Search in sources :

Example 1 with CramMd5Config

use of org.ldaptive.sasl.CramMd5Config in project cas by apereo.

the class Beans method newLdaptiveConnectionConfig.

/**
     * New connection config connection config.
     *
     * @param l the ldap properties
     * @return the connection config
     */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
    if (StringUtils.isBlank(l.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
    if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
        final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case DEFAULT:
            default:
                cc.setConnectionStrategy(new DefaultConnectionStrategy());
                break;
        }
    }
    if (l.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Example 2 with CramMd5Config

use of org.ldaptive.sasl.CramMd5Config in project pac4j by pac4j.

the class LdaptiveAuthenticatorBuilder method newConnectionConfig.

/**
 * New connection config connection config.
 *
 * @param l the ldap properties
 * @return the connection config
 */
public static ConnectionConfig newConnectionConfig(final AbstractLdapProperties l) {
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    if (l.getTrustCertificates() != null) {
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Aggregations

BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)2 ConnectionConfig (org.ldaptive.ConnectionConfig)2 Credential (org.ldaptive.Credential)2 CramMd5Config (org.ldaptive.sasl.CramMd5Config)2 DigestMd5Config (org.ldaptive.sasl.DigestMd5Config)2 ExternalConfig (org.ldaptive.sasl.ExternalConfig)2 GssApiConfig (org.ldaptive.sasl.GssApiConfig)2 SaslConfig (org.ldaptive.sasl.SaslConfig)2 KeyStoreCredentialConfig (org.ldaptive.ssl.KeyStoreCredentialConfig)2 SslConfig (org.ldaptive.ssl.SslConfig)2 X509CredentialConfig (org.ldaptive.ssl.X509CredentialConfig)2 MongoCredential (com.mongodb.MongoCredential)1 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)1 ActivePassiveConnectionStrategy (org.ldaptive.ActivePassiveConnectionStrategy)1 DefaultConnectionStrategy (org.ldaptive.DefaultConnectionStrategy)1 DnsSrvConnectionStrategy (org.ldaptive.DnsSrvConnectionStrategy)1 RandomConnectionStrategy (org.ldaptive.RandomConnectionStrategy)1 RoundRobinConnectionStrategy (org.ldaptive.RoundRobinConnectionStrategy)1