CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work
diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
index 74a6593..75d4d33 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
@@ -203,8 +203,9 @@
if (cert == null) {
// Try to find certificate by search for uid attribute
try {
- String uidAttr = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
- cert = getCertificateForUIDAttr(uidAttr);
+ String filter = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
+ Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
+ return getCert(attr);
} catch (NamingException e) {
// Not found
}
diff --git a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
index 6dfe653..afcaf37 100644
--- a/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
+++ b/services/xkms/xkms-x509-repo-ldap/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
@@ -29,7 +29,7 @@
private String constAttrNamesCSV = "sn";
private String constAttrValuesCSV = "X509 certificate";
private String serviceCertRDNTemplate = "cn=%s,ou=services";
- private String serviceCertUIDTemplate = "cn=%s";
+ private String serviceCertUIDTemplate = "uid=%s";
private String trustedAuthorityFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
private String intermediateFilter = "(objectClass=*)";
private String crlFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
diff --git a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
index 001c2e4..12d7231 100644
--- a/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
+++ b/systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
@@ -106,6 +106,20 @@
}
@Test
+ public void testFindUserCertViaUID() throws URISyntaxException, NamingException, CertificateException {
+ CertificateRepo persistenceManager = createLdapCertificateRepo();
+ X509Certificate cert = persistenceManager.findBySubjectDn("dave");
+ assertNotNull(cert);
+ }
+
+ @Test
+ public void testFindUserCertViaWrongUID() throws URISyntaxException, NamingException, CertificateException {
+ CertificateRepo persistenceManager = createLdapCertificateRepo();
+ X509Certificate cert = persistenceManager.findBySubjectDn("wrong");
+ assertNull("Certificate should be null", cert);
+ }
+
+ @Test
public void testSave() throws Exception {
CertificateRepo persistenceManager = createLdapCertificateRepo();
URL url = this.getClass().getResource("cert1.cer");
@@ -135,8 +149,13 @@
key.setIdentifier(EXPECTED_SERVICE_URI);
persistenceManager.saveCertificate(cert, key);
+ // Search by DN
X509Certificate foundCert = persistenceManager.findByServiceName(EXPECTED_SERVICE_URI);
assertNotNull(foundCert);
+
+ // Search by UID
+ foundCert = persistenceManager.findByServiceName(cert.getSubjectX500Principal().getName());
+ assertNotNull(foundCert);
}
private CertificateRepo createLdapCertificateRepo() throws CertificateException {
