001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 021package org.apache.directory.ldap.client.api; 022 023 024import java.security.KeyStore; 025import java.security.KeyStoreException; 026import java.security.NoSuchAlgorithmException; 027import java.security.SecureRandom; 028 029import javax.net.ssl.KeyManager; 030import javax.net.ssl.TrustManager; 031import javax.net.ssl.TrustManagerFactory; 032import javax.net.ssl.X509TrustManager; 033 034import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector; 035import org.apache.directory.api.ldap.codec.api.LdapApiService; 036import org.slf4j.Logger; 037import org.slf4j.LoggerFactory; 038 039 040/** 041 * A class to hold the configuration for creating an LdapConnection. 042 * 043 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 044 */ 045public class LdapConnectionConfig 046{ 047 /** A logger for this class */ 048 private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class ); 049 050 /** Default ports for LDAP */ 051 public static final int DEFAULT_LDAP_PORT = 389; 052 053 /** Default port for LDAPS */ 054 public static final int DEFAULT_LDAPS_PORT = 636; 055 056 /** The default host : localhost */ 057 public static final String DEFAULT_LDAP_HOST = "127.0.0.1"; 058 059 /** The LDAP version */ 060 public static final int LDAP_V3 = 3; 061 062 /** The default timeout for operation : 30 seconds */ 063 public static final long DEFAULT_TIMEOUT = 30000L; 064 065 /** the default protocol used for creating SSL context */ 066 public static final String DEFAULT_SSL_PROTOCOL = "TLS"; 067 068 // --- private members ---- 069 /** A flag indicating if we are using SSL or not, default value is false */ 070 private boolean useSsl = false; 071 072 /** A flag indicating if we are using TLS or not, default value is false */ 073 private boolean useTls = false; 074 075 /** The selected LDAP port */ 076 private int ldapPort; 077 078 /** the remote LDAP host */ 079 private String ldapHost; 080 081 /** a valid Dn to authenticate the user */ 082 private String name; 083 084 /** user's credentials ( current implementation supports password only); it must be a non-null value */ 085 private String credentials; 086 087 /** an array of key managers, if set, will be used while initializing the SSL context */ 088 private KeyManager[] keyManagers; 089 090 /** an instance of SecureRandom, if set, will be used while initializing the SSL context */ 091 private SecureRandom secureRandom; 092 093 /** an array of certificate trust managers, if set, will be used while initializing the SSL context */ 094 private TrustManager[] trustManagers; 095 096 /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */ 097 private String[] enabledCipherSuites; 098 099 /** name of the protocol used for creating SSL context, default value is "TLS" */ 100 private String sslProtocol = DEFAULT_SSL_PROTOCOL; 101 102 /** The class used to detect if an attribute is HR or not */ 103 private BinaryAttributeDetector binaryAttributeDetector; 104 105 /** The Service to use internally when creating connections */ 106 private LdapApiService ldapApiService; 107 108 109 /** 110 * Creates a default LdapConnectionConfig instance 111 */ 112 public LdapConnectionConfig() 113 { 114 setDefaultTrustManager(); 115 } 116 117 118 /** 119 * sets the default trust manager based on the SunX509 trustManagement algorithm 120 */ 121 private void setDefaultTrustManager() 122 { 123 String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm(); 124 125 try 126 { 127 TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo ); 128 tmFactory.init( ( KeyStore ) null ); 129 130 TrustManager factoryTrustManagers[] = tmFactory.getTrustManagers(); 131 132 for ( int i = 0; i < factoryTrustManagers.length; i++ ) 133 { 134 if ( factoryTrustManagers[i] instanceof X509TrustManager ) 135 { 136 trustManagers = new TrustManager[] 137 { factoryTrustManagers[i] }; 138 LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] ); 139 break; 140 } 141 } 142 } 143 catch ( NoSuchAlgorithmException e ) 144 { 145 LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo ); 146 } 147 catch ( KeyStoreException e ) 148 { 149 LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() ); 150 } 151 } 152 153 154 /** 155 * Checks if SSL (ldaps://) is used. 156 * 157 * @return true, if SSL is used 158 */ 159 public boolean isUseSsl() 160 { 161 return useSsl; 162 } 163 164 165 /** 166 * Sets whether SSL should be used. 167 * 168 * @param useSsl true to use SSL 169 */ 170 public void setUseSsl( boolean useSsl ) 171 { 172 this.useSsl = useSsl; 173 } 174 175 176 /** 177 * Gets the LDAP port. 178 * 179 * @return the LDAP port 180 */ 181 public int getLdapPort() 182 { 183 return ldapPort; 184 } 185 186 187 /** 188 * Sets the LDAP port. 189 * 190 * @param ldapPort the new LDAP port 191 */ 192 public void setLdapPort( int ldapPort ) 193 { 194 this.ldapPort = ldapPort; 195 } 196 197 198 /** 199 * Gets the LDAP host. 200 * 201 * @return the LDAP host 202 */ 203 public String getLdapHost() 204 { 205 return ldapHost; 206 } 207 208 209 /** 210 * Sets the LDAP host. 211 * 212 * @param ldapHost the new LDAP host 213 */ 214 public void setLdapHost( String ldapHost ) 215 { 216 this.ldapHost = ldapHost; 217 } 218 219 220 /** 221 * Gets the name that is used to authenticate the user. 222 * 223 * @return the name 224 */ 225 public String getName() 226 { 227 return name; 228 } 229 230 231 /** 232 * Sets the name which is used to authenticate the user. 233 * 234 * @param name the new name 235 */ 236 public void setName( String name ) 237 { 238 this.name = name; 239 } 240 241 242 /** 243 * Gets the credentials. 244 * 245 * @return the credentials 246 */ 247 public String getCredentials() 248 { 249 return credentials; 250 } 251 252 253 /** 254 * Sets the credentials. 255 * 256 * @param credentials the new credentials 257 */ 258 public void setCredentials( String credentials ) 259 { 260 this.credentials = credentials; 261 } 262 263 264 /** 265 * Gets the default LDAP port. 266 * 267 * @return the default LDAP port 268 */ 269 public int getDefaultLdapPort() 270 { 271 return DEFAULT_LDAP_PORT; 272 } 273 274 275 /** 276 * Gets the default LDAPS port. 277 * 278 * @return the default LDAPS port 279 */ 280 public int getDefaultLdapsPort() 281 { 282 return DEFAULT_LDAPS_PORT; 283 } 284 285 286 /** 287 * Gets the default LDAP host. 288 * 289 * @return the default LDAP host 290 */ 291 public String getDefaultLdapHost() 292 { 293 return DEFAULT_LDAP_HOST; 294 } 295 296 297 /** 298 * Gets the default timeout. 299 * 300 * @return the default timeout 301 */ 302 public long getDefaultTimeout() 303 { 304 return DEFAULT_TIMEOUT; 305 } 306 307 308 /** 309 * Gets the supported LDAP version. 310 * 311 * @return the supported LDAP version 312 */ 313 public int getSupportedLdapVersion() 314 { 315 return LDAP_V3; 316 } 317 318 319 /** 320 * Gets the trust managers. 321 * 322 * @return the trust managers 323 */ 324 public TrustManager[] getTrustManagers() 325 { 326 return trustManagers; 327 } 328 329 330 /** 331 * Sets the trust managers. 332 * 333 * @param trustManagers the new trust managers 334 */ 335 public void setTrustManagers( TrustManager... trustManagers ) 336 { 337 this.trustManagers = trustManagers; 338 } 339 340 341 /** 342 * Gets the SSL protocol. 343 * 344 * @return the SSL protocol 345 */ 346 public String getSslProtocol() 347 { 348 return sslProtocol; 349 } 350 351 352 /** 353 * Sets the SSL protocol. 354 * 355 * @param sslProtocol the new SSL protocol 356 */ 357 public void setSslProtocol( String sslProtocol ) 358 { 359 this.sslProtocol = sslProtocol; 360 } 361 362 363 /** 364 * Gets the key managers. 365 * 366 * @return the key managers 367 */ 368 public KeyManager[] getKeyManagers() 369 { 370 return keyManagers; 371 } 372 373 374 /** 375 * Sets the key managers. 376 * 377 * @param keyManagers the new key managers 378 */ 379 public void setKeyManagers( KeyManager[] keyManagers ) 380 { 381 this.keyManagers = keyManagers; 382 } 383 384 385 /** 386 * Gets the secure random. 387 * 388 * @return the secure random 389 */ 390 public SecureRandom getSecureRandom() 391 { 392 return secureRandom; 393 } 394 395 396 /** 397 * Sets the secure random. 398 * 399 * @param secureRandom the new secure random 400 */ 401 public void setSecureRandom( SecureRandom secureRandom ) 402 { 403 this.secureRandom = secureRandom; 404 } 405 406 407 /** 408 * Gets the cipher suites which are enabled. 409 * 410 * @return the cipher suites which are enabled 411 */ 412 public String[] getEnabledCipherSuites() 413 { 414 return enabledCipherSuites; 415 } 416 417 418 /** 419 * Sets the cipher suites which are enabled 420 * 421 * @param enabledCipherSuites the cipher suites which are enabled 422 */ 423 public void setEnabledCipherSuites( String[] enabledCipherSuites ) 424 { 425 this.enabledCipherSuites = enabledCipherSuites; 426 } 427 428 429 /** 430 * @return the binaryAttributeDetector 431 */ 432 public BinaryAttributeDetector getBinaryAttributeDetector() 433 { 434 return binaryAttributeDetector; 435 } 436 437 438 /** 439 * @param binaryAttributeDetector the binaryAttributeDetector to set 440 */ 441 public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector ) 442 { 443 this.binaryAttributeDetector = binaryAttributeDetector; 444 } 445 446 447 /** 448 * Checks if TLS is used. 449 * 450 * @return true, if TLS is used 451 */ 452 public boolean isUseTls() 453 { 454 return useTls; 455 } 456 457 458 /** 459 * Sets whether TLS should be used. 460 * 461 * @param useTls true to use TLS 462 */ 463 public void setUseTls( boolean useTls ) 464 { 465 this.useTls = useTls; 466 } 467 468 469 /** 470 * @return the ldapApiService 471 */ 472 public LdapApiService getLdapApiService() 473 { 474 return ldapApiService; 475 } 476 477 478 /** 479 * @param ldapApiService the ldapApiService to set 480 */ 481 public void setLdapApiService( LdapApiService ldapApiService ) 482 { 483 this.ldapApiService = ldapApiService; 484 } 485}