You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2016/06/21 12:03:06 UTC

svn commit: r1749496 - in /directory/apacheds/branches/apacheds-value: server-integ/src/test/java/org/apache/directory/server/ssl/ test-framework/src/main/java/org/apache/directory/server/core/integ/

Author: elecharny
Date: Tue Jun 21 12:03:05 2016
New Revision: 1749496

URL: http://svn.apache.org/viewvc?rev=1749496&view=rev
Log:
Applied Stefan's patch on the Key length

Modified:
    directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
    directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
    directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java

Modified: directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java?rev=1749496&r1=1749495&r2=1749496&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java (original)
+++ directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java Tue Jun 21 12:03:05 2016
@@ -124,7 +124,7 @@ public class LdapsUpdateCertificateIT ex
         String newSubjectDN = "cn=new_subject_dn";
         Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
             new Dn( "uid=admin,ou=system" ) );
-        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
 
         // now update the certificate (over the wire)
         ModificationItem[] mods = new ModificationItem[3];

Modified: directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java?rev=1749496&r1=1749495&r2=1749496&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java (original)
+++ directory/apacheds/branches/apacheds-value/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java Tue Jun 21 12:03:05 2016
@@ -176,7 +176,7 @@ public class StartTlsUpdateCertificateIT
         String newSubjectDN = "cn=new_subject_dn";
         Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
             new Dn( "uid=admin,ou=system" ) );
-        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
 
         // now update the certificate (over the wire)
         ModificationItem[] mods = new ModificationItem[3];

Modified: directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java?rev=1749496&r1=1749495&r2=1749496&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java (original)
+++ directory/apacheds/branches/apacheds-value/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java Tue Jun 21 12:03:05 2016
@@ -22,15 +22,24 @@ package org.apache.directory.server.core
 import java.lang.reflect.Method;
 import java.util.UUID;
 
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.util.FileUtils;
 import org.apache.directory.server.annotations.CreateKdcServer;
 import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.changelog.ChangeLog;
 import org.apache.directory.server.core.factory.DSAnnotationProcessor;
 import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
 import org.apache.directory.server.core.factory.DirectoryServiceFactory;
 import org.apache.directory.server.core.factory.PartitionFactory;
+import org.apache.directory.server.core.security.TlsKeyGenerator;
 import org.apache.directory.server.factory.ServerAnnotationProcessor;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
@@ -128,6 +137,8 @@ public class FrameworkRunner extends Blo
                 // Apply the class LDIFs
                 DSAnnotationProcessor.applyLdifs( getDescription(), directoryService );
             }
+            
+            updateTlsKey( classDS );
 
             // check if it has a LdapServerBuilder
             // then use the DS created above
@@ -255,6 +266,8 @@ public class FrameworkRunner extends Blo
                 DSAnnotationProcessor.applyLdifs( methodDescription, methodDS );
 
                 directoryService = methodDS;
+                
+                updateTlsKey( directoryService );
             }
             else if ( classDS != null )
             {
@@ -442,4 +455,22 @@ public class FrameworkRunner extends Blo
             dirService.revert( revision );
         }
     }
+
+
+    private void updateTlsKey( DirectoryService ds ) throws LdapException, LdapInvalidDnException
+    {
+        // Update TLS key for tests. Newer Java 8 releases consider RSA keys
+        // with less than 1024 bits as insecure and such are disabled by default, see 
+        // http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html
+        Entry adminEntry = ds.getAdminSession().lookup( new Dn( ServerDNConstants.ADMIN_SYSTEM_DN ) );
+        TlsKeyGenerator.addKeyPair( adminEntry, TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN,
+            TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN, "RSA", 1024 );
+        Modification mod1 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+            adminEntry.get( TlsKeyGenerator.PRIVATE_KEY_AT ) );
+        Modification mod2 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+            adminEntry.get( TlsKeyGenerator.PUBLIC_KEY_AT ) );
+        Modification mod3 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+            adminEntry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ) );
+        ds.getAdminSession().modify( adminEntry.getDn(), mod1, mod2, mod3 );
+    }
 }