Search in sources :

Example 1 with SslConfig

use of org.ldaptive.ssl.SslConfig in project cas by apereo.

the class Beans method newLdaptiveConnectionConfig.

/**
     * New connection config connection config.
     *
     * @param l the ldap properties
     * @return the connection config
     */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
    if (StringUtils.isBlank(l.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
    if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
        final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case DEFAULT:
            default:
                cc.setConnectionStrategy(new DefaultConnectionStrategy());
                break;
        }
    }
    if (l.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Example 2 with SslConfig

use of org.ldaptive.ssl.SslConfig in project pac4j by pac4j.

the class LdaptiveAuthenticatorBuilder method newConnectionConfig.

/**
 * New connection config connection config.
 *
 * @param l the ldap properties
 * @return the connection config
 */
public static ConnectionConfig newConnectionConfig(final AbstractLdapProperties l) {
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    if (l.getTrustCertificates() != null) {
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Example 3 with SslConfig

use of org.ldaptive.ssl.SslConfig in project cas by apereo.

the class LdapUtils method newLdaptiveConnectionConfig.

/**
 * New connection config connection config.
 *
 * @param properties the ldap properties
 * @return the connection config
 */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties properties) {
    if (StringUtils.isBlank(properties.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", properties.getLdapUrl());
    val cc = new ConnectionConfig();
    val urls = properties.getLdapUrl().contains(" ") ? properties.getLdapUrl() : String.join(" ", properties.getLdapUrl().split(","));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", properties.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseStartTLS(properties.isUseStartTls());
    cc.setConnectTimeout(Beans.newDuration(properties.getConnectTimeout()));
    cc.setResponseTimeout(Beans.newDuration(properties.getResponseTimeout()));
    if (StringUtils.isNotBlank(properties.getConnectionStrategy())) {
        val strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(properties.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
            default:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
        }
    }
    if (properties.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", properties.getTrustCertificates());
        val cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(properties.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (properties.getTrustStore() != null || properties.getKeystore() != null) {
        val cfg = new KeyStoreCredentialConfig();
        if (properties.getTrustStore() != null) {
            LOGGER.trace("Creating LDAP SSL configuration with truststore [{}]", properties.getTrustStore());
            cfg.setTrustStore(properties.getTrustStore());
            cfg.setTrustStoreType(properties.getTrustStoreType());
            cfg.setTrustStorePassword(properties.getTrustStorePassword());
        }
        if (properties.getKeystore() != null) {
            LOGGER.trace("Creating LDAP SSL configuration via keystore [{}]", properties.getKeystore());
            cfg.setKeyStore(properties.getKeystore());
            cfg.setKeyStoreType(properties.getKeystoreType());
            cfg.setKeyStorePassword(properties.getKeystorePassword());
        }
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    val sslConfig = cc.getSslConfig();
    if (sslConfig != null) {
        switch(properties.getHostnameVerifier()) {
            case ANY:
                sslConfig.setHostnameVerifier(new AllowAnyHostnameVerifier());
                break;
            case DEFAULT:
            default:
                sslConfig.setHostnameVerifier(new DefaultHostnameVerifier());
        }
        if (StringUtils.isNotBlank(properties.getTrustManager())) {
            switch(AbstractLdapProperties.LdapTrustManagerOptions.valueOf(properties.getTrustManager().trim().toUpperCase())) {
                case ANY:
                    sslConfig.setTrustManagers(new AllowAnyTrustManager());
                    break;
                case DEFAULT:
                default:
                    sslConfig.setTrustManagers(new DefaultTrustManager());
                    break;
            }
        }
    }
    if (StringUtils.isNotBlank(properties.getSaslMechanism())) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", properties.getSaslMechanism());
        val bc = new BindConnectionInitializer();
        val sc = getSaslConfigFrom(properties);
        if (StringUtils.isNotBlank(properties.getSaslAuthorizationId())) {
            sc.setAuthorizationId(properties.getSaslAuthorizationId());
        }
        sc.setMutualAuthentication(properties.getSaslMutualAuth());
        if (StringUtils.isNotBlank(properties.getSaslQualityOfProtection())) {
            sc.setQualityOfProtection(QualityOfProtection.valueOf(properties.getSaslQualityOfProtection()));
        }
        if (StringUtils.isNotBlank(properties.getSaslSecurityStrength())) {
            sc.setSecurityStrength(SecurityStrength.valueOf(properties.getSaslSecurityStrength()));
        }
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializers(bc);
    } else if (StringUtils.equals(properties.getBindCredential(), "*") && StringUtils.equals(properties.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializers(new FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(properties.getBindDn()) && StringUtils.isNotBlank(properties.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", properties.getBindDn());
        cc.setConnectionInitializers(new BindConnectionInitializer(properties.getBindDn(), new Credential(properties.getBindCredential())));
    }
    return cc;
}
Also used : lombok.val(lombok.val) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) Credential(org.ldaptive.Credential) DefaultTrustManager(org.ldaptive.ssl.DefaultTrustManager) AllowAnyHostnameVerifier(org.ldaptive.ssl.AllowAnyHostnameVerifier) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) FastBindConnectionInitializer(org.ldaptive.ad.extended.FastBindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) FastBindConnectionInitializer(org.ldaptive.ad.extended.FastBindConnectionInitializer) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DefaultHostnameVerifier(org.ldaptive.ssl.DefaultHostnameVerifier) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) AllowAnyTrustManager(org.ldaptive.ssl.AllowAnyTrustManager) ConnectionConfig(org.ldaptive.ConnectionConfig)

Aggregations

BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)3 ConnectionConfig (org.ldaptive.ConnectionConfig)3 Credential (org.ldaptive.Credential)3 KeyStoreCredentialConfig (org.ldaptive.ssl.KeyStoreCredentialConfig)3 SslConfig (org.ldaptive.ssl.SslConfig)3 X509CredentialConfig (org.ldaptive.ssl.X509CredentialConfig)3 ActivePassiveConnectionStrategy (org.ldaptive.ActivePassiveConnectionStrategy)2 DnsSrvConnectionStrategy (org.ldaptive.DnsSrvConnectionStrategy)2 RandomConnectionStrategy (org.ldaptive.RandomConnectionStrategy)2 RoundRobinConnectionStrategy (org.ldaptive.RoundRobinConnectionStrategy)2 CramMd5Config (org.ldaptive.sasl.CramMd5Config)2 DigestMd5Config (org.ldaptive.sasl.DigestMd5Config)2 ExternalConfig (org.ldaptive.sasl.ExternalConfig)2 GssApiConfig (org.ldaptive.sasl.GssApiConfig)2 SaslConfig (org.ldaptive.sasl.SaslConfig)2 MongoCredential (com.mongodb.MongoCredential)1 lombok.val (lombok.val)1 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)1 DefaultConnectionStrategy (org.ldaptive.DefaultConnectionStrategy)1 FastBindConnectionInitializer (org.ldaptive.ad.extended.FastBindConnectionInitializer)1