[TEST] Pass a clientSSLContext in LdapTestCase
If we don't explicitly sett the client SSLSocketFactory when creating an InMemoryDirectoryServer and setting its SSL config, it will result in using a TrustAllTrustManager(that extends X509TrustManager) which is not allowed in a FIPS 140 JVM. Instead, we get the SSLSocketFactory from the existing SSLContext and pass that to be used. Resolves #37013
This commit is contained in:
parent
935c2e98b0
commit
44bd7db59e
|
@ -44,6 +44,7 @@ import javax.net.ssl.KeyManager;
|
|||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLServerSocketFactory;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.X509ExtendedKeyManager;
|
||||
import java.security.AccessController;
|
||||
import java.security.KeyStore;
|
||||
|
@ -86,8 +87,9 @@ public abstract class LdapTestCase extends ESTestCase {
|
|||
X509ExtendedKeyManager keyManager = CertParsingUtils.keyManager(ks, ldapPassword, KeyManagerFactory.getDefaultAlgorithm());
|
||||
final SSLContext context = SSLContext.getInstance("TLSv1.2");
|
||||
context.init(new KeyManager[] { keyManager }, null, null);
|
||||
SSLServerSocketFactory socketFactory = context.getServerSocketFactory();
|
||||
listeners.add(InMemoryListenerConfig.createLDAPSConfig("ldaps", socketFactory));
|
||||
SSLServerSocketFactory serverSocketFactory = context.getServerSocketFactory();
|
||||
SSLSocketFactory clientSocketFactory = context.getSocketFactory();
|
||||
listeners.add(InMemoryListenerConfig.createLDAPSConfig("ldaps", null, 0, serverSocketFactory, clientSocketFactory));
|
||||
}
|
||||
serverConfig.setListenerConfigs(listeners);
|
||||
InMemoryDirectoryServer ldapServer = new InMemoryDirectoryServer(serverConfig);
|
||||
|
|
Loading…
Reference in New Issue