You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/09 10:27:22 UTC

[cxf] 01/01: CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch CXF-8071
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 356e5765ddca40aba7673fab058de100501366ba
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 9 11:26:57 2019 +0100

    CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work
---
 .../cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java  |  5 +++--
 .../cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java     |  2 +-
 .../systest/ldap/xkms/LDAPCertificateRepoTest.java    | 19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
index 74a6593..75d4d33 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
@@ -203,8 +203,9 @@ public class LdapCertificateRepo implements CertificateRepo {
         if (cert == null) {
             // Try to find certificate by search for uid attribute
             try {
-                String uidAttr = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
-                cert = getCertificateForUIDAttr(uidAttr);
+                String filter = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
+                Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
+                return getCert(attr);
             } catch (NamingException e) {
                 // Not found
             }
diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
index 6dfe653..afcaf37 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
@@ -29,7 +29,7 @@ public class LdapSchemaConfig {
     private String constAttrNamesCSV = "sn";
     private String constAttrValuesCSV = "X509 certificate";
     private String serviceCertRDNTemplate = "cn=%s,ou=services";
-    private String serviceCertUIDTemplate = "cn=%s";
+    private String serviceCertUIDTemplate = "uid=%s";
     private String trustedAuthorityFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
     private String intermediateFilter = "(objectClass=*)";
     private String crlFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
diff --git a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
index 001c2e4..12d7231 100644
--- a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
+++ b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
@@ -106,6 +106,20 @@ public class LDAPCertificateRepoTest extends AbstractLdapTestUnit {
     }
 
     @Test
+    public void testFindUserCertViaUID() throws URISyntaxException, NamingException, CertificateException {
+        CertificateRepo persistenceManager = createLdapCertificateRepo();
+        X509Certificate cert = persistenceManager.findBySubjectDn("dave");
+        assertNotNull(cert);
+    }
+
+    @Test
+    public void testFindUserCertViaWrongUID() throws URISyntaxException, NamingException, CertificateException {
+        CertificateRepo persistenceManager = createLdapCertificateRepo();
+        X509Certificate cert = persistenceManager.findBySubjectDn("wrong");
+        assertNull("Certificate should be null", cert);
+    }
+
+    @Test
     public void testSave() throws Exception {
         CertificateRepo persistenceManager = createLdapCertificateRepo();
         URL url = this.getClass().getResource("cert1.cer");
@@ -135,8 +149,13 @@ public class LDAPCertificateRepoTest extends AbstractLdapTestUnit {
         key.setIdentifier(EXPECTED_SERVICE_URI);
         persistenceManager.saveCertificate(cert, key);
 
+        // Search by DN
         X509Certificate foundCert = persistenceManager.findByServiceName(EXPECTED_SERVICE_URI);
         assertNotNull(foundCert);
+
+        // Search by UID
+        foundCert = persistenceManager.findByServiceName(cert.getSubjectX500Principal().getName());
+        assertNotNull(foundCert);
     }
 
     private CertificateRepo createLdapCertificateRepo() throws CertificateException {