mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 68ac83e5 | patch | commit | ignore whitespace
neil_a_wilson
25.33.2006 5097e8d9d7e34bf538b9a7d915bfe6d3819f0d99 
Add a set of certificates for use in testing the server with SSL and StartTLS.
The certificates are valid for 20 years, so we won't need to change them for a
while.  They are self-signed, but there are also trust stores available so that
clients can trust them without needing to resort to blindly trusting all
certificates.  There is a client certificate that is adequate for use with SASL
EXTERNAL.  Both the client and server certificates are available in both JKS
and PKCS#12 formats.

The commands used to generate these certificates are as follows:

$ /usr/java5/bin/keytool -genkey -alias server-cert -keyalg rsa -dname 'CN=OpenDS Test Certificate,O=OpenDS.org' -keystore server.keystore -storepass password -keypass password
$ /usr/java5/bin/keytool -selfcert -alias server-cert -validity 7305 -keystore server.keystore -storepass password

$ /usr/java5/bin/keytool -export -rfc -alias server-cert -file /tmp/server.cert -keystore server.keystore -storepass password
$ /usr/java5/bin/keytool -import -alias server-cert -file /tmp/server.cert -keystore server.truststore -storepass password

$ /usr/java5/bin/keytool -genkey -alias client-cert -keyalg rsa -dname 'CN=Test User,O=Test' -keystore client.keystore -storepass password -keypass password
$ /usr/java5/bin/keytool -selfcert -alias client-cert -validity 7305 -keystore client.keystore -storepass password
$ /usr/java5/bin/keytool -import -alias server-cert -file /tmp/server.cert -keystore client.truststore -storepass password

$ /usr/java5/bin/keytool -export -rfc -alias client-cert -file /tmp/client.cert -keystore client.keystore -storepass password
$ /usr/java5/bin/keytool -import -alias client-cert -file /tmp/client.cert -keystore server.truststore -storepass password
$ /usr/java5/bin/keytool -import -alias client-cert -file /tmp/client.cert -keystore client.truststore -storepass password

$ keytool -importkeystore -srckeystore server.keystore -destkeystore server-cert.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password -srcalias server-cert -destalias server-cert -srckeypass password -destkeypass password
$ keytool -importkeystore -srckeystore client.keystore -destkeystore client-cert.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password -srcalias client-cert -destalias client-cert -srckeypass password -destkeypass password
6 files added
2 files modified
61 ■■■■■ changed files
opends/tests/unit-tests-testng/resource/client-cert.p12 patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/client.keystore patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/client.truststore patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/config-changes.ldif 49 ●●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/server-cert.p12 patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/server.keystore patch | view | raw | blame | history
opends/tests/unit-tests-testng/resource/server.truststore patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java 12 ●●●●● patch | view | raw | blame | history 
 opends/tests/unit-tests-testng/resource/client-cert.p12

Binary files differ



 opends/tests/unit-tests-testng/resource/client.keystore

Binary files differ



 opends/tests/unit-tests-testng/resource/client.truststore

Binary files differ



 opends/tests/unit-tests-testng/resource/config-changes.ldif


@@ -2,6 +2,9 @@


changeType: modify


replace: ds-cfg-listen-port


ds-cfg-listen-port: #ldapport#


-


replace: ds-cfg-allow-start-tls


ds-cfg-allow-start-tls: true




dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config


changeType: modify


@@ -116,3 +119,49 @@


ds-cfg-plugin-type: preOperationModifyDN


ds-cfg-plugin-type: preOperationSearch




dn: cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config


changetype: add


objectClass: top


objectClass: ds-cfg-connection-handler


objectClass: ds-cfg-ldap-connection-handler


cn: LDAPS Connection Handler


ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler


ds-cfg-connection-handler-enabled: true


ds-cfg-listen-address: 0.0.0.0


ds-cfg-listen-port: #ldapsport#


ds-cfg-accept-backlog: 128


ds-cfg-allow-ldapv2: true


ds-cfg-keep-stats: true


ds-cfg-use-tcp-keepalive: true


ds-cfg-use-tcp-nodelay: true


ds-cfg-allow-tcp-reuse-address: true


ds-cfg-send-rejection-notice: true


ds-cfg-max-request-size: 5 megabytes


ds-cfg-num-request-handlers: 2


ds-cfg-allow-start-tls: false


ds-cfg-use-ssl: true


ds-cfg-ssl-client-auth-policy: optional


ds-cfg-ssl-cert-nickname: server-cert




dn: cn=Key Manager Provider,cn=SSL,cn=config


changetype: modify


replace: ds-cfg-key-manager-provider-enabled


ds-cfg-key-manager-provider-enabled: true


-


replace: ds-cfg-key-store-file


ds-cfg-key-store-file: config/server.keystore


-


replace: ds-cfg-key-store-pin


ds-cfg-key-store-pin: password




dn: cn=Trust Manager Provider,cn=SSL,cn=config


changetype: modify


replace: ds-cfg-trust-manager-provider-enabled


ds-cfg-trust-manager-provider-enabled: true


-


replace: ds-cfg-trust-store-file


ds-cfg-trust-store-file: config/server.truststore


-


replace: ds-cfg-trust-store-pin


ds-cfg-trust-store-pin: password






 opends/tests/unit-tests-testng/resource/server-cert.p12

Binary files differ



 opends/tests/unit-tests-testng/resource/server.keystore

Binary files differ



 opends/tests/unit-tests-testng/resource/server.truststore

Binary files differ



 opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java


@@ -156,6 +156,18 @@


                  new File(testConfigDir, "MakeLDIF"));


    copyFile(new File(testResourceDir, "jmxkeystore"),


             new File(testRoot, "jmxkeystore"));


    copyFile(new File(testResourceDir, "server.keystore"),


             new File(testConfigDir, "server.keystore"));


    copyFile(new File(testResourceDir, "server.truststore"),


             new File(testConfigDir, "server.truststore"));


    copyFile(new File(testResourceDir, "client.keystore"),


             new File(testConfigDir, "client.keystore"));


    copyFile(new File(testResourceDir, "client.truststore"),


             new File(testConfigDir, "client.truststore"));


    copyFile(new File(testResourceDir, "server-cert.p12"),


             new File(testConfigDir, "server-cert.p12"));


    copyFile(new File(testResourceDir, "client-cert.p12"),


             new File(testConfigDir, "client-cert.p12"));






    // Make the shell scripts in the bin directory executable, if possible.