directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r727833 - in /directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap: LdapService.java handlers/ssl/LdapsInitializer.java
Date Thu, 18 Dec 2008 22:00:15 GMT
Author: elecharny
Date: Thu Dec 18 14:00:14 2008
New Revision: 727833

URL: http://svn.apache.org/viewvc?rev=727833&view=rev
Log:
Fixed the SSL initialization to allow the usage of an external KeyStore, if the user want
to. The DIT configured Keystore is still present and will be used if the user does not configure
an external keystore.

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapService.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapService.java?rev=727833&r1=727832&r2=727833&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapService.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapService.java
Thu Dec 18 14:00:14 2008
@@ -20,6 +20,7 @@
 package org.apache.directory.server.ldap;
 
 
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.security.KeyStore;
@@ -107,7 +108,6 @@
 
     /** the constant service name of this ldap protocol provider **/
     public static final String SERVICE_NAME = "ldap";
-
     
     
     private static final long serialVersionUID = 3757127143811666817L;
@@ -150,6 +150,12 @@
 
     /** Whether LDAPS is enabled: disabled by default. */
     private boolean enableLdaps;
+    
+    /** If LDAPS is activated : the external Keystore file, if defined */
+    private String keystoreFile;
+    
+    /** If LDAPS is activated : the certificate password */
+    private String certificatePassword;
 
     /** Whether to allow anonymous access: enabled by default. */
     private boolean allowAnonymousAccess = true;
@@ -175,6 +181,7 @@
     /** The list of realms serviced by this host. */
     private List<String> saslRealms;
 
+    /** The potocol handlers */
     private LdapRequestHandler<AbandonRequest> abandonHandler;
     private LdapRequestHandler<AddRequest> addHandler;
     private LdapRequestHandler<BindRequest> bindHandler;
@@ -306,19 +313,34 @@
         
         if ( isEnableLdaps() )
         {
-            Provider provider = Security.getProvider( "SUN" );
-            LOG.debug( "provider = {}", provider );
-            CoreKeyStoreSpi coreKeyStoreSpi = new CoreKeyStoreSpi( getDirectoryService()
);
-            KeyStore keyStore = new KeyStore( coreKeyStoreSpi, provider, "JKS" ) {};
-            try
+            KeyStore keyStore = null;
+            
+            if ( StringTools.isEmpty( keystoreFile ) )
             {
-                keyStore.load( null, null );
+                Provider provider = Security.getProvider( "SUN" );
+                LOG.debug( "provider = {}", provider );
+                CoreKeyStoreSpi coreKeyStoreSpi = new CoreKeyStoreSpi( getDirectoryService()
);
+                keyStore = new KeyStore( coreKeyStoreSpi, provider, "JKS" ) {};
+                
+                try
+                {
+                    keyStore.load( null, null );
+                }
+                catch ( Exception e )
+                {
+                    // nothing really happens with this keystore
+                }
             }
-            catch ( Exception e )
+            else
             {
-                // nothing really happens with this keystore
+                keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
+                FileInputStream fis = new FileInputStream( keystoreFile );
+                
+                
+                keyStore.load( fis, null );
             }
-            chain = LdapsInitializer.init( keyStore );
+            
+            chain = LdapsInitializer.init( keyStore, certificatePassword );
         }
         else
         {
@@ -1092,4 +1114,42 @@
     {
         this.started = started;
     }
+
+
+    /**
+     * @return The keystore path
+     */
+    public String getKeystoreFile()
+    {
+        return keystoreFile;
+    }
+
+
+    /**
+     * Set the external keystore path
+     * @param keystoreFile The external keystore path
+     */
+    public void setKeystoreFile( String keystoreFile )
+    {
+        this.keystoreFile = keystoreFile;
+    }
+
+
+    /**
+     * @return The certificate passord
+     */
+    public String getCertificatePassword()
+    {
+        return certificatePassword;
+    }
+
+
+    /**
+     * Set the certificate passord.
+     * @param certificatePassword the certificate passord
+     */
+    public void setCertificatePassword( String certificatePassword )
+    {
+        this.certificatePassword = certificatePassword;
+    }
 }

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java?rev=727833&r1=727832&r2=727833&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
Thu Dec 18 14:00:14 2008
@@ -29,6 +29,7 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 
+import org.apache.directory.shared.ldap.util.StringTools;
 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
 import org.apache.mina.core.filterchain.IoFilterChainBuilder;
 import org.apache.mina.filter.ssl.SslFilter;
@@ -44,7 +45,7 @@
  */
 public class LdapsInitializer
 {
-    public static IoFilterChainBuilder init( KeyStore ks ) throws NamingException
+    public static IoFilterChainBuilder init( KeyStore ks, String certificatePassord ) throws
NamingException
     {
         SSLContext sslCtx;
         try
@@ -58,7 +59,15 @@
             }
             
             KeyManagerFactory kmf = KeyManagerFactory.getInstance( algorithm );
-            kmf.init( ks, null );
+            
+            if ( StringTools.isEmpty( certificatePassord ) )
+            {
+                kmf.init( ks, null );
+            }
+            else
+            {
+                kmf.init( ks, certificatePassord.toCharArray() );
+            }
 
             // Initialize the SSLContext to work with our key managers.
             sslCtx = SSLContext.getInstance( "TLS" );



Mime
View raw message