You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/10/21 01:06:58 UTC
[41/50] git commit: Automate: FC-143 - Add SSL to Unbound connection
pool
Automate: FC-143 - Add SSL to Unbound connection pool
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6b045d63
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6b045d63
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6b045d63
Branch: refs/heads/master
Commit: 6b045d6393f820fb0e2cc21596b8db467956fdc3
Parents: 9f428f0
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Aug 6 16:28:28 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Aug 6 16:28:28 2014 -0500
----------------------------------------------------------------------
build.properties | 41 +++++++++---------
build.xml | 59 +++++++++++++++++++++++++-
ldap/slapd.conf.src | 5 +++
ldap/symas-openldap.conf | 59 ++++++++++++++++++++++++++
ldap/symas-openldap.conf.src | 59 ++++++++++++++++++++++++++
src/test/resources/certs/ca-cert.pem | 23 ++++++++++
src/test/resources/certs/mytruststore | Bin 0 -> 1071 bytes
src/test/resources/certs/server-cert.pem | 21 +++++++++
src/test/resources/certs/server-key.pem | 27 ++++++++++++
9 files changed, 272 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index e8d2777..f33276d 100644
--- a/build.properties
+++ b/build.properties
@@ -32,17 +32,12 @@ version=1.0-RC38
# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true
-# Set sudo.pw if running 'init-slapd' on Linux machine and sudo access required, otherwise leave this value blank
+# Set sudo.pw is used by 'init-slapd', 'start-slapd' and 'stop-slapd' tagets on Linux machine when sudo access required, otherwise leave this value blank
# The sudo.pw variable must be uncommented and left empty iff installing Symas-OpenLDAP package onto Redhat Linux platform:
sudo.pw=
-# If encryption of LDAP &/or HTTP service account passwords (e.g. cfg.root.pw, cfg.log.root.pw and http.pw params) is required, this field must be set.
-# If encryption of service accounts not needed, leave this value blank, and set the password values for cfg.root.pw, cfg.log.root.pw and http.pw to be their clear text value.
-# Use any arbitrary value here but whatever used must also be key used to encrypt.
-crypto.prop=abcd12345
-
########################################################################
-# 2. BEGIN HTTP CONFIGURATION SECTION (Ignore if using LDAPv3):
+# 2. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
########################################################################
# The following optional HTTP parameters are needed when Fortress client communicates though EnMasse HTTP proxy (rather than LDAP) server:
@@ -53,12 +48,12 @@ enable.mgr.impl.rest=false
# This user account is added automatically during init-slapd or init-apacheds target via 'FortressDemoUsers.xml' policy file:
http.user=demouser4
-http.pw=gX9JbCTxJW5RiH+otQEX0Ja0RIAoPBQf
+http.pw=password
http.host=localhost
http.port=8080
########################################################################
-# 3. BEGIN LDAP SERVER CONFIGURATION SECTION: (Ignore if using HTTP):
+# 3. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
########################################################################
# This param tells fortress what type of ldap server in use:
@@ -72,21 +67,25 @@ ldap.server.type=openldap
# These parameters point fortress to LDAP host:
ldap.host=localhost
ldap.port=389
-#ldap.host=192.168.1.102
-#ldap.port=10389
+ldap.uris=ldap://${ldap.host}:${ldap.port}
+
-# These are for setting up SSL with OpenLDAP Server:
+# These are needed for client SSL connections with LDAP Server:
+#ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}
#enable.ldap.ssl=true
#enable.ldap.ssl.debug=true
-#trust.store=fully / qualified / file / name / to / truststore
+#trust.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mytruststore
#trust.store.password=changeit
#trust.store.set.prop=true
+# These are needed for OpenLDAP server-side SSL configuration:
+#tls.ca.cert.file=ca-cert.pem
+#tls.cert.file=server-cert.pem
+#tls.key.file=server-key.pem
+
# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
suffix.name=openldap
suffix.dc=org
-#suffix.name=jts
-#suffix.dc=us
#suffix.name=example
#suffix.dc=com
@@ -115,8 +114,8 @@ root.dn=cn=Manager,${suffix}
#root.dn=uid=admin,ou=system
# Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command:
root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
-# This OpenLDAP admin root pass is bound for fortress.properties and was encrypted using 'encrypt' target in build.xml:
-cfg.root.pw=W7T0G9hylKZQ4K+DF8gfgA==
+# This OpenLDAP admin root pass is bound for fortress.properties used by 'admin' pooled connections:
+cfg.root.pw=secret
# This specifies the number of default LDAP connections to maintain in the pool:
admin.min.conn=1
@@ -140,8 +139,8 @@ log.max.conn=3
log.root.dn=cn=Manager,${log.suffix}
# This OpenLDAP slapd logger password is bound for slapd.conf and was encrypted using 'slappasswd' command:
log.root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
-# This OpenLDAP slapd logger password will be stored using fortress' remote configuration utility and was encrypted using 'encrypt' target in build.xml:
-cfg.log.root.pw=W7T0G9hylKZQ4K+DF8gfgA==
+# This password is bound for slapd.conf file for slapd access log service account:
+cfg.log.root.pw=secret
# More Audit Config:
log.suffix=cn=log
log.ops=logops bind writes compare
@@ -159,7 +158,7 @@ log.bdb.cache.size=
#base.load.script=FortressDemoUsers.xml
-# Do not change any params below this line unless you know what you are doing:
+# These next params used by 'init-slapd' target to install OpenLDAP to target machine. Do not change any params below this line unless you know what you are doing:
## If using Symas OpenLDAP on NIX, uncomment this section:
db.root=/var/openldap
@@ -198,6 +197,8 @@ dflt.checkpoint=checkpoint 64 5
# 5. BEGIN SYMAS-OPENLDAP INSTALL CONFIGURATION SECTION (Ignore if using ApacheDS or HTTP):
###########################################################################################
+#slapd.start=${openldap.root}/etc/solserver start
+
## If using Symas OpenLDAP, uncomment single option from #1 - 8 below:
# Each of the options are used for a particular Symas-OpenLDAP platform.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 05bb538..7bee54a 100644
--- a/build.xml
+++ b/build.xml
@@ -43,6 +43,7 @@
<property name="lib.dir" value="${basedir}/lib"/>
<property name="src.java.dir" value="${src.dir}/main/java"/>
<property name="src.test.dir" value="${src.dir}/test/java"/>
+ <property name="src.test.resources.dir" value="${src.dir}/test/resources"/>
<!-- ########### Build properties & artifacts ########################### -->
<property name="build.dir" value="${basedir}/build"/>
@@ -62,6 +63,8 @@
<property name="ldap.setup.dir" value="${ldap.dir}/setup"/>
<property name="ldap.schema.dir" value="${ldap.dir}/schema"/>
<property name="slapd.schema.dir" value="${slapd.dir}/schema"/>
+ <property name="src.slapd.ssl.keys.dir" value="${src.test.resources.dir}/certs"/>
+ <property name="dst.slapd.ssl.keys.dir" value="${openldap.root}/ssl"/>
<!-- ########### Configuration, Load and builder properties ########################### -->
<property name="src.load.bootstrap.script" value="${ldap.setup.dir}/refreshLDAPData-src.xml"/>
@@ -94,6 +97,9 @@
<property name="mkdir.slapd-win" value="${ldap.setup.dir}/mkDir.cmd"/>
<property name="uninstall.slapd.script" value="${ldap.setup.dir}/uninstall.sh"/>
<property name="install.slapd.script" value="${ldap.setup.dir}/install.sh"/>
+ <property name="source.symas.conf" value="${ldap.dir}/symas-openldap.conf.src"/>
+ <property name="target.symas.conf" value="${ldap.dir}/symas-openldap.conf"/>
+ <property name="dst.symas.conf" value="${slapd.dir}/symas-openldap.conf"/>
<property name="source.slapd.conf" value="${ldap.dir}/slapd.conf.src"/>
<property name="target.slapd.conf" value="${ldap.dir}/slapd.conf"/>
<property name="dst.slapd.conf" value="${slapd.dir}/slapd.conf"/>
@@ -636,7 +642,7 @@
================================= -->
<target name="init-openldap-config" depends="init" description="--> map env params from build.properties to scripts and config files">
<echo message="############### Modify slapd configuration per user settings ###############"/>
- <delete file="${target.slapd.conf}"/>
+ <delete file="${target.slapd.conf}" failonerror="false"/>
<copy file="${source.slapd.conf}" tofile="${target.slapd.conf}"/>
<replace file="${target.slapd.conf}" token="@SCHEMA_PATH@" value="${slapd.schema.dir}"/>
<replace file="${target.slapd.conf}" token="@SUFFIX@" value="${suffix}"/>
@@ -664,11 +670,18 @@
<replace file="${target.slapd.conf}" token="@DFLT_BDB_CACHE_SIZE@" value="${dflt.bdb.cache.size}"/>
<replace file="${target.slapd.conf}" token="@DFLT_BDB_CACHE_IDLE_SIZE@" value="${dflt.bdb.cache.idle.size}"/>
<replace file="${target.slapd.conf}" token="@POLICIES_DN@" value="${policies.dn}"/>
+
+ <!-- setup the symas openldap slapd start/stop script -->
+ <delete file="${target.symas.conf}" failonerror="false"/>
+ <copy file="${source.symas.conf}" tofile="${target.symas.conf}"/>
+ <replace file="${target.symas.conf}" token="@LDAP_URIS@" value="${ldap.uris}"/>
+
<antcall target="init-rbac-accelerator"></antcall>
+ <antcall target="init-slapd-ssl"></antcall>
+
<echo message="Target init-all-config complete."/>
</target>
-
<!-- =================================
RBAC Accelerator Overlay Config
================================= -->
@@ -723,6 +736,34 @@
</target>
<!-- =================================
+ OpenLDAP SSL Config
+ ================================= -->
+ <target name="init-slapd-ssl" depends="init">
+ <antcall target="enable-slapd-ssl"></antcall>
+ <antcall target="disable-slapd-ssl"></antcall>
+ </target>
+
+ <!-- =================================
+ Enable OpenLDAP SSL
+ ================================= -->
+ <target name="enable-slapd-ssl" depends="init" if="enable.ldap.ssl">
+ <echo message="############### Enable OpenLDAP SSL"/>
+ <antcall target="copy-ssl-keys"></antcall>
+ <replace file="${target.slapd.conf}" token="@IS_SSL@" value=""/>
+ <replace file="${target.slapd.conf}" token="@CA_CERT_FILEW@" value="${dst.slapd.ssl.keys.dir}/${tls.ca.cert.file}"/>
+ <replace file="${target.slapd.conf}" token="@CERT_FILEW@" value="${dst.slapd.ssl.keys.dir}/${tls.cert.file}"/>
+ <replace file="${target.slapd.conf}" token="@CERT_KEY_FILEW@" value="${dst.slapd.ssl.keys.dir}/${tls.key.file}"/>
+ </target>
+
+ <!-- =================================
+ Disable OpenLDAP SSL
+ ================================= -->
+ <target name="disable-slapd-ssl" depends="init" unless="enable.ldap.ssl">
+ <echo message="############### Disable OpenLDAP SSL"/>
+ <replace file="${target.slapd.conf}" token="@IS_SSL@" value="#"/>
+ </target>
+
+ <!-- =================================
init slapd for windows
================================= -->
<target name="init-slapd-win-script" depends="init" if="windows" description="--> creates a startup file for slapd on windows">
@@ -937,6 +978,7 @@
<echo message="############### Backup slapd configuration and Fortress LDAP schema ###############"/>
<move file="${dst.slapd.conf}" tofile="${dst.slapd.conf}.bak.${TODAY}" failonerror="false" />
+ <move file="${dst.symas.conf}" tofile="${dst.symas.conf}.bak.${TODAY}" failonerror="false" />
<move file="${target.fortress.schema}" tofile="${target.fortress.schema}.${TODAY}" failonerror="false" />
<move file="${target.rbac.schema}" tofile="${target.rbac.schema}.${TODAY}" failonerror="false" />
@@ -947,6 +989,7 @@
<copy todir="${slapd.schema.dir}" file="${source.fortress.schema}"/>
<copy todir="${slapd.schema.dir}" file="${source.rbac.schema}"/>
<copy todir="${slapd.dir}" file="${target.slapd.conf}"/>
+ <copy todir="${slapd.dir}" file="${target.symas.conf}"/>
<antcall target="copy-access-libs"></antcall>
<antcall target="init-slapd-win-script"></antcall>
@@ -996,6 +1039,18 @@
</target>
<!-- =================================
+ copy the slapd rbac accelerator overlay libs from install to bin folder
+ ================================= -->
+ <target name="copy-ssl-keys" depends="init" >
+ <echo message="############### Copy SSL keys from ${src.slapd.ssl.keys.dir} to ${dst.slapd.ssl.keys.dir}"/>
+ <copy todir="${dst.slapd.ssl.keys.dir}" failonerror="false">
+ <fileset dir="${src.slapd.ssl.keys.dir}">
+ <include name="*.pem"/>
+ </fileset>
+ </copy>
+ </target>
+
+ <!-- =================================
if windows system create slapd server folders
================================= -->
<target name="mkdir-slapd-win" depends="init" if="windows">
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/ldap/slapd.conf.src
----------------------------------------------------------------------
diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src
index 5eb2409..31f1415 100755
--- a/ldap/slapd.conf.src
+++ b/ldap/slapd.conf.src
@@ -24,6 +24,11 @@ include @SCHEMA_PATH@/openldap.schema
include @SCHEMA_PATH@/fortress.schema
include @SCHEMA_PATH@/rbac.schema
+### SSL Configuration
+@IS_SSL@TLSCACertificateFile @CA_CERT_FILEW@
+@IS_SSL@TLSCertificateFile @CERT_FILEW@
+@IS_SSL@TLSCertificateKeyFile @CERT_KEY_FILEW@
+
disallow bind_anon
idletimeout 0
sizelimit 5000
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/ldap/symas-openldap.conf
----------------------------------------------------------------------
diff --git a/ldap/symas-openldap.conf b/ldap/symas-openldap.conf
new file mode 100644
index 0000000..6c99295
--- /dev/null
+++ b/ldap/symas-openldap.conf
@@ -0,0 +1,59 @@
+#
+# Symas OpenLDAP Configuration file
+# Copyright (c) 2009 Symas Corporation. All Rights Reserved.
+#
+# This file contains configuration information for Symas OpenLDAP.
+# Refer to the comments just before each variable to determine proper
+# settings.
+#
+#
+# RUN_SLAPD - Control the ldap server daemon.
+# A value of Y will cause the ldap server daemon to be started.
+# Any other value will prevent it from being started.
+RUN_SLAPD=Y
+
+# SLAPD_USER, SLAPD_GROUP - Set the user group id of the ldap
+# server daemon. Generally these are best left set to root,but
+# some folks like to change the ID for security reasons. If you
+# do this, make sure the various directories and files used by
+# slapd have the appropriate access permissions.
+#SLAPD_USER=root
+#SLAPD_GROUP=root
+
+#
+# HOST_LIST - The list of listeners the ldap demon should start.
+# The value needs to be a quoted, space-separated list of ldap
+# URIs. For example:
+# HOST_LIST="ldap:/// ldaps:/// ldapi:///"
+# will cause the ldap daemon to start a standard ldap listener
+# on port 389, an SSL listener on port 636, and a listener on
+# a UNIX domain socket.
+HOST_LIST="ldap://localhost:389"
+
+# EXTRA_SLAPD_ARGS - Extra arguments for slapd. Use this variable
+# to hold extra flags and parameters for the slapd command line.
+# For example, to specify the location of the dynamic config
+# directory:
+# EXTRA_SLAPD_ARGS="-F /opt/symas/etc/openldap/slapd.d"
+EXTRA_SLAPD_ARGS=
+
+#
+# SOL_PRELOAD - Pre-load a library when starting slapd. Use this
+# variable to specify a library to be pre-loaded when starting
+# slapd. The most common use for this is to use alternate memory
+# allocation libraries, such as libtcmalloc.
+# For example, use the following statement to use the libtcmalloc
+# allocator:
+# SOL_PRELOAD=/opt/symas/lib64/libtcmalloc.so
+#SOL_PRELOAD=
+
+#
+# SLAPD_TIMEOUT - How long to wait for slapd to exit when stopping, in
+# seconds.
+SLAPD_TIMEOUT=60
+
+#
+# BIN and LIB - select which binaries and libraries to use,
+# for architectures where several possible ABIs may be available.
+BIN=/opt/symas/bin
+LIB=/opt/symas/lib64
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/ldap/symas-openldap.conf.src
----------------------------------------------------------------------
diff --git a/ldap/symas-openldap.conf.src b/ldap/symas-openldap.conf.src
new file mode 100644
index 0000000..9cffe5c
--- /dev/null
+++ b/ldap/symas-openldap.conf.src
@@ -0,0 +1,59 @@
+#
+# Symas OpenLDAP Configuration file
+# Copyright (c) 2009 Symas Corporation. All Rights Reserved.
+#
+# This file contains configuration information for Symas OpenLDAP.
+# Refer to the comments just before each variable to determine proper
+# settings.
+#
+#
+# RUN_SLAPD - Control the ldap server daemon.
+# A value of Y will cause the ldap server daemon to be started.
+# Any other value will prevent it from being started.
+RUN_SLAPD=Y
+
+# SLAPD_USER, SLAPD_GROUP - Set the user group id of the ldap
+# server daemon. Generally these are best left set to root,but
+# some folks like to change the ID for security reasons. If you
+# do this, make sure the various directories and files used by
+# slapd have the appropriate access permissions.
+#SLAPD_USER=root
+#SLAPD_GROUP=root
+
+#
+# HOST_LIST - The list of listeners the ldap demon should start.
+# The value needs to be a quoted, space-separated list of ldap
+# URIs. For example:
+# HOST_LIST="ldap:/// ldaps:/// ldapi:///"
+# will cause the ldap daemon to start a standard ldap listener
+# on port 389, an SSL listener on port 636, and a listener on
+# a UNIX domain socket.
+HOST_LIST="@LDAP_URIS@"
+
+# EXTRA_SLAPD_ARGS - Extra arguments for slapd. Use this variable
+# to hold extra flags and parameters for the slapd command line.
+# For example, to specify the location of the dynamic config
+# directory:
+# EXTRA_SLAPD_ARGS="-F /opt/symas/etc/openldap/slapd.d"
+EXTRA_SLAPD_ARGS=
+
+#
+# SOL_PRELOAD - Pre-load a library when starting slapd. Use this
+# variable to specify a library to be pre-loaded when starting
+# slapd. The most common use for this is to use alternate memory
+# allocation libraries, such as libtcmalloc.
+# For example, use the following statement to use the libtcmalloc
+# allocator:
+# SOL_PRELOAD=/opt/symas/lib64/libtcmalloc.so
+#SOL_PRELOAD=
+
+#
+# SLAPD_TIMEOUT - How long to wait for slapd to exit when stopping, in
+# seconds.
+SLAPD_TIMEOUT=60
+
+#
+# BIN and LIB - select which binaries and libraries to use,
+# for architectures where several possible ABIs may be available.
+BIN=/opt/symas/bin
+LIB=/opt/symas/lib64
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/ca-cert.pem
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/ca-cert.pem b/src/test/resources/certs/ca-cert.pem
new file mode 100644
index 0000000..d763a69
--- /dev/null
+++ b/src/test/resources/certs/ca-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIJAPrmyB44m77vMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLSm9zaHVhIFRy
+ZWUxFjAUBgNVBAoMDW15Y29tcGFueW5hbWUxFDASBgNVBAsMC215Z3JvdXBuYW1l
+MRowGAYDVQQDDBFmb3J0cmVzc2RlbW8yLmNvbTAeFw0xNDA4MDUxNTQ3NDNaFw0y
+NDA2MTMxNTQ3NDNaMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
+YTEUMBIGA1UEBwwLSm9zaHVhIFRyZWUxFjAUBgNVBAoMDW15Y29tcGFueW5hbWUx
+FDASBgNVBAsMC215Z3JvdXBuYW1lMRowGAYDVQQDDBFmb3J0cmVzc2RlbW8yLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQj5MEJcEU9qRwH4pk7
+lkBtNsODQq/M4MjAndcpp/HOHmFq9TZizYAMb5r95D0OECreBv4xoHwPNRFDOmee
+HGq4poeUk73R0dnf6TFqGtjETRoI1liQkl7X2bDKzcKoZRncUzU+Aw4Of/V8Q8Ex
+W5dvLtk4AEbk072zYOZtRTO9VytCPVeZrN4ztUT9H0QFypqooiCt0XOmlGy2rXLI
+HkSs+3181E2e/3ig6fSfTuFwCMaSwZx+xiB9Wc3qmpSa6QLg5E4ty9HNtRGAkUNq
+s99kc6S/mAmJAoPTX9nzJeq1/JPjOtYJ/USLs60sLgPVWNMd4NfofMgNLAJ6fSX5
+lD8CAwEAAaNQME4wHQYDVR0OBBYEFK7G3d6ChE0OSPvPeUAW0ToA0xZLMB8GA1Ud
+IwQYMBaAFK7G3d6ChE0OSPvPeUAW0ToA0xZLMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAL185kD78VyZeXW+mzGWQB8ZZ08XJgndBUcyKP7RcgAoOJym
+4hOm9CmE4Qbpn1k7DWj2kXyucmMoQrV+sl8GFPZEyNiHR+EXoPHc2TlNm0adYVHO
+rbYHpxep1dbkUPOnT+3/QxRhztui642NeVvePQOPC7Ne4swuUiPhFVpzpasUdWMt
+2PQg2oA1FS8QONW94KF8vlO94M9lN/o3QJtdQ0611yhEMhNq5nVEkKwNFG2aIGGQ
+YTiiVkzYeBmHTMgCzGWoU9XdKTuGEAYTCDhl03z9Y/uc//qyYuj7TrI3P+6mTxSG
+0GE3PgcjH5oIEO4OjHYhMxQ++lx8wIBl4QmfhrQ=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/mytruststore
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/mytruststore b/src/test/resources/certs/mytruststore
new file mode 100644
index 0000000..0d51d07
Binary files /dev/null and b/src/test/resources/certs/mytruststore differ
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/server-cert.pem
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/server-cert.pem b/src/test/resources/certs/server-cert.pem
new file mode 100644
index 0000000..947ffac
--- /dev/null
+++ b/src/test/resources/certs/server-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAl4CAQEwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtKb3NodWEgVHJlZTEWMBQGA1UECgwN
+bXljb21wYW55bmFtZTEUMBIGA1UECwwLbXlncm91cG5hbWUxGjAYBgNVBAMMEWZv
+cnRyZXNzZGVtbzIuY29tMB4XDTE0MDgwNTE2MDMxMloXDTE5MDgwNDE2MDMxMlow
+fzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0pv
+c2h1YSBUcmVlMRYwFAYDVQQKDA1teWNvbXBhbnluYW1lMRQwEgYDVQQLDAtteWdy
+b3VwbmFtZTEXMBUGA1UEAwwOU2hhd24gTWNLaW5uZXkwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDNamWSaKd+rFbkYxiyc0QWMb31aAl8MbmE1sP0bT/G
+fkn5Rf+5PF07FUjhqyqkzHEL/hbbIksVONcEYf3sP6meLww5s0w7fyDxTahGE86k
+FnnwbJppJUEsZXnX02tiANrm/cQfuhm7k3nf/sXCpoo5uOnUA1ITdvxFyl1SSTNq
+ShzL5nZ2iOtVpfsFrebx4j870Jrm9J+kFdM/HvIzJnqAJ1LH4kwdj6CocobvVHvw
+sWgAB1/KGLS+y8S5htAegzZ9Z5ffUu/TBLU8sS6hv4Wgdx6wcDi7hCxX+2cZx6Vg
+ynDiKphYgcZ/4e3IVUd1OnQI347HMZwWVWxTjCV77OqtAgMBAAEwDQYJKoZIhvcN
+AQEFBQADggEBAEYk8ZeTbjvBeWgl6QLN1IZ6elFRF/96/EzwClBhdEtMl3o9y2id
+ZELXspByoRC20Z9UV7bBtyKAck1Byc5e0im+L45bF9MH/nZNnQGTVjg9dG67Nj28
+XTMXWSyhZCiceoKOSkUkdTA3SH9i5f8NWPPFJGmbsaEMuLCCeY0qwLoAaEboksi6
+bHvJhDRLtfkhZtGY3Jg4yNuNM0mmorseYvfkb8SBq3PocsZs+c2wwH0k93kZPC2J
+zuB0Wy9KWwV8atmz3dwQeMst+tg6eL/XwFt1H/EKc2QImOyRPSulNkagy/40Otj0
+yWLJAgbD47RlIYfaaHaoVnSFsGTLzoG2Q6o=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/server-key.pem
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/server-key.pem b/src/test/resources/certs/server-key.pem
new file mode 100644
index 0000000..e758539
--- /dev/null
+++ b/src/test/resources/certs/server-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzWplkminfqxW5GMYsnNEFjG99WgJfDG5hNbD9G0/xn5J+UX/
+uTxdOxVI4asqpMxxC/4W2yJLFTjXBGH97D+pni8MObNMO38g8U2oRhPOpBZ58Gya
+aSVBLGV519NrYgDa5v3EH7oZu5N53/7FwqaKObjp1ANSE3b8RcpdUkkzakocy+Z2
+dojrVaX7Ba3m8eI/O9Ca5vSfpBXTPx7yMyZ6gCdSx+JMHY+gqHKG71R78LFoAAdf
+yhi0vsvEuYbQHoM2fWeX31Lv0wS1PLEuob+FoHcesHA4u4QsV/tnGcelYMpw4iqY
+WIHGf+HtyFVHdTp0CN+OxzGcFlVsU4wle+zqrQIDAQABAoIBAAVGbTNUUrDTFiwp
+S1IR2bbEMj+iG1RAJqZ9qWyWfaPITHgFTyrfnPlOc5+v+Jlg0qpfLREVkV4LJqJr
+Lc0qWV3BkYvNyfBhNGRd/StHiO/3z8vXziNTHJhaRsW/HSvYH8b8z1ONQOnrQJ76
++PMlubj/wal7KFltnc7hAoKBdLuO/eNaEKyZH3Rtzg1nRN5r07g7fEY3PChRcO7+
+3/U0/oy43TqH/RDMulKvIliIWcNZ7DMWHvYc01JGWagdKAyKzt275QGeRn8y0Pab
+BdgMKzaJ3dSCAt4U1rUQiireebXOk3UB/getyXUPrDNfZiCpbnPNzwuxAp6pwjNZ
+yf1kQsECgYEA7WVgCgO1cPV5lnbVoX3+IGGIuFLnClBckct1lkJ6xvKCqLDTPN41
+fRocw/IXo49a+N3aaOszUISQgh9ze3clRzvE1yVNy7PuGYLXb9x/fuyDAqhGtMnu
+Bk7L1a38/9mPqM3q+ZG3JJm/xU5RvpT1FN1h8gCdP8eNoDcGXPqZ5v0CgYEA3YNu
+17yhRh5FQ/mToOrjCMmrcIqyab1ZPISTKIPEiD7Jomyp0OozyeakF+q5/Hm5Ebyr
+gxR4kTyQJchYXRDM6Yu/2GCwZhCXHbcdXY/bmCn6cSf6Jv2l2RVRJh8uzGzfBPxz
+e9dmODTBEpDkH8JfXXX8CcMSkGD53Ky5S+ZwWXECgYEAo9Og6mhSz4hoB0Es/ox/
+UoNcoa98h+6bY3XgSPjJ1//F0Xpt3ISQryvVDBhG3fXxVutrbZpayEcjntjrjhnU
+HQuPNNYmkNw0BWD5IdYuGj5Hzw6n9N2hqLK6ElVG0p2meVzZuq8nj1eXMydwXDBZ
+zbNVg3ePDVO+VgGDH6lFilUCgYB/gnHis81uDGy4xUiqv6ry2wvZ26z52yosAPCo
+yLjv6Jyu57gU70vic+aPcemfoP3cbOuZp8YDbIZZiWr8H3ilE3Haf0Xraq9iRo8b
+1XyFqdxlGKsRmL7IKFIvDJIm0KDMQPnFFufbgNqG8mqusXet2AW+JNFh1MDfu3lq
+bHrNsQKBgHM79p1nBZIQdzY86VzNKCEzkvp/bTgn9EM+EkOI0x+kZX8KfID/oeY6
+JdfL6MA08VWZ+ee6KhkuFyyWzJYkD5sTIzNj4WBl63af8mPgDM8rwzW8ffEUy2RG
+eZluTwzgfAZPJnp/YpYaJePXmDfHs8UqBouH6rDRBqjycvMMqs0J
+-----END RSA PRIVATE KEY-----