You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/10/21 01:07:00 UTC
[43/50] git commit: FC-145 - Add SSL to REST client
FC-145 - Add SSL to REST client
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6d6d1953
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6d6d1953
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6d6d1953
Branch: refs/heads/master
Commit: 6d6d19539209a1f9c080545c3b0176d76538c3fb
Parents: 103d2ac
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Aug 9 14:53:50 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Aug 9 14:53:50 2014 -0500
----------------------------------------------------------------------
build.properties | 6 ++--
.../openldap/fortress/ldap/ConnectionPool.java | 16 +++++------
.../org/openldap/fortress/rest/RestUtils.java | 29 +++++++++++++++++++-
3 files changed, 39 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6d6d1953/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 8095a1e..f9bb753 100644
--- a/build.properties
+++ b/build.properties
@@ -51,6 +51,7 @@ http.user=demouser4
http.pw=password
http.host=localhost
http.port=8080
+http.protocol=http
########################################################################
# 3. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
@@ -73,9 +74,9 @@ ldap.uris=ldap://${ldap.host}:${ldap.port}
#ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}
#enable.ldap.ssl=true
#enable.ldap.ssl.debug=true
-#key.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mykeystore
+#key.store=/home/myuser/fortress/builder/src/test/resources/certs/mykeystore
#key.store.password=changeit
-#trust.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mytruststore
+#trust.store=/home/myuser/fortress/builder/src/test/resources/certs/mytruststore
#trust.store.password=changeit
#trust.store.set.prop=true
@@ -199,6 +200,7 @@ dflt.checkpoint=checkpoint 64 5
###########################################################################################
slapd.start=${openldap.root}/etc/solserver start
+slapd.stop=${openldap.root}/etc/solserver stop
## If using Symas OpenLDAP, uncomment single option from #1 - 8 below:
# Each of the options are used for a particular Symas-OpenLDAP platform.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6d6d1953/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java b/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
index b092ead..df9c0de 100755
--- a/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
+++ b/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
@@ -50,6 +50,7 @@ import java.util.Date;
import com.unboundid.ldap.sdk.migrate.ldapjdk.JavaToLDAPSocketFactory;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustStoreTrustManager;
+import org.openldap.fortress.GlobalIds;
import org.openldap.fortress.cfg.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -475,8 +476,6 @@ class ConnectionPool
}
/**
- * *** FORTRESS MOD ****
- *
* Used to manage trust store properties. If enabled, create SSL connection.
*
*/
@@ -486,15 +485,15 @@ class ConnectionPool
private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
private static final boolean IS_SSL = (
Config.getProperty( ENABLE_LDAP_SSL ) != null &&
- Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
- TRUST_STORE != null &&
- TRUST_STORE_PW != null );
+ Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
+ TRUST_STORE != null &&
+ TRUST_STORE_PW != null );
private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
private static final boolean IS_SET_TRUST_STORE_PROP = (
IS_SSL &&
- Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
- Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
+ Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
+ Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG ) != null ) && ( Config
.getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
@@ -523,7 +522,7 @@ class ConnectionPool
private LDAPConnection createConnection() throws LDAPException
{
LDAPConnection newConn = null;
- if(IS_SSL)
+ if( IS_SSL)
{
// Generate SSL Connection using Unbound compatibility lib utils:
// http://stackoverflow.com/questions/22672477/unboundid-ldap-jdk-migration
@@ -555,7 +554,6 @@ class ConnectionPool
return newConn;
}
-
private int find( LDAPConnection con )
{
// Find the matching Connection in the pool
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6d6d1953/src/main/java/org/openldap/fortress/rest/RestUtils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rest/RestUtils.java b/src/main/java/org/openldap/fortress/rest/RestUtils.java
index 9a2de20..5e4e1cb 100644
--- a/src/main/java/org/openldap/fortress/rest/RestUtils.java
+++ b/src/main/java/org/openldap/fortress/rest/RestUtils.java
@@ -39,6 +39,7 @@ import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.helpers.IOUtils;
+import org.openldap.fortress.GlobalIds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,15 +66,41 @@ public class RestUtils
.getProperty( HTTP_PW_PARAM ) ) : Config.getProperty( HTTP_PW_PARAM ) );
private final static String HTTP_HOST = Config.getProperty( "http.host" );
private final static String HTTP_PORT = Config.getProperty( "http.port" );
+ private final static String HTTP_PROTOCOL = Config.getProperty( "http.protocol", "http" );
private static final String VERSION = System.getProperty( "version" );
private static final String SERVICE = "enmasse-" + VERSION;
- private static final String URI = "http://" + HTTP_HOST + ":" + HTTP_PORT + "/" + SERVICE + "/";
+ // TODO: add SSL capability here:
+ private static final String URI = HTTP_PROTOCOL + "://" + HTTP_HOST + ":" + HTTP_PORT + "/" + SERVICE + "/";
private static final int HTTP_OK = 200;
private static final int HTTP_401_UNAUTHORIZED = 401;
private static final int HTTP_403_FORBIDDEN = 403;
private static final int HTTP_404_NOT_FOUND = 404;
private static CachedJaxbContext cachedJaxbContext = new CachedJaxbContext();
+ /**
+ * Used to manage trust store properties. If enabled, create SSL connection.
+ *
+ */
+ private static final String TRUST_STORE = Config.getProperty( "trust.store" );
+ private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
+ private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
+ private static final boolean IS_SET_TRUST_STORE_PROP = (
+ Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
+ Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
+
+ static
+ {
+ if(IS_SET_TRUST_STORE_PROP)
+ {
+ LOG.info( "Set JSSE truststore properties:");
+ LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
+ }
+ }
+
+
+
/**
* Marshall the request into an XML String.