use of org.ldaptive.ssl.SslConfig in project cas by apereo.
the class Beans method newLdaptiveConnectionConfig.
/**
* New connection config connection config.
*
* @param l the ldap properties
* @return the connection config
*/
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
if (StringUtils.isBlank(l.getLdapUrl())) {
throw new IllegalArgumentException("LDAP url cannot be empty/blank");
}
LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
final ConnectionConfig cc = new ConnectionConfig();
final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
cc.setLdapUrl(urls);
cc.setUseSSL(l.isUseSsl());
cc.setUseStartTLS(l.isUseStartTls());
cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
switch(strategy) {
case RANDOM:
cc.setConnectionStrategy(new RandomConnectionStrategy());
break;
case DNS_SRV:
cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
break;
case ACTIVE_PASSIVE:
cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
break;
case ROUND_ROBIN:
cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
break;
case DEFAULT:
default:
cc.setConnectionStrategy(new DefaultConnectionStrategy());
break;
}
}
if (l.getTrustCertificates() != null) {
LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
final X509CredentialConfig cfg = new X509CredentialConfig();
cfg.setTrustCertificates(l.getTrustCertificates());
cc.setSslConfig(new SslConfig(cfg));
} else if (l.getKeystore() != null) {
LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
cfg.setKeyStore(l.getKeystore());
cfg.setKeyStorePassword(l.getKeystorePassword());
cfg.setKeyStoreType(l.getKeystoreType());
cc.setSslConfig(new SslConfig(cfg));
} else {
LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
cc.setSslConfig(new SslConfig());
}
if (l.getSaslMechanism() != null) {
LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
final BindConnectionInitializer bc = new BindConnectionInitializer();
final SaslConfig sc;
switch(l.getSaslMechanism()) {
case DIGEST_MD5:
sc = new DigestMd5Config();
((DigestMd5Config) sc).setRealm(l.getSaslRealm());
break;
case CRAM_MD5:
sc = new CramMd5Config();
break;
case EXTERNAL:
sc = new ExternalConfig();
break;
case GSSAPI:
sc = new GssApiConfig();
((GssApiConfig) sc).setRealm(l.getSaslRealm());
break;
default:
throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
}
sc.setAuthorizationId(l.getSaslAuthorizationId());
sc.setMutualAuthentication(l.getSaslMutualAuth());
sc.setQualityOfProtection(l.getSaslQualityOfProtection());
sc.setSecurityStrength(l.getSaslSecurityStrength());
bc.setBindSaslConfig(sc);
cc.setConnectionInitializer(bc);
} else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
LOGGER.debug("Creating LDAP fast-bind connection initializer");
cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
} else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
}
return cc;
}
use of org.ldaptive.ssl.SslConfig in project pac4j by pac4j.
the class LdaptiveAuthenticatorBuilder method newConnectionConfig.
/**
* New connection config connection config.
*
* @param l the ldap properties
* @return the connection config
*/
public static ConnectionConfig newConnectionConfig(final AbstractLdapProperties l) {
final ConnectionConfig cc = new ConnectionConfig();
final String urls = Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
cc.setLdapUrl(urls);
cc.setUseSSL(l.isUseSsl());
cc.setUseStartTLS(l.isUseStartTls());
cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
if (l.getTrustCertificates() != null) {
final X509CredentialConfig cfg = new X509CredentialConfig();
cfg.setTrustCertificates(l.getTrustCertificates());
cc.setSslConfig(new SslConfig(cfg));
} else if (l.getKeystore() != null) {
final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
cfg.setKeyStore(l.getKeystore());
cfg.setKeyStorePassword(l.getKeystorePassword());
cfg.setKeyStoreType(l.getKeystoreType());
cc.setSslConfig(new SslConfig(cfg));
} else {
cc.setSslConfig(new SslConfig());
}
if (l.getSaslMechanism() != null) {
final BindConnectionInitializer bc = new BindConnectionInitializer();
final SaslConfig sc;
switch(l.getSaslMechanism()) {
case DIGEST_MD5:
sc = new DigestMd5Config();
((DigestMd5Config) sc).setRealm(l.getSaslRealm());
break;
case CRAM_MD5:
sc = new CramMd5Config();
break;
case EXTERNAL:
sc = new ExternalConfig();
break;
case GSSAPI:
sc = new GssApiConfig();
((GssApiConfig) sc).setRealm(l.getSaslRealm());
break;
default:
throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
}
sc.setAuthorizationId(l.getSaslAuthorizationId());
sc.setMutualAuthentication(l.getSaslMutualAuth());
sc.setQualityOfProtection(l.getSaslQualityOfProtection());
sc.setSecurityStrength(l.getSaslSecurityStrength());
bc.setBindSaslConfig(sc);
cc.setConnectionInitializer(bc);
} else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
} else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
}
return cc;
}
use of org.ldaptive.ssl.SslConfig in project cas by apereo.
the class LdapUtils method newLdaptiveConnectionConfig.
/**
* New connection config connection config.
*
* @param properties the ldap properties
* @return the connection config
*/
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties properties) {
if (StringUtils.isBlank(properties.getLdapUrl())) {
throw new IllegalArgumentException("LDAP url cannot be empty/blank");
}
LOGGER.debug("Creating LDAP connection configuration for [{}]", properties.getLdapUrl());
val cc = new ConnectionConfig();
val urls = properties.getLdapUrl().contains(" ") ? properties.getLdapUrl() : String.join(" ", properties.getLdapUrl().split(","));
LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", properties.getLdapUrl(), urls);
cc.setLdapUrl(urls);
cc.setUseStartTLS(properties.isUseStartTls());
cc.setConnectTimeout(Beans.newDuration(properties.getConnectTimeout()));
cc.setResponseTimeout(Beans.newDuration(properties.getResponseTimeout()));
if (StringUtils.isNotBlank(properties.getConnectionStrategy())) {
val strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(properties.getConnectionStrategy());
switch(strategy) {
case RANDOM:
cc.setConnectionStrategy(new RandomConnectionStrategy());
break;
case DNS_SRV:
cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
break;
case ROUND_ROBIN:
cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
break;
case ACTIVE_PASSIVE:
default:
cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
break;
}
}
if (properties.getTrustCertificates() != null) {
LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", properties.getTrustCertificates());
val cfg = new X509CredentialConfig();
cfg.setTrustCertificates(properties.getTrustCertificates());
cc.setSslConfig(new SslConfig(cfg));
} else if (properties.getTrustStore() != null || properties.getKeystore() != null) {
val cfg = new KeyStoreCredentialConfig();
if (properties.getTrustStore() != null) {
LOGGER.trace("Creating LDAP SSL configuration with truststore [{}]", properties.getTrustStore());
cfg.setTrustStore(properties.getTrustStore());
cfg.setTrustStoreType(properties.getTrustStoreType());
cfg.setTrustStorePassword(properties.getTrustStorePassword());
}
if (properties.getKeystore() != null) {
LOGGER.trace("Creating LDAP SSL configuration via keystore [{}]", properties.getKeystore());
cfg.setKeyStore(properties.getKeystore());
cfg.setKeyStoreType(properties.getKeystoreType());
cfg.setKeyStorePassword(properties.getKeystorePassword());
}
cc.setSslConfig(new SslConfig(cfg));
} else {
LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
cc.setSslConfig(new SslConfig());
}
val sslConfig = cc.getSslConfig();
if (sslConfig != null) {
switch(properties.getHostnameVerifier()) {
case ANY:
sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
break;
case DEFAULT:
default:
sslConfig.setHostnameVerifier(new DefaultHostnameVerifier());
}
if (StringUtils.isNotBlank(properties.getTrustManager())) {
switch(AbstractLdapProperties.LdapTrustManagerOptions.valueOf(properties.getTrustManager().trim().toUpperCase())) {
case ANY:
sslConfig.setTrustManagers(new AllowAnyTrustManager());
break;
case DEFAULT:
default:
sslConfig.setTrustManagers(new DefaultTrustManager());
break;
}
}
}
if (StringUtils.isNotBlank(properties.getSaslMechanism())) {
LOGGER.debug("Creating LDAP SASL mechanism via [{}]", properties.getSaslMechanism());
val bc = new BindConnectionInitializer();
val sc = getSaslConfigFrom(properties);
if (StringUtils.isNotBlank(properties.getSaslAuthorizationId())) {
sc.setAuthorizationId(properties.getSaslAuthorizationId());
}
sc.setMutualAuthentication(properties.getSaslMutualAuth());
if (StringUtils.isNotBlank(properties.getSaslQualityOfProtection())) {
sc.setQualityOfProtection(QualityOfProtection.valueOf(properties.getSaslQualityOfProtection()));
}
if (StringUtils.isNotBlank(properties.getSaslSecurityStrength())) {
sc.setSecurityStrength(SecurityStrength.valueOf(properties.getSaslSecurityStrength()));
}
bc.setBindSaslConfig(sc);
cc.setConnectionInitializers(bc);
} else if (StringUtils.equals(properties.getBindCredential(), "*") && StringUtils.equals(properties.getBindDn(), "*")) {
LOGGER.debug("Creating LDAP fast-bind connection initializer");
cc.setConnectionInitializers(new FastBindConnectionInitializer());
} else if (StringUtils.isNotBlank(properties.getBindDn()) && StringUtils.isNotBlank(properties.getBindCredential())) {
LOGGER.debug("Creating LDAP bind connection initializer via [{}]", properties.getBindDn());
cc.setConnectionInitializers(new BindConnectionInitializer(properties.getBindDn(), new Credential(properties.getBindCredential())));
}
return cc;
}
Aggregations