use of com.unboundid.util.ssl.TrustAllTrustManager in project coprhd-controller by CoprHD.
the class LDAPServer method getInMemoryListenerConfigs.
private List<InMemoryListenerConfig> getInMemoryListenerConfigs() throws LDAPException, IOException, GeneralSecurityException, FileOperationFailedException {
// Creates the ldap configuration of the in memory ldap server.
int ldapPort = this._ldapListenPort != 0 ? this._ldapListenPort : DEFAULT_LDAP_LISTEN_PORT;
InMemoryListenerConfig ldapListenerConfig = InMemoryListenerConfig.createLDAPConfig(_listenerName, ldapPort);
// Creates the ldaps configuration of the in memory ldap server.
int ldapsPort = this._ldapsListenPort != 0 ? this._ldapsListenPort : DEFAULT_LDAPS_LISTEN_PORT;
_log.debug("Ldap port {} and Ldaps port {}", ldapPort, ldapsPort);
InputStream propFile = LDAPServer.class.getResourceAsStream(DEFAULT_LDAP_SERVER_PROPERTIES);
Properties prop = new Properties();
prop.load(propFile);
String keyStorePassword = prop.getProperty("keyStorePassword");
String keyStoreAlias = prop.getProperty("keyStoreAlias");
String keyStoreType = prop.getProperty("keyStoreType");
final SSLUtil serverSSLUtil = new SSLUtil(new KeyStoreKeyManager(createKeystoreFile(), keyStorePassword.toCharArray(), keyStoreType, keyStoreAlias), null);
final SSLUtil clientSSLUtil = new SSLUtil(new TrustAllTrustManager());
String secureListenerName = "Secure_" + _listenerName;
InMemoryListenerConfig ldapsListenerConfig = InMemoryListenerConfig.createLDAPSConfig(secureListenerName, null, ldapsPort, serverSSLUtil.createSSLServerSocketFactory(), clientSSLUtil.createSSLSocketFactory());
_log.info("Listener config {} and secure listener config {}", ldapListenerConfig.getListenerName(), ldapsListenerConfig.getListenerName());
// Adds both ldap and ldaps configuration to the list of listener configs of the
// in memory ldap server.
List<InMemoryListenerConfig> listenerConfigs = new ArrayList<InMemoryListenerConfig>();
listenerConfigs.add(ldapListenerConfig);
listenerConfigs.add(ldapsListenerConfig);
return listenerConfigs;
}
use of com.unboundid.util.ssl.TrustAllTrustManager in project cdap by caskdata.
the class ExternalLDAPAuthenticationServerSSLTest method beforeClass.
@BeforeClass
public static void beforeClass() throws Exception {
URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks");
Assert.assertNotNull(certUrl);
String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE;
CConfiguration cConf = CConfiguration.create();
SConfiguration sConf = SConfiguration.create();
cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, "127.0.0.1");
cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true");
cConf.set(Constants.Security.AuthenticationServer.SSL_PORT, "0");
cConf.set(authHandlerConfigBase.concat("useLdaps"), "true");
cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false");
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath());
configuration = cConf;
sConfiguration = sConf;
String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray());
SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager());
ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getByName("127.0.0.1"), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory());
testServer = new ExternalLDAPAuthenticationServerSSLTest();
testServer.setup();
}
use of com.unboundid.util.ssl.TrustAllTrustManager in project oxCore by GluuFederation.
the class LDAPConnectionProvider method init.
/**
* This method is used to create LDAPConnectionPool
*
* @throws NumberFormatException
* @throws LDAPException
* @throws GeneralSecurityException
* @throws EncryptionException
* @throws EncryptionException
*/
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
String serverProp = props.getProperty("servers");
this.servers = serverProp.split(",");
this.addresses = new String[this.servers.length];
this.ports = new int[this.servers.length];
for (int i = 0; i < this.servers.length; i++) {
String str = this.servers[i];
this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
}
BindRequest bindRequest = null;
if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
this.bindDn = null;
this.bindPassword = null;
bindRequest = new SimpleBindRequest();
} else {
this.bindDn = props.getProperty("bindDN");
this.bindPassword = props.getProperty("bindPassword");
bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
}
LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setConnectTimeoutMillis(100 * 1000);
connectionOptions.setAutoReconnect(true);
this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
FailoverServerSet failoverSet;
if (this.useSSL) {
failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
} else {
failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
}
int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
if (this.connectionPool != null) {
this.connectionPool.setCreateIfNecessary(true);
String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
}
}
this.binaryAttributes = new ArrayList<String>();
if (props.containsKey("binaryAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
}
log.debug("Using next binary attributes: " + this.binaryAttributes);
this.supportedLDAPVersion = determineSupportedLdapVersion();
this.subschemaSubentry = determineSubschemaSubentry();
this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
this.creationResultCode = ResultCode.SUCCESS;
}
use of com.unboundid.util.ssl.TrustAllTrustManager in project oxCore by GluuFederation.
the class LdapConnectionProvider method init.
/**
* This method is used to create LDAPConnectionPool
*
* @throws NumberFormatException
* @throws LDAPException
* @throws GeneralSecurityException
* @throws EncryptionException
* @throws EncryptionException
*/
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
String serverProp = props.getProperty("servers");
this.servers = serverProp.split(",");
this.addresses = new String[this.servers.length];
this.ports = new int[this.servers.length];
for (int i = 0; i < this.servers.length; i++) {
String str = this.servers[i];
int idx = str.indexOf(":");
if (idx == -1) {
throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
}
this.addresses[i] = str.substring(0, idx).trim();
this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
}
BindRequest bindRequest = null;
if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
this.bindDn = null;
this.bindPassword = null;
bindRequest = new SimpleBindRequest();
} else {
this.bindDn = props.getProperty("bindDN");
this.bindPassword = props.getProperty("bindPassword");
bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
}
LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setConnectTimeoutMillis(100 * 1000);
connectionOptions.setAutoReconnect(true);
this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
SSLUtil sslUtil = null;
FailoverServerSet failoverSet;
if (this.useSSL) {
String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
sslUtil = new SSLUtil(new TrustAllTrustManager());
} else {
TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
sslUtil = new SSLUtil(trustStoreTrustManager);
}
failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
} else {
failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
}
int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
if (this.connectionPool != null) {
this.connectionPool.setCreateIfNecessary(true);
String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
}
}
this.binaryAttributes = new ArrayList<String>();
if (props.containsKey("binaryAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
}
LOG.debug("Using next binary attributes: " + this.binaryAttributes);
this.certificateAttributes = new ArrayList<String>();
if (props.containsKey("certificateAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
}
LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
this.supportedLDAPVersion = determineSupportedLdapVersion();
this.subschemaSubentry = determineSubschemaSubentry();
this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}
use of com.unboundid.util.ssl.TrustAllTrustManager in project gitblit by gitblit.
the class LdapConnection method connect.
public boolean connect() {
try {
URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
String ldapHost = ldapUrl.getHost();
int ldapPort = ldapUrl.getPort();
if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {
// SSL
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
if (ldapPort == -1) {
ldapPort = 636;
}
} else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
// no encryption or StartTLS
conn = new LDAPConnection();
if (ldapPort == -1) {
ldapPort = 389;
}
} else {
logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
return false;
}
conn.connect(ldapHost, ldapPort);
if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
ExtendedResult extendedResult = conn.processExtendedOperation(new StartTLSExtendedRequest(sslUtil.createSSLContext()));
if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
throw new LDAPException(extendedResult.getResultCode());
}
}
return true;
} catch (URISyntaxException e) {
logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
} catch (GeneralSecurityException e) {
logger.error("Unable to create SSL Connection", e);
} catch (LDAPException e) {
logger.error("Error Connecting to LDAP", e);
}
return false;
}
Aggregations