directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1641402 - in /directory/apacheds/trunk: protocol-ldap/src/main/java/org/apache/directory/server/ldap/ protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/ protocol-ldap/src/main/java/org/apache/directory/server/l...
Date Mon, 24 Nov 2014 14:34:11 GMT
Author: elecharny
Date: Mon Nov 24 14:34:10 2014
New Revision: 1641402

URL: http://svn.apache.org/r1641402
Log:
o Deprecated methods in LdapServer that were managing teh CipherSuite
o Added some missing SSL configuration into the StartTlsHandler class (needClientAuth, wantClientAuth,
enabledProtocols)
o Those parameters are now associated with the TcpTransport, not the LdapServer
o Added the required elements in the TcpTransportBean to manage those extra elements
o Cleaned up some generic
o Added some missing Javadoc

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/request/ExtendedRequestHandler.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
    directory/apacheds/trunk/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java
    directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/transport/TcpTransport.java
    directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/TransportBean.java
    directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif
    directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
Mon Nov 24 14:34:10 2014
@@ -127,8 +127,6 @@ import org.slf4j.MDC;
  */
 public class LdapServer extends DirectoryBackedService
 {
-    private static final long serialVersionUID = 3757127143811666817L;
-
     /** logger for this class */
     private static final Logger LOG = LoggerFactory.getLogger( LdapServer.class );
 
@@ -184,7 +182,8 @@ public class LdapServer extends Director
     private String certificatePassword;
 
     /** The extended operation handlers. */
-    private final Collection<ExtendedOperationHandler> extendedOperationHandlers =
new ArrayList<ExtendedOperationHandler>();
+    private final Collection<ExtendedOperationHandler<? extends ExtendedRequest, ?
extends ExtendedResponse>> extendedOperationHandlers =
+        new ArrayList<ExtendedOperationHandler<? extends ExtendedRequest, ? extends
ExtendedResponse>>();
 
     /** The supported authentication mechanisms. */
     private Map<String, MechanismHandler> saslMechanismHandlers = new HashMap<String,
MechanismHandler>();
@@ -260,6 +259,7 @@ public class LdapServer extends Director
     private int pingerSleepTime;
 
     /** the list of cipher suites to be used in LDAPS and StartTLS */
+    @Deprecated
     private List<String> enabledCipherSuites = new ArrayList<String>();
 
 
@@ -357,8 +357,6 @@ public class LdapServer extends Director
     /**
      * loads the digital certificate either from a keystore file or from the admin entry
in DIT
      */
-    // This will suppress PMD.EmptyCatchBlock warnings in this method
-    @SuppressWarnings("PMD.EmptyCatchBlock")
     public void loadKeyStore() throws Exception
     {
         if ( Strings.isEmpty( keystoreFile ) )
@@ -436,19 +434,34 @@ public class LdapServer extends Director
         loadKeyStore();
 
         String sslFilterName = "sslFilter";
+
         for ( IoFilterChainBuilder chainBuilder : chainBuilders )
         {
             DefaultIoFilterChainBuilder dfcb = ( ( DefaultIoFilterChainBuilder ) chainBuilder
);
+
             if ( dfcb.contains( sslFilterName ) )
             {
+                // Get the TcpTransport
+                TcpTransport tcpTransport = null;
+
+                for ( Transport transport : getTransports() )
+                {
+                    if ( transport instanceof TcpTransport )
+                    {
+                        tcpTransport = ( TcpTransport ) transport;
+                        break;
+                    }
+                }
+
                 DefaultIoFilterChainBuilder newChain = ( DefaultIoFilterChainBuilder ) LdapsInitializer
-                    .init( this );
+                    .init( this, tcpTransport );
                 dfcb.replace( sslFilterName, newChain.get( sslFilterName ) );
                 newChain = null;
             }
         }
 
         StartTlsHandler handler = ( StartTlsHandler ) getExtendedOperationHandler( StartTlsHandler.EXTENSION_OID
);
+
         if ( handler != null )
         {
             handler.setLdapServer( this );
@@ -480,7 +493,7 @@ public class LdapServer extends Director
 
         PartitionNexus nexus = getDirectoryService().getPartitionNexus();
 
-        for ( ExtendedOperationHandler h : extendedOperationHandlers )
+        for ( ExtendedOperationHandler<? extends ExtendedRequest, ? extends ExtendedResponse>
h : extendedOperationHandlers )
         {
             LOG.info( "Added Extended Request Handler: " + h.getOid() );
             h.setLdapServer( this );
@@ -504,7 +517,7 @@ public class LdapServer extends Director
 
             if ( transport.isSSLEnabled() )
             {
-                chain = LdapsInitializer.init( this );
+                chain = LdapsInitializer.init( this, ( TcpTransport ) transport );
             }
             else
             {
@@ -816,7 +829,9 @@ public class LdapServer extends Director
      * @param eoh an extended operation handler
      * @throws Exception on failure to add the handler
      */
-    public void addExtendedOperationHandler( ExtendedOperationHandler eoh ) throws Exception
+    public void addExtendedOperationHandler(
+        ExtendedOperationHandler<? extends ExtendedRequest, ? extends ExtendedResponse>
eoh )
+        throws Exception
     {
         if ( started )
         {
@@ -844,15 +859,17 @@ public class LdapServer extends Director
         //            DefaultPartitionNexus nexus = getDirectoryService().getPartitionNexus();
         //            nexus.unregisterSupportedExtensions( eoh.getExtensionOids() );
 
-        ExtendedOperationHandler handler = null;
-        for ( ExtendedOperationHandler h : extendedOperationHandlers )
+        ExtendedOperationHandler<?, ?> handler = null;
+
+        for ( ExtendedOperationHandler<?, ?> extendedOperationHandler : extendedOperationHandlers
)
         {
-            if ( h.getOid().equals( oid ) )
+            if ( extendedOperationHandler.getOid().equals( oid ) )
             {
-                handler = h;
+                handler = extendedOperationHandler;
                 break;
             }
         }
+
         extendedOperationHandlers.remove( handler );
     }
 
@@ -865,14 +882,14 @@ public class LdapServer extends Director
      * request handler
      * @return the exnteded operation handler
      */
-    public ExtendedOperationHandler<ExtendedRequest, ExtendedResponse>
-        getExtendedOperationHandler( String oid )
+    public ExtendedOperationHandler<? extends ExtendedRequest, ? extends ExtendedResponse>
getExtendedOperationHandler(
+        String oid )
     {
-        for ( ExtendedOperationHandler<ExtendedRequest, ExtendedResponse> h : extendedOperationHandlers
)
+        for ( ExtendedOperationHandler<? extends ExtendedRequest, ? extends ExtendedResponse>
extendedOperationHandler : extendedOperationHandlers )
         {
-            if ( h.getOid().equals( oid ) )
+            if ( extendedOperationHandler.getOid().equals( oid ) )
             {
-                return h;
+                return extendedOperationHandler;
             }
         }
 
@@ -965,9 +982,10 @@ public class LdapServer extends Director
      *
      * @return A collection of {@link ExtendedOperationHandler}s.
      */
-    public Collection<ExtendedOperationHandler> getExtendedOperationHandlers()
+    public Collection<ExtendedOperationHandler<? extends ExtendedRequest, ? extends
ExtendedResponse>> getExtendedOperationHandlers()
     {
-        return new ArrayList<ExtendedOperationHandler>( extendedOperationHandlers );
+        return new ArrayList<ExtendedOperationHandler<? extends ExtendedRequest, ?
extends ExtendedResponse>>(
+            extendedOperationHandlers );
     }
 
 
@@ -976,7 +994,8 @@ public class LdapServer extends Director
      *
      * @param handlers A collection of {@link ExtendedOperationHandler}s.
      */
-    public void setExtendedOperationHandlers( Collection<ExtendedOperationHandler>
handlers )
+    public void setExtendedOperationHandlers(
+        Collection<ExtendedOperationHandler<ExtendedRequest, ExtendedResponse>>
handlers )
     {
         this.extendedOperationHandlers.clear();
         this.extendedOperationHandlers.addAll( handlers );
@@ -1725,9 +1744,13 @@ public class LdapServer extends Director
 
     /**
      * Gives the list of enabled cipher suites
+     * <br>
+     * This method has been deprecated, please set this list in the TcpTransport class
+     * </br>
      * 
-     * @return
+     * @return The list of ciphers that can be used
      */
+    @Deprecated
     public List<String> getEnabledCipherSuites()
     {
         return enabledCipherSuites;
@@ -1736,9 +1759,13 @@ public class LdapServer extends Director
 
     /**
      * Sets the list of cipher suites to be used in LDAPS and StartTLS
+     * <br>
+     * This method has been deprecated, please set this list in the TcpTransport class
+     * </br>
      * 
      * @param enabledCipherSuites if null the default cipher suites will be used
      */
+    @Deprecated
     public void setEnabledCipherSuites( List<String> enabledCipherSuites )
     {
         this.enabledCipherSuites = enabledCipherSuites;

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
Mon Nov 24 14:34:10 2014
@@ -45,6 +45,8 @@ import org.apache.directory.server.i18n.
 import org.apache.directory.server.ldap.ExtendedOperationHandler;
 import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.server.ldap.LdapSession;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.directory.server.protocol.shared.transport.Transport;
 import org.apache.mina.core.filterchain.IoFilterChain;
 import org.apache.mina.filter.ssl.SslFilter;
 import org.slf4j.Logger;
@@ -64,9 +66,20 @@ public class StartTlsHandler implements 
     private static final Set<String> EXTENSION_OIDS;
     private static final Logger LOG = LoggerFactory.getLogger( StartTlsHandler.class );
 
+    /** The SSL Context instance */
     private SSLContext sslContext;
 
-    private List<String> cipherSuites;
+    /** The list of enabled ciphers */
+    private List<String> cipherSuite;
+
+    /** The list of enabled protocols */
+    private List<String> enabledProtocols;
+
+    /** The 'needClientAuth' SSL flag */
+    private boolean needClientAuth;
+
+    /** The 'wantClientAuth' SSL flag */
+    private boolean wantClientAuth;
 
     static
     {
@@ -76,6 +89,9 @@ public class StartTlsHandler implements 
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public void handleExtendedOperation( LdapSession session, ExtendedRequest req ) throws
Exception
     {
         LOG.info( "Handling StartTLS request." );
@@ -87,14 +103,28 @@ public class StartTlsHandler implements 
         {
             sslFilter = new SslFilter( sslContext );
 
-            if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
+            // Set the cipher suite
+            if ( ( cipherSuite != null ) && !cipherSuite.isEmpty() )
             {
-                sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()]
) );
+                sslFilter.setEnabledCipherSuites( cipherSuite.toArray( new String[cipherSuite.size()]
) );
             }
 
-            // Be sure we disable SSLV3
-            sslFilter.setEnabledProtocols( new String[]
-                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+            // Set the enabled protocols, default to no SSLV3
+            if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
+            {
+                sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()]
) );
+            }
+            else
+            {
+                // Default to a lost without SSLV3
+                sslFilter.setEnabledProtocols( new String[]
+                    { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+            }
+
+            // Set the remaining SSL flags
+            sslFilter.setNeedClientAuth( needClientAuth );
+            sslFilter.setWantClientAuth( wantClientAuth );
+
             chain.addFirst( "sslFilter", sslFilter );
         }
         else
@@ -118,18 +148,27 @@ public class StartTlsHandler implements 
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public final Set<String> getExtensionOids()
     {
         return EXTENSION_OIDS;
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public final String getOid()
     {
         return EXTENSION_OID;
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public void setLdapServer( LdapServer ldapServer )
     {
         LOG.debug( "Setting LDAP Service" );
@@ -155,6 +194,23 @@ public class StartTlsHandler implements 
             throw new RuntimeException( I18n.err( I18n.ERR_682 ), e );
         }
 
-        this.cipherSuites = ldapServer.getEnabledCipherSuites();
+        // Get the transport
+        Transport[] transports = ldapServer.getTransports();
+
+        // Check for any SSL parameter
+        for ( Transport transport : transports )
+        {
+            if ( transport instanceof TcpTransport )
+            {
+                TcpTransport tcpTransport = ( TcpTransport ) transport;
+
+                cipherSuite = tcpTransport.getCipherSuite();
+                enabledProtocols = tcpTransport.getEnabledProtocols();
+                needClientAuth = tcpTransport.isNeedClientAuth();
+                wantClientAuth = tcpTransport.isWantClientAuth();
+
+                break;
+            }
+        }
     }
 }

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/request/ExtendedRequestHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/request/ExtendedRequestHandler.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/request/ExtendedRequestHandler.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/request/ExtendedRequestHandler.java
Mon Nov 24 14:34:10 2014
@@ -36,15 +36,16 @@ import org.apache.directory.server.ldap.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public class ExtendedRequestHandler extends LdapRequestHandler<ExtendedRequest>
+public class ExtendedRequestHandler<R extends ExtendedRequest> extends LdapRequestHandler<ExtendedRequest>
 {
     /**
      * {@inheritDoc}
      */
     public void handle( LdapSession session, ExtendedRequest req ) throws Exception
     {
-        ExtendedOperationHandler<ExtendedRequest, ExtendedResponse> handler = getLdapServer()
-            .getExtendedOperationHandler( req.getRequestName() );
+        ExtendedOperationHandler<ExtendedRequest, ExtendedResponse> handler =
+            ( ExtendedOperationHandler<ExtendedRequest, ExtendedResponse> ) getLdapServer()
+                .getExtendedOperationHandler( req.getRequestName() );
 
         if ( handler == null )
         {

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
Mon Nov 24 14:34:10 2014
@@ -30,6 +30,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.server.ldap.LdapServer;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
 import org.apache.mina.core.filterchain.IoFilterChainBuilder;
 import org.apache.mina.filter.ssl.SslFilter;
@@ -44,14 +45,23 @@ import org.apache.mina.filter.ssl.SslFil
  */
 public class LdapsInitializer
 {
-    public static IoFilterChainBuilder init( LdapServer server ) throws LdapException
+    /**
+     * Initialize the LDAPS server.
+     *
+     * @param ldapServer The LDAP server instance
+     * @param transport The TCP transport that contains the SSL configuration
+     * @return A IoFilter chain
+     * @throws LdapException If we had a pb
+     */
+    public static IoFilterChainBuilder init( LdapServer ldapServer, TcpTransport transport
) throws LdapException
     {
         SSLContext sslCtx;
+
         try
         {
             // Initialize the SSLContext to work with our key managers.
             sslCtx = SSLContext.getInstance( "TLS" );
-            sslCtx.init( server.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
+            sslCtx.init( ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
                 { new NoVerificationTrustManager() }, new SecureRandom() );
         }
         catch ( Exception e )
@@ -62,19 +72,34 @@ public class LdapsInitializer
         DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
         SslFilter sslFilter = new SslFilter( sslCtx );
 
-        List<String> cipherSuites = server.getEnabledCipherSuites();
+        // The ciphers
+        List<String> cipherSuites = transport.getCipherSuite();
 
         if ( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
         {
             sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()]
) );
         }
 
-        // Be sure we disable SSLV3
-        sslFilter.setEnabledProtocols( new String[]
-            { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+        // The protocols
+        List<String> enabledProtocols = transport.getEnabledProtocols();
+
+        if ( ( enabledProtocols != null ) && !enabledProtocols.isEmpty() )
+        {
+            sslFilter.setEnabledProtocols( enabledProtocols.toArray( new String[enabledProtocols.size()]
) );
+        }
+        else
+        {
+            // Be sure we disable SSLV3
+            sslFilter.setEnabledProtocols( new String[]
+                { "TLSv1", "TLSv1.1", "TLSv1.2" } );
+        }
+
+        // The remaining SSL parameters
+        sslFilter.setNeedClientAuth( transport.isNeedClientAuth() );
+        sslFilter.setWantClientAuth( transport.isWantClientAuth() );
 
-        sslFilter.setWantClientAuth( true );
         chain.addLast( "sslFilter", sslFilter );
+
         return chain;
     }
 }

Modified: directory/apacheds/trunk/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java
Mon Nov 24 14:34:10 2014
@@ -20,24 +20,26 @@
 package org.apache.directory.server.ldap;
 
 
-import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
-import com.mycila.junit.concurrent.Concurrency;
-import com.mycila.junit.concurrent.ConcurrentJunitRunner;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
+import org.apache.directory.api.ldap.model.message.ExtendedRequest;
+import org.apache.directory.api.ldap.model.message.ExtendedResponse;
 import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
 import org.apache.directory.server.ldap.handlers.sasl.MechanismHandler;
 import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Map;
-import java.util.HashMap;
+import com.mycila.junit.concurrent.Concurrency;
+import com.mycila.junit.concurrent.ConcurrentJunitRunner;
 
 
 /**
@@ -66,7 +68,8 @@ public class LdapServerSettingsTest
     {
         LdapServer server = new LdapServer();
         StartTlsHandler handler = new StartTlsHandler();
-        List<ExtendedOperationHandler> handlers = new ArrayList<ExtendedOperationHandler>();
+        List<ExtendedOperationHandler<ExtendedRequest, ExtendedResponse>> handlers
=
+            new ArrayList<ExtendedOperationHandler<ExtendedRequest, ExtendedResponse>>();
         handlers.add( handler );
         server.setExtendedOperationHandlers( handlers );
         assertEquals( handler, server.getExtendedOperationHandler( handler.getOid() ) );

Modified: directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/transport/TcpTransport.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/transport/TcpTransport.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/transport/TcpTransport.java
(original)
+++ directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/transport/TcpTransport.java
Mon Nov 24 14:34:10 2014
@@ -20,6 +20,7 @@ package org.apache.directory.server.prot
 
 
 import java.net.InetSocketAddress;
+import java.util.List;
 
 import org.apache.mina.core.service.IoAcceptor;
 import org.apache.mina.transport.socket.SocketAcceptor;
@@ -35,6 +36,18 @@ import org.slf4j.LoggerFactory;
  */
 public class TcpTransport extends AbstractTransport
 {
+    /** The SSL 'needClientAuth' flag */
+    private boolean needClientAuth;
+
+    /** The SSL 'wantClientAuth' flag */
+    private boolean wantClientAuth;
+
+    /** The list of enabled protocols */
+    private List<String> enabledProtocols;
+
+    /** The list of enabled ciphers */
+    private List<String> cipherSuite;
+
     /** A logger for this class */
     private static final Logger LOG = LoggerFactory.getLogger( TcpTransport.class );
 
@@ -176,6 +189,86 @@ public class TcpTransport extends Abstra
 
 
     /**
+     * Set the needClientAuth SSL flag
+     *
+     * @param needClientAuth the flag to set
+     */
+    public void setNeedClientAuth( boolean needClientAuth )
+    {
+        this.needClientAuth = needClientAuth;
+    }
+
+
+    /**
+     * @return <code>true</code> if the NeedClientAuth SSL flag is set
+     */
+    public boolean isNeedClientAuth()
+    {
+        return needClientAuth;
+    }
+
+
+    /**
+     * Set the wantClientAuth SSL flag
+     *
+     * @param wantClientAuth the flag to set
+     */
+    public void setWantClientAuth( boolean wantClientAuth )
+    {
+        this.wantClientAuth = wantClientAuth;
+    }
+
+
+    /**
+     * @return <code>true</code> if the WantClientAuth SSL flag is set
+     */
+    public boolean isWantClientAuth()
+    {
+        return wantClientAuth;
+    }
+
+
+    /**
+     * @return The list of enabled protocols
+     */
+    public List<String> getEnabledProtocols()
+    {
+        return enabledProtocols;
+    }
+
+
+    /**
+     * Set the list of enabled protocols
+     *
+     * @param enabledProtocols The list of enabled protocols
+     */
+    public void setEnabledProtocols( List<String> enabledProtocols )
+    {
+        this.enabledProtocols = enabledProtocols;
+    }
+
+
+    /**
+     * @return The list of enabled ciphers
+     */
+    public List<String> getCipherSuite()
+    {
+        return cipherSuite;
+    }
+
+
+    /**
+     * Set the list of enabled ciphers
+     *
+     * @param enabledCiphers The list of enabled ciphers
+     */
+    public void setEnabledCiphers( List<String> cipherSuite )
+    {
+        this.cipherSuite = cipherSuite;
+    }
+
+
+    /**
      * @see Object#toString()
      */
     public String toString()

Modified: directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/TransportBean.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/TransportBean.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/TransportBean.java
(original)
+++ directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/TransportBean.java
Mon Nov 24 14:34:10 2014
@@ -20,6 +20,9 @@
 package org.apache.directory.server.config.beans;
 
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.apache.directory.server.config.ConfigurationElement;
 
 
@@ -60,6 +63,22 @@ public class TransportBean extends AdsBa
     @ConfigurationElement(attributeType = "ads-transportBackLog", isOptional = true, defaultValue
= "50")
     private int transportBackLog = DEFAULT_BACKLOG_NB;
 
+    /** The transport list of enabled ciphers */
+    @ConfigurationElement(attributeType = "ads-enabledCipher", isOptional = true)
+    private List<String> enabledCiphers;
+
+    /** The transport list of enabled protocols */
+    @ConfigurationElement(attributeType = "ads-enabledProtocol", isOptional = true)
+    private List<String> enabledProtocols;
+
+    /** The transport 'need client auth' flag */
+    @ConfigurationElement(attributeType = "ads-needClientAuth", isOptional = true, defaultValue
= "false")
+    private boolean needClientAuth;
+
+    /** The transport 'want client auth' flag */
+    @ConfigurationElement(attributeType = "ads-wantClientAuth", isOptional = true, defaultValue
= "false")
+    private boolean wantClientAuth;
+
 
     /**
      * Create a new TransportBean instance
@@ -184,6 +203,112 @@ public class TransportBean extends AdsBa
 
 
     /**
+     * @param needClientAuth The flag to set when the client authentication is needed
+     */
+    public void setNeedClientAuth( boolean needClientAuth )
+    {
+        this.needClientAuth = needClientAuth;
+    }
+
+
+    /**
+     * @return the needClientAuth flag
+     */
+    public boolean getNeedClientAuth()
+    {
+        return needClientAuth;
+    }
+
+
+    /**
+     * @param wantClientAuth The flag to set when the client authentication is wanted
+     */
+    public void setWantClientAuth( boolean wantClientAuth )
+    {
+        this.wantClientAuth = wantClientAuth;
+    }
+
+
+    /**
+     * @return the wantClientAuth flag
+     */
+    public boolean getWantClientAuth()
+    {
+        return wantClientAuth;
+    }
+
+
+    /**
+     * @return the EnabledCiphers list
+     */
+    public List<String> getEnabledCiphers()
+    {
+        return enabledCiphers;
+    }
+
+
+    /**
+     * @param enabledCiphers the enabledCiphers to set
+     */
+    public void setEnabledCiphers( List<String> enabledCiphers )
+    {
+        this.enabledCiphers = enabledCiphers;
+    }
+
+
+    /**
+     * @param enabledCiphers the enabledCiphers to add
+     */
+    public void addEnabledCiphers( String... enabledCiphers )
+    {
+        if ( this.enabledCiphers == null )
+        {
+            this.enabledCiphers = new ArrayList<String>();
+        }
+
+        for ( String enabledCipher : enabledCiphers )
+        {
+            this.enabledCiphers.add( enabledCipher );
+        }
+    }
+
+
+    /**
+     * @return the enabledProtocols list
+     */
+    public List<String> getEnabledProtocols()
+    {
+        return enabledProtocols;
+    }
+
+
+    /**
+     * @param enabledProtocols the enabledProtocols to set
+     */
+    public void setEnabledProtocols( List<String> enabledProtocols )
+    {
+        this.enabledProtocols = enabledProtocols;
+    }
+
+
+    /**
+     * @param enabledProtocols the enabledProtocols to add
+     */
+    public void addEnabledProtocols( String... enabledProtocols )
+    {
+        if ( this.enabledProtocols == null )
+        {
+            this.enabledProtocols = new ArrayList<String>();
+        }
+
+        for ( String enabledProtocol : enabledProtocols )
+        {
+            this.enabledProtocols.add( enabledProtocol );
+        }
+    }
+
+
+    /**
      * {@inheritDoc}
      */
     public String toString( String tabs )
@@ -206,6 +331,28 @@ public class TransportBean extends AdsBa
         sb.append( tabs ).append( "transport backlog : " ).append( transportBackLog ).append(
'\n' );
         sb.append( tabs ).append( "transport nb threads : " ).append( transportNbThreads
).append( '\n' );
         sb.append( toString( tabs, "SSL enabled", transportEnableSsl ) );
+        sb.append( toString( tabs, "Need Client Auth", needClientAuth ) );
+        sb.append( toString( tabs, "Want Client Auth", wantClientAuth ) );
+
+        if ( ( enabledCiphers != null ) && ( enabledCiphers.size() > 0 ) )
+        {
+            sb.append( tabs ).append( "Enabled Ciphers :\n" );
+
+            for ( String enabledCipher : enabledCiphers )
+            {
+                sb.append( tabs ).append( "    " ).append( enabledCipher ).append( "\n" );
+            }
+        }
+
+        if ( ( enabledProtocols != null ) && ( enabledProtocols.size() > 0 ) )
+        {
+            sb.append( tabs ).append( "  Enabled Protocols :\n" );
+
+            for ( String enabledProtocol : enabledProtocols )
+            {
+                sb.append( tabs ).append( "    " ).append( enabledProtocol ).append( "\n"
);
+            }
+        }
 
         return sb.toString();
     }

Modified: directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif (original)
+++ directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif Mon Nov 24 14:34:10
2014
@@ -64,6 +64,15 @@ ads-systemport: 10636
 ads-transportenablessl: true
 ads-transportaddress: localhost
 ads-transportid: ldaps
+ads-needClientAuth: false
+ads-wantClientAuth: true
+ads-enabledCipher: AAA
+ads-enabledCipher: BBB
+ads-enabledCipher: CCC
+ads-enabledCipher: DDD
+ads-enabledProtocol: TLSv1
+ads-enabledProtocol: TLSv1.1
+ads-enabledProtocol: TLSv1.2
 objectclass: ads-transport
 objectclass: ads-tcpTransport
 objectclass: top

Modified: directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java?rev=1641402&r1=1641401&r2=1641402&view=diff
==============================================================================
--- directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
(original)
+++ directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
Mon Nov 24 14:34:10 2014
@@ -38,6 +38,8 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.ldif.LdifEntry;
 import org.apache.directory.api.ldap.model.ldif.LdifReader;
 import org.apache.directory.api.ldap.model.message.AliasDerefMode;
+import org.apache.directory.api.ldap.model.message.ExtendedRequest;
+import org.apache.directory.api.ldap.model.message.ExtendedResponse;
 import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.api.ldap.model.schema.AttributeType;
 import org.apache.directory.api.ldap.model.schema.SchemaManager;
@@ -555,9 +557,32 @@ public class ServiceBuilder
         transport.setPort( transportBean.getSystemPort() );
         transport.setAddress( transportBean.getTransportAddress() );
         transport.setBackLog( transportBean.getTransportBackLog() );
-        transport.setEnableSSL( transportBean.isTransportEnableSSL() );
         transport.setNbThreads( transportBean.getTransportNbThreads() );
 
+        if ( transport instanceof TcpTransport )
+        {
+            ( ( TcpTransport ) transport ).setEnableSSL( transportBean.isTransportEnableSSL()
);
+
+            if ( ( ( TcpTransport ) transport ).isSSLEnabled() )
+            {
+                ( ( TcpTransport ) transport ).setNeedClientAuth( transportBean.getNeedClientAuth()
);
+                ( ( TcpTransport ) transport ).setWantClientAuth( transportBean.getWantClientAuth()
);
+                List<String> enabledProtocols = transportBean.getEnabledProtocols();
+
+                if ( ( enabledProtocols != null ) && ( enabledProtocols.size() !=
0 ) )
+                {
+                    ( ( TcpTransport ) transport ).setEnabledProtocols( enabledProtocols
);
+                }
+
+                List<String> enabledCiphers = transportBean.getEnabledCiphers();
+
+                if ( ( enabledCiphers != null ) && ( enabledCiphers.size() != 0 )
)
+                {
+                    ( ( TcpTransport ) transport ).setEnabledCiphers( enabledCiphers );
+                }
+            }
+        }
+
         return transport;
     }
 
@@ -1005,12 +1030,6 @@ public class ServiceBuilder
         // Relplication pinger thread sleep time
         ldapServer.setReplPingerSleepTime( ldapServerBean.getReplPingerSleep() );
 
-        // Enabled cipher suites
-        if ( ldapServerBean.getEnabledCipherSuites() != null )
-        {
-            ldapServer.setEnabledCipherSuites( ldapServerBean.getEnabledCipherSuites() );
-        }
-
         // The transports
         Transport[] transports = createTransports( ldapServerBean.getTransports() );
         ldapServer.setTransports( transports );
@@ -1033,7 +1052,8 @@ public class ServiceBuilder
                 try
                 {
                     Class<?> extendedOpClass = Class.forName( extendedpHandlerBean.getExtendedOpHandlerClass()
);
-                    ExtendedOperationHandler<?, ?> extOpHandler = ( ExtendedOperationHandler<?,
?> ) extendedOpClass.newInstance();
+                    ExtendedOperationHandler<ExtendedRequest, ExtendedResponse> extOpHandler
=
+                        ( ExtendedOperationHandler<ExtendedRequest, ExtendedResponse>
) extendedOpClass.newInstance();
                     ldapServer.addExtendedOperationHandler( extOpHandler );
                 }
                 catch ( Exception e )
@@ -1106,7 +1126,7 @@ public class ServiceBuilder
             {
                 continue;
             }
-            
+
             String className = replBean.getReplConsumerImpl();
 
             ReplicationConsumer consumer = null;
@@ -1153,7 +1173,7 @@ public class ServiceBuilder
                 config.setReplUserDn( replBean.getReplUserDn() );
                 config.setReplUserPassword( replBean.getReplUserPassword() );
                 config.setSearchSizeLimit( replBean.getReplSearchSizeLimit() );
-                
+
                 config.setUseTls( replBean.isReplUseTls() );
                 config.setStrictCertVerification( replBean.isReplStrictCertValidation() );
 



Mime
View raw message