You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2020/09/09 16:10:03 UTC
[directory-server] branch DIRSERVER-2328 created (now 66138a7)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch DIRSERVER-2328
in repository https://gitbox.apache.org/repos/asf/directory-server.git.
at 66138a7 DIRSERVER-2328 - CreateAuthenticator annotation trust manager improvements
This branch includes the following new commits:
new 66138a7 DIRSERVER-2328 - CreateAuthenticator annotation trust manager improvements
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[directory-server] 01/01: DIRSERVER-2328 - CreateAuthenticator
annotation trust manager improvements
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch DIRSERVER-2328
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 66138a7e557f563723e196ebe82176ad653b5f49
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 9 17:09:41 2020 +0100
DIRSERVER-2328 - CreateAuthenticator annotation trust manager improvements
---
.../core/annotations/CreateAuthenticator.java | 4 +--
.../server/core/authn/DelegatingAuthenticator.java | 35 ++++++++++++++++++++--
.../operations/bind/DelegatedAuthOverSslIT.java | 4 ++-
.../operations/bind/DelegatedAuthOverTlsIT.java | 3 +-
4 files changed, 39 insertions(+), 7 deletions(-)
diff --git a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
index 2ceaa6a..0708c63 100644
--- a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
+++ b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
@@ -70,9 +70,9 @@ public @interface CreateAuthenticator
/** @return The SSL TrustManager FQCN */
- String delegateSslTrustManagerFQCN() default "org.apache.directory.ldap.client.api.NoVerificationTrustManager";
+ String delegateSslTrustManagerFQCN() default "";
/** @return The startTls TrustManager FQCN */
- String delegateTlsTrustManagerFQCN() default "org.apache.directory.ldap.client.api.NoVerificationTrustManager";
+ String delegateTlsTrustManagerFQCN() default "";
}
diff --git a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
index b58e6c5..f9ce77b 100644
--- a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
+++ b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
@@ -22,6 +22,8 @@ package org.apache.directory.server.core.authn;
import java.net.SocketAddress;
+import javax.net.ssl.TrustManager;
+
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
@@ -30,7 +32,6 @@ import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.i18n.I18n;
@@ -248,7 +249,21 @@ public class DelegatingAuthenticator extends AbstractAuthenticator
connectionConfig = new LdapConnectionConfig();
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setLdapPort( delegatePort );
- connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
+ if ( delegateTlsTrustManagerFQCN != null && !"".equals( delegateTlsTrustManagerFQCN ) )
+ {
+ try
+ {
+ Class<?> trustManagerClass = Class.forName( delegateTlsTrustManagerFQCN );
+ TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
+ connectionConfig.setTrustManagers( trustManager );
+ }
+ catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
+ {
+ String message = "Cannot load " + delegateTlsTrustManagerFQCN;
+ LOG.error( message );
+ throw new LdapException( message );
+ }
+ }
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
@@ -260,7 +275,21 @@ public class DelegatingAuthenticator extends AbstractAuthenticator
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setUseSsl( true );
connectionConfig.setLdapPort( delegatePort );
- connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
+ if ( delegateSslTrustManagerFQCN != null && !"".equals( delegateSslTrustManagerFQCN ) )
+ {
+ try
+ {
+ Class<?> trustManagerClass = Class.forName( delegateSslTrustManagerFQCN );
+ TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
+ connectionConfig.setTrustManagers( trustManager );
+ }
+ catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
+ {
+ String message = "Cannot load " + delegateSslTrustManagerFQCN;
+ LOG.error( message );
+ throw new LdapException( message );
+ }
+ }
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
diff --git a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
index 43d461b..9e7774b 100644
--- a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
@@ -56,7 +56,9 @@ import org.junit.runner.RunWith;
type = DelegatingAuthenticator.class,
delegatePort = 10201,
delegateSsl = true,
- delegateTls = false) })
+ delegateTls = false,
+ delegateSslTrustManagerFQCN = "org.apache.directory.ldap.client.api.NoVerificationTrustManager"
+ ) })
@ApplyLdifs(
{
// Entry # 1
diff --git a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
index 32bd581..333ea41 100644
--- a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
@@ -56,7 +56,8 @@ import org.junit.runner.RunWith;
type = DelegatingAuthenticator.class,
delegatePort = 10201,
delegateSsl = false,
- delegateTls = true) })
+ delegateTls = true,
+ delegateTlsTrustManagerFQCN = "org.apache.directory.ldap.client.api.NoVerificationTrustManager") })
@ApplyLdifs(
{
// Entry # 1