Search in sources :

Example 1 with DefaultHostnameVerifier

use of org.ldaptive.ssl.DefaultHostnameVerifier in project cas by apereo.

the class LdapUtils method newLdaptiveConnectionConfig.

/**
 * New connection config connection config.
 *
 * @param properties the ldap properties
 * @return the connection config
 */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties properties) {
    if (StringUtils.isBlank(properties.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", properties.getLdapUrl());
    val cc = new ConnectionConfig();
    val urls = properties.getLdapUrl().contains(" ") ? properties.getLdapUrl() : String.join(" ", properties.getLdapUrl().split(","));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", properties.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseStartTLS(properties.isUseStartTls());
    cc.setConnectTimeout(Beans.newDuration(properties.getConnectTimeout()));
    cc.setResponseTimeout(Beans.newDuration(properties.getResponseTimeout()));
    if (StringUtils.isNotBlank(properties.getConnectionStrategy())) {
        val strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(properties.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
            default:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
        }
    }
    if (properties.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", properties.getTrustCertificates());
        val cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(properties.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (properties.getTrustStore() != null || properties.getKeystore() != null) {
        val cfg = new KeyStoreCredentialConfig();
        if (properties.getTrustStore() != null) {
            LOGGER.trace("Creating LDAP SSL configuration with truststore [{}]", properties.getTrustStore());
            cfg.setTrustStore(properties.getTrustStore());
            cfg.setTrustStoreType(properties.getTrustStoreType());
            cfg.setTrustStorePassword(properties.getTrustStorePassword());
        }
        if (properties.getKeystore() != null) {
            LOGGER.trace("Creating LDAP SSL configuration via keystore [{}]", properties.getKeystore());
            cfg.setKeyStore(properties.getKeystore());
            cfg.setKeyStoreType(properties.getKeystoreType());
            cfg.setKeyStorePassword(properties.getKeystorePassword());
        }
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    val sslConfig = cc.getSslConfig();
    if (sslConfig != null) {
        switch(properties.getHostnameVerifier()) {
            case ANY:
                sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
                break;
            case DEFAULT:
            default:
                sslConfig.setHostnameVerifier(new DefaultHostnameVerifier());
        }
        if (StringUtils.isNotBlank(properties.getTrustManager())) {
            switch(AbstractLdapProperties.LdapTrustManagerOptions.valueOf(properties.getTrustManager().trim().toUpperCase())) {
                case ANY:
                    sslConfig.setTrustManagers(new AllowAnyTrustManager());
                    break;
                case DEFAULT:
                default:
                    sslConfig.setTrustManagers(new DefaultTrustManager());
                    break;
            }
        }
    }
    if (StringUtils.isNotBlank(properties.getSaslMechanism())) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", properties.getSaslMechanism());
        val bc = new BindConnectionInitializer();
        val sc = getSaslConfigFrom(properties);
        if (StringUtils.isNotBlank(properties.getSaslAuthorizationId())) {
            sc.setAuthorizationId(properties.getSaslAuthorizationId());
        }
        sc.setMutualAuthentication(properties.getSaslMutualAuth());
        if (StringUtils.isNotBlank(properties.getSaslQualityOfProtection())) {
            sc.setQualityOfProtection(QualityOfProtection.valueOf(properties.getSaslQualityOfProtection()));
        }
        if (StringUtils.isNotBlank(properties.getSaslSecurityStrength())) {
            sc.setSecurityStrength(SecurityStrength.valueOf(properties.getSaslSecurityStrength()));
        }
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializers(bc);
    } else if (StringUtils.equals(properties.getBindCredential(), "*") && StringUtils.equals(properties.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializers(new FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(properties.getBindDn()) && StringUtils.isNotBlank(properties.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", properties.getBindDn());
        cc.setConnectionInitializers(new BindConnectionInitializer(properties.getBindDn(), new Credential(properties.getBindCredential())));
    }
    return cc;
}
Also used : lombok.val(lombok.val) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) Credential(org.ldaptive.Credential) DefaultTrustManager(org.ldaptive.ssl.DefaultTrustManager) AllowAnyHostnameVerifier(org.ldaptive.ssl.AllowAnyHostnameVerifier) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) FastBindConnectionInitializer(org.ldaptive.ad.extended.FastBindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) FastBindConnectionInitializer(org.ldaptive.ad.extended.FastBindConnectionInitializer) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DefaultHostnameVerifier(org.ldaptive.ssl.DefaultHostnameVerifier) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) AllowAnyTrustManager(org.ldaptive.ssl.AllowAnyTrustManager) ConnectionConfig(org.ldaptive.ConnectionConfig)

Aggregations

lombok.val (lombok.val)1 ActivePassiveConnectionStrategy (org.ldaptive.ActivePassiveConnectionStrategy)1 BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)1 ConnectionConfig (org.ldaptive.ConnectionConfig)1 Credential (org.ldaptive.Credential)1 DnsSrvConnectionStrategy (org.ldaptive.DnsSrvConnectionStrategy)1 RandomConnectionStrategy (org.ldaptive.RandomConnectionStrategy)1 RoundRobinConnectionStrategy (org.ldaptive.RoundRobinConnectionStrategy)1 FastBindConnectionInitializer (org.ldaptive.ad.extended.FastBindConnectionInitializer)1 AllowAnyHostnameVerifier (org.ldaptive.ssl.AllowAnyHostnameVerifier)1 AllowAnyTrustManager (org.ldaptive.ssl.AllowAnyTrustManager)1 DefaultHostnameVerifier (org.ldaptive.ssl.DefaultHostnameVerifier)1 DefaultTrustManager (org.ldaptive.ssl.DefaultTrustManager)1 KeyStoreCredentialConfig (org.ldaptive.ssl.KeyStoreCredentialConfig)1 SslConfig (org.ldaptive.ssl.SslConfig)1 X509CredentialConfig (org.ldaptive.ssl.X509CredentialConfig)1