commit 561df8bf86b06ddb9881250f2e7f9b224b62a8f9
author Stefan Seelmann <seelmann@apache.org> Sun Jun 19 19:40:30 2016 +0000
committer Stefan Seelmann <seelmann@apache.org> Sun Jun 19 19:40:30 2016 +0000
tree d3bcf2605bcb21b5cf3c96b332ca063acf199ad5
parent 3cd8652a08ee85d08d8aeb9567131354656d82f7

Fix tests with newer Java 8 releases which require RSA keys with 1024 bit minimum

git-svn-id: https://svn.apache.org/repos/asf/directory/apacheds/trunk@1749199 13f79535-47bb-0310-9956-ffa450edef68

core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java

diff --git a/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java b/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
index e4235ef..9de8a9e 100644
--- a/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
+++ b/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
@@ -301,13 +301,19 @@
     }
 
 
+    public static void addKeyPair( Entry entry, String issuerDN, String subjectDN, String keyAlgo ) throws LdapException
+    {
+        addKeyPair( entry, issuerDN, subjectDN, keyAlgo, KEY_SIZE );
+    }
+
+
     /**
      * @see #addKeyPair(org.apache.directory.api.ldap.model.entry.Entry)
      * 
      * TODO the code is duplicate atm, will eliminate this redundancy after finding
      * a better thought (an instant one is to call this method from the aboveaddKeyPair(entry) and remove the impl there)
      */
-    public static void addKeyPair( Entry entry, String issuerDN, String subjectDN, String keyAlgo )
+    public static void addKeyPair( Entry entry, String issuerDN, String subjectDN, String keyAlgo, int keySize )
         throws LdapException
     {
         Attribute objectClass = entry.get( SchemaConstants.OBJECT_CLASS_AT );
@@ -333,7 +339,7 @@
             throw ne;
         }
 
-        generator.initialize( KEY_SIZE );
+        generator.initialize( keySize );
         KeyPair keypair = generator.genKeyPair();
         entry.put( KEY_ALGORITHM_AT, keyAlgo );
 

server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java

diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
index 37a1ea2..9942bef 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsUpdateCertificateIT.java
@@ -124,7 +124,7 @@
         String newSubjectDN = "cn=new_subject_dn";
         Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
             new Dn( "uid=admin,ou=system" ) );
-        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
 
         // now update the certificate (over the wire)
         ModificationItem[] mods = new ModificationItem[3];

server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java

diff --git a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
index 2bbecfe..385a09b 100644
--- a/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsUpdateCertificateIT.java
@@ -176,7 +176,7 @@
         String newSubjectDN = "cn=new_subject_dn";
         Entry entry = getLdapServer().getDirectoryService().getAdminSession().lookup(
             new Dn( "uid=admin,ou=system" ) );
-        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA" );
+        TlsKeyGenerator.addKeyPair( entry, newIssuerDN, newSubjectDN, "RSA", 1024 );
 
         // now update the certificate (over the wire)
         ModificationItem[] mods = new ModificationItem[3];

test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java

diff --git a/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java b/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
index f8b12de..0539b02 100644
--- a/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
+++ b/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java
@@ -22,15 +22,24 @@
 import java.lang.reflect.Method;
 import java.util.UUID;
 
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.util.FileUtils;
 import org.apache.directory.server.annotations.CreateKdcServer;
 import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.changelog.ChangeLog;
 import org.apache.directory.server.core.factory.DSAnnotationProcessor;
 import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
 import org.apache.directory.server.core.factory.DirectoryServiceFactory;
 import org.apache.directory.server.core.factory.PartitionFactory;
+import org.apache.directory.server.core.security.TlsKeyGenerator;
 import org.apache.directory.server.factory.ServerAnnotationProcessor;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
@@ -129,6 +138,8 @@
                 DSAnnotationProcessor.applyLdifs( getDescription(), directoryService );
             }
 
+            updateTlsKey( classDS );
+
             // check if it has a LdapServerBuilder
             // then use the DS created above
             if ( classLdapServerBuilder != null )
@@ -255,6 +266,8 @@
                 DSAnnotationProcessor.applyLdifs( methodDescription, methodDS );
 
                 directoryService = methodDS;
+
+                updateTlsKey( directoryService );
             }
             else if ( classDS != null )
             {
@@ -442,4 +455,22 @@
             dirService.revert( revision );
         }
     }
+
+
+    private void updateTlsKey( DirectoryService ds ) throws LdapException, LdapInvalidDnException
+    {
+        // Update TLS key for tests. Newer Java 8 releases consider RSA keys
+        // with less than 1024 bits as insecure and such are disabled by default, see 
+        // http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html
+        Entry adminEntry = ds.getAdminSession().lookup( new Dn( ServerDNConstants.ADMIN_SYSTEM_DN ) );
+        TlsKeyGenerator.addKeyPair( adminEntry, TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN,
+            TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN, "RSA", 1024 );
+        Modification mod1 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+            adminEntry.get( TlsKeyGenerator.PRIVATE_KEY_AT ) );
+        Modification mod2 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+            adminEntry.get( TlsKeyGenerator.PUBLIC_KEY_AT ) );
+        Modification mod3 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+            adminEntry.get( TlsKeyGenerator.USER_CERTIFICATE_AT ) );
+        ds.getAdminSession().modify( adminEntry.getDn(), mod1, mod2, mod3 );
+    }
 }