You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2019/04/17 15:44:17 UTC
[directory-server] branch master updated (0f043fb -> d154889)
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git.
from 0f043fb Merge pull request #14 from apache/caffeine
new 3b763ef Added the apacheds.ks KeyStore file in InstanceLayout
new 8942572 Added a test for NIS
new 08530ed Bumped up a dependency
new 40b5618 Merge branch 'master' of https://gitbox.apache.org/repos/asf/directory-server
new 04bb407 o Swicthed to MINA 2.1.2 o Fixed the maven release plugin config so that the module's version is not asked for every module.
new c6f064d Changes to fix the certificate handling in ApacheDS
new 5abfc74 merge with Stefan's changes
new d154889 Use Java 8
The 8 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../server/core/annotations/CreateDS.java | 6 +-
.../directory/server/core/api/InstanceLayout.java | 14 +
.../server/core/operations/add/AddIT.java | 26 ++
.../core/operations/search/SearchBinaryIT.java | 2 +-
.../server/core/DefaultDirectoryService.java | 3 -
.../server/core/security/CertificateUtil.java | 347 +++++++++++++++++++++
.../server/core/security/CoreKeyStoreSpi.java | 31 +-
.../server/core/security/CertificateUtilTest.java | 57 ++++
.../shared/client/api/LdapSSLConnectionTest.java | 6 +-
.../server/osgi/integ/ServerCoreOsgiTest.java | 1 -
pom.xml | 21 +-
.../apache/directory/server/ldap/LdapServer.java | 98 +-----
.../server/factory/ServerAnnotationProcessor.java | 16 +
.../factory/DirectoryServiceAnnotationTest.java | 2 +
...SocketFactory.java => AdsSSLSocketFactory.java} | 16 +-
.../org/apache/directory/server/ssl/LdapsIT.java | 2 +-
.../server/ssl/LdapsUpdateCertificateIT.java | 36 +--
.../server/ssl/StartTlsConfidentialityIT.java | 48 +--
.../apache/directory/server/ssl/StartTlsIT.java | 52 +--
.../server/ssl/StartTlsUpdateCertificateIT.java | 77 +----
.../apache/directory/server/ApacheDsService.java | 64 +++-
.../apache/directory/server/UberJarMainTest.java | 58 +++-
.../server/core/integ/AbstractLdapTestUnit.java | 44 +++
.../server/core/integ/FrameworkRunner.java | 30 --
24 files changed, 714 insertions(+), 343 deletions(-)
create mode 100644 core/src/main/java/org/apache/directory/server/core/security/CertificateUtil.java
create mode 100644 core/src/test/java/org/apache/directory/server/core/security/CertificateUtilTest.java
rename server-integ/src/test/java/org/apache/directory/server/ssl/{SSLSocketFactory.java => AdsSSLSocketFactory.java} (89%)
[directory-server] 03/08: Bumped up a dependency
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 08530ed7aaa977e96108c4121e69056e32b882b3
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Thu Feb 21 23:17:15 2019 +0100
Bumped up a dependency
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2af90d7..6fc98ab 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,7 +48,7 @@
<!-- Set versions for depending projects -->
<org.apache.directory.api.version>2.0.0.AM3-SNAPSHOT</org.apache.directory.api.version>
<org.apache.directory.mavibot.version>1.0.0-M8</org.apache.directory.mavibot.version>
- <org.apache.directory.checkstyle-configuration.version>0.3</org.apache.directory.checkstyle-configuration.version>
+ <org.apache.directory.checkstyle-configuration.version>2.0.1-SNAPSHOT</org.apache.directory.checkstyle-configuration.version>
<org.apache.directory.junit.junit-addons.version>2.0.0</org.apache.directory.junit.junit-addons.version>
<org.apache.directory.jdbm.version>2.0.0-M3</org.apache.directory.jdbm.version>
<skin.version>1.0.3</skin.version>
[directory-server] 01/08: Added the apacheds.ks KeyStore file in
InstanceLayout
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 3b763efb89e4c8d1437511439332f72b75ae4d52
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Mon Feb 11 06:01:59 2019 +0100
Added the apacheds.ks KeyStore file in InstanceLayout
---
.../apache/directory/server/core/api/InstanceLayout.java | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/core-api/src/main/java/org/apache/directory/server/core/api/InstanceLayout.java b/core-api/src/main/java/org/apache/directory/server/core/api/InstanceLayout.java
index 819635b..d29f4bb 100644
--- a/core-api/src/main/java/org/apache/directory/server/core/api/InstanceLayout.java
+++ b/core-api/src/main/java/org/apache/directory/server/core/api/InstanceLayout.java
@@ -39,6 +39,8 @@ import java.io.File;
* | +-- wrapper.conf
* | |
* | +-- log4j.properties
+ * | |
+ * | +-- <keystore file>
* |
* +-- partitions/
* | |
@@ -92,6 +94,7 @@ public class InstanceLayout extends AbstractLayout
private static final String LOG4J_PROPERTIES = "log4j.properties";
private static final String WRAPPER_CONF = "wrapper.conf";
private static final String CONFIG_LDIF = "config.ldif";
+ private static final String KEYSTORE_FILE = "apacheds.ks";
/** The Log directory */
private File logDir;
@@ -354,6 +357,17 @@ public class InstanceLayout extends AbstractLayout
/**
+ * Gets the apacheds KeyStore file (<em>'<instance>/conf/apacheds.ks'</em>).
+ *
+ * @return the apacheds KeyWStore file
+ */
+ public File getKeyStoreFile()
+ {
+ return new File( getConfDirectory(), KEYSTORE_FILE );
+ }
+
+
+ /**
* Gets the 'replication' directory where replication journals are stored
* (<em>'<instance>/syncrepl-data'</em>).
*
[directory-server] 04/08: Merge branch 'master' of
https://gitbox.apache.org/repos/asf/directory-server
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 40b5618519b8d2395af8e0105693199f690e449b
Merge: 08530ed 310007c
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Thu Feb 21 23:17:23 2019 +0100
Merge branch 'master' of https://gitbox.apache.org/repos/asf/directory-server
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[directory-server] 05/08: o Swicthed to MINA 2.1.2 o Fixed the
maven release plugin config so that the module's version is not asked for
every module.
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 04bb407d204aad39eccdb5ebe892fa44d33dd4fb
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Wed Apr 17 16:56:57 2019 +0200
o Swicthed to MINA 2.1.2
o Fixed the maven release plugin config so that the module's version is
not asked for every module.
---
pom.xml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2667878..30af46c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -78,7 +78,7 @@
<maven.artifact.version>3.3.9</maven.artifact.version>
<maven.plugin.api.version>3.3.9</maven.plugin.api.version>
<maven.project.version>3.0-alpha-2</maven.project.version>
- <mina.core.version>2.0.18</mina.core.version>
+ <mina.core.version>2.1.2-SNAPSHOT</mina.core.version>
<org.apache.felix.version>6.0.0</org.apache.felix.version>
<pax-exam.version>4.11.0</pax-exam.version>
<pax-url.version>2.5.4</pax-url.version>
@@ -319,7 +319,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<configuration>
+ <preparationGoals>clean install</preparationGoals>
+ <goals>clean deploy</goals>
<tagNameFormat>@{project.version}</tagNameFormat>
+ <autoVersionSubmodules>true</autoVersionSubmodules>
</configuration>
</plugin>
[directory-server] 02/08: Added a test for NIS
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 8942572f06908aa32ea746b6e7a73dbe0b260ab0
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Mon Feb 11 06:03:10 2019 +0100
Added a test for NIS
---
.../server/core/operations/add/AddIT.java | 26 ++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/core-integ/src/test/java/org/apache/directory/server/core/operations/add/AddIT.java b/core-integ/src/test/java/org/apache/directory/server/core/operations/add/AddIT.java
index ee52f3d..83d8307 100644
--- a/core-integ/src/test/java/org/apache/directory/server/core/operations/add/AddIT.java
+++ b/core-integ/src/test/java/org/apache/directory/server/core/operations/add/AddIT.java
@@ -22,6 +22,7 @@ package org.apache.directory.server.core.operations.add;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertNotNull;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
@@ -32,6 +33,7 @@ import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.annotations.LoadSchema;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.integ.IntegrationUtils;
@@ -47,6 +49,8 @@ import org.junit.runner.RunWith;
@RunWith(FrameworkRunner.class)
@CreateDS(
name = "AddITDS",
+ loadedSchemas =
+ { @LoadSchema(name = "nis", enabled = true) },
partitions =
{
@CreatePartition(
@@ -179,4 +183,26 @@ public class AddIT extends AbstractLdapTestUnit
assertEquals( "a\\b", entry.get( "cn" ).get().getString() );
}
+
+ /**
+ * Test The addition of a nisMapName attributeType
+ */
+ @Test
+ public void testAddNisMapName() throws Exception
+ {
+ LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+ Dn dn = new Dn( "nisMapName=netgroup.byhost,ou=system" );
+ Entry entry = new DefaultEntry( dn,
+ "ObjectClass: top",
+ "ObjectClass: nisMap",
+ "nisMapName: netgroup.byhost" );
+
+ connection.add( entry );
+
+ Entry result = connection.lookup( dn );
+
+ assertNotNull( result );
+ assertEquals( "netgroup.byhost", result.get( "nismapname" ).getString() );
+ }
}
[directory-server] 06/08: Changes to fix the certificate handling
in ApacheDS
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit c6f064ddafeea2b3ab580002d9134c0a0ed3d3f0
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Wed Apr 17 17:04:52 2019 +0200
Changes to fix the certificate handling in ApacheDS
---
.../server/core/annotations/CreateDS.java | 6 +-
.../core/operations/search/SearchBinaryIT.java | 2 +-
.../server/core/DefaultDirectoryService.java | 3 -
.../server/core/security/CertificateUtil.java | 347 +++++++++++++++++++++
.../server/core/security/CoreKeyStoreSpi.java | 31 +-
.../server/core/security/CertificateUtilTest.java | 57 ++++
.../shared/client/api/LdapSSLConnectionTest.java | 6 +-
.../server/osgi/integ/ServerCoreOsgiTest.java | 1 -
pom.xml | 2 +-
.../apache/directory/server/ldap/LdapServer.java | 98 +-----
.../server/factory/ServerAnnotationProcessor.java | 16 +
.../factory/DirectoryServiceAnnotationTest.java | 2 +
...SocketFactory.java => AdsSSLSocketFactory.java} | 16 +-
.../org/apache/directory/server/ssl/LdapsIT.java | 2 +-
.../server/ssl/LdapsUpdateCertificateIT.java | 36 +--
.../server/ssl/StartTlsConfidentialityIT.java | 48 +--
.../apache/directory/server/ssl/StartTlsIT.java | 52 +--
.../server/ssl/StartTlsUpdateCertificateIT.java | 77 +----
.../apache/directory/server/ApacheDsService.java | 64 +++-
.../apache/directory/server/UberJarMainTest.java | 58 +++-
.../server/core/integ/AbstractLdapTestUnit.java | 44 +++
.../server/core/integ/FrameworkRunner.java | 30 --
22 files changed, 657 insertions(+), 341 deletions(-)
diff --git a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java
index 603ce57..26bc8eb 100644
--- a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java
+++ b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java
@@ -28,7 +28,7 @@ import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
/**
- * An anntation for the DirectoryService builder
+ * An annotation for the DirectoryService builder
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
@@ -40,14 +40,14 @@ public @interface CreateDS
/** @return The Factory to use to create a DirectoryService */
Class<?> factory() default DefaultDirectoryServiceFactory.class;
-
+
/** @return The DS name */
String name() default "defaultDS";
/** @return flag to enable/disable access control, default is false */
boolean enableAccessControl() default false;
-
+
/** @return flag to enable/disable anonymous access, default is false */
boolean allowAnonAccess() default false;
diff --git a/core-integ/src/test/java/org/apache/directory/server/core/operations/search/SearchBinaryIT.java b/core-integ/src/test/java/org/apache/directory/server/core/operations/search/SearchBinaryIT.java
index f4fa47b..a8551c2 100644
--- a/core-integ/src/test/java/org/apache/directory/server/core/operations/search/SearchBinaryIT.java
+++ b/core-integ/src/test/java/org/apache/directory/server/core/operations/search/SearchBinaryIT.java
@@ -149,7 +149,7 @@ public class SearchBinaryIT extends AbstractLdapTestUnit
responses.close();
// We should have 3 entries
- assertEquals( 4, i );
+ assertEquals( 3, i );
// Now, filter the entry with a cn starting with testing, and a certificate
responses = connection.search( "ou=system", "(&(cn=testing*)(userCertificate=*))", SearchScope.SUBTREE, "*" );
diff --git a/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java b/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
index a8a965f..2da98f2 100644
--- a/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
+++ b/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
@@ -121,7 +121,6 @@ import org.apache.directory.server.core.normalization.NormalizationInterceptor;
import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
import org.apache.directory.server.core.referral.ReferralInterceptor;
import org.apache.directory.server.core.schema.SchemaInterceptor;
-import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.core.shared.DefaultCoreSession;
import org.apache.directory.server.core.shared.DefaultDnFactory;
import org.apache.directory.server.core.shared.partition.DefaultPartitionNexus;
@@ -1513,8 +1512,6 @@ public class DefaultDirectoryService implements DirectoryService
serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() );
serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() );
- TlsKeyGenerator.addKeyPair( serverEntry );
-
addEntry( serverEntry );
}
}
diff --git a/core/src/main/java/org/apache/directory/server/core/security/CertificateUtil.java b/core/src/main/java/org/apache/directory/server/core/security/CertificateUtil.java
new file mode 100644
index 0000000..3948883
--- /dev/null
+++ b/core/src/main/java/org/apache/directory/server/core/security/CertificateUtil.java
@@ -0,0 +1,347 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.security;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Enumeration;
+
+import javax.net.ssl.KeyManagerFactory;
+
+import org.apache.directory.api.util.Strings;
+
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.BasicConstraintsExtension;
+import sun.security.x509.CertificateAlgorithmId;
+import sun.security.x509.CertificateExtensions;
+import sun.security.x509.CertificateSerialNumber;
+import sun.security.x509.CertificateValidity;
+import sun.security.x509.CertificateVersion;
+import sun.security.x509.CertificateX509Key;
+import sun.security.x509.DNSName;
+import sun.security.x509.GeneralName;
+import sun.security.x509.GeneralNames;
+import sun.security.x509.IPAddressName;
+import sun.security.x509.SubjectAlternativeNameExtension;
+import sun.security.x509.X500Name;
+import sun.security.x509.X509CertImpl;
+import sun.security.x509.X509CertInfo;
+
+/**
+ * Helper class used to generate self-signed certificates, and load a KeyStore
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@SuppressWarnings("restriction")
+public final class CertificateUtil
+{
+ private static final boolean SELF_SIGNED = true;
+ private static final boolean CA_SIGNED = false;
+ private static final boolean CRITICAL = true;
+
+ private CertificateUtil()
+ {
+ // Nothing to do
+ }
+
+
+ private static void setInfo( X509CertInfo info, X500Name subject, X500Name issuer, KeyPair keyPair, int days,
+ String algoStr, boolean isCA )
+ throws CertificateException, IOException, NoSuchAlgorithmException
+ {
+ Date from = new Date();
+ Date to = new Date( from.getTime() + days * 86_400_000L );
+ CertificateValidity interval = new CertificateValidity( from, to );
+
+ // Feed the certificate info structure
+ // version [0] EXPLICIT Version DEFAULT v1
+ // Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ info.set( X509CertInfo.VERSION, new CertificateVersion( CertificateVersion.V3 ) );
+
+ // serialNumber CertificateSerialNumber
+ // CertificateSerialNumber ::= INTEGER
+ BigInteger serialNumber = new BigInteger( 64, new SecureRandom() );
+ info.set( X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( serialNumber ) );
+
+ // signature AlgorithmIdentifier
+ AlgorithmId algo = AlgorithmId.get( algoStr );
+ info.set( X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( algo ) );
+
+ // issuer Name
+ // Name ::= CHOICE {
+ // RDNSequence }
+ // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ // RelativeDistinguishedName ::=
+ // SET OF AttributeTypeAndValue
+ // AttributeTypeAndValue ::= SEQUENCE {
+ // type AttributeType,
+ // value AttributeValue }
+ // AttributeType ::= OBJECT IDENTIFIER
+ // AttributeValue ::= ANY DEFINED BY AttributeType
+ info.set( X509CertInfo.ISSUER, issuer );
+
+ // validity Validity,
+ // Validity ::= SEQUENCE {
+ // notBefore Time,
+ // notAfter Time }
+ info.set( X509CertInfo.VALIDITY, interval );
+
+ // subject Name
+ // Name ::= CHOICE {
+ // RDNSequence }
+ // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ // RelativeDistinguishedName ::=
+ // SET OF AttributeTypeAndValue
+ // AttributeTypeAndValue ::= SEQUENCE {
+ // type AttributeType,
+ // value AttributeValue }
+ // AttributeType ::= OBJECT IDENTIFIER
+ // AttributeValue ::= ANY DEFINED BY AttributeType
+ info.set( X509CertInfo.SUBJECT, subject );
+
+ // subjectPublicKeyInfo SubjectPublicKeyInfo,
+ // SubjectPublicKeyInfo ::= SEQUENCE {
+ // algorithm AlgorithmIdentifier,
+ // subjectPublicKey BIT STRING }
+ info.set( X509CertInfo.KEY, new CertificateX509Key( keyPair.getPublic() ) );
+
+ // Extensions. Basically, a subjectAltName and a Basic-Constraint
+ CertificateExtensions extensions = new CertificateExtensions();
+
+ // SubjectAltName
+ GeneralNames names = new GeneralNames();
+ names.add( new GeneralName( new DNSName( InetAddress.getLocalHost().getHostName() ) ) );
+ String ipAddress = InetAddress.getLocalHost().getHostAddress();
+ names.add( new GeneralName( new IPAddressName( ipAddress ) ) );
+
+ // A wildcard
+ //names.add( new GeneralName(
+ // new DNSName(
+ // new DerValue(
+ // DerValue.tag_IA5String, "*.apache.org" ) ) ) );
+ SubjectAlternativeNameExtension subjectAltName = new SubjectAlternativeNameExtension( names );
+
+ extensions.set( subjectAltName.getExtensionId().toString(), subjectAltName );
+
+ // The Basic-Constraint,
+ BasicConstraintsExtension basicConstraint = new BasicConstraintsExtension( CRITICAL, isCA, -1 );
+ extensions.set( basicConstraint.getExtensionId().toString(), basicConstraint );
+
+ // Inject the extensions into the cert
+ info.set( X509CertInfo.EXTENSIONS, extensions );
+ }
+
+
+ /**
+ * Create a self signed certificate
+ *
+ * @param issuer The Issuer (�which is the same as the subject
+ * @param keyPair The asymmetric keyPair
+ * @param days Validity number of days
+ * @param algoStr Algorithm
+ * @return A self signed CA certificate
+ * @throws CertificateException If the info store din the certificate is invalid
+ * @throws IOException If we can't store some info in the certificate
+ * @throws NoSuchAlgorithmException If the algorithm does not exist
+ * @throws SignatureException If the certificate cannot be signed
+ * @throws NoSuchProviderException If we don't have a security provider
+ * @throws InvalidKeyException If the KeyPair is invalid
+ */
+ public static X509Certificate generateSelfSignedCertificate( X500Name issuer, KeyPair keyPair, int days, String algoStr )
+ throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
+ {
+ // Create the certificate info
+ X509CertInfo info = new X509CertInfo();
+
+ // Set the common certificate info
+ setInfo( info, issuer, issuer, keyPair, days, algoStr, SELF_SIGNED );
+
+ // Sign the cert to identify the algorithm that's used.
+ X509CertImpl certificate = new X509CertImpl( info );
+ certificate.sign( keyPair.getPrivate(), algoStr );
+
+ return certificate;
+ }
+
+
+ /**
+ * Generate a Certificate signed by a CA certificate
+ *
+ * @param issuer The Issuer (�which is the same as the subject
+ * @param keyPair The asymmetric keyPair
+ * @param days Validity number of days
+ * @param algoStr Algorithm
+ * @return A self signed CA certificate
+ * @throws CertificateException If the info store din the certificate is invalid
+ * @throws IOException If we can't store some info in the certificate
+ * @throws NoSuchAlgorithmException If the algorithm does not exist
+ * @throws SignatureException If the certificate cannot be signed
+ * @throws NoSuchProviderException If we don't have a security provider
+ * @throws InvalidKeyException If the KeyPair is invalid
+ */
+ public static X509Certificate generateCertificate( X500Name subject, X500Name issuer, KeyPair keyPair, int days, String algoStr )
+ throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
+ {
+ // Create the certificate info
+ X509CertInfo info = new X509CertInfo();
+
+ // Set the common certificate info
+ setInfo( info, subject, issuer, keyPair, days, algoStr, CA_SIGNED );
+
+ // Sign the cert to identify the algorithm that's used.
+ X509CertImpl certificate = new X509CertImpl( info );
+ certificate.sign( keyPair.getPrivate(), algoStr );
+
+ return certificate;
+ }
+
+
+ /**
+ * Loads the digital certificate from a keystore file
+ *
+ * @param keyStoreFile The KeyStore file to load
+ * @param keyStorePasswordStr The KeyStore password
+ * @return The KeyManager factory it created
+ * @throws Exception If the KeyStore can't be loaded
+ */
+ public static KeyManagerFactory loadKeyStore( String keyStoreFile, String keyStorePasswordStr ) throws Exception
+ {
+ char[] keyStorePassword = Strings.isEmpty( keyStorePasswordStr ) ? null : keyStorePasswordStr.toCharArray();
+
+ if ( !Strings.isEmpty( keyStoreFile ) )
+ {
+ // We have a provided KeyStore file: read it
+ KeyStore keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+
+ try ( InputStream is = Files.newInputStream( Paths.get( keyStoreFile ) ) )
+ {
+ keyStore.load( is, keyStorePassword );
+ }
+
+ /*
+ * Verify key store:
+ * * Must only contain one entry which must be a key entry
+ * * Must contain a certificate chain
+ * * The private key must be recoverable by the key store password
+ */
+ Enumeration<String> aliases = keyStore.aliases();
+
+ if ( !aliases.hasMoreElements() )
+ {
+ throw new KeyStoreException( "Key store is empty" );
+ }
+
+ String alias = aliases.nextElement();
+
+ if ( aliases.hasMoreElements() )
+ {
+ throw new KeyStoreException( "Key store contains more than one entry" );
+ }
+
+ if ( !keyStore.isKeyEntry( alias ) )
+ {
+ throw new KeyStoreException( "Key store must contain a key entry" );
+ }
+
+ if ( keyStore.getCertificateChain( alias ) == null )
+ {
+ throw new KeyStoreException( "Key store must contain a certificate chain" );
+ }
+
+ if ( keyStore.getKey( alias, keyStorePassword ) == null )
+ {
+ throw new KeyStoreException( "Private key must be recoverable by the key store password" );
+ }
+
+ // Set up key manager factory to use our key store
+ String algorithm = Security.getProperty( "ssl.KeyManagerFactory.algorithm" );
+
+ if ( algorithm == null )
+ {
+ algorithm = KeyManagerFactory.getDefaultAlgorithm();
+ }
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( algorithm );
+
+ keyManagerFactory.init( keyStore, keyStorePassword );
+
+ return keyManagerFactory;
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+
+ public static File createTempKeyStore( String keyStoreName ) throws IOException, KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException
+ {
+ // Create a temporary keystore, be sure to remove it when exiting the test
+ File keyStoreFile = File.createTempFile( keyStoreName, "ks" );
+ keyStoreFile.deleteOnExit();
+
+ KeyStore keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+ char[] keyStorePassword = "secret".toCharArray();
+
+ try ( InputStream keyStoreData = new FileInputStream( keyStoreFile ) )
+ {
+ keyStore.load( null, keyStorePassword );
+ }
+
+ // Generate the asymmetric keys, using EC algorithm
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( "EC" );
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+ // Generate the subject's name
+ @SuppressWarnings("restriction")
+ X500Name owner = new X500Name( "apacheds", "directory", "apache", "US" );
+
+ // Create the self-signed certificate
+ X509Certificate certificate = CertificateUtil.generateSelfSignedCertificate( owner, keyPair, 365, "SHA256WithECDSA" );
+
+ keyStore.setKeyEntry( "apachedsKey", keyPair.getPrivate(), keyStorePassword, new X509Certificate[] { certificate } );
+
+ FileOutputStream out = new FileOutputStream( keyStoreFile );
+ keyStore.store( out, keyStorePassword );
+
+ return keyStoreFile;
+ }
+}
diff --git a/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java b/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java
index 9daa881..c59f91b 100644
--- a/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java
+++ b/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java
@@ -24,7 +24,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
-import java.security.KeyPair;
+import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
@@ -62,6 +62,7 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
private static final Logger LOG = LoggerFactory.getLogger( CoreKeyStoreSpi.class );
private DirectoryService directoryService;
+ private KeyStore keyStore;
/**
@@ -73,6 +74,12 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
LOG.debug( "Constructor called." );
this.directoryService = directoryService;
}
+
+
+ public void setKeyStore( KeyStore keyStore )
+ {
+ this.keyStore = keyStore;
+ }
private Entry getTlsEntry() throws LdapException
@@ -128,8 +135,9 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
{
try
{
- Entry entry = getTlsEntry();
- return TlsKeyGenerator.getCertificate( entry );
+ return keyStore.getCertificate( alias );
+ //Entry entry = getTlsEntry();
+ //return TlsKeyGenerator.getCertificate( entry );
}
catch ( Exception e )
{
@@ -153,6 +161,7 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
{
LOG.debug( "Certificate in alias request is X.509 based." );
X509Certificate xcert = ( X509Certificate ) cert;
+
if ( xcert.getIssuerDN().toString().equals( TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN ) )
{
return APACHEDS_ALIAS;
@@ -161,12 +170,20 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
try
{
+ Certificate certificate = keyStore.getCertificate( APACHEDS_ALIAS );
+
+ if ( Objects.deepEquals( cert.getEncoded(), certificate.getEncoded() ) )
+ {
+ return APACHEDS_ALIAS;
+ }
+ /*
Entry entry = getTlsEntry();
if ( Objects.deepEquals( cert.getEncoded(), entry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ).getBytes() ) )
{
return APACHEDS_ALIAS;
}
+ */
}
catch ( Exception e )
{
@@ -189,7 +206,10 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
Entry entry = getTlsEntry();
LOG.debug( "Entry:\n{}", entry );
return new Certificate[]
- { TlsKeyGenerator.getCertificate( entry ) };
+ {
+ keyStore.getCertificate( alias )
+ };
+ //{ TlsKeyGenerator.getCertificate( entry ) };
}
catch ( Exception e )
{
@@ -221,9 +241,12 @@ public class CoreKeyStoreSpi extends KeyStoreSpi
try
{
+ return keyStore.getKey( alias, password );
+ /*
Entry entry = getTlsEntry();
KeyPair keyPair = TlsKeyGenerator.getKeyPair( entry );
return keyPair.getPrivate();
+ */
}
catch ( Exception e )
{
diff --git a/core/src/test/java/org/apache/directory/server/core/security/CertificateUtilTest.java b/core/src/test/java/org/apache/directory/server/core/security/CertificateUtilTest.java
new file mode 100644
index 0000000..2ccc5a5
--- /dev/null
+++ b/core/src/test/java/org/apache/directory/server/core/security/CertificateUtilTest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.security;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.cert.X509Certificate;
+
+import org.junit.Test;
+
+import sun.security.x509.X500Name;
+
+/**
+ * Test for the CertificateUtil class.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@SuppressWarnings("restriction")
+public class CertificateUtilTest
+{
+
+ @Test
+ public void testSelfSignedCertificateCreation() throws IOException, GeneralSecurityException
+ {
+ // Generate the subject's name
+ X500Name owner = new X500Name( "apacheds", "directory", "apache", "US" );
+
+
+ // generate the asymetric keys
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( "EC" );
+ keyPairGenerator.initialize( 256 );
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+
+ X509Certificate certificate = CertificateUtil.generateSelfSignedCertificate( owner, keyPair, 3650, "SHA256WithECDSA" );
+ System.out.println( certificate );
+ }
+}
diff --git a/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java b/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
index 07360de..e487384 100644
--- a/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
+++ b/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
@@ -36,6 +36,7 @@ import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Network;
+import org.apache.directory.ldap.client.api.LdapClientTrustStoreManager;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
@@ -160,7 +161,8 @@ public class LdapSSLConnectionTest extends AbstractLdapTestUnit
public void testBindRequestSSLWithTrustManager() throws Exception
{
try ( LdapNetworkConnection connection =
- new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), new NoVerificationTrustManager() ) )
+ new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(),
+ new LdapClientTrustStoreManager( ldapServer.getKeystoreFile(), new char[] {'s', 'e', 'c', 'r', 'e', 't' }, null, true ) ) )
{
connection.bind( "uid=admin,ou=system", "secret" );
@@ -261,7 +263,7 @@ public class LdapSSLConnectionTest extends AbstractLdapTestUnit
@Test
public void testStartTLS() throws Exception
{
- tlsConfig.setTrustManagers( new X509TrustManager[] { new NoVerificationTrustManager() } );
+ tlsConfig.setTrustManagers( new X509TrustManager[] { new LdapClientTrustStoreManager( ldapServer.getKeystoreFile(), new char[] {'s', 'e', 'c', 'r', 'e', 't' }, null, true ) } );
try ( LdapNetworkConnection connection =
new LdapNetworkConnection( tlsConfig ) )
diff --git a/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerCoreOsgiTest.java b/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerCoreOsgiTest.java
index 0e4069c..c808203 100644
--- a/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerCoreOsgiTest.java
+++ b/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerCoreOsgiTest.java
@@ -42,7 +42,6 @@ public class ServerCoreOsgiTest extends ServerOsgiTestBase
{
DefaultDirectoryService ds = new DefaultDirectoryService();
new DefaultOperationManager( ds );
- new CoreKeyStoreSpi( ds );
TlsKeyGenerator.addKeyPair( new DefaultEntry() );
}
diff --git a/pom.xml b/pom.xml
index 30af46c..48c5405 100644
--- a/pom.xml
+++ b/pom.xml
@@ -78,7 +78,7 @@
<maven.artifact.version>3.3.9</maven.artifact.version>
<maven.plugin.api.version>3.3.9</maven.plugin.api.version>
<maven.project.version>3.0-alpha-2</maven.project.version>
- <mina.core.version>2.1.2-SNAPSHOT</mina.core.version>
+ <mina.core.version>2.1.2</mina.core.version>
<org.apache.felix.version>6.0.0</org.apache.felix.version>
<pax-exam.version>4.11.0</pax-exam.version>
<pax-url.version>2.5.4</pax-url.version>
diff --git a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
index aef2a7e..df5323e 100644
--- a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
+++ b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
@@ -21,16 +21,8 @@ package org.apache.directory.server.ldap;
import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.Provider;
-import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -67,10 +59,9 @@ import org.apache.directory.api.ldap.model.message.SearchResultEntry;
import org.apache.directory.api.ldap.model.message.SearchResultReference;
import org.apache.directory.api.ldap.model.message.UnbindRequest;
import org.apache.directory.api.ldap.model.message.extended.NoticeOfDisconnect;
-import org.apache.directory.api.util.Strings;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.partition.PartitionNexus;
-import org.apache.directory.server.core.security.CoreKeyStoreSpi;
+import org.apache.directory.server.core.security.CertificateUtil;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.handlers.LdapRequestHandler;
import org.apache.directory.server.ldap.handlers.LdapResponseHandler;
@@ -247,9 +238,6 @@ public class LdapServer extends DirectoryBackedService
*/
private boolean confidentialityRequired;
- /** The used Keystore */
- private KeyStore keyStore = null;
-
private List<IoFilterChainBuilder> chainBuilders = new ArrayList<>();
/** The handler responsible for the replication */
@@ -363,86 +351,6 @@ public class LdapServer extends DirectoryBackedService
/**
- * Loads the digital certificate either from a keystore file or from the admin entry in DIT
- *
- * @throws Exception If the KeyStore can't be loaded
- */
- public void loadKeyStore() throws Exception
- {
- char[] keyStorePassword = Strings.isEmpty( certificatePassword ) ? null : certificatePassword.toCharArray();
-
- if ( Strings.isEmpty( keystoreFile ) )
- {
- Provider provider = Security.getProvider( "SUN" );
- LOG.debug( "provider = {}", provider );
- CoreKeyStoreSpi coreKeyStoreSpi = new CoreKeyStoreSpi( getDirectoryService() );
- keyStore = new KeyStore( coreKeyStoreSpi, provider, KeyStore.getDefaultType() )
- {
- };
-
- try
- {
- keyStore.load( null, null );
- }
- catch ( Exception e )
- {
- // nothing really happens with this keystore
- }
- }
- else
- {
- keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
-
- try ( InputStream is = Files.newInputStream( Paths.get( keystoreFile ) ) )
- {
- keyStore.load( is, keyStorePassword );
- }
- }
-
- /*
- * Verify key store:
- * * Must only contain one entry which must be a key entry
- * * Must contain a certificate chain
- * * The private key must be recoverable by the key store password
- */
- Enumeration<String> aliases = keyStore.aliases();
- if ( !aliases.hasMoreElements() )
- {
- throw new KeyStoreException( "Key store is empty" );
- }
- String alias = aliases.nextElement();
- if ( aliases.hasMoreElements() )
- {
- throw new KeyStoreException( "Key store contains more than one entry" );
- }
- if ( !keyStore.isKeyEntry( alias ) )
- {
- throw new KeyStoreException( "Key store must contain a key entry" );
- }
- if ( keyStore.getCertificateChain( alias ) == null )
- {
- throw new KeyStoreException( "Key store must contain a certificate chain" );
- }
- if ( keyStore.getKey( alias, keyStorePassword ) == null )
- {
- throw new KeyStoreException( "Private key must be recoverable by the key store password" );
- }
-
- // Set up key manager factory to use our key store
- String algorithm = Security.getProperty( "ssl.KeyManagerFactory.algorithm" );
-
- if ( algorithm == null )
- {
- algorithm = KeyManagerFactory.getDefaultAlgorithm();
- }
-
- keyManagerFactory = KeyManagerFactory.getInstance( algorithm );
-
- keyManagerFactory.init( keyStore, keyStorePassword );
- }
-
-
- /**
* reloads the SSL context by replacing the existing SslFilter
* with a new SslFilter after reloading the keystore.
*
@@ -458,7 +366,7 @@ public class LdapServer extends DirectoryBackedService
LOG.info( "reloading SSL context..." );
- loadKeyStore();
+ keyManagerFactory = CertificateUtil.loadKeyStore( keystoreFile, certificatePassword );
String sslFilterName = "sslFilter";
@@ -510,7 +418,7 @@ public class LdapServer extends DirectoryBackedService
return;
}
- loadKeyStore();
+ keyManagerFactory = CertificateUtil.loadKeyStore( keystoreFile, certificatePassword );
/*
* The server is now initialized, we can
diff --git a/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java b/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java
index 6dfd003..7b17dd3 100644
--- a/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java
+++ b/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java
@@ -19,6 +19,7 @@
package org.apache.directory.server.factory;
+import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
@@ -38,6 +39,7 @@ import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.AnnotationUtils;
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.security.CertificateUtil;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.ChangePasswordConfig;
import org.apache.directory.server.kerberos.KerberosConfig;
@@ -148,6 +150,20 @@ public final class ServerAnnotationProcessor
ldapServer.setKeystoreFile( createLdapServer.keyStore() );
ldapServer.setCertificatePassword( createLdapServer.certificatePassword() );
}
+ else
+ {
+ try
+ {
+ // Create a temporary keystore, be sure to remove it when exiting the test
+ File keyStoreFile = CertificateUtil.createTempKeyStore( "testStore" );
+ ldapServer.setKeystoreFile( keyStoreFile.getAbsolutePath() );
+ ldapServer.setCertificatePassword( "secret" );
+ }
+ catch ( Exception e )
+ {
+
+ }
+ }
for ( Class<?> extOpClass : createLdapServer.extendedOpHandlers() )
{
diff --git a/server-annotations/src/test/java/org/apache/directory/server/factory/DirectoryServiceAnnotationTest.java b/server-annotations/src/test/java/org/apache/directory/server/factory/DirectoryServiceAnnotationTest.java
index b0c14cb..04b77da 100644
--- a/server-annotations/src/test/java/org/apache/directory/server/factory/DirectoryServiceAnnotationTest.java
+++ b/server-annotations/src/test/java/org/apache/directory/server/factory/DirectoryServiceAnnotationTest.java
@@ -173,6 +173,7 @@ public class DirectoryServiceAnnotationTest
@Test
@CreateDS(
name = "MethodDSWithPartitionAndServer",
+
partitions =
{
@CreatePartition(
@@ -192,6 +193,7 @@ public class DirectoryServiceAnnotationTest
})
})
@CreateLdapServer(
+ keyStore = "",
transports =
{
@CreateTransport(protocol = "LDAP"),
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java b/server-integ/src/test/java/org/apache/directory/server/ssl/AdsSSLSocketFactory.java
similarity index 89%
rename from server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java
rename to server-integ/src/test/java/org/apache/directory/server/ssl/AdsSSLSocketFactory.java
index 116368f..bd33ad7 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/AdsSSLSocketFactory.java
@@ -27,29 +27,30 @@ import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocketFactory;
/**
* Simple Socket factory to create sockets with or without SSL enabled.
- * If SSL enabled a "bougus" SSL Context is used (suitable for test purposes)
+ * If SSL enabled a "bogus" SSL Context is used (suitable for test purposes)
*
*/
-public class SSLSocketFactory extends SocketFactory
+public class AdsSSLSocketFactory extends SocketFactory
{
private static boolean sslEnabled = true;
- private static javax.net.ssl.SSLSocketFactory sslFactory = null;
+ private static SSLSocketFactory sslFactory = null;
private static javax.net.SocketFactory factory = null;
public static SocketFactory getDefault()
{
- return new SSLSocketFactory();
+ return new AdsSSLSocketFactory();
}
- public SSLSocketFactory()
+ public AdsSSLSocketFactory()
{
super();
}
@@ -112,13 +113,13 @@ public class SSLSocketFactory extends SocketFactory
{
if ( factory == null )
{
- factory = new SSLSocketFactory();
+ factory = new AdsSSLSocketFactory();
}
return factory;
}
- private javax.net.ssl.SSLSocketFactory getSSLFactory()
+ private SSLSocketFactory getSSLFactory()
{
if ( sslFactory == null )
{
@@ -131,6 +132,7 @@ public class SSLSocketFactory extends SocketFactory
throw new RuntimeException( "could not create SSL socket", e );
}
}
+
return sslFactory;
}
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
index 2955d3e..79c2cd6 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
@@ -92,7 +92,7 @@ public class LdapsIT extends AbstractLdapTestUnit
env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
env.put( "java.naming.provider.url", "ldap://" + Network.LOOPBACK_HOSTNAME + ":"
+ getLdapServer().getPortSSL() + "/ou=system" );
- env.put( "java.naming.ldap.factory.socket", SSLSocketFactory.class.getName() );
+ env.put( "java.naming.ldap.factory.socket", AdsSSLSocketFactory.class.getName() );
env.put( "java.naming.security.principal", "uid=admin,ou=system" );
env.put( "java.naming.security.credentials", "secret" );
env.put( "java.naming.security.authentication", "simple" );
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
index 9942bef..66a6c17 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
@@ -26,14 +26,10 @@ import static org.junit.Assert.assertNotNull;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
-import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.ModificationItem;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Network;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.annotations.CreateLdapServer;
@@ -42,7 +38,6 @@ import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler;
import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;
@@ -94,7 +89,7 @@ public class LdapsUpdateCertificateIT extends AbstractLdapTestUnit
env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
env.put( "java.naming.provider.url", "ldap://" + Network.LOOPBACK_HOSTNAME + ":"
+ getLdapServer().getPortSSL() + "/ou=system" );
- env.put( "java.naming.ldap.factory.socket", SSLSocketFactory.class.getName() );
+ env.put( "java.naming.ldap.factory.socket", AdsSSLSocketFactory.class.getName() );
env.put( "java.naming.security.principal", "uid=admin,ou=system" );
env.put( "java.naming.security.credentials", "secret" );
env.put( "java.naming.security.authentication", "simple" );
@@ -113,34 +108,22 @@ public class LdapsUpdateCertificateIT extends AbstractLdapTestUnit
env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
env.put( "java.naming.provider.url", "ldaps://" + Network.LOOPBACK_HOSTNAME + ":"
+ getLdapServer().getPortSSL() );
- env.put( "java.naming.ldap.factory.socket", SSLSocketFactory.class.getName() );
+ env.put( "java.naming.ldap.factory.socket", AdsSSLSocketFactory.class.getName() );
env.put( "java.naming.security.principal", "uid=admin,ou=system" );
env.put( "java.naming.security.credentials", "secret" );
env.put( "java.naming.security.authentication", "simple" );
- InitialDirContext ctx = new InitialDirContext( env );
+ new InitialDirContext( env );
// create a new certificate
- String newIssuerDN = "cn=new_issuer_dn";
- String newSubjectDN = "cn=new_subject_dn";
- Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
- new Dn( "uid=admin,ou=system" ) );
- TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
+ String newIssuerDN = "new_issuer_dn";
+ String newSubjectDN = "new_subject_dn";
+ changeCertificate( ldapServer.getKeystoreFile(), "secret", newIssuerDN, newSubjectDN, 365, "SHA256WithECDSA" );
// now update the certificate (over the wire)
- ModificationItem[] mods = new ModificationItem[3];
- mods[0] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
- TlsKeyGenerator.PRIVATE_KEY_AT, entry.get( TlsKeyGenerator.PRIVATE_KEY_AT ).getBytes() ) );
- mods[1] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
- TlsKeyGenerator.PUBLIC_KEY_AT, entry.get( TlsKeyGenerator.PUBLIC_KEY_AT ).getBytes() ) );
- mods[2] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
- TlsKeyGenerator.USER_CERTIFICATE_AT, entry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ).getBytes() ) );
- ctx.modifyAttributes( "uid=admin,ou=system", mods );
- ctx.close();
-
getLdapServer().reloadSslContext();
// create a secure connection
- ctx = new InitialDirContext( env );
+ new InitialDirContext( env );
// check the received certificate, it must contain the updated server certificate
X509Certificate[] lastReceivedServerCertificates = BogusTrustManagerFactory.lastReceivedServerCertificates;
@@ -151,9 +134,8 @@ public class LdapsUpdateCertificateIT extends AbstractLdapTestUnit
// converting the values to lowercase is required cause the certificate is
// having attribute names in capital letters e.c the above newIssuerDN will be present as CN=new_issuer_dn
assertEquals( "Expected the new certificate with the new issuer",
- Strings.toLowerCaseAscii( newIssuerDN ), Strings.toLowerCaseAscii( issuerDN ) );
+ Strings.toLowerCaseAscii( issuerDN ), Strings.toLowerCaseAscii( "CN=new_issuer_dn, OU=directory, O=apache, C=US" ) );
assertEquals( "Expected the new certificate with the new subject",
- Strings.toLowerCaseAscii( newSubjectDN ), Strings.toLowerCaseAscii( subjectDN ) );
+ Strings.toLowerCaseAscii( subjectDN ), Strings.toLowerCaseAscii( "CN=new_subject_dn, OU=directory, O=apache, C=US" ) );
}
-
}
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsConfidentialityIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsConfidentialityIT.java
index 79698cd..7a1d446 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsConfidentialityIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsConfidentialityIT.java
@@ -24,12 +24,6 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
@@ -52,13 +46,10 @@ import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Network;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.integ.ServerIntegrationUtils;
@@ -94,9 +85,6 @@ import org.slf4j.LoggerFactory;
public class StartTlsConfidentialityIT extends AbstractLdapTestUnit
{
private static final Logger LOG = LoggerFactory.getLogger( StartTlsConfidentialityIT.class );
- private static final String[] CERT_IDS = new String[]
- { "userCertificate" };
- private File ksFile;
boolean oldConfidentialityRequiredValue;
@@ -113,34 +101,12 @@ public class StartTlsConfidentialityIT extends AbstractLdapTestUnit
@Before
public void installKeyStoreWithCertificate() throws Exception
{
- if ( ksFile != null && ksFile.exists() )
- {
- ksFile.delete();
- }
-
- ksFile = File.createTempFile( "testStore", "ks" );
- CoreSession session = getLdapServer().getDirectoryService().getAdminSession();
- Entry entry = session.lookup( new Dn( "uid=admin,ou=system" ), CERT_IDS );
- byte[] userCertificate = entry.get( CERT_IDS[0] ).getBytes();
- assertNotNull( userCertificate );
-
- try ( ByteArrayInputStream in = new ByteArrayInputStream( userCertificate ) )
- {
- CertificateFactory factory = CertificateFactory.getInstance( "X.509" );
- Certificate cert = factory.generateCertificate( in );
- KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
- ks.load( null, null );
- ks.setCertificateEntry( "apacheds", cert );
- ks.store( new FileOutputStream( ksFile ), "changeit".toCharArray() );
- LOG.debug( "Keystore file installed: {}", ksFile.getAbsolutePath() );
- }
-
oldConfidentialityRequiredValue = getLdapServer().isConfidentialityRequired();
- System.setProperty( "javax.net.ssl.trustStore", ksFile.getAbsolutePath() );
- System.setProperty( "javax.net.ssl.trustStorePassword", "changeit" );
- System.setProperty( "javax.net.ssl.keyStore", ksFile.getAbsolutePath() );
- System.setProperty( "javax.net.ssl.keyStorePassword", "changeit" );
+ System.setProperty( "javax.net.ssl.trustStore", ldapServer.getKeystoreFile() );
+ System.setProperty( "javax.net.ssl.trustStorePassword", "secret" );
+ System.setProperty( "javax.net.ssl.keyStore", ldapServer.getKeystoreFile() );
+ System.setProperty( "javax.net.ssl.keyStorePassword", "secret" );
}
@@ -151,12 +117,6 @@ public class StartTlsConfidentialityIT extends AbstractLdapTestUnit
@After
public void deleteKeyStore() throws Exception
{
- if ( ksFile != null && ksFile.exists() )
- {
- ksFile.delete();
- }
-
- LOG.debug( "Keystore file deleted: {}", ksFile.getAbsolutePath() );
getLdapServer().setConfidentialityRequired( oldConfidentialityRequiredValue );
System.clearProperty( "javax.net.ssl.trustStore" );
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
index 58b2402..d46d27a 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
@@ -21,15 +21,8 @@ package org.apache.directory.server.ssl;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
@@ -45,13 +38,10 @@ import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Network;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
@@ -82,15 +72,13 @@ import org.slf4j.LoggerFactory;
@CreateTransport(protocol = "LDAPS")
},
extendedOpHandlers =
- { StartTlsHandler.class })
+ { StartTlsHandler.class }
+ )
public class StartTlsIT extends AbstractLdapTestUnit
{
private static final Logger LOG = LoggerFactory.getLogger( StartTlsIT.class );
- private static final String[] CERT_IDS = new String[]
- { "userCertificate" };
private static final int CONNECT_ITERATIONS = 10;
private static final boolean VERBOSE = false;
- private File ksFile;
boolean oldConfidentialityRequiredValue;
@@ -108,34 +96,12 @@ public class StartTlsIT extends AbstractLdapTestUnit
@Before
public void installKeyStoreWithCertificate() throws Exception
{
- if ( ksFile != null && ksFile.exists() )
- {
- ksFile.delete();
- }
-
- ksFile = File.createTempFile( "testStore", "ks" );
- CoreSession session = getLdapServer().getDirectoryService().getAdminSession();
- Entry entry = session.lookup( new Dn( "uid=admin,ou=system" ), CERT_IDS );
- byte[] userCertificate = entry.get( CERT_IDS[0] ).getBytes();
- assertNotNull( userCertificate );
-
- try ( ByteArrayInputStream in = new ByteArrayInputStream( userCertificate ) )
- {
- CertificateFactory factory = CertificateFactory.getInstance( "X.509" );
- Certificate cert = factory.generateCertificate( in );
- KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
- ks.load( null, null );
- ks.setCertificateEntry( "apacheds", cert );
- ks.store( new FileOutputStream( ksFile ), "changeit".toCharArray() );
- LOG.debug( "Keystore file installed: {}", ksFile.getAbsolutePath() );
- }
-
oldConfidentialityRequiredValue = getLdapServer().isConfidentialityRequired();
- System.setProperty( "javax.net.ssl.trustStore", ksFile.getAbsolutePath() );
- System.setProperty( "javax.net.ssl.trustStorePassword", "changeit" );
- System.setProperty( "javax.net.ssl.keyStore", ksFile.getAbsolutePath() );
- System.setProperty( "javax.net.ssl.keyStorePassword", "changeit" );
+ System.setProperty( "javax.net.ssl.trustStore", ldapServer.getKeystoreFile() );
+ System.setProperty( "javax.net.ssl.trustStorePassword", "secret" );
+ System.setProperty( "javax.net.ssl.keyStore", ldapServer.getKeystoreFile() );
+ System.setProperty( "javax.net.ssl.keyStorePassword", "secret" );
}
@@ -145,12 +111,6 @@ public class StartTlsIT extends AbstractLdapTestUnit
@After
public void deleteKeyStore() throws Exception
{
- if ( ksFile != null && ksFile.exists() )
- {
- ksFile.delete();
- }
-
- LOG.debug( "Keystore file deleted: {}", ksFile.getAbsolutePath() );
getLdapServer().setConfidentialityRequired( oldConfidentialityRequiredValue );
System.clearProperty( "javax.net.ssl.trustStore" );
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
index 385a09b..c8a50d0 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
@@ -23,18 +23,9 @@ package org.apache.directory.server.ssl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.ModificationItem;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
@@ -42,24 +33,18 @@ import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Network;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
@@ -84,11 +69,6 @@ import org.slf4j.LoggerFactory;
{ StartTlsHandler.class })
public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit
{
- private static final Logger LOG = LoggerFactory.getLogger( StartTlsUpdateCertificateIT.class );
- private static final String[] CERT_IDS = new String[]
- { "userCertificate" };
- private File ksFile;
-
boolean oldConfidentialityRequiredValue;
@@ -105,28 +85,6 @@ public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit
@Before
public void installKeyStoreWithCertificate() throws Exception
{
- if ( ksFile != null && ksFile.exists() )
- {
- ksFile.delete();
- }
-
- ksFile = File.createTempFile( "testStore", "ks" );
- CoreSession session = getLdapServer().getDirectoryService().getAdminSession();
- Entry entry = session.lookup( new Dn( "uid=admin,ou=system" ), CERT_IDS );
- byte[] userCertificate = entry.get( CERT_IDS[0] ).getBytes();
- assertNotNull( userCertificate );
-
- try ( ByteArrayInputStream in = new ByteArrayInputStream( userCertificate ) )
- {
- CertificateFactory factory = CertificateFactory.getInstance( "X.509" );
- Certificate cert = factory.generateCertificate( in );
- KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
- ks.load( null, null );
- ks.setCertificateEntry( "apacheds", cert );
- ks.store( new FileOutputStream( ksFile ), "changeit".toCharArray() );
- LOG.debug( "Keystore file installed: {}", ksFile.getAbsolutePath() );
- }
-
oldConfidentialityRequiredValue = getLdapServer().isConfidentialityRequired();
}
@@ -137,12 +95,6 @@ public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit
@After
public void deleteKeyStore() throws Exception
{
- if ( ksFile != null && ksFile.exists() )
- {
- ksFile.delete();
- }
-
- LOG.debug( "Keystore file deleted: {}", ksFile.getAbsolutePath() );
getLdapServer().setConfidentialityRequired( oldConfidentialityRequiredValue );
}
@@ -172,22 +124,10 @@ public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit
tls.negotiate( BogusSSLContextFactory.getInstance( false ).getSocketFactory() );
// create a new certificate
- String newIssuerDN = "cn=new_issuer_dn";
- String newSubjectDN = "cn=new_subject_dn";
- Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
- new Dn( "uid=admin,ou=system" ) );
- TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
-
- // now update the certificate (over the wire)
- ModificationItem[] mods = new ModificationItem[3];
- mods[0] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
- TlsKeyGenerator.PRIVATE_KEY_AT, entry.get( TlsKeyGenerator.PRIVATE_KEY_AT ).getBytes() ) );
- mods[1] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
- TlsKeyGenerator.PUBLIC_KEY_AT, entry.get( TlsKeyGenerator.PUBLIC_KEY_AT ).getBytes() ) );
- mods[2] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(
- TlsKeyGenerator.USER_CERTIFICATE_AT, entry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ).getBytes() ) );
- ctx.modifyAttributes( "uid=admin,ou=system", mods );
- ctx.close();
+ // create a new certificate
+ String newIssuerDN = "new_issuer_dn";
+ String newSubjectDN = "new_subject_dn";
+ changeCertificate( ldapServer.getKeystoreFile(), "secret", newIssuerDN, newSubjectDN, 365, "SHA256WithECDSA" );
getLdapServer().reloadSslContext();
@@ -201,6 +141,7 @@ public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit
return true;
}
} );
+
tls.negotiate( BogusSSLContextFactory.getInstance( false ).getSocketFactory() );
// check the received certificate, it must contain the updated server certificate
@@ -209,9 +150,9 @@ public class StartTlsUpdateCertificateIT extends AbstractLdapTestUnit
assertEquals( 1, lastReceivedServerCertificates.length );
String issuerDN = lastReceivedServerCertificates[0].getIssuerDN().getName();
String subjectDN = lastReceivedServerCertificates[0].getSubjectDN().getName();
- assertEquals( "Expected the new certificate with the new issuer", Strings.toLowerCaseAscii( newIssuerDN ),
- Strings.toLowerCaseAscii( issuerDN ) );
- assertEquals( "Expected the new certificate with the new subject", Strings.toLowerCaseAscii( newSubjectDN ),
- Strings.toLowerCaseAscii( subjectDN ) );
+ assertEquals( "Expected the new certificate with the new issuer",
+ Strings.toLowerCaseAscii( issuerDN ), Strings.toLowerCaseAscii( "CN=new_issuer_dn, OU=directory, O=apache, C=US" ) );
+ assertEquals( "Expected the new certificate with the new subject",
+ Strings.toLowerCaseAscii( subjectDN ), Strings.toLowerCaseAscii( "CN=new_subject_dn, OU=directory, O=apache, C=US" ) );
}
}
diff --git a/service/src/main/java/org/apache/directory/server/ApacheDsService.java b/service/src/main/java/org/apache/directory/server/ApacheDsService.java
index 2ae1b46..1f85d22 100644
--- a/service/src/main/java/org/apache/directory/server/ApacheDsService.java
+++ b/service/src/main/java/org/apache/directory/server/ApacheDsService.java
@@ -21,7 +21,14 @@ package org.apache.directory.server;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -75,6 +82,7 @@ import org.apache.directory.server.core.api.interceptor.context.ModifyOperationC
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.api.schema.SchemaPartition;
import org.apache.directory.server.core.partition.ldif.LdifPartition;
+import org.apache.directory.server.core.security.CertificateUtil;
import org.apache.directory.server.core.shared.DefaultDnFactory;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.integration.http.HttpServer;
@@ -84,12 +92,15 @@ import org.apache.directory.server.ntp.NtpServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import sun.security.x509.X500Name;
+
/**
* A class used to start various servers in a given {@link InstanceLayout}.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
+@SuppressWarnings("restriction")
public class ApacheDsService
{
/** A logger for this class */
@@ -195,7 +206,54 @@ public class ApacheDsService
dnFactory );
// start the LDAP server
- startLdap( directoryServiceBean.getLdapServerBean(), directoryService, startServers );
+ LdapServerBean ldapServerBean = directoryServiceBean.getLdapServerBean();
+
+ if ( ldapServerBean.getLdapServerKeystoreFile() == null )
+ {
+ File ldapServerKeystoreFile = instanceLayout.getKeyStoreFile();
+
+ if ( !ldapServerKeystoreFile.exists() )
+ {
+ // We need to create a KeyStore
+ ldapServerKeystoreFile.createNewFile();
+ ldapServerKeystoreFile.deleteOnExit();
+ ldapServerBean.setLdapServerCertificatePassword( "secret" );
+
+
+ KeyStore keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+ char[] keyStorePassword = "secret".toCharArray();
+
+ try ( InputStream keyStoreData = new FileInputStream( ldapServerKeystoreFile ) )
+ {
+ keyStore.load( null, keyStorePassword );
+ }
+
+ // Generate the asymmetric keys, using EC algorithm
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( "EC" );
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+ // Generate the subject's name
+ @SuppressWarnings("restriction")
+ X500Name owner = new X500Name( "apacheds", "directory", "apache", "US" );
+
+ // Create the self-signed certificate
+ X509Certificate certificate = CertificateUtil.generateSelfSignedCertificate( owner, keyPair, 365, "SHA256WithECDSA" );
+
+ keyStore.setKeyEntry( "apachedsKey", keyPair.getPrivate(), keyStorePassword, new X509Certificate[] { certificate } );
+
+ FileOutputStream out = new FileOutputStream( ldapServerKeystoreFile );
+ keyStore.store( out, keyStorePassword );
+ }
+
+ ldapServerBean.setLdapServerKeystoreFile( ldapServerKeystoreFile.getAbsolutePath() );
+ }
+
+ if ( ldapServerBean.getLdapServerCertificatePassword() == null )
+ {
+ ldapServerBean.setLdapServerCertificatePassword( "secret" );
+ }
+
+ startLdap( ldapServerBean, directoryService, startServers );
// start the NTP server
startNtp( directoryServiceBean.getNtpServerBean(), directoryService, startServers );
@@ -335,7 +393,7 @@ public class ApacheDsService
private DirectoryService initDirectoryService( InstanceLayout instanceLayout,
DirectoryServiceBean directoryServiceBean, CacheService cacheService, DnFactory dnFactory ) throws Exception
{
- LOG.info( "Initializing the DirectoryService..." );
+ LOG.info( "Initializing the DirectoryService..." );
long startTime = System.currentTimeMillis();
@@ -403,6 +461,8 @@ public class ApacheDsService
{
LOG.info( "Starting the LDAP server" );
long startTime = System.currentTimeMillis();
+
+ // Add a reference to the KeyStore file, or create one if missing
ldapServer = ServiceBuilder.createLdapServer( ldapServerBean, directoryService );
diff --git a/service/src/test/java/org/apache/directory/server/UberJarMainTest.java b/service/src/test/java/org/apache/directory/server/UberJarMainTest.java
index 35b605d..ce83a09 100644
--- a/service/src/test/java/org/apache/directory/server/UberJarMainTest.java
+++ b/service/src/test/java/org/apache/directory/server/UberJarMainTest.java
@@ -23,10 +23,16 @@ package org.apache.directory.server;
import static org.junit.Assert.fail;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
import java.net.UnknownHostException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
import java.util.Calendar;
-import org.apache.directory.api.util.FileUtils;
import org.apache.directory.api.ldap.codec.api.SchemaBinaryAttributeDetector;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
@@ -40,9 +46,13 @@ import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.partition.PartitionNexus;
+import org.apache.directory.server.core.security.CertificateUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+
+import sun.security.x509.X500Name;
+
import static org.junit.Assert.assertEquals;
@@ -61,12 +71,16 @@ public class UberJarMainTest
/** The UberjarMain */
private UberjarMain uberjarMain;
+
+ private KeyStore keyStore;
+ private File keyStoreFile;
@Before
public void create()
{
// Getting tmp directory
File tmpDirectory = new File( System.getProperty( "java.io.tmpdir" ) );
+ tmpDirectory.deleteOnExit();
// Creating an instance directory
Calendar calendar = Calendar.getInstance();
@@ -77,6 +91,43 @@ public class UberJarMainTest
// Creating the UberjarMain
uberjarMain = new UberjarMain();
+
+ try
+ {
+ // Create a temporary keystore, be sure to remove it when exiting the test
+ File keyStoreFile = File.createTempFile( "testStore", "ks" );
+ keyStoreFile.deleteOnExit();
+
+
+ keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+ char[] keyStorePassword = "secret".toCharArray();
+
+ try ( InputStream keyStoreData = new FileInputStream( keyStoreFile ) )
+ {
+ keyStore.load( null, keyStorePassword );
+ }
+
+ // Generate the asymmetric keys, using EC algorithm
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( "EC" );
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+ // Generate the subject's name
+ @SuppressWarnings("restriction")
+ X500Name owner = new X500Name( "apacheds", "directory", "apache", "US" );
+
+ // Create the self-signed certificate
+ X509Certificate certificate = CertificateUtil.generateSelfSignedCertificate( owner, keyPair, 365, "SHA256WithECDSA" );
+
+ keyStore.setKeyEntry( "apachedsKey", keyPair.getPrivate(), keyStorePassword, new X509Certificate[] { certificate } );
+
+ FileOutputStream out = new FileOutputStream( keyStoreFile );
+ keyStore.store( out, keyStorePassword );
+ }
+ catch ( Exception e )
+ {
+
+ }
+
}
@@ -87,11 +138,6 @@ public class UberJarMainTest
{
uberjarMain.stop();
}
-
- if ( instanceDirectory != null )
- {
- FileUtils.deleteDirectory( instanceDirectory );
- }
}
diff --git a/test-framework/src/main/java/org/apache/directory/server/core/integ/AbstractLdapTestUnit.java b/test-framework/src/main/java/org/apache/directory/server/core/integ/AbstractLdapTestUnit.java
index 17b6b4c..ffa4fe6 100644
--- a/test-framework/src/main/java/org/apache/directory/server/core/integ/AbstractLdapTestUnit.java
+++ b/test-framework/src/main/java/org/apache/directory/server/core/integ/AbstractLdapTestUnit.java
@@ -20,16 +20,30 @@
package org.apache.directory.server.core.integ;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.security.CertificateUtil;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.ldap.LdapServer;
+import sun.security.x509.X500Name;
+
/**
* An abstract class created to hold common elements.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
+@SuppressWarnings("restriction")
public abstract class AbstractLdapTestUnit
{
/** The used DirectoryService instance */
@@ -75,4 +89,34 @@ public abstract class AbstractLdapTestUnit
{
AbstractLdapTestUnit.kdcServer = kdcServer;
}
+
+
+ public void changeCertificate( String keyStoreFile, String password, String issuerDn, String subjectDn, int days, String algorithm )
+ throws IOException, GeneralSecurityException
+ {
+ KeyStore keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+ char[] keyStorePassword = password.toCharArray();
+
+ try ( InputStream keyStoreData = new FileInputStream( keyStoreFile ) )
+ {
+ keyStore.load( null, keyStorePassword );
+ }
+
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( "EC" );
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+ // Generate the subject's name
+ X500Name subject = new X500Name( subjectDn, "directory", "apache", "US" );
+
+ // Generate the issuer's name
+ X500Name issuer = new X500Name( issuerDn, "directory", "apache", "US" );
+
+ // Create the self-signed certificate
+ X509Certificate certificate = CertificateUtil.generateCertificate( subject, issuer, keyPair, days, algorithm );
+
+ keyStore.setKeyEntry( "apachedsKey", keyPair.getPrivate(), keyStorePassword, new X509Certificate[] { certificate } );
+
+ FileOutputStream out = new FileOutputStream( keyStoreFile );
+ keyStore.store( out, keyStorePassword );
+ }
}
diff --git a/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java b/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
index fa73e97..5722476 100644
--- a/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
+++ b/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
@@ -22,23 +22,15 @@ package org.apache.directory.server.core.integ;
import java.lang.reflect.Method;
import java.util.UUID;
-import org.apache.directory.api.ldap.model.entry.DefaultModification;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.ModificationOperation;
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.FileUtils;
import org.apache.directory.server.annotations.CreateKdcServer;
import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.changelog.ChangeLog;
import org.apache.directory.server.core.factory.DSAnnotationProcessor;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
import org.apache.directory.server.core.factory.PartitionFactory;
-import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.factory.ServerAnnotationProcessor;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.kdc.KdcServer;
@@ -140,8 +132,6 @@ public class FrameworkRunner extends BlockJUnit4ClassRunner
DSAnnotationProcessor.applyLdifs( getDescription(), directoryService );
}
- updateTlsKey( classDS );
-
// check if it has a LdapServerBuilder
// then use the DS created above
if ( classLdapServerBuilder != null )
@@ -267,8 +257,6 @@ public class FrameworkRunner extends BlockJUnit4ClassRunner
DSAnnotationProcessor.applyLdifs( methodDescription, methodDS );
directoryService = methodDS;
-
- updateTlsKey( directoryService );
}
else if ( classDS != null )
{
@@ -456,22 +444,4 @@ public class FrameworkRunner extends BlockJUnit4ClassRunner
dirService.revert( revision );
}
}
-
-
- private void updateTlsKey( DirectoryService ds ) throws LdapException
- {
- // Update TLS key for tests. Newer Java 8 releases consider RSA keys
- // with less than 1024 bits as insecure and such are disabled by default, see
- // http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html
- Entry adminEntry = ds.getAdminSession().lookup( new Dn( ServerDNConstants.ADMIN_SYSTEM_DN ) );
- TlsKeyGenerator.addKeyPair( adminEntry, TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN,
- TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN, "RSA", 1024 );
- Modification mod1 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
- adminEntry.get( TlsKeyGenerator.PRIVATE_KEY_AT ) );
- Modification mod2 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
- adminEntry.get( TlsKeyGenerator.PUBLIC_KEY_AT ) );
- Modification mod3 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
- adminEntry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ) );
- ds.getAdminSession().modify( adminEntry.getDn(), mod1, mod2, mod3 );
- }
}
[directory-server] 07/08: merge with Stefan's changes
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 5abfc740bbca48ba512395af49f9152bd620df06
Merge: c6f064d 0f043fb
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Wed Apr 17 17:10:54 2019 +0200
merge with Stefan's changes
.../server/core/factory/DSAnnotationProcessor.java | 3 -
.../factory/DefaultDirectoryServiceFactory.java | 6 -
core-api/pom.xml | 18 +-
.../directory/server/core/api/CacheService.java | 219 -----------------
.../server/core/api/DirectoryService.java | 14 --
.../core/api/partition/AbstractPartition.java | 14 --
.../server/core/api/partition/Partition.java | 8 -
.../server/core/api/schema/SchemaPartition.java | 9 -
.../src/main/resources/directory-cacheservice.xml | 268 ---------------------
.../server/core/api/MockDirectoryService.java | 15 --
core-shared/pom.xml | 7 +-
.../server/core/shared/DefaultDnFactory.java | 14 +-
.../shared/partition/DefaultPartitionNexus.java | 1 -
.../server/core/DefaultDirectoryService.java | 38 +--
interceptors/authz/pom.xml | 5 -
.../directory/server/core/authz/GroupCache.java | 55 ++---
interceptors/subtree/pom.xml | 7 +-
.../server/core/subtree/SubtreeEvaluatorTest.java | 13 +-
jdbm-partition/pom.xml | 2 +-
.../partition/impl/btree/jdbm/JdbmPartition.java | 26 +-
.../partition/impl/btree/jdbm/JdbmStoreTest.java | 9 +-
.../core/partition/tree/PartitionTreeTest.java | 6 +-
kerberos-codec/pom.xml | 6 +-
.../kerberos/shared/replay/ReplayCacheImpl.java | 38 +--
.../shared/replay/ReplayCacheImplTest.java | 100 ++++----
.../core/partition/ldif/LdifPartitionTest.java | 8 +-
...SingleFileLdifPartitionSingeValueAttribute.java | 9 +-
.../ldif/SingleFileLdifPartitionTest.java | 9 +-
mavibot-partition/pom.xml | 2 +-
.../impl/btree/mavibot/MavibotPartition.java | 19 +-
.../impl/btree/mavibot/MavibotStoreTest.java | 9 +-
.../osgi/integ/ServerCoreAnnotationsOsgiTest.java | 1 +
.../server/osgi/integ/ServerCoreApiOsgiTest.java | 2 -
.../osgi/integ/ServerCoreSharedOsgiTest.java | 9 +-
.../osgi/integ/ServerJdbmPartitionOsgiTest.java | 2 +-
.../osgi/integ/ServerMavibotPartitionOsgiTest.java | 2 +-
pom.xml | 18 ++
.../server/changepw/ChangePasswordServer.java | 2 -
protocol-kerberos/pom.xml | 6 +-
.../kerberos/changepwd/ChangePasswordServer.java | 5 +-
.../directory/server/kerberos/kdc/KdcServer.java | 5 +-
.../server/config/ConfigPartitionInitializer.java | 7 +-
.../config/ChangePasswordConfigReaderTest.java | 8 +-
.../server/config/ConfigPartitionReaderTest.java | 8 +-
.../directory/server/config/ConfigWriterTest.java | 8 +-
.../server/config/HttpServerConfigReaderTest.java | 8 +-
.../config/KerberosServerConfigReaderTest.java | 8 +-
.../server/config/LdapServerConfigReaderTest.java | 8 +-
.../server/replication/ClientInitialRefreshIT.java | 2 +-
.../apache/directory/server/ApacheDsService.java | 36 +--
xdbm-partition/pom.xml | 3 +-
.../impl/btree/AbstractBTreePartition.java | 49 ++--
.../org/apache/directory/server/xdbm/Store.java | 4 +-
.../search/evaluator/SubtreeScopeEvaluator.java | 2 +-
.../xdbm/search/impl/DefaultSearchEngine.java | 2 +-
.../directory/server/xdbm/PartitionTest.java | 6 -
.../server/xdbm/impl/avl/AvlPartitionTest.java | 8 +-
.../server/xdbm/search/impl/AndCursorTest.java | 6 -
.../server/xdbm/search/impl/EqualityTest.java | 8 +-
.../xdbm/search/impl/GreaterEqNotIndexedTest.java | 8 +-
.../server/xdbm/search/impl/GreaterEqTest.java | 9 +-
.../server/xdbm/search/impl/LessEqTest.java | 9 +-
.../server/xdbm/search/impl/NestedFilterTest.java | 5 -
.../server/xdbm/search/impl/NotCursorTest.java | 5 -
.../server/xdbm/search/impl/OrCursorTest.java | 5 -
.../server/xdbm/search/impl/PresenceTest.java | 12 +-
.../server/xdbm/search/impl/SubstringTest.java | 9 +-
67 files changed, 223 insertions(+), 1029 deletions(-)
diff --cc pom.xml
index 48c5405,8d26e5d..8232698
--- a/pom.xml
+++ b/pom.xml
@@@ -24,7 -24,7 +24,8 @@@
<parent>
<groupId>org.apache.directory.project</groupId>
<artifactId>project</artifactId>
+ <version>42</version>
+ <version>44</version>
<relativePath />
</parent>
@@@ -57,15 -57,14 +58,19 @@@
<ant.version>1.10.1</ant.version>
<bcprov.version>1.60</bcprov.version>
<commons.cli.version>1.4</commons.cli.version>
+ <commons.codec.version>1.11</commons.codec.version>
+ <commons.collections.version>4.2</commons.collections.version>
+ <commons.codec.version>1.12</commons.codec.version>
+ <commons.collections.version>4.3</commons.collections.version>
<commons.daemon.version>1.0.15</commons.daemon.version>
<commons.lang.version>3.8.1</commons.lang.version>
<commons.net.version>3.6</commons.net.version>
+ <commons.pool.version>2.6.0</commons.pool.version>
+ <commons.pool.version>2.6.1</commons.pool.version>
<dnsjava.version>2.1.8</dnsjava.version>
+ <!-- OSGi related issue in ehcache 3.6.x: https://github.com/ehcache/ehcache3/issues/2554 -->
+ <ehcache.version>3.5.3</ehcache.version>
+ <caffeine.version>2.7.0</caffeine.version>
<findbugs.annotations.version>1.0.0</findbugs.annotations.version>
<jetty.version>9.4.14.v20181114</jetty.version>
<!-- The Jetty bundle exports are using version 9.4.5, not 9.4.5.v20170502... -->
@@@ -1243,9 -1227,19 +1248,22 @@@
</dependency>
<dependency>
+ <groupId>org.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>${ehcache.version}</version>
+ <groupId>com.github.ben-manes.caffeine</groupId>
+ <artifactId>caffeine</artifactId>
+ <version>${caffeine.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.google.errorprone</groupId>
+ <artifactId>error_prone_annotations</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.checkerframework</groupId>
+ <artifactId>checker-qual</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
</dependencyManagement>
diff --cc service/src/main/java/org/apache/directory/server/ApacheDsService.java
index 1f85d22,000fad3..06813ae
--- a/service/src/main/java/org/apache/directory/server/ApacheDsService.java
+++ b/service/src/main/java/org/apache/directory/server/ApacheDsService.java
@@@ -81,8 -74,8 +81,9 @@@ import org.apache.directory.server.core
import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.api.schema.SchemaPartition;
+ import org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition;
import org.apache.directory.server.core.partition.ldif.LdifPartition;
+import org.apache.directory.server.core.security.CertificateUtil;
import org.apache.directory.server.core.shared.DefaultDnFactory;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.integration.http.HttpServer;
@@@ -201,59 -187,23 +198,70 @@@ public class ApacheDsServic
DirectoryServiceBean directoryServiceBean = configBean.getDirectoryServiceBean();
+ /*
+ * Calculate the DN cache size: from all defined partitions get the max cache size setting.
+ * Note: currently only JDBM partition beans have such a setting.
+ */
+ int dnCacheSize = directoryServiceBean.getPartitions().stream()
+ .filter( JdbmPartitionBean.class::isInstance )
+ .map( JdbmPartitionBean.class::cast )
+ .map( JdbmPartitionBean::getPartitionCacheSize )
+ .mapToInt( Integer::intValue )
+ .max().orElse( AbstractBTreePartition.DEFAULT_CACHE_SIZE );
+ DnFactory dnFactory = new DefaultDnFactory( schemaManager, dnCacheSize );
+
// Initialize the DirectoryService now
- DirectoryService directoryService = initDirectoryService( instanceLayout, directoryServiceBean, cacheService,
- dnFactory );
+ DirectoryService directoryService = initDirectoryService( instanceLayout, directoryServiceBean, dnFactory );
// start the LDAP server
- startLdap( directoryServiceBean.getLdapServerBean(), directoryService, startServers );
+ LdapServerBean ldapServerBean = directoryServiceBean.getLdapServerBean();
+
+ if ( ldapServerBean.getLdapServerKeystoreFile() == null )
+ {
+ File ldapServerKeystoreFile = instanceLayout.getKeyStoreFile();
+
+ if ( !ldapServerKeystoreFile.exists() )
+ {
+ // We need to create a KeyStore
+ ldapServerKeystoreFile.createNewFile();
+ ldapServerKeystoreFile.deleteOnExit();
+ ldapServerBean.setLdapServerCertificatePassword( "secret" );
+
+
+ KeyStore keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+ char[] keyStorePassword = "secret".toCharArray();
+
+ try ( InputStream keyStoreData = new FileInputStream( ldapServerKeystoreFile ) )
+ {
+ keyStore.load( null, keyStorePassword );
+ }
+
+ // Generate the asymmetric keys, using EC algorithm
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( "EC" );
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+ // Generate the subject's name
+ @SuppressWarnings("restriction")
+ X500Name owner = new X500Name( "apacheds", "directory", "apache", "US" );
+
+ // Create the self-signed certificate
+ X509Certificate certificate = CertificateUtil.generateSelfSignedCertificate( owner, keyPair, 365, "SHA256WithECDSA" );
+
+ keyStore.setKeyEntry( "apachedsKey", keyPair.getPrivate(), keyStorePassword, new X509Certificate[] { certificate } );
+
+ FileOutputStream out = new FileOutputStream( ldapServerKeystoreFile );
+ keyStore.store( out, keyStorePassword );
+ }
+
+ ldapServerBean.setLdapServerKeystoreFile( ldapServerKeystoreFile.getAbsolutePath() );
+ }
+
+ if ( ldapServerBean.getLdapServerCertificatePassword() == null )
+ {
+ ldapServerBean.setLdapServerCertificatePassword( "secret" );
+ }
+
+ startLdap( ldapServerBean, directoryService, startServers );
// start the NTP server
startNtp( directoryServiceBean.getNtpServerBean(), directoryService, startServers );
@@@ -391,9 -341,9 +399,9 @@@
private DirectoryService initDirectoryService( InstanceLayout instanceLayout,
- DirectoryServiceBean directoryServiceBean, CacheService cacheService, DnFactory dnFactory ) throws Exception
+ DirectoryServiceBean directoryServiceBean, DnFactory dnFactory ) throws Exception
{
- LOG.info( "Initializing the DirectoryService..." );
+ LOG.info( "Initializing the DirectoryService..." );
long startTime = System.currentTimeMillis();
[directory-server] 08/08: Use Java 8
Posted by el...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit d154889347dca085632161a549d8e8cc7cc605ad
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Wed Apr 17 17:44:08 2019 +0200
Use Java 8
---
pom.xml | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/pom.xml b/pom.xml
index 8232698..434d6ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,6 @@
<parent>
<groupId>org.apache.directory.project</groupId>
<artifactId>project</artifactId>
- <version>42</version>
<version>44</version>
<relativePath />
</parent>
@@ -58,18 +57,13 @@
<ant.version>1.10.1</ant.version>
<bcprov.version>1.60</bcprov.version>
<commons.cli.version>1.4</commons.cli.version>
- <commons.codec.version>1.11</commons.codec.version>
- <commons.collections.version>4.2</commons.collections.version>
<commons.codec.version>1.12</commons.codec.version>
<commons.collections.version>4.3</commons.collections.version>
<commons.daemon.version>1.0.15</commons.daemon.version>
<commons.lang.version>3.8.1</commons.lang.version>
<commons.net.version>3.6</commons.net.version>
- <commons.pool.version>2.6.0</commons.pool.version>
<commons.pool.version>2.6.1</commons.pool.version>
<dnsjava.version>2.1.8</dnsjava.version>
- <!-- OSGi related issue in ehcache 3.6.x: https://github.com/ehcache/ehcache3/issues/2554 -->
- <ehcache.version>3.5.3</ehcache.version>
<caffeine.version>2.7.0</caffeine.version>
<findbugs.annotations.version>1.0.0</findbugs.annotations.version>
<jetty.version>9.4.14.v20181114</jetty.version>
@@ -221,7 +215,7 @@
<head>WARNING</head>
</tag>
</tags>
- <source>1.7</source>
+ <source>1.8</source>
</configuration>
<reportSets>
<reportSet>
@@ -335,8 +329,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<optimize>true</optimize>
<showDeprecations>true</showDeprecations>
<encoding>ISO-8859-1</encoding>
@@ -1248,9 +1242,6 @@
</dependency>
<dependency>
- <groupId>org.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- <version>${ehcache.version}</version>
<groupId>com.github.ben-manes.caffeine</groupId>
<artifactId>caffeine</artifactId>
<version>${caffeine.version}</version>