You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2022/07/25 12:02:25 UTC
[directory-server] 02/03: Migrated to MINA 2.2.1
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit d86f03e1b570d6fffbf6eb2875ad8b1bd4486be1
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Mon Jul 25 13:59:04 2022 +0200
Migrated to MINA 2.2.1
---
pom.xml | 6 ++--
.../directory/server/ldap/LdapProtocolHandler.java | 1 +
.../ldap/handlers/extended/StartTlsFilter.java | 39 ++++++++++++++++++++++
.../ldap/handlers/extended/StartTlsHandler.java | 12 ++-----
.../external/certificate/ExternalSaslServer.java | 15 +++++----
.../apache/directory/server/ssl/KeyStoreIT.java | 4 +--
6 files changed, 56 insertions(+), 21 deletions(-)
diff --git a/pom.xml b/pom.xml
index 82b601ac9a..35adcf6bbf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -76,7 +76,7 @@
<log4j.version>1.2.17</log4j.version>
<logback.version>1.2.3</logback.version>
<maven.version>3.8.1</maven.version>
- <mina.core.version>2.1.5</mina.core.version>
+ <mina.core.version>2.2.1</mina.core.version>
<org.apache.felix.version>7.0.3</org.apache.felix.version>
<pax-exam.version>4.13.4</pax-exam.version>
<pax-url.version>2.6.2</pax-url.version>
@@ -281,7 +281,9 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<configuration>
- <argLine>-Xmx1024m -XX:MaxPermSize=512m</argLine>
+ <forkCount>1</forkCount>
+ <reuseForks>false</reuseForks>
+ <argLine>-Xmx4096m -XX:MaxPermSize=512m</argLine>
<aggregate>true</aggregate>
<forkedProcessTimeoutInSeconds>3600</forkedProcessTimeoutInSeconds>
</configuration>
diff --git a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolHandler.java b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolHandler.java
index cab9eef258..094fb55ba4 100644
--- a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolHandler.java
+++ b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapProtocolHandler.java
@@ -32,6 +32,7 @@ import org.apache.directory.api.ldap.model.message.ResultResponse;
import org.apache.directory.api.ldap.model.message.ResultResponseRequest;
import org.apache.directory.api.ldap.model.message.extended.NoticeOfDisconnect;
import org.apache.mina.core.buffer.IoBuffer;
+import org.apache.mina.core.service.IoHandler;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.FilterEvent;
import org.apache.mina.filter.ssl.SslEvent;
diff --git a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsFilter.java b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsFilter.java
new file mode 100644
index 0000000000..b41f039285
--- /dev/null
+++ b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsFilter.java
@@ -0,0 +1,39 @@
+package org.apache.directory.server.ldap.handlers.extended;
+
+import org.apache.directory.api.ldap.extras.extended.startTls.StartTlsResponse;
+import org.apache.mina.core.filterchain.IoFilter;
+import org.apache.mina.core.filterchain.IoFilterAdapter;
+import org.apache.mina.core.filterchain.IoFilterChain;
+import org.apache.mina.core.session.IoSession;
+import org.apache.mina.core.write.WriteRequest;
+import org.apache.mina.filter.ssl.SslFilter;
+
+public class StartTlsFilter extends IoFilterAdapter
+{
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void filterWrite( NextFilter nextFilter, IoSession session, WriteRequest writeRequest ) throws Exception
+ {
+ if ( writeRequest.getOriginalMessage() instanceof StartTlsResponse )
+ {
+ // We need to bypass the SslFilter
+ IoFilterChain chain = session.getFilterChain();
+
+ for ( IoFilterChain.Entry entry : chain.getAll() )
+ {
+ IoFilter filter = entry.getFilter();
+
+ if ( filter instanceof SslFilter )
+ {
+ entry.getNextFilter().filterWrite( session, writeRequest );
+ }
+ }
+ }
+ else
+ {
+ nextFilter.filterWrite( session, writeRequest );
+ }
+ }
+}
diff --git a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
index 003a74b290..59cd14ec02 100644
--- a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
+++ b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
@@ -97,7 +97,7 @@ public class StartTlsHandler implements ExtendedOperationHandler<ExtendedRequest
if ( sslFilter == null )
{
- sslFilter = new SslFilter( sslContext, false );
+ sslFilter = new SslFilter( sslContext );
// Set the cipher suite
if ( ( cipherSuite != null ) && !cipherSuite.isEmpty() )
@@ -120,15 +120,10 @@ public class StartTlsHandler implements ExtendedOperationHandler<ExtendedRequest
sslFilter.setNeedClientAuth( needClientAuth );
sslFilter.setWantClientAuth( wantClientAuth );
+ StartTlsFilter startTlsFilter = new StartTlsFilter();
+ chain.addFirst( "startTls", startTlsFilter );
chain.addFirst( "sslFilter", sslFilter );
}
- else
- {
- // Be sure we disable SSLV3
- sslFilter.setEnabledProtocols( new String[]
- { "TLSv1", "TLSv1.1", "TLSv1.2" } );
- sslFilter.startSsl( session.getIoSession() );
- }
StartTlsResponse res = new StartTlsResponseImpl( req.getMessageId() );
LdapResult result = res.getLdapResult();
@@ -136,7 +131,6 @@ public class StartTlsHandler implements ExtendedOperationHandler<ExtendedRequest
res.setResponseName( EXTENSION_OID );
// Send a response.
- session.getIoSession().setAttribute( SslFilter.DISABLE_ENCRYPTION_ONCE );
session.getIoSession().write( res );
}
diff --git a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/sasl/external/certificate/ExternalSaslServer.java b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/sasl/external/certificate/ExternalSaslServer.java
index 48a5e0dc22..9b60af2eef 100644
--- a/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/sasl/external/certificate/ExternalSaslServer.java
+++ b/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/sasl/external/certificate/ExternalSaslServer.java
@@ -20,6 +20,12 @@
package org.apache.directory.server.ldap.handlers.sasl.external.certificate;
+import java.security.cert.Certificate;
+
+import javax.naming.Context;
+import javax.net.ssl.SSLSession;
+import javax.security.sasl.SaslException;
+
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
@@ -45,11 +51,6 @@ import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslServer;
import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
import org.apache.mina.filter.ssl.SslFilter;
-import javax.naming.Context;
-import javax.net.ssl.SSLSession;
-import javax.security.sasl.SaslException;
-import java.security.cert.Certificate;
-
/**
* A SaslServer implementation for certificate based SASL EXTERNAL mechanism.
@@ -101,7 +102,7 @@ public final class ExternalSaslServer extends AbstractSaslServer
{
try
{
- SSLSession sslSession = ( SSLSession ) getLdapSession().getIoSession().getAttribute( SslFilter.SSL_SESSION );
+ SSLSession sslSession = ( SSLSession ) getLdapSession().getIoSession().getAttribute( SslFilter.SSL_SECURED );
Certificate[] peerCertificates = sslSession.getPeerCertificates();
if ( null == peerCertificates || 1 > peerCertificates.length )
@@ -181,4 +182,4 @@ public final class ExternalSaslServer extends AbstractSaslServer
throw new LdapAuthenticationException( "Cannot authenticate user cert=" + peerCertificate );
}
}
-}
\ No newline at end of file
+}
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/KeyStoreIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/KeyStoreIT.java
index ff81e38d5f..aeb5ac936c 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/KeyStoreIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/KeyStoreIT.java
@@ -176,8 +176,7 @@ public class KeyStoreIT extends AbstractLdapTestUnit
{
LdapConnectionConfig config = ldapsConnectionConfig();
- try (
- LdapNetworkConnection conn = new LdapNetworkConnection( config ); )
+ try ( LdapNetworkConnection conn = new LdapNetworkConnection( config ); )
{
try
{
@@ -186,7 +185,6 @@ public class KeyStoreIT extends AbstractLdapTestUnit
}
catch ( LdapException e )
{
- //e.printStackTrace();
assertTrue( e.getMessage().contains( "ERR_04120_TLS_HANDSHAKE_ERROR The TLS handshake failed" ) );
}
assertFalse( conn.isConnected() );