From 7ae769662b6bd303f22387de93d30a040126926e Mon Sep 17 00:00:00 2001
From: vharseko <vharseko@openam.org.ru>
Date: Tue, 12 Feb 2019 17:11:18 +0000
Subject: [PATCH] Merge pull request #43 from vharseko/master
---
opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/ProtocolCompatibilityTest.java | 24 ++++++------
opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java | 2
opendj-grizzly/pom.xml | 5 ++
opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/SynchronizationMsgTest.java | 6 +-
opendj-grizzly/src/test/java/org/forgerock/opendj/grizzly/ConnectionFactoryTestCase.java | 9 ----
pom.xml | 8 +++-
opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java | 31 ++++++++++++++-
opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/GrizzlyLDAPConnection.java | 2 +
8 files changed, 58 insertions(+), 29 deletions(-)
diff --git a/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java b/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java
index 11255d8..50cce73 100644
--- a/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java
+++ b/opendj-core/src/main/java/org/forgerock/opendj/ldap/SSLContextBuilder.java
@@ -72,7 +72,7 @@
private TrustManager trustManager;
private KeyManager keyManager;
- private String protocol = PROTOCOL_TLS1;
+ private String protocol = PROTOCOL_TLS1_2;
private SecureRandom random;
/** These are mutually exclusive. */
diff --git a/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java b/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java
index 02486f1..16c7090 100644
--- a/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java
+++ b/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java
@@ -23,6 +23,8 @@
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,6 +33,7 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.security.auth.callback.Callback;
@@ -74,6 +77,9 @@
import com.forgerock.opendj.ldap.controls.AccountUsabilityResponseControl;
import com.forgerock.reactive.ServerConnectionFactoryAdapter;
+import sun.security.tools.keytool.CertAndKeyGen;
+import sun.security.x509.X500Name;
+
/**
* A simple ldap server that manages 1000 entries and used for running
* testcases.
@@ -394,7 +400,7 @@
final IntermediateResponseHandler intermediateResponseHandler,
final LdapResultHandler<R> resultHandler) throws UnsupportedOperationException {
if (request.getOID().equals(StartTLSExtendedRequest.OID)) {
- final SSLEngine engine = sslContext.createSSLEngine();
+ final SSLEngine engine = sslContext.createSSLEngine();
engine.setEnabledCipherSuites(sslContext.getServerSocketFactory().getSupportedCipherSuites());
engine.setNeedClientAuth(false);
engine.setUseClientMode(false);
@@ -404,6 +410,7 @@
}
}
+
@Override
public void handleModify(final Integer context, final ModifyRequest request,
final IntermediateResponseHandler intermediateResponseHandler,
@@ -472,7 +479,7 @@
*/
private final ConcurrentHashMap<Integer, AbandonableRequest> requestsInProgress = new ConcurrentHashMap<>();
- private SSLContext sslContext;
+ private static SSLContext sslContext;
private LDAPServer() {
// Add the root dse first.
@@ -509,6 +516,25 @@
return isRunning;
}
+
+ static {
+ final String password="keypassword";
+ try {
+ CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
+ keyGen.generate(2048);
+ X509Certificate[] chain=new X509Certificate[1];
+ chain[0]=keyGen.getSelfCertificate(new X500Name("CN=localhost"), (long)1*3600);
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+ ks.setKeyEntry("localhost", keyGen.getPrivateKey(),password.toCharArray(), chain);
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(ks, password.toCharArray());
+ sslContext = new SSLContextBuilder().setKeyManager(kmf.getKeyManagers()[0]).getSSLContext();
+ }catch (Exception e) {
+ new RuntimeException("generate self-signed certificate",e);
+ }
+ }
/**
* Starts the server.
*
@@ -518,7 +544,6 @@
if (isRunning) {
return;
}
- sslContext = new SSLContextBuilder().getSSLContext();
listener = new LDAPListener(Collections.singleton(loopbackWithDynamicPort()),
new ServerConnectionFactoryAdapter(Options.defaultOptions().get(LDAP_DECODE_OPTIONS),
getInstance()),
diff --git a/opendj-grizzly/pom.xml b/opendj-grizzly/pom.xml
index e01fa74..852b1bc 100644
--- a/opendj-grizzly/pom.xml
+++ b/opendj-grizzly/pom.xml
@@ -75,6 +75,11 @@
<artifactId>forgerock-build-tools</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.testng</groupId>
+ <artifactId>testng</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
diff --git a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/GrizzlyLDAPConnection.java b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/GrizzlyLDAPConnection.java
index a888cc3..6d42dbc 100644
--- a/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/GrizzlyLDAPConnection.java
+++ b/opendj-grizzly/src/main/java/org/forgerock/opendj/grizzly/GrizzlyLDAPConnection.java
@@ -818,8 +818,10 @@
false);
sslEngineConfigurator.setEnabledProtocols(protocols.isEmpty() ? null : protocols
.toArray(new String[protocols.size()]));
+ sslEngineConfigurator.setProtocolConfigured(true);
sslEngineConfigurator.setEnabledCipherSuites(cipherSuites.isEmpty() ? null : cipherSuites
.toArray(new String[cipherSuites.size()]));
+ sslEngineConfigurator.setCipherConfigured(true);
final SSLFilter sslFilter = new SSLFilter(DUMMY_SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
installFilter(sslFilter);
sslFilter.handshake(connection, completionHandler);
diff --git a/opendj-grizzly/src/test/java/org/forgerock/opendj/grizzly/ConnectionFactoryTestCase.java b/opendj-grizzly/src/test/java/org/forgerock/opendj/grizzly/ConnectionFactoryTestCase.java
index 7660605..10cff61 100644
--- a/opendj-grizzly/src/test/java/org/forgerock/opendj/grizzly/ConnectionFactoryTestCase.java
+++ b/opendj-grizzly/src/test/java/org/forgerock/opendj/grizzly/ConnectionFactoryTestCase.java
@@ -176,14 +176,7 @@
final Options startTlsOptions = defaultOptions()
.set(SSL_CONTEXT, sslContext)
.set(SSL_USE_STARTTLS, true)
- .set(SSL_ENABLED_CIPHER_SUITES,
- asList("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
- "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
- "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
- "SSL_DH_anon_WITH_DES_CBC_SHA",
- "SSL_DH_anon_WITH_RC4_128_MD5",
- "TLS_DH_anon_WITH_AES_128_CBC_SHA",
- "TLS_DH_anon_WITH_AES_256_CBC_SHA"));
+ ;
factories[5][0] = new LDAPConnectionFactory(serverAddress.getHostName(),
serverAddress.getPort(),
startTlsOptions);
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/ProtocolCompatibilityTest.java b/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/ProtocolCompatibilityTest.java
index 3592838..3de1005 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/ProtocolCompatibilityTest.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/ProtocolCompatibilityTest.java
@@ -245,8 +245,8 @@
AddOperationBasis genAddOpBasis = (AddOperationBasis) generatedOperation;
assertEquals(addOpBasis.getRawEntryDN(), genAddOpBasis.getRawEntryDN());
- assertEquals( addOpBasis.getAttachment(SYNCHROCONTEXT),
- genAddOpBasis.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object) addOpBasis.getAttachment(SYNCHROCONTEXT),
+ (Object)genAddOpBasis.getAttachment(SYNCHROCONTEXT));
assertEquals(addOpBasis.getObjectClasses(), genAddOpBasis.getObjectClasses());
assertEquals(addOpBasis.getOperationalAttributes(), genAddOpBasis.getOperationalAttributes());
assertEquals(addOpBasis.getUserAttributes(), genAddOpBasis.getUserAttributes());
@@ -293,8 +293,8 @@
genAddOpBasis = (AddOperationBasis) generatedOperation;
assertEquals(addOpBasis.getRawEntryDN(), genAddOpBasis.getRawEntryDN());
- assertEquals( addOpBasis.getAttachment(SYNCHROCONTEXT),
- genAddOpBasis.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object) addOpBasis.getAttachment(SYNCHROCONTEXT),
+ (Object)genAddOpBasis.getAttachment(SYNCHROCONTEXT));
assertEquals(addOpBasis.getObjectClasses(), genAddOpBasis.getObjectClasses());
assertEquals(addOpBasis.getOperationalAttributes(), genAddOpBasis.getOperationalAttributes());
assertEquals(addOpBasis.getUserAttributes(), genAddOpBasis.getUserAttributes());
@@ -546,8 +546,8 @@
ModifyOperationBasis genModOpBasisFromV1 = (ModifyOperationBasis) opFromV1;
assertEquals(modOpBasisFromOrigVlast.getRawEntryDN(), genModOpBasisFromV1.getRawEntryDN());
- assertEquals( modOpBasisFromOrigVlast.getAttachment(SYNCHROCONTEXT),
- genModOpBasisFromV1.getAttachment(SYNCHROCONTEXT));
+ assertEquals( (Object)modOpBasisFromOrigVlast.getAttachment(SYNCHROCONTEXT),
+ (Object)genModOpBasisFromV1.getAttachment(SYNCHROCONTEXT));
List<Modification> modsvlast = modOpBasisFromOrigVlast.getModifications();
List<Modification> modsv1 = genModOpBasisFromV1.getModifications();
@@ -595,8 +595,8 @@
assertEquals(modOpBasisFromOrigVlast.getRawEntryDN(),
modOpBasisFromGeneratedVlast.getRawEntryDN());
- assertEquals( modOpBasisFromOrigVlast.getAttachment(SYNCHROCONTEXT),
- modOpBasisFromGeneratedVlast.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object) modOpBasisFromOrigVlast.getAttachment(SYNCHROCONTEXT),
+ (Object)modOpBasisFromGeneratedVlast.getAttachment(SYNCHROCONTEXT));
assertEquals(modOpBasisFromOrigVlast.getModifications(),
modOpBasisFromGeneratedVlast.getModifications());
}
@@ -719,8 +719,8 @@
ModifyDNOperationBasis genModDnOpBasis = (ModifyDNOperationBasis) generatedOperation;
assertEquals(modDnOpBasis.getRawEntryDN(), genModDnOpBasis.getRawEntryDN());
- assertEquals( modDnOpBasis.getAttachment(SYNCHROCONTEXT),
- genModDnOpBasis.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object) modDnOpBasis.getAttachment(SYNCHROCONTEXT),
+ (Object)genModDnOpBasis.getAttachment(SYNCHROCONTEXT));
// Check default value for only VLAST fields
assertEquals(newMsg.getAssuredMode(), AssuredMode.SAFE_DATA_MODE);
@@ -770,8 +770,8 @@
genModDnOpBasis = (ModifyDNOperationBasis) generatedOperation;
assertEquals(modDnOpBasis.getRawEntryDN(), genModDnOpBasis.getRawEntryDN());
- assertEquals( modDnOpBasis.getAttachment(SYNCHROCONTEXT),
- genModDnOpBasis.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object) modDnOpBasis.getAttachment(SYNCHROCONTEXT),
+ (Object)genModDnOpBasis.getAttachment(SYNCHROCONTEXT));
assertEquals(modDnOpBasis.getModifications(), genModDnOpBasis.getModifications());
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/SynchronizationMsgTest.java b/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/SynchronizationMsgTest.java
index 0b3e756..bdced44 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/SynchronizationMsgTest.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/replication/protocol/SynchronizationMsgTest.java
@@ -190,8 +190,8 @@
ModifyOperation mod2 = (ModifyOperation) generatedMsg.createOperation(conn);
assertEquals(mod1.getRawEntryDN(), mod2.getRawEntryDN());
- assertEquals(mod1.getAttachment(SYNCHROCONTEXT),
- mod2.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object)mod1.getAttachment(SYNCHROCONTEXT),
+ (Object)mod2.getAttachment(SYNCHROCONTEXT));
assertEquals(mod1.getModifications(), mod2.getModifications());
}
@@ -494,7 +494,7 @@
AddOperation genAddOp = generatedMsg.createOperation(conn, dn);
assertEquals(addOp.getRawEntryDN(), genAddOp.getRawEntryDN());
- assertEquals(addOp.getAttachment(SYNCHROCONTEXT), genAddOp.getAttachment(SYNCHROCONTEXT));
+ assertEquals((Object)addOp.getAttachment(SYNCHROCONTEXT), (Object)genAddOp.getAttachment(SYNCHROCONTEXT));
assertEquals(addOp.getObjectClasses(), genAddOp.getObjectClasses());
assertEquals(addOp.getOperationalAttributes(), genAddOp.getOperationalAttributes());
assertEquals(addOp.getUserAttributes(), genAddOp.getUserAttributes());
diff --git a/pom.xml b/pom.xml
index ce7bf1b..4349503 100644
--- a/pom.xml
+++ b/pom.xml
@@ -336,8 +336,12 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
+ <fork>true</fork>
+ <compilerArgs>
+ <arg>-XDignore.symbol.file</arg>
+ </compilerArgs>
</configuration>
</plugin>
--
Gitblit v1.10.0