1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 *
19 */
20
21 package org.apache.directory.ldap.client.api;
22
23
24 import java.security.KeyStore;
25 import java.security.KeyStoreException;
26 import java.security.NoSuchAlgorithmException;
27 import java.security.SecureRandom;
28
29 import javax.net.ssl.KeyManager;
30 import javax.net.ssl.TrustManager;
31 import javax.net.ssl.TrustManagerFactory;
32 import javax.net.ssl.X509TrustManager;
33
34 import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
35 import org.apache.directory.api.ldap.codec.api.LdapApiService;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39
40 /**
41 * A class to hold the configuration for creating an LdapConnection.
42 *
43 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
44 */
45 public class LdapConnectionConfig
46 {
47 /** A logger for this class */
48 private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class );
49
50 /** Default ports for LDAP */
51 public static final int DEFAULT_LDAP_PORT = 389;
52
53 /** Default port for LDAPS */
54 public static final int DEFAULT_LDAPS_PORT = 636;
55
56 /** The default host : localhost */
57 public static final String DEFAULT_LDAP_HOST = "127.0.0.1";
58
59 /** The LDAP version */
60 public static final int LDAP_V3 = 3;
61
62 /** The default timeout for operation : 30 seconds */
63 public static final long DEFAULT_TIMEOUT = 30000L;
64
65 /** the default protocol used for creating SSL context */
66 public static final String DEFAULT_SSL_PROTOCOL = "TLS";
67
68 // --- private members ----
69 /** A flag indicating if we are using SSL or not, default value is false */
70 private boolean useSsl = false;
71
72 /** The session timeout */
73 private long timeout = DEFAULT_TIMEOUT;
74
75 /** A flag indicating if we are using TLS or not, default value is false */
76 private boolean useTls = false;
77
78 /** The selected LDAP port */
79 private int ldapPort;
80
81 /** the remote LDAP host */
82 private String ldapHost;
83
84 /** a valid Dn to authenticate the user */
85 private String name;
86
87 /** user's credentials ( current implementation supports password only); it must be a non-null value */
88 private String credentials;
89
90 /** an array of key managers, if set, will be used while initializing the SSL context */
91 private KeyManager[] keyManagers;
92
93 /** an instance of SecureRandom, if set, will be used while initializing the SSL context */
94 private SecureRandom secureRandom;
95
96 /** an array of certificate trust managers, if set, will be used while initializing the SSL context */
97 private TrustManager[] trustManagers;
98
99 /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */
100 private String[] enabledCipherSuites;
101
102 /** an array of protocols which are enabled, if set, will be used while initializing the SSL context */
103 private String[] enabledProtocols;
104
105 /** name of the protocol used for creating SSL context, default value is "TLS" */
106 private String sslProtocol = DEFAULT_SSL_PROTOCOL;
107
108 /** The class used to detect if an attribute is HR or not */
109 private BinaryAttributeDetector binaryAttributeDetector;
110
111 /** The Service to use internally when creating connections */
112 private LdapApiService ldapApiService;
113
114
115 /**
116 * Creates a default LdapConnectionConfig instance
117 */
118 public LdapConnectionConfig()
119 {
120 setDefaultTrustManager();
121 }
122
123
124 /**
125 * sets the default trust manager based on the SunX509 trustManagement algorithm
126 */
127 private void setDefaultTrustManager()
128 {
129 String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm();
130
131 try
132 {
133 TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo );
134 tmFactory.init( ( KeyStore ) null );
135
136 TrustManager factoryTrustManagers[] = tmFactory.getTrustManagers();
137
138 for ( int i = 0; i < factoryTrustManagers.length; i++ )
139 {
140 if ( factoryTrustManagers[i] instanceof X509TrustManager )
141 {
142 trustManagers = new TrustManager[]
143 { factoryTrustManagers[i] };
144 LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] );
145 break;
146 }
147 }
148 }
149 catch ( NoSuchAlgorithmException e )
150 {
151 LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo );
152 }
153 catch ( KeyStoreException e )
154 {
155 LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() );
156 }
157 }
158
159
160 /**
161 * Checks if SSL (ldaps://) is used.
162 *
163 * @return true, if SSL is used
164 */
165 public boolean isUseSsl()
166 {
167 return useSsl;
168 }
169
170
171 /**
172 * Sets whether SSL should be used.
173 *
174 * @param useSsl true to use SSL
175 */
176 public void setUseSsl( boolean useSsl )
177 {
178 this.useSsl = useSsl;
179 }
180
181
182 /**
183 * Gets the LDAP port.
184 *
185 * @return the LDAP port
186 */
187 public int getLdapPort()
188 {
189 return ldapPort;
190 }
191
192
193 /**
194 * Sets the LDAP port.
195 *
196 * @param ldapPort the new LDAP port
197 */
198 public void setLdapPort( int ldapPort )
199 {
200 this.ldapPort = ldapPort;
201 }
202
203
204 /**
205 * Gets the LDAP host.
206 *
207 * @return the LDAP host
208 */
209 public String getLdapHost()
210 {
211 return ldapHost;
212 }
213
214
215 /**
216 * Sets the LDAP host.
217 *
218 * @param ldapHost the new LDAP host
219 */
220 public void setLdapHost( String ldapHost )
221 {
222 this.ldapHost = ldapHost;
223 }
224
225
226 /**
227 * Gets the name that is used to authenticate the user.
228 *
229 * @return the name
230 */
231 public String getName()
232 {
233 return name;
234 }
235
236
237 /**
238 * Sets the name which is used to authenticate the user.
239 *
240 * @param name the new name
241 */
242 public void setName( String name )
243 {
244 this.name = name;
245 }
246
247
248 /**
249 * Gets the credentials.
250 *
251 * @return the credentials
252 */
253 public String getCredentials()
254 {
255 return credentials;
256 }
257
258
259 /**
260 * Sets the credentials.
261 *
262 * @param credentials the new credentials
263 */
264 public void setCredentials( String credentials )
265 {
266 this.credentials = credentials;
267 }
268
269
270 /**
271 * Gets the default LDAP port.
272 *
273 * @return the default LDAP port
274 */
275 public int getDefaultLdapPort()
276 {
277 return DEFAULT_LDAP_PORT;
278 }
279
280
281 /**
282 * Gets the default LDAPS port.
283 *
284 * @return the default LDAPS port
285 */
286 public int getDefaultLdapsPort()
287 {
288 return DEFAULT_LDAPS_PORT;
289 }
290
291
292 /**
293 * Gets the default LDAP host.
294 *
295 * @return the default LDAP host
296 */
297 public String getDefaultLdapHost()
298 {
299 return DEFAULT_LDAP_HOST;
300 }
301
302
303 /**
304 * Gets the default timeout.
305 *
306 * @return the default timeout
307 */
308 public long getDefaultTimeout()
309 {
310 return DEFAULT_TIMEOUT;
311 }
312
313
314 /**
315 * Gets the timeout.
316 *
317 * @return the timeout
318 */
319 public long getTimeout()
320 {
321 return timeout;
322 }
323
324
325 /**
326 * Sets the timeout.
327 *
328 * @return the timeout
329 */
330 public void setTimeout( long timeout )
331 {
332 this.timeout = timeout;
333 }
334
335
336 /**
337 * Gets the supported LDAP version.
338 *
339 * @return the supported LDAP version
340 */
341 public int getSupportedLdapVersion()
342 {
343 return LDAP_V3;
344 }
345
346
347 /**
348 * Gets the trust managers.
349 *
350 * @return the trust managers
351 */
352 public TrustManager[] getTrustManagers()
353 {
354 return trustManagers;
355 }
356
357
358 /**
359 * Sets the trust managers.
360 *
361 * @param trustManagers the new trust managers
362 */
363 public void setTrustManagers( TrustManager... trustManagers )
364 {
365 this.trustManagers = trustManagers;
366 }
367
368
369 /**
370 * Gets the SSL protocol.
371 *
372 * @return the SSL protocol
373 */
374 public String getSslProtocol()
375 {
376 return sslProtocol;
377 }
378
379
380 /**
381 * Sets the SSL protocol.
382 *
383 * @param sslProtocol the new SSL protocol
384 */
385 public void setSslProtocol( String sslProtocol )
386 {
387 this.sslProtocol = sslProtocol;
388 }
389
390
391 /**
392 * Gets the key managers.
393 *
394 * @return the key managers
395 */
396 public KeyManager[] getKeyManagers()
397 {
398 return keyManagers;
399 }
400
401
402 /**
403 * Sets the key managers.
404 *
405 * @param keyManagers the new key managers
406 */
407 public void setKeyManagers( KeyManager[] keyManagers )
408 {
409 this.keyManagers = keyManagers;
410 }
411
412
413 /**
414 * Gets the secure random.
415 *
416 * @return the secure random
417 */
418 public SecureRandom getSecureRandom()
419 {
420 return secureRandom;
421 }
422
423
424 /**
425 * Sets the secure random.
426 *
427 * @param secureRandom the new secure random
428 */
429 public void setSecureRandom( SecureRandom secureRandom )
430 {
431 this.secureRandom = secureRandom;
432 }
433
434
435 /**
436 * Gets the cipher suites which are enabled.
437 *
438 * @return the cipher suites which are enabled
439 */
440 public String[] getEnabledCipherSuites()
441 {
442 return enabledCipherSuites;
443 }
444
445
446 /**
447 * Sets the cipher suites which are enabled
448 *
449 * @param enabledCipherSuites the cipher suites which are enabled
450 */
451 public void setEnabledCipherSuites( String[] enabledCipherSuites )
452 {
453 this.enabledCipherSuites = enabledCipherSuites;
454 }
455
456
457 /**
458 * Gets the protocols which are enabled.
459 *
460 * @return the protocol which are enabled
461 */
462 public String[] getEnabledProtocols()
463 {
464 return enabledProtocols;
465 }
466
467
468 /**
469 * Sets the protocols which are enabled
470 *
471 * @param enabledProtocols the protocols which are enabled
472 */
473 public void setEnabledProtocols( String... enabledProtocols )
474 {
475 this.enabledProtocols = enabledProtocols;
476 }
477
478
479 /**
480 * @return the binaryAttributeDetector
481 */
482 public BinaryAttributeDetector getBinaryAttributeDetector()
483 {
484 return binaryAttributeDetector;
485 }
486
487
488 /**
489 * @param binaryAttributeDetector the binaryAttributeDetector to set
490 */
491 public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector )
492 {
493 this.binaryAttributeDetector = binaryAttributeDetector;
494 }
495
496
497 /**
498 * Checks if TLS is used.
499 *
500 * @return true, if TLS is used
501 */
502 public boolean isUseTls()
503 {
504 return useTls;
505 }
506
507
508 /**
509 * Sets whether TLS should be used.
510 *
511 * @param useTls true to use TLS
512 */
513 public void setUseTls( boolean useTls )
514 {
515 this.useTls = useTls;
516 }
517
518
519 /**
520 * @return the ldapApiService
521 */
522 public LdapApiService getLdapApiService()
523 {
524 return ldapApiService;
525 }
526
527
528 /**
529 * @param ldapApiService the ldapApiService to set
530 */
531 public void setLdapApiService( LdapApiService ldapApiService )
532 {
533 this.ldapApiService = ldapApiService;
534 }
535 }