[TEST] Pass a clientSSLContext in LdapTestCase

If we don't explicitly sett the client SSLSocketFactory when
creating an InMemoryDirectoryServer and setting its SSL config, it
will result in using a TrustAllTrustManager(that extends
X509TrustManager) which is not allowed in a FIPS 140 JVM.
Instead, we get the SSLSocketFactory from the existing SSLContext
and pass that to be used.

Resolves #37013
This commit is contained in:
Ioannis Kakavas 2018-12-28 11:19:58 +02:00
parent 935c2e98b0
commit 44bd7db59e
1 changed files with 4 additions and 2 deletions

View File

@ -44,6 +44,7 @@ import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import java.security.AccessController;
import java.security.KeyStore;
@ -86,8 +87,9 @@ public abstract class LdapTestCase extends ESTestCase {
X509ExtendedKeyManager keyManager = CertParsingUtils.keyManager(ks, ldapPassword, KeyManagerFactory.getDefaultAlgorithm());
final SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(new KeyManager[] { keyManager }, null, null);
SSLServerSocketFactory socketFactory = context.getServerSocketFactory();
listeners.add(InMemoryListenerConfig.createLDAPSConfig("ldaps", socketFactory));
SSLServerSocketFactory serverSocketFactory = context.getServerSocketFactory();
SSLSocketFactory clientSocketFactory = context.getSocketFactory();
listeners.add(InMemoryListenerConfig.createLDAPSConfig("ldaps", null, 0, serverSocketFactory, clientSocketFactory));
}
serverConfig.setListenerConfigs(listeners);
InMemoryDirectoryServer ldapServer = new InMemoryDirectoryServer(serverConfig);