From 2fff130a186b60a060095468c356ee81fa3b1b9c Mon Sep 17 00:00:00 2001 From: Josef Cacek Date: Mon, 4 Sep 2017 21:37:53 +0200 Subject: [PATCH] Update ApacheDS version; Add possibility to use custom keystore for SSL --- .travis.yml | 1 + README.md | 21 +++++++++++++++++++ pom.xml | 2 +- .../org/jboss/test/ldap/CLIArguments.java | 13 ++++++++++++ .../ldap/InMemoryDirectoryServiceFactory.java | 2 +- .../java/org/jboss/test/ldap/LdapServer.java | 6 +++++- 6 files changed, 42 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index b47e57d..2ea499d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,5 +5,6 @@ deploy: api_key: secure: OuoMQBEXkbBGHkXUfDbNylyL5/MxK8FJ801cWsBaO7pg1gqHGxKdq71DESKjaJTfD6je1UHRrW9WV+miiVse2t1cPbu2ebC9BXvr3b8YkQyiU5OwR3Hm9Gxfez6n504KGuMCoo5mIm3BxUpTsNs2pqybjzHkwi9Du3s/Vm6peraDjqytoOWWw3Ji5cj3IDqFdKMCBw07ferTqzszh8vKFccrZ6cGBUU3LriYIicUzuAfei7/kMnh+CtRkoNIMd5wTR2z2Ti7DP89/4BNYlUIVFi/0V1RERSClube1jxWu5UcYDzgCLa7QwcyGAZxgdbDkq5s0VAw6AveqqIDvPdI6BDG3oJ7Ku5L0UHzajxC2oAJwNGfW/GMTIiuBvJW7I0bVRmuDwvolvCjQbCOO5CN1cOhOQ70tHPJJ6xRdOWMjaN9jgQa0wk1CXkXOgy2pJ0LSClsv9OGrvCIXnYuOKu8kYiazlIyHnzhj3f7B810eVAKsWY/rY/5Nv7pLwqFO3JKxY8tyimlFAvs9xZfWIYuHUj+fY+qIfM6LzQ0coAYi5VosA6jtSwue/mrZOWbcEzYXwpFyKIvb89fXvRH28UEtt9F4lpiYy7KS4rZN2r8OPwundW27nSjulf/hvsr4XIJw+xOiJ/M9lhE+uU5f3CAatHR7/yyOXnKABi6k8R3lL4= file: target/ldap-server.jar + skip_cleanup: true on: tags: true diff --git a/README.md b/README.md index 0320873..8294b79 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,11 @@ Usage: java -jar ldap-server.jar [options] [LDIFs to import] takes [sslProtocolName] as argument and enables it for 'ldaps'. Can be used multiple times. If the argument is not provided following are used: TLSv1, TLSv1.1, TLSv1.2 + --ssl-keystore-file, -skf + takes keystore [filePath] as argument. The keystore should contain + privateKey to be used by LDAPs + --ssl-keystore-password, -skp + takes keystore [password] as argument --ssl-need-client-auth, -snc enables SSL 'needClientAuth' flag Default: false @@ -91,11 +96,27 @@ Examples: $ java -jar ldap-server.jar users.ldif Starts LDAP server on port 10389 (all interfaces) and imports users.ldif +$ java -jar ldap-server.jar -sp 10636 users.ldif +Starts LDAP server on port 10389 and LDAPs on port 10636 and imports the LDIF + $ java -jar ldap-server.jar -b 127.0.0.1 -p 389 Starts LDAP server on address 127.0.0.1:389 and imports default data (one user entry 'uid=jduke,ou=Users,dc=jboss,dc=org' ``` +#### SSL/TLS + +If you want to enable SSL/TLS ('ldaps') and use your own certificate, the generate (or import) the private key into a JKS keystore and provide path to it as argument. + +```bash +# generate a keypair +keytool -validity 365 -genkey -alias myserver -keyalg RSA -keystore /tmp/ldaps.keystore -storepass 123456 -keypass 123456 -dname cn=myserver.mycompany.com + +# use the generated keypair (-skf) with given password (-skp) +# We also enable detail SSL debug information by setting javax.net.debug system property. +java -Djavax.net.debug=all -jar target/ldap-server.jar -sp 1038389 -skf /tmp/ldaps.keystore -skp 123456 +``` + ## Default LDIF ``` diff --git a/pom.xml b/pom.xml index bd72746..8829638 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ UTF-8 - 2.0.0-M20 + 2.0.0-M24 diff --git a/src/main/java/org/jboss/test/ldap/CLIArguments.java b/src/main/java/org/jboss/test/ldap/CLIArguments.java index 6c339fb..f465477 100644 --- a/src/main/java/org/jboss/test/ldap/CLIArguments.java +++ b/src/main/java/org/jboss/test/ldap/CLIArguments.java @@ -68,6 +68,12 @@ public class CLIArguments { @Parameter(names = { "--ssl-enabled-ciphersuite", "-scs" }, description = "takes [sslCipherSuite] as argument and enables it for 'ldaps'. Can be used multiple times.") private List sslCipherSuite; + @Parameter(names = { "--ssl-keystore-file", "-skf" }, description = "takes keystore [filePath] as argument. The keystore should contain privateKey to be used by LDAPs") + private String sslKeystoreFile; + + @Parameter(names = { "--ssl-keystore-password", "-skp" }, description = "takes keystore [password] as argument") + private String sslKeystorePassword; + public List getLdifFiles() { return ldifFiles; } @@ -108,4 +114,11 @@ public List getSslCipherSuite() { return sslCipherSuite; } + public String getSslKeystoreFile() { + return sslKeystoreFile; + } + + public String getSslKeystorePassword() { + return sslKeystorePassword; + } } diff --git a/src/main/java/org/jboss/test/ldap/InMemoryDirectoryServiceFactory.java b/src/main/java/org/jboss/test/ldap/InMemoryDirectoryServiceFactory.java index cca026c..b309dc9 100644 --- a/src/main/java/org/jboss/test/ldap/InMemoryDirectoryServiceFactory.java +++ b/src/main/java/org/jboss/test/ldap/InMemoryDirectoryServiceFactory.java @@ -24,7 +24,6 @@ import java.io.IOException; import java.util.List; -import org.apache.commons.io.FileUtils; import org.apache.directory.api.ldap.model.constants.SchemaConstants; import org.apache.directory.api.ldap.model.schema.LdapComparator; import org.apache.directory.api.ldap.model.schema.SchemaManager; @@ -33,6 +32,7 @@ import org.apache.directory.api.ldap.model.schema.registries.SchemaLoader; import org.apache.directory.api.ldap.schema.loader.JarLdifSchemaLoader; import org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager; +import org.apache.directory.api.util.FileUtils; import org.apache.directory.api.util.exception.Exceptions; import org.apache.directory.server.constants.ServerDNConstants; import org.apache.directory.server.core.DefaultDirectoryService; diff --git a/src/main/java/org/jboss/test/ldap/LdapServer.java b/src/main/java/org/jboss/test/ldap/LdapServer.java index 29eeca2..ff291e4 100644 --- a/src/main/java/org/jboss/test/ldap/LdapServer.java +++ b/src/main/java/org/jboss/test/ldap/LdapServer.java @@ -22,11 +22,12 @@ import java.util.List; -import org.apache.commons.io.IOUtils; +//import org.apache.commons.io.IOUtils; import org.apache.directory.api.ldap.model.entry.DefaultEntry; import org.apache.directory.api.ldap.model.ldif.LdifEntry; import org.apache.directory.api.ldap.model.ldif.LdifReader; import org.apache.directory.api.ldap.model.name.Dn; +import org.apache.directory.api.util.IOUtils; import org.apache.directory.server.core.api.DirectoryService; import org.apache.directory.server.core.partition.impl.avl.AvlPartition; import org.apache.directory.server.protocol.shared.transport.TcpTransport; @@ -98,6 +99,9 @@ public LdapServer(CLIArguments cliArguments) throws Exception { ldapsTcp.setEnabledCiphers(cliArguments.getSslCipherSuite()); ldapsTcp.setNeedClientAuth(cliArguments.isSslNeedClientAuth()); ldapsTcp.setWantClientAuth(cliArguments.isSslWantClientAuth()); + + ldapServer.setKeystoreFile(cliArguments.getSslKeystoreFile()); + ldapServer.setCertificatePassword(cliArguments.getSslKeystorePassword()); ldapServer.setTransports(tcp, ldapsTcp); } else { ldapServer.setTransports(tcp);