directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-207 - Fix handling of truststore
Date Sun, 30 Apr 2017 15:03:51 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 52cb9be03 -> fe50baf6f


FC-207 - Fix handling of truststore


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/fe50baf6
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/fe50baf6
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/fe50baf6

Branch: refs/heads/master
Commit: fe50baf6f73499ede86bdaf05ef7b3dd67d3fb93
Parents: 52cb9be
Author: Shawn McKinney <smckinney@apache.org>
Authored: Sun Apr 30 00:51:57 2017 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Sun Apr 30 00:51:57 2017 -0500

----------------------------------------------------------------------
 README-CONFIG.md                                |  2 +-
 build-config.xml                                |  5 +++--
 build.properties.example                        |  2 +-
 config/bootstrap/fortress.properties.src        |  2 +-
 config/fortress.properties.src                  |  2 +-
 slapd.properties.example                        |  2 +-
 .../directory/fortress/core/GlobalIds.java      |  5 ++---
 .../core/ldap/LdapClientTrustStoreManager.java  |  1 -
 .../core/ldap/LdapConnectionProvider.java       | 23 --------------------
 .../directory/fortress/core/rest/RestUtils.java | 22 -------------------
 .../directory/fortress/core/util/Config.java    | 10 ++++-----
 src/test/resources/fortress.properties          |  2 +-
 12 files changed, 16 insertions(+), 62 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/README-CONFIG.md
----------------------------------------------------------------------
diff --git a/README-CONFIG.md b/README-CONFIG.md
index 9d56fa1..2d698b8 100644
--- a/README-CONFIG.md
+++ b/README-CONFIG.md
@@ -82,7 +82,7 @@ The ant config task, **init-fortress-config**, uses the values found within
the
  * fortress.enable.ldap.ssl.debug
  * fortress.trust.store
  * fortress.trust.store.password
- * fortress.trust.store.set.prop
+ * fortress.trust.store.onclasspath
  * fortress.config.realm
  * fortress.config.root
  * fortress.ldap.server.type

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/build-config.xml
----------------------------------------------------------------------
diff --git a/build-config.xml b/build-config.xml
index 1ed12c4..0daea68 100644
--- a/build-config.xml
+++ b/build-config.xml
@@ -329,7 +329,8 @@
          <replace file="${dst.bootstrap.conf}" token="@ENABLE_LDAP_SSL_DEBUG@" value="${enable.ldap.ssl.debug}"/>
          <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE@" value="${trust.store}"/>
          <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE_PW@" value="${trust.store.password}"/>
-         <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE_SET_PROPW@" value="${trust.store.set.prop}"/>
+
+         <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE_ONCLASSPATHW@" value="${trust.store.onclasspath}"/>
 
        <copy file="${src.remote.conf}" tofile="${dst.remote.conf}"/>
          <replace file="${dst.remote.conf}" token="@SUFFIX@" value="${suffix}"/>
@@ -358,7 +359,7 @@
          <replace file="${dst.remote.conf}" token="@ENABLE_LDAP_SSL_DEBUG@" value="${enable.ldap.ssl.debug}"/>
          <replace file="${dst.remote.conf}" token="@TRUST_STORE@" value="${trust.store}"/>
          <replace file="${dst.remote.conf}" token="@TRUST_STORE_PW@" value="${trust.store.password}"/>
-         <replace file="${dst.remote.conf}" token="@TRUST_STORE_SET_PROPW@" value="${trust.store.set.prop}"/>
+         <replace file="${dst.remote.conf}" token="@TRUST_STORE_ONCLASSPATHW@" value="${trust.store.onclasspath}"/>
          <replace file="${dst.remote.conf}" token="@KEY_STORE@" value="${key.store}"/>
          <replace file="${dst.remote.conf}" token="@KEY_STORE_PW@" value="${key.store.password}"/>
          <replace file="${dst.remote.conf}" token="@SERVER_TYPE@" value="${ldap.server.type}"/>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/build.properties.example
----------------------------------------------------------------------
diff --git a/build.properties.example b/build.properties.example
index 23d3282..fb909f0 100644
--- a/build.properties.example
+++ b/build.properties.example
@@ -61,7 +61,7 @@ ldap.port=10389
 # The trust store is picked up off the classpath i.e. fortress-home/config:
 #trust.store=mytruststore
 #trust.store.password=changeit
-#trust.store.set.prop=true
+#trust.store.onclasspath=true
 
 # These are the connection parameters used for LDAP service account:
 root.dn=uid=admin,ou=system

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/config/bootstrap/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/bootstrap/fortress.properties.src b/config/bootstrap/fortress.properties.src
index 05db238..322ebc9 100755
--- a/config/bootstrap/fortress.properties.src
+++ b/config/bootstrap/fortress.properties.src
@@ -26,7 +26,7 @@ enable.ldap.ssl=@ENABLE_LDAP_SSL@
 enable.ldap.ssl.debug=@ENABLE_LDAP_SSL_DEBUG@
 trust.store=@TRUST_STORE@
 trust.store.password=@TRUST_STORE_PW@
-trust.store.set.prop=@TRUST_STORE_SET_PROPW@
+trust.store.onclasspath=@TRUST_STORE_ONCLASSPATHW@
 
 # These credentials are used for read/write access to all nodes under suffix:
 admin.user=@ROOT_DN@

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/config/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/fortress.properties.src b/config/fortress.properties.src
index 6c83415..3a4ffaa 100755
--- a/config/fortress.properties.src
+++ b/config/fortress.properties.src
@@ -34,7 +34,7 @@ enable.ldap.ssl=@ENABLE_LDAP_SSL@
 enable.ldap.ssl.debug=@ENABLE_LDAP_SSL_DEBUG@
 trust.store=@TRUST_STORE@
 trust.store.password=@TRUST_STORE_PW@
-trust.store.set.prop=@TRUST_STORE_SET_PROPW@
+trust.store.onclasspath=@TRUST_STORE_ONCLASSPATHW@
 
 # Used to enable STARTTLS on Connection to LDAP Server
 enable.ldap.starttls=false

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/slapd.properties.example
----------------------------------------------------------------------
diff --git a/slapd.properties.example b/slapd.properties.example
index 8ca4384..142271f 100644
--- a/slapd.properties.example
+++ b/slapd.properties.example
@@ -87,7 +87,7 @@ log.ops=logops bind writes compare
 # The trust store is picked up off the classpath i.e. fortress-home/config:
 #trust.store=mytruststore
 #trust.store.password=changeit
-#trust.store.set.prop=true
+#trust.store.onclasspath=true
 
 # These are needed for slapd startup SSL configuration:
 #ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index acf7a97..0aa24ba 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -441,10 +441,9 @@ public final class GlobalIds
     public static final String ENABLE_LDAP_SSL_DEBUG = "enable.ldap.ssl.debug";
     public static final String TRUST_STORE = "trust.store";
     public static final String TRUST_STORE_PW = "trust.store.password";
-
-
     public static final String TRUST_STORE_ON_CLASSPATH = "trust.store.onclasspath";
-    public static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
+
+    // coordinates to the LDAP server:
     public static final String LDAP_HOST = "host";
     public static final String LDAP_PORT = "port";
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
b/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
index 355321e..70520be 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
@@ -159,7 +159,6 @@ public final class LdapClientTrustStoreManager implements X509TrustManager,
Seri
         CertificateException
     {
         String szTrustStoreOnClasspath = Config.getInstance().getProperty( GlobalIds.TRUST_STORE_ON_CLASSPATH
);
-        LOG.info( CLS_NM + ".getTrustManagers trust.store.onclasspath: {}", szTrustStoreOnClasspath
);
 
         // If false or null, read the truststore from a fully qualified filename.
         if( szTrustStoreOnClasspath != null && szTrustStoreOnClasspath.equalsIgnoreCase(
"false" ))

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
b/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
index d8a30dc..c732813 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
@@ -67,10 +67,7 @@ public class LdapConnectionProvider
     private static final String LDAP_LOG_POOL_MAX = "max.log.conn";
 
     private static final String ENABLE_LDAP_STARTTLS = "enable.ldap.starttls";
-
     private boolean IS_SSL;
-    private boolean IS_SET_TRUST_STORE_PROP;
-    private boolean IS_SSL_DEBUG;
 
     /**
      * The Admin connection pool
@@ -128,14 +125,6 @@ public class LdapConnectionProvider
             Config.getInstance().getProperty( GlobalIds.TRUST_STORE ) != null &&
             Config.getInstance().getProperty( GlobalIds.TRUST_STORE_PW ) != null );
 
-        IS_SET_TRUST_STORE_PROP = ( IS_SSL &&
-            Config.getInstance().getProperty( GlobalIds.SET_TRUST_STORE_PROP ) != null &&
-            Config.getInstance().getProperty( GlobalIds.SET_TRUST_STORE_PROP ).equalsIgnoreCase(
"true" ) );
-
-        IS_SSL_DEBUG = ( ( Config.getInstance().getProperty( GlobalIds.ENABLE_LDAP_SSL_DEBUG
) != null ) && ( Config
-            .getInstance().getProperty( GlobalIds.ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase(
"true" ) ) );
-
-
         String host = Config.getInstance().getProperty( GlobalIds.LDAP_HOST, "localhost"
);
         int port = Config.getInstance().getInt( GlobalIds.LDAP_PORT, 389 );
         int min = Config.getInstance().getInt( GlobalIds.LDAP_ADMIN_POOL_MIN, 1 );
@@ -144,18 +133,6 @@ public class LdapConnectionProvider
         int logmax = Config.getInstance().getInt( LDAP_LOG_POOL_MAX, 10 );
         LOG.info( "LDAP POOL:  host=[{}], port=[{}], min=[{}], max=[{}]", host, port, min,
max );
 
-/*
-        if ( IS_SET_TRUST_STORE_PROP )
-        {
-            LOG.info( "Set JSSE truststore properties in Apache LDAP client:" );
-            LOG.info( "javax.net.ssl.trustStore: {}", Config.getInstance().getProperty( GlobalIds.TRUST_STORE
) );
-            LOG.info( "javax.net.debug: {}", IS_SSL_DEBUG );
-            System.setProperty( "javax.net.ssl.trustStore", Config.getInstance().getProperty(
GlobalIds.TRUST_STORE ) );
-            System.setProperty( "javax.net.ssl.trustStorePassword", Config.getInstance().getProperty(
GlobalIds
-                .TRUST_STORE_PW ) );
-            System.setProperty( "javax.net.debug", Boolean.valueOf( IS_SSL_DEBUG ).toString()
);
-        }
-*/
         LdapConnectionConfig config = new LdapConnectionConfig();
         config.setLdapHost( host );
         config.setLdapPort( port );

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java b/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
index fe8f967..2ed2ce4 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
@@ -81,15 +81,6 @@ public final class RestUtils
     // static member contains this
     private static volatile RestUtils sINSTANCE = null;
 
-    /**
-     * Used to manage trust store properties.  If enabled, create SSL connection.
-     *
-     */
-    private static String trustStoreSetProp = "trust.store.set.prop";
-    private String trustStore;
-    private String trustStorePw;
-    private boolean isTrustStoreSetProp;
-
     // These members contain the http coordinates to a running fortress-rest instance:
     private String httpUid, httpPw, httpHost, httpPort, httpProtocol, fortressRestVersion,
serviceName, uri;
 
@@ -128,22 +119,9 @@ public final class RestUtils
         httpHost = Config.getInstance().getProperty( "http.host" );
         httpPort = Config.getInstance().getProperty( "http.port" );
         httpProtocol = Config.getInstance().getProperty( "http.protocol", "http" );
-        trustStore = Config.getInstance().getProperty( "trust.store" );
-        trustStorePw = Config.getInstance().getProperty( "trust.store.password" );
-        isTrustStoreSetProp = (
-            Config.getInstance().getProperty( trustStoreSetProp ) != null &&
-            Config.getInstance().getProperty( trustStoreSetProp ).equalsIgnoreCase( "true"
) );
         fortressRestVersion = System.getProperty( "version" );
         serviceName = "fortress-rest-" + fortressRestVersion;
         uri = httpProtocol + "://" + httpHost + ":" + httpPort + "/" + serviceName + "/";
-        
-        if ( isTrustStoreSetProp )
-        {
-            LOG.info( "Set JSSE truststore properties:" );
-            LOG.info( "javax.net.ssl.trustStore: {}", trustStore );
-            System.setProperty( "javax.net.ssl.trustStore", trustStore );
-            System.setProperty( "javax.net.ssl.trustStorePassword", trustStorePw );
-        }
     }
 
     private RestUtils(){

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/src/main/java/org/apache/directory/fortress/core/util/Config.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/Config.java b/src/main/java/org/apache/directory/fortress/core/util/Config.java
index 2f43e76..7bcfc9e 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/Config.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/Config.java
@@ -66,7 +66,7 @@ public final class Config
     private static final String EXT_ENABLE_LDAP_SSL_DEBUG = "fortress.enable.ldap.ssl.debug";
     private static final String EXT_TRUST_STORE = "fortress.trust.store";
     private static final String EXT_TRUST_STORE_PW = "fortress.trust.store.password";
-    private static final String EXT_SET_TRUST_STORE_PROP = "fortress.trust.store.set.prop";
+    private static final String EXT_TRUST_STORE_ONCLASSPATH = "fortress.trust.store.onclasspath";
     private static final String EXT_CONFIG_REALM = "fortress.config.realm";
     private static final String EXT_CONFIG_ROOT_DN = "fortress.config.root";
     private static final String EXT_SERVER_TYPE = "fortress.ldap.server.type";
@@ -544,12 +544,12 @@ public final class Config
             LOG.info( "getExternalConfig override name [{}]", GlobalIds.TRUST_STORE_PW );
         }
 
-        // Check to see if the trust store set parameter has been overridden by a system
property:
-        szValue = System.getProperty( EXT_SET_TRUST_STORE_PROP );
+        // Check to see if the trust store onclasspath parameter has been overridden by a
system property:
+        szValue = System.getProperty( EXT_TRUST_STORE_ONCLASSPATH );
         if( StringUtils.isNotEmpty( szValue ))
         {
-            config.setProperty( GlobalIds.SET_TRUST_STORE_PROP, szValue );
-            LOG.info( PREFIX, GlobalIds.SET_TRUST_STORE_PROP, szValue );
+            config.setProperty( GlobalIds.TRUST_STORE_ON_CLASSPATH, szValue );
+            LOG.info( PREFIX, GlobalIds.TRUST_STORE_ON_CLASSPATH, szValue );
         }
 
         // Check to see if the config realm name has been overridden by a system property:

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe50baf6/src/test/resources/fortress.properties
----------------------------------------------------------------------
diff --git a/src/test/resources/fortress.properties b/src/test/resources/fortress.properties
index f5fe7e3..bb83ff4 100644
--- a/src/test/resources/fortress.properties
+++ b/src/test/resources/fortress.properties
@@ -26,7 +26,7 @@ enable.ldap.ssl=false
 enable.ldap.ssl.debug=flase
 trust.store=
 trust.store.password=
-trust.store.set.prop=
+trust.store.onclasspath=
 
 # These credentials are used for read/write access to all nodes under suffix:
 admin.user=uid=admin,ou=system


Mime
View raw message