Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 86346 invoked from network); 4 Jan 2006 12:24:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 4 Jan 2006 12:24:55 -0000 Received: (qmail 85098 invoked by uid 500); 4 Jan 2006 12:24:53 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 85046 invoked by uid 500); 4 Jan 2006 12:24:52 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 85035 invoked by uid 99); 4 Jan 2006 12:24:52 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jan 2006 04:24:52 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 04 Jan 2006 04:24:51 -0800 Received: (qmail 86267 invoked by uid 65534); 4 Jan 2006 12:24:40 -0000 Message-ID: <20060104122440.86266.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r365899 - in /directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server: LdapsTest.java support/ support/BogusSSLContextFactory.java support/BogusTrustManagerFactory.java support/SSLSocketFactory.java Date: Wed, 04 Jan 2006 12:24:39 -0000 To: commits@directory.apache.org From: trustin@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: trustin Date: Wed Jan 4 04:24:30 2006 New Revision: 365899 URL: http://svn.apache.org/viewcvs?rev=365899&view=rev Log: Successfully implemented LDAPS. Added: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/ directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusSSLContextFactory.java (with props) directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusTrustManagerFactory.java (with props) directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/SSLSocketFactory.java (with props) Modified: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/LdapsTest.java Modified: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/LdapsTest.java URL: http://svn.apache.org/viewcvs/directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/LdapsTest.java?rev=365899&r1=365898&r2=365899&view=diff ============================================================================== --- directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/LdapsTest.java (original) +++ directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/LdapsTest.java Wed Jan 4 04:24:30 2006 @@ -16,8 +16,6 @@ */ package org.apache.ldap.server; - -import java.io.File; import java.io.FileOutputStream; import java.io.InputStream; import java.util.Hashtable; @@ -30,6 +28,7 @@ import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; +import org.apache.ldap.server.support.SSLSocketFactory; import org.apache.mina.util.AvailablePortFinder; @@ -53,8 +52,11 @@ */ public void setUp() throws Exception { + doDelete( configuration.getWorkingDirectory() ); + int ldapsPort = AvailablePortFinder.getNextAvailable( 8192 ); configuration.setEnableLdaps( true ); + configuration.setLdapsCertificatePassword( "boguspw" ); configuration.setLdapsPort( ldapsPort ); // Copy the bogus certificate to the certificates directory. @@ -69,20 +71,23 @@ { int c = in.read(); if( c < 0 ) - { break; + { } out.write( c ); } in.close(); out.close(); - + + doDelete = false; super.setUp(); + doDelete = true; Hashtable env = new Hashtable(); env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" ); - env.put( "java.naming.provider.url", "ldaps://localhost:" + ldapsPort + "/ou=system" ); + env.put( "java.naming.provider.url", "ldap://localhost:" + ldapsPort + "/ou=system" ); + env.put( "java.naming.ldap.factory.socket", SSLSocketFactory.class.getName() ); env.put( "java.naming.security.principal", "uid=admin,ou=system" ); env.put( "java.naming.security.credentials", "secret" ); env.put( "java.naming.security.authentication", "simple" ); Added: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusSSLContextFactory.java URL: http://svn.apache.org/viewcvs/directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusSSLContextFactory.java?rev=365899&view=auto ============================================================================== --- directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusSSLContextFactory.java (added) +++ directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusSSLContextFactory.java Wed Jan 4 04:24:30 2006 @@ -0,0 +1,160 @@ +/* + * @(#) $Id$ + * + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.ldap.server.support; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; + +/** + * Factory to create a bougus SSLContext. + * + * @author The Apache Directory Project (dev@directory.apache.org) + * @version $Rev$, $Date$ + */ +public class BogusSSLContextFactory +{ + + /** + * Protocol to use. + */ + private static final String PROTOCOL = "TLS"; + + /** + * Bougus Server certificate keystore file name. + */ + private static final String BOGUS_KEYSTORE = "/bogus.cert"; + + // NOTE: The keystore was generated using keytool: + // keytool -genkey -alias bogus -keysize 512 -validity 3650 + // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, + // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" + // -keypass boguspw -storepass boguspw -keystore bogus.cert + + /** + * Bougus keystore password. + */ + private static final char[] BOGUS_PW = { 'b', 'o', 'g', 'u', 's', 'p', + 'w' }; + + private static SSLContext serverInstance = null; + + private static SSLContext clientInstance = null; + + /** + * Get SSLContext singleton. + * + * @return SSLContext + * @throws java.security.GeneralSecurityException + * + */ + public static SSLContext getInstance( boolean server ) + throws GeneralSecurityException + { + SSLContext retInstance = null; + if( server ) + { + if( serverInstance == null ) + { + synchronized( BogusSSLContextFactory.class ) + { + if( serverInstance == null ) + { + try + { + serverInstance = createBougusServerSSLContext(); + } + catch( Exception ioe ) + { + throw new GeneralSecurityException( + "Can't create Server SSLContext:" + ioe ); + } + } + } + } + retInstance = serverInstance; + } + else + { + if( clientInstance == null ) + { + synchronized( BogusSSLContextFactory.class ) + { + if( clientInstance == null ) + { + clientInstance = createBougusClientSSLContext(); + } + } + } + retInstance = clientInstance; + } + return retInstance; + } + + private static SSLContext createBougusServerSSLContext() + throws GeneralSecurityException, IOException + { + // Create keystore + KeyStore ks = KeyStore.getInstance( "JKS" ); + InputStream in = null; + try + { + in = BogusSSLContextFactory.class + .getResourceAsStream( BOGUS_KEYSTORE ); + ks.load( in, BOGUS_PW ); + } + finally + { + if( in != null ) + { + try + { + in.close(); + } + catch( IOException ignored ) + { + } + } + } + + // Set up key manager factory to use our key store + KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" ); + kmf.init( ks, BOGUS_PW ); + + // Initialize the SSLContext to work with our key managers. + SSLContext sslContext = SSLContext.getInstance( PROTOCOL ); + sslContext.init( kmf.getKeyManagers(), + BogusTrustManagerFactory.X509_MANAGERS, null ); + + return sslContext; + } + + private static SSLContext createBougusClientSSLContext() + throws GeneralSecurityException + { + SSLContext context = SSLContext.getInstance( PROTOCOL ); + context.init( null, BogusTrustManagerFactory.X509_MANAGERS, null ); + return context; + } + +} Propchange: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusSSLContextFactory.java ------------------------------------------------------------------------------ svn:keywords = HeadURL Id LastChangedBy LastChangedDate LastChangedRevision Added: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusTrustManagerFactory.java URL: http://svn.apache.org/viewcvs/directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusTrustManagerFactory.java?rev=365899&view=auto ============================================================================== --- directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusTrustManagerFactory.java (added) +++ directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusTrustManagerFactory.java Wed Jan 4 04:24:30 2006 @@ -0,0 +1,81 @@ +/* + * @(#) $Id$ + * + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.ldap.server.support; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactorySpi; +import javax.net.ssl.X509TrustManager; + +/** + * Bogus trust manager factory. Creates BogusX509TrustManager + * + * @author The Apache Directory Project (dev@directory.apache.org) + * @version $Rev$, $Date$ + */ +class BogusTrustManagerFactory extends TrustManagerFactorySpi +{ + + static final X509TrustManager X509 = new X509TrustManager() + { + public void checkClientTrusted( X509Certificate[] x509Certificates, + String s ) throws CertificateException + { + } + + public void checkServerTrusted( X509Certificate[] x509Certificates, + String s ) throws CertificateException + { + } + + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[ 0 ]; + } + }; + + static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 }; + + public BogusTrustManagerFactory() + { + } + + protected TrustManager[] engineGetTrustManagers() + { + return X509_MANAGERS; + } + + protected void engineInit( KeyStore keystore ) throws KeyStoreException + { + // noop + } + + protected void engineInit( + ManagerFactoryParameters managerFactoryParameters ) + throws InvalidAlgorithmParameterException + { + // noop + } +} Propchange: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/BogusTrustManagerFactory.java ------------------------------------------------------------------------------ svn:keywords = HeadURL Id LastChangedBy LastChangedDate LastChangedRevision Added: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/SSLSocketFactory.java URL: http://svn.apache.org/viewcvs/directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/SSLSocketFactory.java?rev=365899&view=auto ============================================================================== --- directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/SSLSocketFactory.java (added) +++ directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/SSLSocketFactory.java Wed Jan 4 04:24:30 2006 @@ -0,0 +1,142 @@ +/* + * @(#) $Id$ + * + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.ldap.server.support; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.GeneralSecurityException; + +import javax.net.SocketFactory; + +/** + * Simple Socket factory to create sockets with or without SSL enabled. + * If SSL enabled a "bougus" SSL Context is used (suitable for test purposes) + * + * @version $Rev$, $Date$ + */ +public class SSLSocketFactory extends SocketFactory +{ + private static boolean sslEnabled = true; + + private static javax.net.ssl.SSLSocketFactory sslFactory = null; + + private static javax.net.SocketFactory factory = null; + + public static SocketFactory getDefault() + { + return new SSLSocketFactory(); + } + + public SSLSocketFactory() + { + super(); + } + + public Socket createSocket( String arg1, int arg2 ) throws IOException, + UnknownHostException + { + if( isSslEnabled() ) + { + return getSSLFactory().createSocket( arg1, arg2 ); + } + else + { + return new Socket( arg1, arg2 ); + } + } + + public Socket createSocket( String arg1, int arg2, InetAddress arg3, + int arg4 ) throws IOException, + UnknownHostException + { + if( isSslEnabled() ) + { + return getSSLFactory().createSocket( arg1, arg2, arg3, arg4 ); + } + else + { + return new Socket( arg1, arg2, arg3, arg4 ); + } + } + + public Socket createSocket( InetAddress arg1, int arg2 ) + throws IOException + { + if( isSslEnabled() ) + { + return getSSLFactory().createSocket( arg1, arg2 ); + } + else + { + return new Socket( arg1, arg2 ); + } + } + + public Socket createSocket( InetAddress arg1, int arg2, InetAddress arg3, + int arg4 ) throws IOException + { + if( isSslEnabled() ) + { + return getSSLFactory().createSocket( arg1, arg2, arg3, arg4 ); + } + else + { + return new Socket( arg1, arg2, arg3, arg4 ); + } + } + + public static javax.net.SocketFactory getSocketFactory() + { + if( factory == null ) + { + factory = new SSLSocketFactory(); + } + return factory; + } + + private javax.net.ssl.SSLSocketFactory getSSLFactory() + { + if( sslFactory == null ) + { + try + { + sslFactory = BogusSSLContextFactory.getInstance( false ) + .getSocketFactory(); + } + catch( GeneralSecurityException e ) + { + throw new RuntimeException( "could not create SSL socket", e ); + } + } + return sslFactory; + } + + public static boolean isSslEnabled() + { + return sslEnabled; + } + + public static void setSslEnabled( boolean newSslEnabled ) + { + sslEnabled = newSslEnabled; + } + +} Propchange: directory/sandbox/trustin/ldaps/apacheds-server-unit/src/test/java/org/apache/ldap/server/support/SSLSocketFactory.java ------------------------------------------------------------------------------ svn:keywords = HeadURL Id LastChangedBy LastChangedDate LastChangedRevision