You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/17 11:58:12 UTC

[cxf] branch 3.2.x-fixes updated (67ab1a1 -> 8f71baf)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.


    from 67ab1a1  Recording .gitmergeinfo Changes
     new bd9389d  CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work
     new 8f71baf  Recording .gitmergeinfo Changes

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .gitmergeinfo                                         |  1 +
 .../cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java  |  5 +++--
 .../cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java     |  2 +-
 .../systest/ldap/xkms/LDAPCertificateRepoTest.java    | 19 +++++++++++++++++++
 4 files changed, 24 insertions(+), 3 deletions(-)

[cxf] 01/02: CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit bd9389d7d7b51ddd141c126ba36ea714a8cc785b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 9 11:26:57 2019 +0100

    CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work
    
    (cherry picked from commit 356e5765ddca40aba7673fab058de100501366ba)
---
 .../cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java  |  5 +++--
 .../cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java     |  2 +-
 .../systest/ldap/xkms/LDAPCertificateRepoTest.java    | 19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
index 6f4bafb..81589b1 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
@@ -209,8 +209,9 @@ public class LdapCertificateRepo implements CertificateRepo {
         if (cert == null) {
             // Try to find certificate by search for uid attribute
             try {
-                String uidAttr = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
-                cert = getCertificateForUIDAttr(uidAttr);
+                String filter = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
+                Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
+                return getCert(attr);
             } catch (NamingException e) {
                 // Not found
             }
diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
index 6dfe653..afcaf37 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
@@ -29,7 +29,7 @@ public class LdapSchemaConfig {
     private String constAttrNamesCSV = "sn";
     private String constAttrValuesCSV = "X509 certificate";
     private String serviceCertRDNTemplate = "cn=%s,ou=services";
-    private String serviceCertUIDTemplate = "cn=%s";
+    private String serviceCertUIDTemplate = "uid=%s";
     private String trustedAuthorityFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
     private String intermediateFilter = "(objectClass=*)";
     private String crlFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
diff --git a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
index 001c2e4..12d7231 100644
--- a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
+++ b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
@@ -106,6 +106,20 @@ public class LDAPCertificateRepoTest extends AbstractLdapTestUnit {
     }
 
     @Test
+    public void testFindUserCertViaUID() throws URISyntaxException, NamingException, CertificateException {
+        CertificateRepo persistenceManager = createLdapCertificateRepo();
+        X509Certificate cert = persistenceManager.findBySubjectDn("dave");
+        assertNotNull(cert);
+    }
+
+    @Test
+    public void testFindUserCertViaWrongUID() throws URISyntaxException, NamingException, CertificateException {
+        CertificateRepo persistenceManager = createLdapCertificateRepo();
+        X509Certificate cert = persistenceManager.findBySubjectDn("wrong");
+        assertNull("Certificate should be null", cert);
+    }
+
+    @Test
     public void testSave() throws Exception {
         CertificateRepo persistenceManager = createLdapCertificateRepo();
         URL url = this.getClass().getResource("cert1.cer");
@@ -135,8 +149,13 @@ public class LDAPCertificateRepoTest extends AbstractLdapTestUnit {
         key.setIdentifier(EXPECTED_SERVICE_URI);
         persistenceManager.saveCertificate(cert, key);
 
+        // Search by DN
         X509Certificate foundCert = persistenceManager.findByServiceName(EXPECTED_SERVICE_URI);
         assertNotNull(foundCert);
+
+        // Search by UID
+        foundCert = persistenceManager.findByServiceName(cert.getSubjectX500Principal().getName());
+        assertNotNull(foundCert);
     }
 
     private CertificateRepo createLdapCertificateRepo() throws CertificateException {

[cxf] 02/02: Recording .gitmergeinfo Changes

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 8f71baf17464ae385e606580d5818037a113c9d2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jul 17 12:57:59 2019 +0100

    Recording .gitmergeinfo Changes
---
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitmergeinfo b/.gitmergeinfo
index e54cb30..807ee26 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -352,6 +352,7 @@ B 8f90e00177d464541e99ed61238cbc52cff0846d
 B 8fa0216240e42d62cca60723c23402c6df022dfd
 B 90057038bf23efc12df254795ad80c4766c0d2dd
 B 90832dcab359e04b4c9c8adde630252509d87b9e
+B 9101e20ab3716f99f196eddda1d0d619aacfd642
 B 91244e84e02c7d01410b347bb14efca27d2ec2b1
 B 9185a35ad95d74be43b23905e3ed45f0444eba94
 B 91a3122620ecf8ff767f2d769726b6039dbda6d4