Update ApacheDS version; Add possibility to use custom keystore for SSL

.travis.yml

@@ -5,5 +5,6 @@ deploy:
   api_key:
     secure: OuoMQBEXkbBGHkXUfDbNylyL5/MxK8FJ801cWsBaO7pg1gqHGxKdq71DESKjaJTfD6je1UHRrW9WV+miiVse2t1cPbu2ebC9BXvr3b8YkQyiU5OwR3Hm9Gxfez6n504KGuMCoo5mIm3BxUpTsNs2pqybjzHkwi9Du3s/Vm6peraDjqytoOWWw3Ji5cj3IDqFdKMCBw07ferTqzszh8vKFccrZ6cGBUU3LriYIicUzuAfei7/kMnh+CtRkoNIMd5wTR2z2Ti7DP89/4BNYlUIVFi/0V1RERSClube1jxWu5UcYDzgCLa7QwcyGAZxgdbDkq5s0VAw6AveqqIDvPdI6BDG3oJ7Ku5L0UHzajxC2oAJwNGfW/GMTIiuBvJW7I0bVRmuDwvolvCjQbCOO5CN1cOhOQ70tHPJJ6xRdOWMjaN9jgQa0wk1CXkXOgy2pJ0LSClsv9OGrvCIXnYuOKu8kYiazlIyHnzhj3f7B810eVAKsWY/rY/5Nv7pLwqFO3JKxY8tyimlFAvs9xZfWIYuHUj+fY+qIfM6LzQ0coAYi5VosA6jtSwue/mrZOWbcEzYXwpFyKIvb89fXvRH28UEtt9F4lpiYy7KS4rZN2r8OPwundW27nSjulf/hvsr4XIJw+xOiJ/M9lhE+uU5f3CAatHR7/yyOXnKABi6k8R3lL4=
   file: target/ldap-server.jar
+  skip_cleanup: true
   on:
     tags: true

README.md

@@ -76,6 +76,11 @@ Usage: java -jar ldap-server.jar [options] [LDIFs to import]
        takes [sslProtocolName] as argument and enables it for 'ldaps'. Can be
        used multiple times. If the argument is not provided following are used:
        TLSv1, TLSv1.1, TLSv1.2
+    --ssl-keystore-file, -skf
+       takes keystore [filePath] as argument. The keystore should contain
+       privateKey to be used by LDAPs
+    --ssl-keystore-password, -skp
+       takes keystore [password] as argument
     --ssl-need-client-auth, -snc
        enables SSL 'needClientAuth' flag
        Default: false
@@ -91,11 +96,27 @@ Examples:
 $ java -jar ldap-server.jar users.ldif
 Starts LDAP server on port 10389 (all interfaces) and imports users.ldif
 
+$ java -jar ldap-server.jar -sp 10636 users.ldif
+Starts LDAP server on port 10389 and LDAPs on port 10636 and imports the LDIF
+
 $ java -jar ldap-server.jar -b 127.0.0.1 -p 389
 Starts LDAP server on address 127.0.0.1:389 and imports default data (one user
 entry 'uid=jduke,ou=Users,dc=jboss,dc=org'
 ```
 
+#### SSL/TLS
+
+If you want to enable SSL/TLS ('ldaps') and use your own certificate, the generate (or import) the private key into a JKS keystore and provide path to it as argument. 
+
+```bash
+# generate a keypair
+keytool -validity 365 -genkey -alias myserver -keyalg RSA -keystore /tmp/ldaps.keystore -storepass 123456 -keypass 123456 -dname cn=myserver.mycompany.com
+
+# use the generated keypair (-skf) with given password (-skp)
+# We also enable detail SSL debug information by setting javax.net.debug system property.
+java -Djavax.net.debug=all -jar target/ldap-server.jar -sp 1038389 -skf /tmp/ldaps.keystore -skp 123456
+```
+
 ## Default LDIF
 
 ```

pom.xml

@@ -12,7 +12,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<version.org.apache.ds>2.0.0-M20</version.org.apache.ds>
+		<version.org.apache.ds>2.0.0-M24</version.org.apache.ds>
 	</properties>
 
 	<build>

src/main/java/org/jboss/test/ldap/CLIArguments.java

@@ -68,6 +68,12 @@ public class CLIArguments {
     @Parameter(names = { "--ssl-enabled-ciphersuite", "-scs" }, description = "takes [sslCipherSuite] as argument and enables it for 'ldaps'. Can be used multiple times.")
     private List<String> sslCipherSuite;
 
+    @Parameter(names = { "--ssl-keystore-file", "-skf" }, description = "takes keystore [filePath] as argument. The keystore should contain privateKey to be used by LDAPs")
+    private String sslKeystoreFile;
+
+    @Parameter(names = { "--ssl-keystore-password", "-skp" }, description = "takes keystore [password] as argument")
+    private String sslKeystorePassword;
+
     public List<String> getLdifFiles() {
         return ldifFiles;
     }
@@ -108,4 +114,11 @@ public List<String> getSslCipherSuite() {
         return sslCipherSuite;
     }
 
+    public String getSslKeystoreFile() {
+        return sslKeystoreFile;
+    }
+
+    public String getSslKeystorePassword() {
+        return sslKeystorePassword;
+    }
 }

src/main/java/org/jboss/test/ldap/InMemoryDirectoryServiceFactory.java

@@ -24,7 +24,6 @@
 import java.io.IOException;
 import java.util.List;
 
-import org.apache.commons.io.FileUtils;
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.schema.LdapComparator;
 import org.apache.directory.api.ldap.model.schema.SchemaManager;
@@ -33,6 +32,7 @@
 import org.apache.directory.api.ldap.model.schema.registries.SchemaLoader;
 import org.apache.directory.api.ldap.schema.loader.JarLdifSchemaLoader;
 import org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager;
+import org.apache.directory.api.util.FileUtils;
 import org.apache.directory.api.util.exception.Exceptions;
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.DefaultDirectoryService;

src/main/java/org/jboss/test/ldap/LdapServer.java

@@ -22,11 +22,12 @@
 
 import java.util.List;
 
-import org.apache.commons.io.IOUtils;
+//import org.apache.commons.io.IOUtils;
 import org.apache.directory.api.ldap.model.entry.DefaultEntry;
 import org.apache.directory.api.ldap.model.ldif.LdifEntry;
 import org.apache.directory.api.ldap.model.ldif.LdifReader;
 import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.util.IOUtils;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.partition.impl.avl.AvlPartition;
 import org.apache.directory.server.protocol.shared.transport.TcpTransport;
@@ -98,6 +99,9 @@ public LdapServer(CLIArguments cliArguments) throws Exception {
             ldapsTcp.setEnabledCiphers(cliArguments.getSslCipherSuite());
             ldapsTcp.setNeedClientAuth(cliArguments.isSslNeedClientAuth());
             ldapsTcp.setWantClientAuth(cliArguments.isSslWantClientAuth());
+
+            ldapServer.setKeystoreFile(cliArguments.getSslKeystoreFile());
+            ldapServer.setCertificatePassword(cliArguments.getSslKeystorePassword());
             ldapServer.setTransports(tcp, ldapsTcp);
         } else {
             ldapServer.setTransports(tcp);