Search in sources :

Example 1 with SaslConfig

use of org.ldaptive.sasl.SaslConfig in project cas by apereo.

the class Beans method newLdaptiveConnectionConfig.

/**
     * New connection config connection config.
     *
     * @param l the ldap properties
     * @return the connection config
     */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
    if (StringUtils.isBlank(l.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
    if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
        final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case DEFAULT:
            default:
                cc.setConnectionStrategy(new DefaultConnectionStrategy());
                break;
        }
    }
    if (l.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Aggregations

MongoCredential (com.mongodb.MongoCredential)1 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)1 ActivePassiveConnectionStrategy (org.ldaptive.ActivePassiveConnectionStrategy)1 BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)1 ConnectionConfig (org.ldaptive.ConnectionConfig)1 Credential (org.ldaptive.Credential)1 DefaultConnectionStrategy (org.ldaptive.DefaultConnectionStrategy)1 DnsSrvConnectionStrategy (org.ldaptive.DnsSrvConnectionStrategy)1 RandomConnectionStrategy (org.ldaptive.RandomConnectionStrategy)1 RoundRobinConnectionStrategy (org.ldaptive.RoundRobinConnectionStrategy)1 CramMd5Config (org.ldaptive.sasl.CramMd5Config)1 DigestMd5Config (org.ldaptive.sasl.DigestMd5Config)1 ExternalConfig (org.ldaptive.sasl.ExternalConfig)1 GssApiConfig (org.ldaptive.sasl.GssApiConfig)1 SaslConfig (org.ldaptive.sasl.SaslConfig)1 KeyStoreCredentialConfig (org.ldaptive.ssl.KeyStoreCredentialConfig)1 SslConfig (org.ldaptive.ssl.SslConfig)1 X509CredentialConfig (org.ldaptive.ssl.X509CredentialConfig)1