use of com.unboundid.util.ssl.SSLUtil in project cdap by caskdata.
the class ExternalLDAPAuthenticationServerSSLTest method beforeClass.
@BeforeClass
public static void beforeClass() throws Exception {
URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks");
Assert.assertNotNull(certUrl);
String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE;
CConfiguration cConf = CConfiguration.create();
SConfiguration sConf = SConfiguration.create();
cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, "127.0.0.1");
cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true");
cConf.set(Constants.Security.AuthenticationServer.SSL_PORT, "0");
cConf.set(authHandlerConfigBase.concat("useLdaps"), "true");
cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false");
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath());
configuration = cConf;
sConfiguration = sConf;
String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray());
SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager());
ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getByName("127.0.0.1"), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory());
testServer = new ExternalLDAPAuthenticationServerSSLTest();
testServer.setup();
}
use of com.unboundid.util.ssl.SSLUtil in project graylog2-server by Graylog2.
the class UnboundLDAPConnector method connect.
public LDAPConnection connect(LDAPConnectorConfig ldapConfig) throws GeneralSecurityException, LDAPException {
if (ldapConfig.serverList().isEmpty()) {
LOG.warn("Cannot connect with empty server list");
return null;
}
final String[] addresses = ldapConfig.serverList().stream().map(LDAPConnectorConfig.LDAPServer::hostname).toArray(String[]::new);
final int[] ports = ldapConfig.serverList().stream().mapToInt(LDAPConnectorConfig.LDAPServer::port).toArray();
final LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setUseReuseAddress(true);
connectionOptions.setConnectTimeoutMillis(connectionTimeout);
StartTLSExtendedRequest startTLSRequest = null;
SocketFactory socketFactory = null;
if (ldapConfig.transportSecurity() != LDAPTransportSecurity.NONE) {
SSLUtil.setEnabledSSLProtocols(tlsConfiguration.getEnabledTlsProtocols());
final SSLUtil sslUtil;
if (ldapConfig.verifyCertificates()) {
sslUtil = new SSLUtil(trustManagerProvider.create(Arrays.asList(addresses)));
} else {
sslUtil = new SSLUtil(new TrustAllX509TrustManager());
}
if (ldapConfig.transportSecurity() == LDAPTransportSecurity.START_TLS) {
// Use the StartTLS extended operation to secure the connection.
startTLSRequest = new StartTLSExtendedRequest(sslUtil.createSSLContext());
} else if (ldapConfig.transportSecurity() == LDAPTransportSecurity.TLS) {
socketFactory = sslUtil.createSSLSocketFactory();
}
}
final FailoverServerSet serverSet = new FailoverServerSet(addresses, ports, socketFactory, connectionOptions, null, null);
final LDAPConnection connection = serverSet.getConnection();
if (startTLSRequest != null) {
final ExtendedResult startTLSResult = connection.processExtendedOperation(startTLSRequest);
LDAPTestUtils.assertResultCodeEquals(startTLSResult, ResultCode.SUCCESS);
}
if (ldapConfig.systemUsername().isPresent()) {
if (ldapConfig.systemPassword().isSet()) {
final String systemPassword = encryptedValueService.decrypt(ldapConfig.systemPassword());
final BindRequest bindRequest = new SimpleBindRequest(ldapConfig.systemUsername().get(), systemPassword);
connection.bind(bindRequest);
} else {
LOG.warn("System username has been set to <{}> but no system password has been set. Skipping bind request.", ldapConfig.systemUsername().get());
}
}
return connection;
}
use of com.unboundid.util.ssl.SSLUtil in project coprhd-controller by CoprHD.
the class LDAPServer method getInMemoryListenerConfigs.
private List<InMemoryListenerConfig> getInMemoryListenerConfigs() throws LDAPException, IOException, GeneralSecurityException, FileOperationFailedException {
// Creates the ldap configuration of the in memory ldap server.
int ldapPort = this._ldapListenPort != 0 ? this._ldapListenPort : DEFAULT_LDAP_LISTEN_PORT;
InMemoryListenerConfig ldapListenerConfig = InMemoryListenerConfig.createLDAPConfig(_listenerName, ldapPort);
// Creates the ldaps configuration of the in memory ldap server.
int ldapsPort = this._ldapsListenPort != 0 ? this._ldapsListenPort : DEFAULT_LDAPS_LISTEN_PORT;
_log.debug("Ldap port {} and Ldaps port {}", ldapPort, ldapsPort);
InputStream propFile = LDAPServer.class.getResourceAsStream(DEFAULT_LDAP_SERVER_PROPERTIES);
Properties prop = new Properties();
prop.load(propFile);
String keyStorePassword = prop.getProperty("keyStorePassword");
String keyStoreAlias = prop.getProperty("keyStoreAlias");
String keyStoreType = prop.getProperty("keyStoreType");
final SSLUtil serverSSLUtil = new SSLUtil(new KeyStoreKeyManager(createKeystoreFile(), keyStorePassword.toCharArray(), keyStoreType, keyStoreAlias), null);
final SSLUtil clientSSLUtil = new SSLUtil(new TrustAllTrustManager());
String secureListenerName = "Secure_" + _listenerName;
InMemoryListenerConfig ldapsListenerConfig = InMemoryListenerConfig.createLDAPSConfig(secureListenerName, null, ldapsPort, serverSSLUtil.createSSLServerSocketFactory(), clientSSLUtil.createSSLSocketFactory());
_log.info("Listener config {} and secure listener config {}", ldapListenerConfig.getListenerName(), ldapsListenerConfig.getListenerName());
// Adds both ldap and ldaps configuration to the list of listener configs of the
// in memory ldap server.
List<InMemoryListenerConfig> listenerConfigs = new ArrayList<InMemoryListenerConfig>();
listenerConfigs.add(ldapListenerConfig);
listenerConfigs.add(ldapsListenerConfig);
return listenerConfigs;
}
use of com.unboundid.util.ssl.SSLUtil in project oxCore by GluuFederation.
the class LDAPConnectionProvider method init.
/**
* This method is used to create LDAPConnectionPool
*
* @throws NumberFormatException
* @throws LDAPException
* @throws GeneralSecurityException
* @throws EncryptionException
* @throws EncryptionException
*/
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
String serverProp = props.getProperty("servers");
this.servers = serverProp.split(",");
this.addresses = new String[this.servers.length];
this.ports = new int[this.servers.length];
for (int i = 0; i < this.servers.length; i++) {
String str = this.servers[i];
this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
}
BindRequest bindRequest = null;
if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
this.bindDn = null;
this.bindPassword = null;
bindRequest = new SimpleBindRequest();
} else {
this.bindDn = props.getProperty("bindDN");
this.bindPassword = props.getProperty("bindPassword");
bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
}
LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setConnectTimeoutMillis(100 * 1000);
connectionOptions.setAutoReconnect(true);
this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
FailoverServerSet failoverSet;
if (this.useSSL) {
failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
} else {
failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
}
int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
if (this.connectionPool != null) {
this.connectionPool.setCreateIfNecessary(true);
String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
}
}
this.binaryAttributes = new ArrayList<String>();
if (props.containsKey("binaryAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
}
log.debug("Using next binary attributes: " + this.binaryAttributes);
this.supportedLDAPVersion = determineSupportedLdapVersion();
this.subschemaSubentry = determineSubschemaSubentry();
this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
this.creationResultCode = ResultCode.SUCCESS;
}
use of com.unboundid.util.ssl.SSLUtil in project oxCore by GluuFederation.
the class LdapConnectionProvider method init.
/**
* This method is used to create LDAPConnectionPool
*
* @throws NumberFormatException
* @throws LDAPException
* @throws GeneralSecurityException
* @throws EncryptionException
* @throws EncryptionException
*/
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
String serverProp = props.getProperty("servers");
this.servers = serverProp.split(",");
this.addresses = new String[this.servers.length];
this.ports = new int[this.servers.length];
for (int i = 0; i < this.servers.length; i++) {
String str = this.servers[i];
int idx = str.indexOf(":");
if (idx == -1) {
throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
}
this.addresses[i] = str.substring(0, idx).trim();
this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
}
BindRequest bindRequest = null;
if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
this.bindDn = null;
this.bindPassword = null;
bindRequest = new SimpleBindRequest();
} else {
this.bindDn = props.getProperty("bindDN");
this.bindPassword = props.getProperty("bindPassword");
bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
}
LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setConnectTimeoutMillis(100 * 1000);
connectionOptions.setAutoReconnect(true);
this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
SSLUtil sslUtil = null;
FailoverServerSet failoverSet;
if (this.useSSL) {
String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
sslUtil = new SSLUtil(new TrustAllTrustManager());
} else {
TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
sslUtil = new SSLUtil(trustStoreTrustManager);
}
failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
} else {
failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
}
int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
if (this.connectionPool != null) {
this.connectionPool.setCreateIfNecessary(true);
String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
}
}
this.binaryAttributes = new ArrayList<String>();
if (props.containsKey("binaryAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
}
LOG.debug("Using next binary attributes: " + this.binaryAttributes);
this.certificateAttributes = new ArrayList<String>();
if (props.containsKey("certificateAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
}
LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
this.supportedLDAPVersion = determineSupportedLdapVersion();
this.subschemaSubentry = determineSubschemaSubentry();
this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}
Aggregations