use of org.ldaptive.ssl.X509CredentialConfig in project cas by apereo.
the class Beans method newLdaptiveConnectionConfig.
/**
* New connection config connection config.
*
* @param l the ldap properties
* @return the connection config
*/
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
if (StringUtils.isBlank(l.getLdapUrl())) {
throw new IllegalArgumentException("LDAP url cannot be empty/blank");
}
LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
final ConnectionConfig cc = new ConnectionConfig();
final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
cc.setLdapUrl(urls);
cc.setUseSSL(l.isUseSsl());
cc.setUseStartTLS(l.isUseStartTls());
cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
switch(strategy) {
case RANDOM:
cc.setConnectionStrategy(new RandomConnectionStrategy());
break;
case DNS_SRV:
cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
break;
case ACTIVE_PASSIVE:
cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
break;
case ROUND_ROBIN:
cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
break;
case DEFAULT:
default:
cc.setConnectionStrategy(new DefaultConnectionStrategy());
break;
}
}
if (l.getTrustCertificates() != null) {
LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
final X509CredentialConfig cfg = new X509CredentialConfig();
cfg.setTrustCertificates(l.getTrustCertificates());
cc.setSslConfig(new SslConfig(cfg));
} else if (l.getKeystore() != null) {
LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
cfg.setKeyStore(l.getKeystore());
cfg.setKeyStorePassword(l.getKeystorePassword());
cfg.setKeyStoreType(l.getKeystoreType());
cc.setSslConfig(new SslConfig(cfg));
} else {
LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
cc.setSslConfig(new SslConfig());
}
if (l.getSaslMechanism() != null) {
LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
final BindConnectionInitializer bc = new BindConnectionInitializer();
final SaslConfig sc;
switch(l.getSaslMechanism()) {
case DIGEST_MD5:
sc = new DigestMd5Config();
((DigestMd5Config) sc).setRealm(l.getSaslRealm());
break;
case CRAM_MD5:
sc = new CramMd5Config();
break;
case EXTERNAL:
sc = new ExternalConfig();
break;
case GSSAPI:
sc = new GssApiConfig();
((GssApiConfig) sc).setRealm(l.getSaslRealm());
break;
default:
throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
}
sc.setAuthorizationId(l.getSaslAuthorizationId());
sc.setMutualAuthentication(l.getSaslMutualAuth());
sc.setQualityOfProtection(l.getSaslQualityOfProtection());
sc.setSecurityStrength(l.getSaslSecurityStrength());
bc.setBindSaslConfig(sc);
cc.setConnectionInitializer(bc);
} else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
LOGGER.debug("Creating LDAP fast-bind connection initializer");
cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
} else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
}
return cc;
}
Aggregations