From 9da9d983ab1f6567b78f9d7fd7b543844b7d3539 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 03:33:02 +0000
Subject: [PATCH] Add a set of certificates for use in testing the server with SSL and StartTLS. The certificates are valid for 20 years, so we won't need to change them for a while.  They are self-signed, but there are also trust stores available so that clients can trust them without needing to resort to blindly trusting all certificates.  There is a client certificate that is adequate for use with SASL EXTERNAL.  Both the client and server certificates are available in both JKS and PKCS#12 formats.

---
 opendj-sdk/opends/tests/unit-tests-testng/resource/server-cert.p12                        |    0 
 opendj-sdk/opends/tests/unit-tests-testng/resource/client.keystore                        |    0 
 opendj-sdk/opends/tests/unit-tests-testng/resource/server.truststore                      |    0 
 opendj-sdk/opends/tests/unit-tests-testng/resource/client-cert.p12                        |    0 
 opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif                    |   49 ++++++++++++++++++++++++
 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java |   12 ++++++
 opendj-sdk/opends/tests/unit-tests-testng/resource/client.truststore                      |    0 
 opendj-sdk/opends/tests/unit-tests-testng/resource/server.keystore                        |    0 
 8 files changed, 61 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/client-cert.p12 b/opendj-sdk/opends/tests/unit-tests-testng/resource/client-cert.p12
new file mode 100644
index 0000000..ffe709e
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/client-cert.p12
Binary files differ
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/client.keystore b/opendj-sdk/opends/tests/unit-tests-testng/resource/client.keystore
new file mode 100644
index 0000000..8e0d6e1
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/client.keystore
Binary files differ
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/client.truststore b/opendj-sdk/opends/tests/unit-tests-testng/resource/client.truststore
new file mode 100644
index 0000000..a7223bc
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/client.truststore
Binary files differ
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif b/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif
index 3b6c11b..3567d55 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/config-changes.ldif
@@ -2,6 +2,9 @@
 changeType: modify
 replace: ds-cfg-listen-port
 ds-cfg-listen-port: #ldapport#
+-
+replace: ds-cfg-allow-start-tls
+ds-cfg-allow-start-tls: true
 
 dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config
 changeType: modify
@@ -116,3 +119,49 @@
 ds-cfg-plugin-type: preOperationModifyDN
 ds-cfg-plugin-type: preOperationSearch
 
+dn: cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config
+changetype: add
+objectClass: top
+objectClass: ds-cfg-connection-handler
+objectClass: ds-cfg-ldap-connection-handler
+cn: LDAPS Connection Handler
+ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler
+ds-cfg-connection-handler-enabled: true
+ds-cfg-listen-address: 0.0.0.0
+ds-cfg-listen-port: #ldapsport#
+ds-cfg-accept-backlog: 128
+ds-cfg-allow-ldapv2: true
+ds-cfg-keep-stats: true
+ds-cfg-use-tcp-keepalive: true
+ds-cfg-use-tcp-nodelay: true
+ds-cfg-allow-tcp-reuse-address: true
+ds-cfg-send-rejection-notice: true
+ds-cfg-max-request-size: 5 megabytes
+ds-cfg-num-request-handlers: 2
+ds-cfg-allow-start-tls: false
+ds-cfg-use-ssl: true
+ds-cfg-ssl-client-auth-policy: optional
+ds-cfg-ssl-cert-nickname: server-cert
+
+dn: cn=Key Manager Provider,cn=SSL,cn=config
+changetype: modify
+replace: ds-cfg-key-manager-provider-enabled
+ds-cfg-key-manager-provider-enabled: true
+-
+replace: ds-cfg-key-store-file
+ds-cfg-key-store-file: config/server.keystore
+-
+replace: ds-cfg-key-store-pin
+ds-cfg-key-store-pin: password
+
+dn: cn=Trust Manager Provider,cn=SSL,cn=config
+changetype: modify
+replace: ds-cfg-trust-manager-provider-enabled
+ds-cfg-trust-manager-provider-enabled: true
+-
+replace: ds-cfg-trust-store-file
+ds-cfg-trust-store-file: config/server.truststore
+-
+replace: ds-cfg-trust-store-pin
+ds-cfg-trust-store-pin: password
+
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/server-cert.p12 b/opendj-sdk/opends/tests/unit-tests-testng/resource/server-cert.p12
new file mode 100644
index 0000000..f825b65
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/server-cert.p12
Binary files differ
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/server.keystore b/opendj-sdk/opends/tests/unit-tests-testng/resource/server.keystore
new file mode 100644
index 0000000..680dc08
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/server.keystore
Binary files differ
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/resource/server.truststore b/opendj-sdk/opends/tests/unit-tests-testng/resource/server.truststore
new file mode 100644
index 0000000..4590477
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/resource/server.truststore
Binary files differ
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java
index 6e48877..952e055 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/TestCaseUtils.java
@@ -156,6 +156,18 @@
                   new File(testConfigDir, "MakeLDIF"));
     copyFile(new File(testResourceDir, "jmxkeystore"),
              new File(testRoot, "jmxkeystore"));
+    copyFile(new File(testResourceDir, "server.keystore"),
+             new File(testConfigDir, "server.keystore"));
+    copyFile(new File(testResourceDir, "server.truststore"),
+             new File(testConfigDir, "server.truststore"));
+    copyFile(new File(testResourceDir, "client.keystore"),
+             new File(testConfigDir, "client.keystore"));
+    copyFile(new File(testResourceDir, "client.truststore"),
+             new File(testConfigDir, "client.truststore"));
+    copyFile(new File(testResourceDir, "server-cert.p12"),
+             new File(testConfigDir, "server-cert.p12"));
+    copyFile(new File(testResourceDir, "client-cert.p12"),
+             new File(testConfigDir, "client-cert.p12"));
 
 
     // Make the shell scripts in the bin directory executable, if possible.

--
Gitblit v1.10.0