Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C9E95200BEB for ; Wed, 28 Dec 2016 09:55:51 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C86B6160B2E; Wed, 28 Dec 2016 08:55:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E8F41160B19 for ; Wed, 28 Dec 2016 09:55:50 +0100 (CET) Received: (qmail 66102 invoked by uid 500); 28 Dec 2016 08:55:50 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 66093 invoked by uid 99); 28 Dec 2016 08:55:50 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Dec 2016 08:55:50 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 682D53A03A6 for ; Wed, 28 Dec 2016 08:55:49 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1776247 - in /directory/apacheds/trunk/server-integ/src/test: java/org/apache/directory/server/ssl/ resources/org/apache/directory/server/ssl/ Date: Wed, 28 Dec 2016 08:55:48 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20161228085549.682D53A03A6@svn01-us-west.apache.org> archived-at: Wed, 28 Dec 2016 08:55:52 -0000 Author: elecharny Date: Wed Dec 28 08:55:48 2016 New Revision: 1776247 URL: http://svn.apache.org/viewvc?rev=1776247&view=rev Log: Fixed the certificate and factory to work with Java 8 Added: directory/apacheds/trunk/server-integ/src/test/resources/org/apache/directory/server/ssl/ directory/apacheds/trunk/server-integ/src/test/resources/org/apache/directory/server/ssl/bogus.cert (with props) Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java?rev=1776247&r1=1776246&r2=1776247&view=diff ============================================================================== --- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java (original) +++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java Wed Dec 28 08:55:48 2016 @@ -19,16 +19,15 @@ */ package org.apache.directory.server.ssl; - import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.security.Security; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; - /** * Factory to create a bougus SSLContext. * @@ -36,28 +35,38 @@ import javax.net.ssl.SSLContext; */ public class BogusSSLContextFactory { - /** * Protocol to use. */ - private static final String PROTOCOL = "TLS"; + private static final String PROTOCOL = "TLSv1.2"; + + private static final String KEY_MANAGER_FACTORY_ALGORITHM; + + static { + String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); + + if (algorithm == null) { + algorithm = KeyManagerFactory.getDefaultAlgorithm(); + } + KEY_MANAGER_FACTORY_ALGORITHM = algorithm; + } + /** - * Bougus Server certificate keystore file name. + * Bogus Server certificate keystore file name. */ - private static final String BOGUS_KEYSTORE = "/bogus.cert"; + private static final String BOGUS_KEYSTORE = "bogus.cert"; // NOTE: The keystore was generated using keytool: - // keytool -genkey -alias bogus -keysize 512 -validity 3650 - // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, - // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" - // -keypass boguspw -storepass boguspw -keystore bogus.cert + // keytool -genkey -alias bogus -keysize 2048 -validity 3650 + // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, + // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" + // -keypass boguspw -storepass boguspw -keystore bogus.cert /** * Bougus keystore password. */ - private static final char[] BOGUS_PW = - { 'b', 'o', 'g', 'u', 's', 'p', 'w' }; + private static final char[] BOGUS_PW = { 'b', 'o', 'g', 'u', 's', 'p', 'w' }; private static SSLContext serverInstance = null; @@ -67,48 +76,46 @@ public class BogusSSLContextFactory /** * Get SSLContext singleton. * - * @return SSLContext - * @throws java.security.GeneralSecurityException - * + * @param server A flag to tell if this is a Client or Server instance we want to create + * @return SSLContext The created SSLContext + * @throws GeneralSecurityException If we had an issue creating the SSLContext */ public static SSLContext getInstance( boolean server ) throws GeneralSecurityException { SSLContext retInstance = null; + if ( server ) { - if ( serverInstance == null ) + synchronized ( BogusSSLContextFactory.class ) { - synchronized ( BogusSSLContextFactory.class ) + if ( serverInstance == null ) { - if ( serverInstance == null ) + try + { + serverInstance = createBougusServerSSLContext(); + } + catch ( Exception ioe ) { - try - { - serverInstance = createBougusServerSSLContext(); - } - catch ( Exception ioe ) - { - throw new GeneralSecurityException( "Can't create Server SSLContext:" + ioe ); - } + throw new GeneralSecurityException( "Can't create Server SSLContext:" + ioe ); } } } + retInstance = serverInstance; } else { - if ( clientInstance == null ) + synchronized ( BogusSSLContextFactory.class ) { - synchronized ( BogusSSLContextFactory.class ) + if ( clientInstance == null ) { - if ( clientInstance == null ) - { - clientInstance = createBougusClientSSLContext(); - } + clientInstance = createBougusClientSSLContext(); } } + retInstance = clientInstance; } + return retInstance; } @@ -118,6 +125,7 @@ public class BogusSSLContextFactory // Create keystore KeyStore ks = KeyStore.getInstance( "JKS" ); InputStream in = null; + try { in = BogusSSLContextFactory.class.getResourceAsStream( BOGUS_KEYSTORE ); @@ -153,6 +161,7 @@ public class BogusSSLContextFactory { SSLContext context = SSLContext.getInstance( PROTOCOL ); context.init( null, BogusTrustManagerFactory.X509_MANAGERS, null ); + return context; } Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java?rev=1776247&r1=1776246&r2=1776247&view=diff ============================================================================== --- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java (original) +++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java Wed Dec 28 08:55:48 2016 @@ -20,6 +20,7 @@ package org.apache.directory.server.ssl; +import java.net.Socket; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -27,8 +28,10 @@ import java.security.cert.CertificateExc import java.security.cert.X509Certificate; import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactorySpi; +import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; @@ -45,22 +48,45 @@ class BogusTrustManagerFactory extends T */ static X509Certificate[] lastReceivedServerCertificates; - static final X509TrustManager X509 = new X509TrustManager() - { - public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException - { + static final X509TrustManager X509 = new X509ExtendedTrustManager() { + + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + // Nothing to do } + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + // Nothing to do + } - public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException - { - lastReceivedServerCertificates = x509Certificates; + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; } + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType, Socket socket ) + throws CertificateException { + // Nothing to do + } - public X509Certificate[] getAcceptedIssuers() - { - return new X509Certificate[0]; + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType, SSLEngine engine ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType, Socket socket ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType, SSLEngine engine ) + throws CertificateException { + // Nothing to do } }; Added: directory/apacheds/trunk/server-integ/src/test/resources/org/apache/directory/server/ssl/bogus.cert URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/resources/org/apache/directory/server/ssl/bogus.cert?rev=1776247&view=auto ============================================================================== Binary file - no diff available. Propchange: directory/apacheds/trunk/server-integ/src/test/resources/org/apache/directory/server/ssl/bogus.cert ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream