You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2016/06/21 12:03:06 UTC
svn commit: r1749496 - in /directory/apacheds/branches/apacheds-value:
server-integ/src/test/java/org/apache/directory/server/ssl/
test-framework/src/main/java/org/apache/directory/server/core/integ/
Author: elecharny
Date: Tue Jun 21 12:03:05 2016
New Revision: 1749496
URL: http://svn.apache.org/viewvc?rev=1749496&view=rev
Log:
Applied Stefan's patch on the Key length
Modified:
directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
Modified: directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java?rev=1749496&r1=1749495&r2=1749496&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java (original)
+++ directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java Tue Jun 21 12:03:05 2016
@@ -124,7 +124,7 @@ public class LdapsUpdateCertificateIT ex
String newSubjectDN = "cn=new_subject_dn";
Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
new Dn( "uid=admin,ou=system" ) );
- TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+ TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
// now update the certificate (over the wire)
ModificationItem[] mods = new ModificationItem[3];
Modified: directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java?rev=1749496&r1=1749495&r2=1749496&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java (original)
+++ directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java Tue Jun 21 12:03:05 2016
@@ -176,7 +176,7 @@ public class StartTlsUpdateCertificateIT
String newSubjectDN = "cn=new_subject_dn";
Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
new Dn( "uid=admin,ou=system" ) );
- TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+ TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
// now update the certificate (over the wire)
ModificationItem[] mods = new ModificationItem[3];
Modified: directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java?rev=1749496&r1=1749495&r2=1749496&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java (original)
+++ directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java Tue Jun 21 12:03:05 2016
@@ -22,15 +22,24 @@ package org.apache.directory.server.core
import java.lang.reflect.Method;
import java.util.UUID;
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.FileUtils;
import org.apache.directory.server.annotations.CreateKdcServer;
import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.changelog.ChangeLog;
import org.apache.directory.server.core.factory.DSAnnotationProcessor;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
import org.apache.directory.server.core.factory.PartitionFactory;
+import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.factory.ServerAnnotationProcessor;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.kdc.KdcServer;
@@ -128,6 +137,8 @@ public class FrameworkRunner extends Blo
// Apply the class LDIFs
DSAnnotationProcessor.applyLdifs( getDescription(), directoryService );
}
+
+ updateTlsKey( classDS );
// check if it has a LdapServerBuilder
// then use the DS created above
@@ -255,6 +266,8 @@ public class FrameworkRunner extends Blo
DSAnnotationProcessor.applyLdifs( methodDescription, methodDS );
directoryService = methodDS;
+
+ updateTlsKey( directoryService );
}
else if ( classDS != null )
{
@@ -442,4 +455,22 @@ public class FrameworkRunner extends Blo
dirService.revert( revision );
}
}
+
+
+ private void updateTlsKey( DirectoryService ds ) throws LdapException, LdapInvalidDnException
+ {
+ // Update TLS key for tests. Newer Java 8 releases consider RSA keys
+ // with less than 1024 bits as insecure and such are disabled by default, see
+ // http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html
+ Entry adminEntry = ds.getAdminSession().lookup( new Dn( ServerDNConstants.ADMIN_SYSTEM_DN ) );
+ TlsKeyGenerator.addKeyPair( adminEntry, TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN,
+ TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN, "RSA", 1024 );
+ Modification mod1 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ adminEntry.get( TlsKeyGenerator.PRIVATE_KEY_AT ) );
+ Modification mod2 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ adminEntry.get( TlsKeyGenerator.PUBLIC_KEY_AT ) );
+ Modification mod3 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ adminEntry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ) );
+ ds.getAdminSession().modify( adminEntry.getDn(), mod1, mod2, mod3 );
+ }
}