Search in sources :

Example 1 with TrustAllTrustManager

use of com.unboundid.util.ssl.TrustAllTrustManager in project coprhd-controller by CoprHD.

the class LDAPServer method getInMemoryListenerConfigs.

private List<InMemoryListenerConfig> getInMemoryListenerConfigs() throws LDAPException, IOException, GeneralSecurityException, FileOperationFailedException {
    // Creates the ldap configuration of the in memory ldap server.
    int ldapPort = this._ldapListenPort != 0 ? this._ldapListenPort : DEFAULT_LDAP_LISTEN_PORT;
    InMemoryListenerConfig ldapListenerConfig = InMemoryListenerConfig.createLDAPConfig(_listenerName, ldapPort);
    // Creates the ldaps configuration of the in memory ldap server.
    int ldapsPort = this._ldapsListenPort != 0 ? this._ldapsListenPort : DEFAULT_LDAPS_LISTEN_PORT;
    _log.debug("Ldap port {} and Ldaps port {}", ldapPort, ldapsPort);
    InputStream propFile = LDAPServer.class.getResourceAsStream(DEFAULT_LDAP_SERVER_PROPERTIES);
    Properties prop = new Properties();
    prop.load(propFile);
    String keyStorePassword = prop.getProperty("keyStorePassword");
    String keyStoreAlias = prop.getProperty("keyStoreAlias");
    String keyStoreType = prop.getProperty("keyStoreType");
    final SSLUtil serverSSLUtil = new SSLUtil(new KeyStoreKeyManager(createKeystoreFile(), keyStorePassword.toCharArray(), keyStoreType, keyStoreAlias), null);
    final SSLUtil clientSSLUtil = new SSLUtil(new TrustAllTrustManager());
    String secureListenerName = "Secure_" + _listenerName;
    InMemoryListenerConfig ldapsListenerConfig = InMemoryListenerConfig.createLDAPSConfig(secureListenerName, null, ldapsPort, serverSSLUtil.createSSLServerSocketFactory(), clientSSLUtil.createSSLSocketFactory());
    _log.info("Listener config {} and secure listener config {}", ldapListenerConfig.getListenerName(), ldapsListenerConfig.getListenerName());
    // Adds both ldap and ldaps configuration to the list of listener configs of the
    // in memory ldap server.
    List<InMemoryListenerConfig> listenerConfigs = new ArrayList<InMemoryListenerConfig>();
    listenerConfigs.add(ldapListenerConfig);
    listenerConfigs.add(ldapsListenerConfig);
    return listenerConfigs;
}
Also used : SSLUtil(com.unboundid.util.ssl.SSLUtil) KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) InMemoryListenerConfig(com.unboundid.ldap.listener.InMemoryListenerConfig) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)

Example 2 with TrustAllTrustManager

use of com.unboundid.util.ssl.TrustAllTrustManager in project cdap by caskdata.

the class ExternalLDAPAuthenticationServerSSLTest method beforeClass.

@BeforeClass
public static void beforeClass() throws Exception {
    URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks");
    Assert.assertNotNull(certUrl);
    String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE;
    CConfiguration cConf = CConfiguration.create();
    SConfiguration sConf = SConfiguration.create();
    cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, "127.0.0.1");
    cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true");
    cConf.set(Constants.Security.AuthenticationServer.SSL_PORT, "0");
    cConf.set(authHandlerConfigBase.concat("useLdaps"), "true");
    cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false");
    sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath());
    configuration = cConf;
    sConfiguration = sConf;
    String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
    KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray());
    SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager());
    ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getByName("127.0.0.1"), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory());
    testServer = new ExternalLDAPAuthenticationServerSSLTest();
    testServer.setup();
}
Also used : KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) SSLUtil(com.unboundid.util.ssl.SSLUtil) SConfiguration(co.cask.cdap.common.conf.SConfiguration) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) CConfiguration(co.cask.cdap.common.conf.CConfiguration) URL(java.net.URL) BeforeClass(org.junit.BeforeClass)

Example 3 with TrustAllTrustManager

use of com.unboundid.util.ssl.TrustAllTrustManager in project oxCore by GluuFederation.

the class LDAPConnectionProvider method init.

/**
	 * This method is used to create LDAPConnectionPool
	 *
	 * @throws NumberFormatException
	 * @throws LDAPException
	 * @throws GeneralSecurityException
	 * @throws EncryptionException
	 * @throws EncryptionException
	 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    log.debug("Using next binary attributes: " + this.binaryAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)

Example 4 with TrustAllTrustManager

use of com.unboundid.util.ssl.TrustAllTrustManager in project oxCore by GluuFederation.

the class LdapConnectionProvider method init.

/**
 * This method is used to create LDAPConnectionPool
 *
 * @throws NumberFormatException
 * @throws LDAPException
 * @throws GeneralSecurityException
 * @throws EncryptionException
 * @throws EncryptionException
 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        int idx = str.indexOf(":");
        if (idx == -1) {
            throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
        }
        this.addresses[i] = str.substring(0, idx).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = null;
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
        String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
        String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
        if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
            sslUtil = new SSLUtil(new TrustAllTrustManager());
        } else {
            TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
            sslUtil = new SSLUtil(trustStoreTrustManager);
        }
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary attributes: " + this.binaryAttributes);
    this.certificateAttributes = new ArrayList<String>();
    if (props.containsKey("certificateAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
        this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) InvalidConfigurationException(org.gluu.persist.exception.operation.InvalidConfigurationException)

Example 5 with TrustAllTrustManager

use of com.unboundid.util.ssl.TrustAllTrustManager in project gitblit by gitblit.

the class LdapConnection method connect.

public boolean connect() {
    try {
        URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
        String ldapHost = ldapUrl.getHost();
        int ldapPort = ldapUrl.getPort();
        if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {
            // SSL
            SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
            conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
            if (ldapPort == -1) {
                ldapPort = 636;
            }
        } else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
            // no encryption or StartTLS
            conn = new LDAPConnection();
            if (ldapPort == -1) {
                ldapPort = 389;
            }
        } else {
            logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
            return false;
        }
        conn.connect(ldapHost, ldapPort);
        if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
            SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
            ExtendedResult extendedResult = conn.processExtendedOperation(new StartTLSExtendedRequest(sslUtil.createSSLContext()));
            if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
                throw new LDAPException(extendedResult.getResultCode());
            }
        }
        return true;
    } catch (URISyntaxException e) {
        logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
    } catch (GeneralSecurityException e) {
        logger.error("Unable to create SSL Connection", e);
    } catch (LDAPException e) {
        logger.error("Error Connecting to LDAP", e);
    }
    return false;
}
Also used : SSLUtil(com.unboundid.util.ssl.SSLUtil) LDAPException(com.unboundid.ldap.sdk.LDAPException) GeneralSecurityException(java.security.GeneralSecurityException) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)

Aggregations

SSLUtil (com.unboundid.util.ssl.SSLUtil)5 TrustAllTrustManager (com.unboundid.util.ssl.TrustAllTrustManager)5 BindRequest (com.unboundid.ldap.sdk.BindRequest)2 FailoverServerSet (com.unboundid.ldap.sdk.FailoverServerSet)2 LDAPConnectionOptions (com.unboundid.ldap.sdk.LDAPConnectionOptions)2 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)2 KeyStoreKeyManager (com.unboundid.util.ssl.KeyStoreKeyManager)2 CConfiguration (co.cask.cdap.common.conf.CConfiguration)1 SConfiguration (co.cask.cdap.common.conf.SConfiguration)1 InMemoryListenerConfig (com.unboundid.ldap.listener.InMemoryListenerConfig)1 ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)1 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)1 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 StartTLSExtendedRequest (com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)1 TrustStoreTrustManager (com.unboundid.util.ssl.TrustStoreTrustManager)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 URL (java.net.URL)1 GeneralSecurityException (java.security.GeneralSecurityException)1 InvalidConfigurationException (org.gluu.persist.exception.operation.InvalidConfigurationException)1