You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2020/09/09 16:10:04 UTC
[directory-server] 01/01: DIRSERVER-2328 - CreateAuthenticator
annotation trust manager improvements
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch DIRSERVER-2328
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 66138a7e557f563723e196ebe82176ad653b5f49
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 9 17:09:41 2020 +0100
DIRSERVER-2328 - CreateAuthenticator annotation trust manager improvements
---
.../core/annotations/CreateAuthenticator.java | 4 +--
.../server/core/authn/DelegatingAuthenticator.java | 35 ++++++++++++++++++++--
.../operations/bind/DelegatedAuthOverSslIT.java | 4 ++-
.../operations/bind/DelegatedAuthOverTlsIT.java | 3 +-
4 files changed, 39 insertions(+), 7 deletions(-)
diff --git a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
index 2ceaa6a..0708c63 100644
--- a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
+++ b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
@@ -70,9 +70,9 @@ public @interface CreateAuthenticator
/** @return The SSL TrustManager FQCN */
- String delegateSslTrustManagerFQCN() default "org.apache.directory.ldap.client.api.NoVerificationTrustManager";
+ String delegateSslTrustManagerFQCN() default "";
/** @return The startTls TrustManager FQCN */
- String delegateTlsTrustManagerFQCN() default "org.apache.directory.ldap.client.api.NoVerificationTrustManager";
+ String delegateTlsTrustManagerFQCN() default "";
}
diff --git a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
index b58e6c5..f9ce77b 100644
--- a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
+++ b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
@@ -22,6 +22,8 @@ package org.apache.directory.server.core.authn;
import java.net.SocketAddress;
+import javax.net.ssl.TrustManager;
+
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
@@ -30,7 +32,6 @@ import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.i18n.I18n;
@@ -248,7 +249,21 @@ public class DelegatingAuthenticator extends AbstractAuthenticator
connectionConfig = new LdapConnectionConfig();
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setLdapPort( delegatePort );
- connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
+ if ( delegateTlsTrustManagerFQCN != null && !"".equals( delegateTlsTrustManagerFQCN ) )
+ {
+ try
+ {
+ Class<?> trustManagerClass = Class.forName( delegateTlsTrustManagerFQCN );
+ TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
+ connectionConfig.setTrustManagers( trustManager );
+ }
+ catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
+ {
+ String message = "Cannot load " + delegateTlsTrustManagerFQCN;
+ LOG.error( message );
+ throw new LdapException( message );
+ }
+ }
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
@@ -260,7 +275,21 @@ public class DelegatingAuthenticator extends AbstractAuthenticator
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setUseSsl( true );
connectionConfig.setLdapPort( delegatePort );
- connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
+ if ( delegateSslTrustManagerFQCN != null && !"".equals( delegateSslTrustManagerFQCN ) )
+ {
+ try
+ {
+ Class<?> trustManagerClass = Class.forName( delegateSslTrustManagerFQCN );
+ TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
+ connectionConfig.setTrustManagers( trustManager );
+ }
+ catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
+ {
+ String message = "Cannot load " + delegateSslTrustManagerFQCN;
+ LOG.error( message );
+ throw new LdapException( message );
+ }
+ }
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
diff --git a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
index 43d461b..9e7774b 100644
--- a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
@@ -56,7 +56,9 @@ import org.junit.runner.RunWith;
type = DelegatingAuthenticator.class,
delegatePort = 10201,
delegateSsl = true,
- delegateTls = false) })
+ delegateTls = false,
+ delegateSslTrustManagerFQCN = "org.apache.directory.ldap.client.api.NoVerificationTrustManager"
+ ) })
@ApplyLdifs(
{
// Entry # 1
diff --git a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
index 32bd581..333ea41 100644
--- a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
@@ -56,7 +56,8 @@ import org.junit.runner.RunWith;
type = DelegatingAuthenticator.class,
delegatePort = 10201,
delegateSsl = false,
- delegateTls = true) })
+ delegateTls = true,
+ delegateTlsTrustManagerFQCN = "org.apache.directory.ldap.client.api.NoVerificationTrustManager") })
@ApplyLdifs(
{
// Entry # 1