From c23933a56ed2a7d3cb804e2cf14b78db9bcb6140 Mon Sep 17 00:00:00 2001
From: vharseko <vharseko@openam.org.ru>
Date: Tue, 12 Feb 2019 16:16:55 +0000
Subject: [PATCH] generate selfsigned ssl server cert for SSL tests with not anonymous SSL ciphers
---
opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java | 31 ++++++++++++++++++++++++++++---
1 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java b/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java
index 02486f1..16c7090 100644
--- a/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java
+++ b/opendj-core/src/test/java/org/forgerock/opendj/ldap/LDAPServer.java
@@ -23,6 +23,8 @@
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,6 +33,7 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.security.auth.callback.Callback;
@@ -74,6 +77,9 @@
import com.forgerock.opendj.ldap.controls.AccountUsabilityResponseControl;
import com.forgerock.reactive.ServerConnectionFactoryAdapter;
+import sun.security.tools.keytool.CertAndKeyGen;
+import sun.security.x509.X500Name;
+
/**
* A simple ldap server that manages 1000 entries and used for running
* testcases.
@@ -394,7 +400,7 @@
final IntermediateResponseHandler intermediateResponseHandler,
final LdapResultHandler<R> resultHandler) throws UnsupportedOperationException {
if (request.getOID().equals(StartTLSExtendedRequest.OID)) {
- final SSLEngine engine = sslContext.createSSLEngine();
+ final SSLEngine engine = sslContext.createSSLEngine();
engine.setEnabledCipherSuites(sslContext.getServerSocketFactory().getSupportedCipherSuites());
engine.setNeedClientAuth(false);
engine.setUseClientMode(false);
@@ -404,6 +410,7 @@
}
}
+
@Override
public void handleModify(final Integer context, final ModifyRequest request,
final IntermediateResponseHandler intermediateResponseHandler,
@@ -472,7 +479,7 @@
*/
private final ConcurrentHashMap<Integer, AbandonableRequest> requestsInProgress = new ConcurrentHashMap<>();
- private SSLContext sslContext;
+ private static SSLContext sslContext;
private LDAPServer() {
// Add the root dse first.
@@ -509,6 +516,25 @@
return isRunning;
}
+
+ static {
+ final String password="keypassword";
+ try {
+ CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
+ keyGen.generate(2048);
+ X509Certificate[] chain=new X509Certificate[1];
+ chain[0]=keyGen.getSelfCertificate(new X500Name("CN=localhost"), (long)1*3600);
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+ ks.setKeyEntry("localhost", keyGen.getPrivateKey(),password.toCharArray(), chain);
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(ks, password.toCharArray());
+ sslContext = new SSLContextBuilder().setKeyManager(kmf.getKeyManagers()[0]).getSSLContext();
+ }catch (Exception e) {
+ new RuntimeException("generate self-signed certificate",e);
+ }
+ }
/**
* Starts the server.
*
@@ -518,7 +544,6 @@
if (isRunning) {
return;
}
- sslContext = new SSLContextBuilder().getSSLContext();
listener = new LDAPListener(Collections.singleton(loopbackWithDynamicPort()),
new ServerConnectionFactoryAdapter(Options.defaultOptions().get(LDAP_DECODE_OPTIONS),
getInstance()),
--
Gitblit v1.10.0