From 5097e8d9d7e34bf538b9a7d915bfe6d3819f0d99 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 03:33:02 +0000
Subject: [PATCH] Add a set of certificates for use in testing the server with SSL and StartTLS. The certificates are valid for 20 years, so we won't need to change them for a while. They are self-signed, but there are also trust stores available so that clients can trust them without needing to resort to blindly trusting all certificates. There is a client certificate that is adequate for use with SASL EXTERNAL. Both the client and server certificates are available in both JKS and PKCS#12 formats.
---
opends/tests/unit-tests-testng/resource/client-cert.p12 | 0
opends/tests/unit-tests-testng/resource/server.keystore | 0
opends/tests/unit-tests-testng/resource/server.truststore | 0
opends/tests/unit-tests-testng/resource/client.keystore | 0
opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java | 12 ++++++
opends/tests/unit-tests-testng/resource/client.truststore | 0
opends/tests/unit-tests-testng/resource/config-changes.ldif | 49 ++++++++++++++++++++++++
opends/tests/unit-tests-testng/resource/server-cert.p12 | 0
8 files changed, 61 insertions(+), 0 deletions(-)
diff --git a/opends/tests/unit-tests-testng/resource/client-cert.p12 b/opends/tests/unit-tests-testng/resource/client-cert.p12
new file mode 100644
index 0000000..ffe709e
--- /dev/null
+++ b/opends/tests/unit-tests-testng/resource/client-cert.p12
Binary files differ
diff --git a/opends/tests/unit-tests-testng/resource/client.keystore b/opends/tests/unit-tests-testng/resource/client.keystore
new file mode 100644
index 0000000..8e0d6e1
--- /dev/null
+++ b/opends/tests/unit-tests-testng/resource/client.keystore
Binary files differ
diff --git a/opends/tests/unit-tests-testng/resource/client.truststore b/opends/tests/unit-tests-testng/resource/client.truststore
new file mode 100644
index 0000000..a7223bc
--- /dev/null
+++ b/opends/tests/unit-tests-testng/resource/client.truststore
Binary files differ
diff --git a/opends/tests/unit-tests-testng/resource/config-changes.ldif b/opends/tests/unit-tests-testng/resource/config-changes.ldif
index 3b6c11b..3567d55 100644
--- a/opends/tests/unit-tests-testng/resource/config-changes.ldif
+++ b/opends/tests/unit-tests-testng/resource/config-changes.ldif
@@ -2,6 +2,9 @@
changeType: modify
replace: ds-cfg-listen-port
ds-cfg-listen-port: #ldapport#
+-
+replace: ds-cfg-allow-start-tls
+ds-cfg-allow-start-tls: true
dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config
changeType: modify
@@ -116,3 +119,49 @@
ds-cfg-plugin-type: preOperationModifyDN
ds-cfg-plugin-type: preOperationSearch
+dn: cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config
+changetype: add
+objectClass: top
+objectClass: ds-cfg-connection-handler
+objectClass: ds-cfg-ldap-connection-handler
+cn: LDAPS Connection Handler
+ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler
+ds-cfg-connection-handler-enabled: true
+ds-cfg-listen-address: 0.0.0.0
+ds-cfg-listen-port: #ldapsport#
+ds-cfg-accept-backlog: 128
+ds-cfg-allow-ldapv2: true
+ds-cfg-keep-stats: true
+ds-cfg-use-tcp-keepalive: true
+ds-cfg-use-tcp-nodelay: true
+ds-cfg-allow-tcp-reuse-address: true
+ds-cfg-send-rejection-notice: true
+ds-cfg-max-request-size: 5 megabytes
+ds-cfg-num-request-handlers: 2
+ds-cfg-allow-start-tls: false
+ds-cfg-use-ssl: true
+ds-cfg-ssl-client-auth-policy: optional
+ds-cfg-ssl-cert-nickname: server-cert
+
+dn: cn=Key Manager Provider,cn=SSL,cn=config
+changetype: modify
+replace: ds-cfg-key-manager-provider-enabled
+ds-cfg-key-manager-provider-enabled: true
+-
+replace: ds-cfg-key-store-file
+ds-cfg-key-store-file: config/server.keystore
+-
+replace: ds-cfg-key-store-pin
+ds-cfg-key-store-pin: password
+
+dn: cn=Trust Manager Provider,cn=SSL,cn=config
+changetype: modify
+replace: ds-cfg-trust-manager-provider-enabled
+ds-cfg-trust-manager-provider-enabled: true
+-
+replace: ds-cfg-trust-store-file
+ds-cfg-trust-store-file: config/server.truststore
+-
+replace: ds-cfg-trust-store-pin
+ds-cfg-trust-store-pin: password
+
diff --git a/opends/tests/unit-tests-testng/resource/server-cert.p12 b/opends/tests/unit-tests-testng/resource/server-cert.p12
new file mode 100644
index 0000000..f825b65
--- /dev/null
+++ b/opends/tests/unit-tests-testng/resource/server-cert.p12
Binary files differ
diff --git a/opends/tests/unit-tests-testng/resource/server.keystore b/opends/tests/unit-tests-testng/resource/server.keystore
new file mode 100644
index 0000000..680dc08
--- /dev/null
+++ b/opends/tests/unit-tests-testng/resource/server.keystore
Binary files differ
diff --git a/opends/tests/unit-tests-testng/resource/server.truststore b/opends/tests/unit-tests-testng/resource/server.truststore
new file mode 100644
index 0000000..4590477
--- /dev/null
+++ b/opends/tests/unit-tests-testng/resource/server.truststore
Binary files differ
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java
index 6e48877..952e055 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java
@@ -156,6 +156,18 @@
new File(testConfigDir, "MakeLDIF"));
copyFile(new File(testResourceDir, "jmxkeystore"),
new File(testRoot, "jmxkeystore"));
+ copyFile(new File(testResourceDir, "server.keystore"),
+ new File(testConfigDir, "server.keystore"));
+ copyFile(new File(testResourceDir, "server.truststore"),
+ new File(testConfigDir, "server.truststore"));
+ copyFile(new File(testResourceDir, "client.keystore"),
+ new File(testConfigDir, "client.keystore"));
+ copyFile(new File(testResourceDir, "client.truststore"),
+ new File(testConfigDir, "client.truststore"));
+ copyFile(new File(testResourceDir, "server-cert.p12"),
+ new File(testConfigDir, "server-cert.p12"));
+ copyFile(new File(testResourceDir, "client-cert.p12"),
+ new File(testConfigDir, "client-cert.p12"));
// Make the shell scripts in the bin directory executable, if possible.
--
Gitblit v1.10.0