Merge pull request #42 from apache/DIRSERVER-2328
DIRSERVER-2328 - CreateAuthenticator annotation trust manager improve…
diff --git a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
index 2ceaa6a..0708c63 100644
--- a/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
+++ b/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java
@@ -70,9 +70,9 @@
/** @return The SSL TrustManager FQCN */
- String delegateSslTrustManagerFQCN() default "org.apache.directory.ldap.client.api.NoVerificationTrustManager";
+ String delegateSslTrustManagerFQCN() default "";
/** @return The startTls TrustManager FQCN */
- String delegateTlsTrustManagerFQCN() default "org.apache.directory.ldap.client.api.NoVerificationTrustManager";
+ String delegateTlsTrustManagerFQCN() default "";
}
diff --git a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
index b58e6c5..f9ce77b 100644
--- a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
+++ b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
@@ -22,6 +22,8 @@
import java.net.SocketAddress;
+import javax.net.ssl.TrustManager;
+
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
@@ -30,7 +32,6 @@
import org.apache.directory.api.util.Strings;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.i18n.I18n;
@@ -248,7 +249,21 @@
connectionConfig = new LdapConnectionConfig();
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setLdapPort( delegatePort );
- connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
+ if ( delegateTlsTrustManagerFQCN != null && !"".equals( delegateTlsTrustManagerFQCN ) )
+ {
+ try
+ {
+ Class<?> trustManagerClass = Class.forName( delegateTlsTrustManagerFQCN );
+ TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
+ connectionConfig.setTrustManagers( trustManager );
+ }
+ catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
+ {
+ String message = "Cannot load " + delegateTlsTrustManagerFQCN;
+ LOG.error( message );
+ throw new LdapException( message );
+ }
+ }
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
@@ -260,7 +275,21 @@
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setUseSsl( true );
connectionConfig.setLdapPort( delegatePort );
- connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
+ if ( delegateSslTrustManagerFQCN != null && !"".equals( delegateSslTrustManagerFQCN ) )
+ {
+ try
+ {
+ Class<?> trustManagerClass = Class.forName( delegateSslTrustManagerFQCN );
+ TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
+ connectionConfig.setTrustManagers( trustManager );
+ }
+ catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
+ {
+ String message = "Cannot load " + delegateSslTrustManagerFQCN;
+ LOG.error( message );
+ throw new LdapException( message );
+ }
+ }
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
diff --git a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
index 43d461b..9e7774b 100644
--- a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverSslIT.java
@@ -56,7 +56,9 @@
type = DelegatingAuthenticator.class,
delegatePort = 10201,
delegateSsl = true,
- delegateTls = false) })
+ delegateTls = false,
+ delegateSslTrustManagerFQCN = "org.apache.directory.ldap.client.api.NoVerificationTrustManager"
+ ) })
@ApplyLdifs(
{
// Entry # 1
diff --git a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
index 32bd581..333ea41 100644
--- a/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
+++ b/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthOverTlsIT.java
@@ -56,7 +56,8 @@
type = DelegatingAuthenticator.class,
delegatePort = 10201,
delegateSsl = false,
- delegateTls = true) })
+ delegateTls = true,
+ delegateTlsTrustManagerFQCN = "org.apache.directory.ldap.client.api.NoVerificationTrustManager") })
@ApplyLdifs(
{
// Entry # 1