted From bcd369c24c1938560292babe811ad5d3279795c1 Mon Sep 17 00:00:00 2001 From: Maxim Thomas Date: Wed, 19 Nov 2025 17:10:27 +0300 Subject: [PATCH 4/4] Update start-ds --- opendj-server-legacy/resource/bin/start-ds | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opendj-server-legacy/resource/bin/start-ds b/opendj-server-legacy/resource/bin/start-ds index d567cc21c4..0c965b6ad0 100644 --- a/opendj-server-legacy/resource/bin/start-ds +++ b/opendj-server-legacy/resource/bin/start-ds @@ -76,7 +76,7 @@ STARTING_FILE=${INSTANCE_ROOT}/logs/server.starting # Cleanup the tmp directory OPENDJ_TMP_DIR="${INSTANCE_ROOT}/tmp" if [ -d "${OPENDJ_TMP_DIR}" ]; then - rm -r ${OPENDJ_TMP_DIR}/* + rm -rf ${OPENDJ_TMP_DIR}/* fi # See if the provided set of arguments were sufficient for us to be able to