Search in sources :

Example 1 with SSLUtil

use of com.unboundid.util.ssl.SSLUtil in project cdap by caskdata.

the class ExternalLDAPAuthenticationServerSSLTest method beforeClass.

@BeforeClass
public static void beforeClass() throws Exception {
    URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks");
    Assert.assertNotNull(certUrl);
    String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE;
    CConfiguration cConf = CConfiguration.create();
    SConfiguration sConf = SConfiguration.create();
    cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, "127.0.0.1");
    cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true");
    cConf.set(Constants.Security.AuthenticationServer.SSL_PORT, "0");
    cConf.set(authHandlerConfigBase.concat("useLdaps"), "true");
    cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false");
    sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath());
    configuration = cConf;
    sConfiguration = sConf;
    String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
    KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray());
    SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager());
    ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getByName("127.0.0.1"), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory());
    testServer = new ExternalLDAPAuthenticationServerSSLTest();
    testServer.setup();
}
Also used : KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) SSLUtil(com.unboundid.util.ssl.SSLUtil) SConfiguration(co.cask.cdap.common.conf.SConfiguration) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) CConfiguration(co.cask.cdap.common.conf.CConfiguration) URL(java.net.URL) BeforeClass(org.junit.BeforeClass)

Example 2 with SSLUtil

use of com.unboundid.util.ssl.SSLUtil in project graylog2-server by Graylog2.

the class UnboundLDAPConnector method connect.

public LDAPConnection connect(LDAPConnectorConfig ldapConfig) throws GeneralSecurityException, LDAPException {
    if (ldapConfig.serverList().isEmpty()) {
        LOG.warn("Cannot connect with empty server list");
        return null;
    }
    final String[] addresses = ldapConfig.serverList().stream().map(LDAPConnectorConfig.LDAPServer::hostname).toArray(String[]::new);
    final int[] ports = ldapConfig.serverList().stream().mapToInt(LDAPConnectorConfig.LDAPServer::port).toArray();
    final LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setUseReuseAddress(true);
    connectionOptions.setConnectTimeoutMillis(connectionTimeout);
    StartTLSExtendedRequest startTLSRequest = null;
    SocketFactory socketFactory = null;
    if (ldapConfig.transportSecurity() != LDAPTransportSecurity.NONE) {
        SSLUtil.setEnabledSSLProtocols(tlsConfiguration.getEnabledTlsProtocols());
        final SSLUtil sslUtil;
        if (ldapConfig.verifyCertificates()) {
            sslUtil = new SSLUtil(trustManagerProvider.create(Arrays.asList(addresses)));
        } else {
            sslUtil = new SSLUtil(new TrustAllX509TrustManager());
        }
        if (ldapConfig.transportSecurity() == LDAPTransportSecurity.START_TLS) {
            // Use the StartTLS extended operation to secure the connection.
            startTLSRequest = new StartTLSExtendedRequest(sslUtil.createSSLContext());
        } else if (ldapConfig.transportSecurity() == LDAPTransportSecurity.TLS) {
            socketFactory = sslUtil.createSSLSocketFactory();
        }
    }
    final FailoverServerSet serverSet = new FailoverServerSet(addresses, ports, socketFactory, connectionOptions, null, null);
    final LDAPConnection connection = serverSet.getConnection();
    if (startTLSRequest != null) {
        final ExtendedResult startTLSResult = connection.processExtendedOperation(startTLSRequest);
        LDAPTestUtils.assertResultCodeEquals(startTLSResult, ResultCode.SUCCESS);
    }
    if (ldapConfig.systemUsername().isPresent()) {
        if (ldapConfig.systemPassword().isSet()) {
            final String systemPassword = encryptedValueService.decrypt(ldapConfig.systemPassword());
            final BindRequest bindRequest = new SimpleBindRequest(ldapConfig.systemUsername().get(), systemPassword);
            connection.bind(bindRequest);
        } else {
            LOG.warn("System username has been set to <{}> but no system password has been set. Skipping bind request.", ldapConfig.systemUsername().get());
        }
    }
    return connection;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SocketFactory(javax.net.SocketFactory) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) StaticUtils.toUTF8String(com.unboundid.util.StaticUtils.toUTF8String) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)

Example 3 with SSLUtil

use of com.unboundid.util.ssl.SSLUtil in project coprhd-controller by CoprHD.

the class LDAPServer method getInMemoryListenerConfigs.

private List<InMemoryListenerConfig> getInMemoryListenerConfigs() throws LDAPException, IOException, GeneralSecurityException, FileOperationFailedException {
    // Creates the ldap configuration of the in memory ldap server.
    int ldapPort = this._ldapListenPort != 0 ? this._ldapListenPort : DEFAULT_LDAP_LISTEN_PORT;
    InMemoryListenerConfig ldapListenerConfig = InMemoryListenerConfig.createLDAPConfig(_listenerName, ldapPort);
    // Creates the ldaps configuration of the in memory ldap server.
    int ldapsPort = this._ldapsListenPort != 0 ? this._ldapsListenPort : DEFAULT_LDAPS_LISTEN_PORT;
    _log.debug("Ldap port {} and Ldaps port {}", ldapPort, ldapsPort);
    InputStream propFile = LDAPServer.class.getResourceAsStream(DEFAULT_LDAP_SERVER_PROPERTIES);
    Properties prop = new Properties();
    prop.load(propFile);
    String keyStorePassword = prop.getProperty("keyStorePassword");
    String keyStoreAlias = prop.getProperty("keyStoreAlias");
    String keyStoreType = prop.getProperty("keyStoreType");
    final SSLUtil serverSSLUtil = new SSLUtil(new KeyStoreKeyManager(createKeystoreFile(), keyStorePassword.toCharArray(), keyStoreType, keyStoreAlias), null);
    final SSLUtil clientSSLUtil = new SSLUtil(new TrustAllTrustManager());
    String secureListenerName = "Secure_" + _listenerName;
    InMemoryListenerConfig ldapsListenerConfig = InMemoryListenerConfig.createLDAPSConfig(secureListenerName, null, ldapsPort, serverSSLUtil.createSSLServerSocketFactory(), clientSSLUtil.createSSLSocketFactory());
    _log.info("Listener config {} and secure listener config {}", ldapListenerConfig.getListenerName(), ldapsListenerConfig.getListenerName());
    // Adds both ldap and ldaps configuration to the list of listener configs of the
    // in memory ldap server.
    List<InMemoryListenerConfig> listenerConfigs = new ArrayList<InMemoryListenerConfig>();
    listenerConfigs.add(ldapListenerConfig);
    listenerConfigs.add(ldapsListenerConfig);
    return listenerConfigs;
}
Also used : SSLUtil(com.unboundid.util.ssl.SSLUtil) KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) InMemoryListenerConfig(com.unboundid.ldap.listener.InMemoryListenerConfig) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)

Example 4 with SSLUtil

use of com.unboundid.util.ssl.SSLUtil in project oxCore by GluuFederation.

the class LDAPConnectionProvider method init.

/**
	 * This method is used to create LDAPConnectionPool
	 *
	 * @throws NumberFormatException
	 * @throws LDAPException
	 * @throws GeneralSecurityException
	 * @throws EncryptionException
	 * @throws EncryptionException
	 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    log.debug("Using next binary attributes: " + this.binaryAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)

Example 5 with SSLUtil

use of com.unboundid.util.ssl.SSLUtil in project oxCore by GluuFederation.

the class LdapConnectionProvider method init.

/**
 * This method is used to create LDAPConnectionPool
 *
 * @throws NumberFormatException
 * @throws LDAPException
 * @throws GeneralSecurityException
 * @throws EncryptionException
 * @throws EncryptionException
 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        int idx = str.indexOf(":");
        if (idx == -1) {
            throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
        }
        this.addresses[i] = str.substring(0, idx).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = null;
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
        String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
        String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
        if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
            sslUtil = new SSLUtil(new TrustAllTrustManager());
        } else {
            TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
            sslUtil = new SSLUtil(trustStoreTrustManager);
        }
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary attributes: " + this.binaryAttributes);
    this.certificateAttributes = new ArrayList<String>();
    if (props.containsKey("certificateAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
        this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) InvalidConfigurationException(org.gluu.persist.exception.operation.InvalidConfigurationException)

Aggregations

SSLUtil (com.unboundid.util.ssl.SSLUtil)11 TrustAllTrustManager (com.unboundid.util.ssl.TrustAllTrustManager)7 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)5 LDAPConnectionOptions (com.unboundid.ldap.sdk.LDAPConnectionOptions)4 BindRequest (com.unboundid.ldap.sdk.BindRequest)3 FailoverServerSet (com.unboundid.ldap.sdk.FailoverServerSet)3 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)3 KeyStoreKeyManager (com.unboundid.util.ssl.KeyStoreKeyManager)3 TrustStoreTrustManager (com.unboundid.util.ssl.TrustStoreTrustManager)3 GeneralSecurityException (java.security.GeneralSecurityException)3 ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)2 Modification (com.unboundid.ldap.sdk.Modification)2 StartTLSExtendedRequest (com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)2 SocketFactory (javax.net.SocketFactory)2 Cleanup (lombok.Cleanup)2 SneakyThrows (lombok.SneakyThrows)2 lombok.val (lombok.val)2 BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)2 Credential (org.ldaptive.Credential)2 CConfiguration (co.cask.cdap.common.conf.CConfiguration)1