use of org.ldaptive.ssl.AllowAnyHostnameVerifier in project cas by apereo.
the class LdapUtils method newLdaptiveConnectionConfig.
/**
* New connection config connection config.
*
* @param properties the ldap properties
* @return the connection config
*/
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties properties) {
if (StringUtils.isBlank(properties.getLdapUrl())) {
throw new IllegalArgumentException("LDAP url cannot be empty/blank");
}
LOGGER.debug("Creating LDAP connection configuration for [{}]", properties.getLdapUrl());
val cc = new ConnectionConfig();
val urls = properties.getLdapUrl().contains(" ") ? properties.getLdapUrl() : String.join(" ", properties.getLdapUrl().split(","));
LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", properties.getLdapUrl(), urls);
cc.setLdapUrl(urls);
cc.setUseStartTLS(properties.isUseStartTls());
cc.setConnectTimeout(Beans.newDuration(properties.getConnectTimeout()));
cc.setResponseTimeout(Beans.newDuration(properties.getResponseTimeout()));
if (StringUtils.isNotBlank(properties.getConnectionStrategy())) {
val strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(properties.getConnectionStrategy());
switch(strategy) {
case RANDOM:
cc.setConnectionStrategy(new RandomConnectionStrategy());
break;
case DNS_SRV:
cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
break;
case ROUND_ROBIN:
cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
break;
case ACTIVE_PASSIVE:
default:
cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
break;
}
}
if (properties.getTrustCertificates() != null) {
LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", properties.getTrustCertificates());
val cfg = new X509CredentialConfig();
cfg.setTrustCertificates(properties.getTrustCertificates());
cc.setSslConfig(new SslConfig(cfg));
} else if (properties.getTrustStore() != null || properties.getKeystore() != null) {
val cfg = new KeyStoreCredentialConfig();
if (properties.getTrustStore() != null) {
LOGGER.trace("Creating LDAP SSL configuration with truststore [{}]", properties.getTrustStore());
cfg.setTrustStore(properties.getTrustStore());
cfg.setTrustStoreType(properties.getTrustStoreType());
cfg.setTrustStorePassword(properties.getTrustStorePassword());
}
if (properties.getKeystore() != null) {
LOGGER.trace("Creating LDAP SSL configuration via keystore [{}]", properties.getKeystore());
cfg.setKeyStore(properties.getKeystore());
cfg.setKeyStoreType(properties.getKeystoreType());
cfg.setKeyStorePassword(properties.getKeystorePassword());
}
cc.setSslConfig(new SslConfig(cfg));
} else {
LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
cc.setSslConfig(new SslConfig());
}
val sslConfig = cc.getSslConfig();
if (sslConfig != null) {
switch(properties.getHostnameVerifier()) {
case ANY:
sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
break;
case DEFAULT:
default:
sslConfig.setHostnameVerifier(new DefaultHostnameVerifier());
}
if (StringUtils.isNotBlank(properties.getTrustManager())) {
switch(AbstractLdapProperties.LdapTrustManagerOptions.valueOf(properties.getTrustManager().trim().toUpperCase())) {
case ANY:
sslConfig.setTrustManagers(new AllowAnyTrustManager());
break;
case DEFAULT:
default:
sslConfig.setTrustManagers(new DefaultTrustManager());
break;
}
}
}
if (StringUtils.isNotBlank(properties.getSaslMechanism())) {
LOGGER.debug("Creating LDAP SASL mechanism via [{}]", properties.getSaslMechanism());
val bc = new BindConnectionInitializer();
val sc = getSaslConfigFrom(properties);
if (StringUtils.isNotBlank(properties.getSaslAuthorizationId())) {
sc.setAuthorizationId(properties.getSaslAuthorizationId());
}
sc.setMutualAuthentication(properties.getSaslMutualAuth());
if (StringUtils.isNotBlank(properties.getSaslQualityOfProtection())) {
sc.setQualityOfProtection(QualityOfProtection.valueOf(properties.getSaslQualityOfProtection()));
}
if (StringUtils.isNotBlank(properties.getSaslSecurityStrength())) {
sc.setSecurityStrength(SecurityStrength.valueOf(properties.getSaslSecurityStrength()));
}
bc.setBindSaslConfig(sc);
cc.setConnectionInitializers(bc);
} else if (StringUtils.equals(properties.getBindCredential(), "*") && StringUtils.equals(properties.getBindDn(), "*")) {
LOGGER.debug("Creating LDAP fast-bind connection initializer");
cc.setConnectionInitializers(new FastBindConnectionInitializer());
} else if (StringUtils.isNotBlank(properties.getBindDn()) && StringUtils.isNotBlank(properties.getBindCredential())) {
LOGGER.debug("Creating LDAP bind connection initializer via [{}]", properties.getBindDn());
cc.setConnectionInitializers(new BindConnectionInitializer(properties.getBindDn(), new Credential(properties.getBindCredential())));
}
return cc;
}
Aggregations