001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 021package org.apache.directory.ldap.client.api; 022 023 024import java.security.KeyStore; 025import java.security.KeyStoreException; 026import java.security.NoSuchAlgorithmException; 027import java.security.SecureRandom; 028 029import javax.net.ssl.KeyManager; 030import javax.net.ssl.TrustManager; 031import javax.net.ssl.TrustManagerFactory; 032import javax.net.ssl.X509TrustManager; 033 034import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector; 035import org.apache.directory.api.ldap.codec.api.LdapApiService; 036import org.slf4j.Logger; 037import org.slf4j.LoggerFactory; 038 039 040/** 041 * A class to hold the configuration for creating an LdapConnection. 042 * 043 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 044 */ 045public class LdapConnectionConfig 046{ 047 /** A logger for this class */ 048 private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class ); 049 050 /** Default ports for LDAP */ 051 public static final int DEFAULT_LDAP_PORT = 389; 052 053 /** Default port for LDAPS */ 054 public static final int DEFAULT_LDAPS_PORT = 636; 055 056 /** The default host : localhost */ 057 public static final String DEFAULT_LDAP_HOST = "127.0.0.1"; 058 059 /** The LDAP version */ 060 public static final int LDAP_V3 = 3; 061 062 /** The default timeout for operation : 30 seconds */ 063 public static final long DEFAULT_TIMEOUT = 30000L; 064 065 /** the default protocol used for creating SSL context */ 066 public static final String DEFAULT_SSL_PROTOCOL = "TLS"; 067 068 // --- private members ---- 069 /** A flag indicating if we are using SSL or not, default value is false */ 070 private boolean useSsl = false; 071 072 /** The session timeout */ 073 private long timeout = DEFAULT_TIMEOUT; 074 075 /** A flag indicating if we are using TLS or not, default value is false */ 076 private boolean useTls = false; 077 078 /** The selected LDAP port */ 079 private int ldapPort; 080 081 /** the remote LDAP host */ 082 private String ldapHost; 083 084 /** a valid Dn to authenticate the user */ 085 private String name; 086 087 /** user's credentials ( current implementation supports password only); it must be a non-null value */ 088 private String credentials; 089 090 /** an array of key managers, if set, will be used while initializing the SSL context */ 091 private KeyManager[] keyManagers; 092 093 /** an instance of SecureRandom, if set, will be used while initializing the SSL context */ 094 private SecureRandom secureRandom; 095 096 /** an array of certificate trust managers, if set, will be used while initializing the SSL context */ 097 private TrustManager[] trustManagers; 098 099 /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */ 100 private String[] enabledCipherSuites; 101 102 /** an array of protocols which are enabled, if set, will be used while initializing the SSL context */ 103 private String[] enabledProtocols; 104 105 /** name of the protocol used for creating SSL context, default value is "TLS" */ 106 private String sslProtocol = DEFAULT_SSL_PROTOCOL; 107 108 /** The class used to detect if an attribute is HR or not */ 109 private BinaryAttributeDetector binaryAttributeDetector; 110 111 /** The Service to use internally when creating connections */ 112 private LdapApiService ldapApiService; 113 114 115 /** 116 * Creates a default LdapConnectionConfig instance 117 */ 118 public LdapConnectionConfig() 119 { 120 setDefaultTrustManager(); 121 } 122 123 124 /** 125 * sets the default trust manager based on the SunX509 trustManagement algorithm 126 */ 127 private void setDefaultTrustManager() 128 { 129 String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm(); 130 131 try 132 { 133 TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo ); 134 tmFactory.init( ( KeyStore ) null ); 135 136 TrustManager factoryTrustManagers[] = tmFactory.getTrustManagers(); 137 138 for ( int i = 0; i < factoryTrustManagers.length; i++ ) 139 { 140 if ( factoryTrustManagers[i] instanceof X509TrustManager ) 141 { 142 trustManagers = new TrustManager[] 143 { factoryTrustManagers[i] }; 144 LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] ); 145 break; 146 } 147 } 148 } 149 catch ( NoSuchAlgorithmException e ) 150 { 151 LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo ); 152 } 153 catch ( KeyStoreException e ) 154 { 155 LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() ); 156 } 157 } 158 159 160 /** 161 * Checks if SSL (ldaps://) is used. 162 * 163 * @return true, if SSL is used 164 */ 165 public boolean isUseSsl() 166 { 167 return useSsl; 168 } 169 170 171 /** 172 * Sets whether SSL should be used. 173 * 174 * @param useSsl true to use SSL 175 */ 176 public void setUseSsl( boolean useSsl ) 177 { 178 this.useSsl = useSsl; 179 } 180 181 182 /** 183 * Gets the LDAP port. 184 * 185 * @return the LDAP port 186 */ 187 public int getLdapPort() 188 { 189 return ldapPort; 190 } 191 192 193 /** 194 * Sets the LDAP port. 195 * 196 * @param ldapPort the new LDAP port 197 */ 198 public void setLdapPort( int ldapPort ) 199 { 200 this.ldapPort = ldapPort; 201 } 202 203 204 /** 205 * Gets the LDAP host. 206 * 207 * @return the LDAP host 208 */ 209 public String getLdapHost() 210 { 211 return ldapHost; 212 } 213 214 215 /** 216 * Sets the LDAP host. 217 * 218 * @param ldapHost the new LDAP host 219 */ 220 public void setLdapHost( String ldapHost ) 221 { 222 this.ldapHost = ldapHost; 223 } 224 225 226 /** 227 * Gets the name that is used to authenticate the user. 228 * 229 * @return the name 230 */ 231 public String getName() 232 { 233 return name; 234 } 235 236 237 /** 238 * Sets the name which is used to authenticate the user. 239 * 240 * @param name the new name 241 */ 242 public void setName( String name ) 243 { 244 this.name = name; 245 } 246 247 248 /** 249 * Gets the credentials. 250 * 251 * @return the credentials 252 */ 253 public String getCredentials() 254 { 255 return credentials; 256 } 257 258 259 /** 260 * Sets the credentials. 261 * 262 * @param credentials the new credentials 263 */ 264 public void setCredentials( String credentials ) 265 { 266 this.credentials = credentials; 267 } 268 269 270 /** 271 * Gets the default LDAP port. 272 * 273 * @return the default LDAP port 274 */ 275 public int getDefaultLdapPort() 276 { 277 return DEFAULT_LDAP_PORT; 278 } 279 280 281 /** 282 * Gets the default LDAPS port. 283 * 284 * @return the default LDAPS port 285 */ 286 public int getDefaultLdapsPort() 287 { 288 return DEFAULT_LDAPS_PORT; 289 } 290 291 292 /** 293 * Gets the default LDAP host. 294 * 295 * @return the default LDAP host 296 */ 297 public String getDefaultLdapHost() 298 { 299 return DEFAULT_LDAP_HOST; 300 } 301 302 303 /** 304 * Gets the default timeout. 305 * 306 * @return the default timeout 307 */ 308 public long getDefaultTimeout() 309 { 310 return DEFAULT_TIMEOUT; 311 } 312 313 314 /** 315 * Gets the timeout. 316 * 317 * @return the timeout 318 */ 319 public long getTimeout() 320 { 321 return timeout; 322 } 323 324 325 /** 326 * Sets the timeout. 327 * 328 * @return the timeout 329 */ 330 public void setTimeout( long timeout ) 331 { 332 this.timeout = timeout; 333 } 334 335 336 /** 337 * Gets the supported LDAP version. 338 * 339 * @return the supported LDAP version 340 */ 341 public int getSupportedLdapVersion() 342 { 343 return LDAP_V3; 344 } 345 346 347 /** 348 * Gets the trust managers. 349 * 350 * @return the trust managers 351 */ 352 public TrustManager[] getTrustManagers() 353 { 354 return trustManagers; 355 } 356 357 358 /** 359 * Sets the trust managers. 360 * 361 * @param trustManagers the new trust managers 362 */ 363 public void setTrustManagers( TrustManager... trustManagers ) 364 { 365 this.trustManagers = trustManagers; 366 } 367 368 369 /** 370 * Gets the SSL protocol. 371 * 372 * @return the SSL protocol 373 */ 374 public String getSslProtocol() 375 { 376 return sslProtocol; 377 } 378 379 380 /** 381 * Sets the SSL protocol. 382 * 383 * @param sslProtocol the new SSL protocol 384 */ 385 public void setSslProtocol( String sslProtocol ) 386 { 387 this.sslProtocol = sslProtocol; 388 } 389 390 391 /** 392 * Gets the key managers. 393 * 394 * @return the key managers 395 */ 396 public KeyManager[] getKeyManagers() 397 { 398 return keyManagers; 399 } 400 401 402 /** 403 * Sets the key managers. 404 * 405 * @param keyManagers the new key managers 406 */ 407 public void setKeyManagers( KeyManager[] keyManagers ) 408 { 409 this.keyManagers = keyManagers; 410 } 411 412 413 /** 414 * Gets the secure random. 415 * 416 * @return the secure random 417 */ 418 public SecureRandom getSecureRandom() 419 { 420 return secureRandom; 421 } 422 423 424 /** 425 * Sets the secure random. 426 * 427 * @param secureRandom the new secure random 428 */ 429 public void setSecureRandom( SecureRandom secureRandom ) 430 { 431 this.secureRandom = secureRandom; 432 } 433 434 435 /** 436 * Gets the cipher suites which are enabled. 437 * 438 * @return the cipher suites which are enabled 439 */ 440 public String[] getEnabledCipherSuites() 441 { 442 return enabledCipherSuites; 443 } 444 445 446 /** 447 * Sets the cipher suites which are enabled 448 * 449 * @param enabledCipherSuites the cipher suites which are enabled 450 */ 451 public void setEnabledCipherSuites( String[] enabledCipherSuites ) 452 { 453 this.enabledCipherSuites = enabledCipherSuites; 454 } 455 456 457 /** 458 * Gets the protocols which are enabled. 459 * 460 * @return the protocol which are enabled 461 */ 462 public String[] getEnabledProtocols() 463 { 464 return enabledProtocols; 465 } 466 467 468 /** 469 * Sets the protocols which are enabled 470 * 471 * @param enabledProtocols the protocols which are enabled 472 */ 473 public void setEnabledProtocols( String... enabledProtocols ) 474 { 475 this.enabledProtocols = enabledProtocols; 476 } 477 478 479 /** 480 * @return the binaryAttributeDetector 481 */ 482 public BinaryAttributeDetector getBinaryAttributeDetector() 483 { 484 return binaryAttributeDetector; 485 } 486 487 488 /** 489 * @param binaryAttributeDetector the binaryAttributeDetector to set 490 */ 491 public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector ) 492 { 493 this.binaryAttributeDetector = binaryAttributeDetector; 494 } 495 496 497 /** 498 * Checks if TLS is used. 499 * 500 * @return true, if TLS is used 501 */ 502 public boolean isUseTls() 503 { 504 return useTls; 505 } 506 507 508 /** 509 * Sets whether TLS should be used. 510 * 511 * @param useTls true to use TLS 512 */ 513 public void setUseTls( boolean useTls ) 514 { 515 this.useTls = useTls; 516 } 517 518 519 /** 520 * @return the ldapApiService 521 */ 522 public LdapApiService getLdapApiService() 523 { 524 return ldapApiService; 525 } 526 527 528 /** 529 * @param ldapApiService the ldapApiService to set 530 */ 531 public void setLdapApiService( LdapApiService ldapApiService ) 532 { 533 this.ldapApiService = ldapApiService; 534 } 535}