[TEST] Pass a clientSSLContext in LdapTestCase
If we don't explicitly sett the client SSLSocketFactory when creating an InMemoryDirectoryServer and setting its SSL config, it will result in using a TrustAllTrustManager(that extends X509TrustManager) which is not allowed in a FIPS 140 JVM. Instead, we get the SSLSocketFactory from the existing SSLContext and pass that to be used. Resolves #37013
This commit is contained in:
parent
935c2e98b0
commit
44bd7db59e
|
@ -44,6 +44,7 @@ import javax.net.ssl.KeyManager;
|
||||||
import javax.net.ssl.KeyManagerFactory;
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLServerSocketFactory;
|
import javax.net.ssl.SSLServerSocketFactory;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
import javax.net.ssl.X509ExtendedKeyManager;
|
import javax.net.ssl.X509ExtendedKeyManager;
|
||||||
import java.security.AccessController;
|
import java.security.AccessController;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
@ -86,8 +87,9 @@ public abstract class LdapTestCase extends ESTestCase {
|
||||||
X509ExtendedKeyManager keyManager = CertParsingUtils.keyManager(ks, ldapPassword, KeyManagerFactory.getDefaultAlgorithm());
|
X509ExtendedKeyManager keyManager = CertParsingUtils.keyManager(ks, ldapPassword, KeyManagerFactory.getDefaultAlgorithm());
|
||||||
final SSLContext context = SSLContext.getInstance("TLSv1.2");
|
final SSLContext context = SSLContext.getInstance("TLSv1.2");
|
||||||
context.init(new KeyManager[] { keyManager }, null, null);
|
context.init(new KeyManager[] { keyManager }, null, null);
|
||||||
SSLServerSocketFactory socketFactory = context.getServerSocketFactory();
|
SSLServerSocketFactory serverSocketFactory = context.getServerSocketFactory();
|
||||||
listeners.add(InMemoryListenerConfig.createLDAPSConfig("ldaps", socketFactory));
|
SSLSocketFactory clientSocketFactory = context.getSocketFactory();
|
||||||
|
listeners.add(InMemoryListenerConfig.createLDAPSConfig("ldaps", null, 0, serverSocketFactory, clientSocketFactory));
|
||||||
}
|
}
|
||||||
serverConfig.setListenerConfigs(listeners);
|
serverConfig.setListenerConfigs(listeners);
|
||||||
InMemoryDirectoryServer ldapServer = new InMemoryDirectoryServer(serverConfig);
|
InMemoryDirectoryServer ldapServer = new InMemoryDirectoryServer(serverConfig);
|
||||||
|
|
Loading…
Reference in New Issue