You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/17 11:58:13 UTC
[cxf] 01/02: CXF-8071 - XKMS LdapCertificateRepo searching using
Service UID doesn't work
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit bd9389d7d7b51ddd141c126ba36ea714a8cc785b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 9 11:26:57 2019 +0100
CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work
(cherry picked from commit 356e5765ddca40aba7673fab058de100501366ba)
---
.../cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java | 5 +++--
.../cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java | 2 +-
.../systest/ldap/xkms/LDAPCertificateRepoTest.java | 19 +++++++++++++++++++
3 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
index 6f4bafb..81589b1 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
@@ -209,8 +209,9 @@ public class LdapCertificateRepo implements CertificateRepo {
if (cert == null) {
// Try to find certificate by search for uid attribute
try {
- String uidAttr = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
- cert = getCertificateForUIDAttr(uidAttr);
+ String filter = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
+ Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
+ return getCert(attr);
} catch (NamingException e) {
// Not found
}
diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
index 6dfe653..afcaf37 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
@@ -29,7 +29,7 @@ public class LdapSchemaConfig {
private String constAttrNamesCSV = "sn";
private String constAttrValuesCSV = "X509 certificate";
private String serviceCertRDNTemplate = "cn=%s,ou=services";
- private String serviceCertUIDTemplate = "cn=%s";
+ private String serviceCertUIDTemplate = "uid=%s";
private String trustedAuthorityFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
private String intermediateFilter = "(objectClass=*)";
private String crlFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
diff --git a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
index 001c2e4..12d7231 100644
--- a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
+++ b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
@@ -106,6 +106,20 @@ public class LDAPCertificateRepoTest extends AbstractLdapTestUnit {
}
@Test
+ public void testFindUserCertViaUID() throws URISyntaxException, NamingException, CertificateException {
+ CertificateRepo persistenceManager = createLdapCertificateRepo();
+ X509Certificate cert = persistenceManager.findBySubjectDn("dave");
+ assertNotNull(cert);
+ }
+
+ @Test
+ public void testFindUserCertViaWrongUID() throws URISyntaxException, NamingException, CertificateException {
+ CertificateRepo persistenceManager = createLdapCertificateRepo();
+ X509Certificate cert = persistenceManager.findBySubjectDn("wrong");
+ assertNull("Certificate should be null", cert);
+ }
+
+ @Test
public void testSave() throws Exception {
CertificateRepo persistenceManager = createLdapCertificateRepo();
URL url = this.getClass().getResource("cert1.cer");
@@ -135,8 +149,13 @@ public class LDAPCertificateRepoTest extends AbstractLdapTestUnit {
key.setIdentifier(EXPECTED_SERVICE_URI);
persistenceManager.saveCertificate(cert, key);
+ // Search by DN
X509Certificate foundCert = persistenceManager.findByServiceName(EXPECTED_SERVICE_URI);
assertNotNull(foundCert);
+
+ // Search by UID
+ foundCert = persistenceManager.findByServiceName(cert.getSubjectX500Principal().getName());
+ assertNotNull(foundCert);
}
private CertificateRepo createLdapCertificateRepo() throws CertificateException {