Fix tests with newer Java 8 releases which require RSA keys with 1024 bit minimum
git-svn-id: https://svn.apache.org/repos/asf/directory/apacheds/trunk@1749199 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java b/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
index e4235ef..9de8a9e 100644
--- a/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
+++ b/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
@@ -301,13 +301,19 @@
}
+ public static void addKeyPair( Entry entry, String issuerDN, String subjectDN, String keyAlgo ) throws LdapException
+ {
+ addKeyPair( entry, issuerDN, subjectDN, keyAlgo, KEY_SIZE );
+ }
+
+
/**
* @see #addKeyPair(org.apache.directory.api.ldap.model.entry.Entry)
*
* TODO the code is duplicate atm, will eliminate this redundancy after finding
* a better thought (an instant one is to call this method from the aboveaddKeyPair(entry) and remove the impl there)
*/
- public static void addKeyPair( Entry entry, String issuerDN, String subjectDN, String keyAlgo )
+ public static void addKeyPair( Entry entry, String issuerDN, String subjectDN, String keyAlgo, int keySize )
throws LdapException
{
Attribute objectClass = entry.get( SchemaConstants.OBJECT_CLASS_AT );
@@ -333,7 +339,7 @@
throw ne;
}
- generator.initialize( KEY_SIZE );
+ generator.initialize( keySize );
KeyPair keypair = generator.genKeyPair();
entry.put( KEY_ALGORITHM_AT, keyAlgo );
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
index 37a1ea2..9942bef 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
@@ -124,7 +124,7 @@
String newSubjectDN = "cn=new_subject_dn";
Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
new Dn( "uid=admin,ou=system" ) );
- TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+ TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
// now update the certificate (over the wire)
ModificationItem[] mods = new ModificationItem[3];
diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
index 2bbecfe..385a09b 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
@@ -176,7 +176,7 @@
String newSubjectDN = "cn=new_subject_dn";
Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
new Dn( "uid=admin,ou=system" ) );
- TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+ TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
// now update the certificate (over the wire)
ModificationItem[] mods = new ModificationItem[3];
diff --git a/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java b/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
index f8b12de..0539b02 100644
--- a/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
+++ b/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
@@ -22,15 +22,24 @@
import java.lang.reflect.Method;
import java.util.UUID;
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.FileUtils;
import org.apache.directory.server.annotations.CreateKdcServer;
import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.changelog.ChangeLog;
import org.apache.directory.server.core.factory.DSAnnotationProcessor;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
import org.apache.directory.server.core.factory.PartitionFactory;
+import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.factory.ServerAnnotationProcessor;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.kdc.KdcServer;
@@ -129,6 +138,8 @@
DSAnnotationProcessor.applyLdifs( getDescription(), directoryService );
}
+ updateTlsKey( classDS );
+
// check if it has a LdapServerBuilder
// then use the DS created above
if ( classLdapServerBuilder != null )
@@ -255,6 +266,8 @@
DSAnnotationProcessor.applyLdifs( methodDescription, methodDS );
directoryService = methodDS;
+
+ updateTlsKey( directoryService );
}
else if ( classDS != null )
{
@@ -442,4 +455,22 @@
dirService.revert( revision );
}
}
+
+
+ private void updateTlsKey( DirectoryService ds ) throws LdapException, LdapInvalidDnException
+ {
+ // Update TLS key for tests. Newer Java 8 releases consider RSA keys
+ // with less than 1024 bits as insecure and such are disabled by default, see
+ // http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html
+ Entry adminEntry = ds.getAdminSession().lookup( new Dn( ServerDNConstants.ADMIN_SYSTEM_DN ) );
+ TlsKeyGenerator.addKeyPair( adminEntry, TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN,
+ TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN, "RSA", 1024 );
+ Modification mod1 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ adminEntry.get( TlsKeyGenerator.PRIVATE_KEY_AT ) );
+ Modification mod2 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ adminEntry.get( TlsKeyGenerator.PUBLIC_KEY_AT ) );
+ Modification mod3 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ adminEntry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ) );
+ ds.getAdminSession().modify( adminEntry.getDn(), mod1, mod2, mod3 );
+ }
}