001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 021package org.apache.directory.ldap.client.api; 022 023 024import java.security.KeyStore; 025import java.security.KeyStoreException; 026import java.security.NoSuchAlgorithmException; 027import java.security.SecureRandom; 028 029import javax.net.ssl.KeyManager; 030import javax.net.ssl.TrustManager; 031import javax.net.ssl.TrustManagerFactory; 032import javax.net.ssl.X509TrustManager; 033 034import org.slf4j.Logger; 035import org.slf4j.LoggerFactory; 036 037 038/** 039 * A class to hold the configuration for creating an LdapConnection. 040 * 041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 042 */ 043public class LdapConnectionConfig 044{ 045 046 /** Default ports for LDAP */ 047 public static final int DEFAULT_LDAP_PORT = 389; 048 049 /** Default port for LDAPS */ 050 public static final int DEFAULT_LDAPS_PORT = 636; 051 052 /** The default host : localhost */ 053 public static final String DEFAULT_LDAP_HOST = "127.0.0.1"; 054 055 /** The LDAP version */ 056 public static final int LDAP_V3 = 3; 057 058 /** The default timeout for operation : 30 seconds */ 059 public static final long DEFAULT_TIMEOUT = 30000L; 060 061 /** the default protocol used for creating SSL context */ 062 public static final String DEFAULT_SSL_PROTOCOL = "TLS"; 063 064 // --- private members ---- 065 066 /** A flag indicating if we are using SSL or not, default value is false */ 067 private boolean useSsl = false; 068 069 /** The selected LDAP port */ 070 private int ldapPort; 071 072 /** the remote LDAP host */ 073 private String ldapHost; 074 075 /** a valid Dn to authenticate the user */ 076 private String name; 077 078 /** user's credentials ( current implementation supports password only); it must be a non-null value */ 079 private String credentials; 080 081 /** an array of key managers, if set, will be used while initializing the SSL context */ 082 private KeyManager[] keyManagers; 083 084 /** an instance of SecureRandom, if set, will be used while initializing the SSL context */ 085 private SecureRandom secureRandom; 086 087 /** an array of certificate trust managers, if set, will be used while initializing the SSL context */ 088 private TrustManager[] trustManagers; 089 090 /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */ 091 private String[] enabledCipherSuites; 092 093 /** name of the protocol used for creating SSL context, default value is "TLS" */ 094 private String sslProtocol = DEFAULT_SSL_PROTOCOL; 095 096 private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class ); 097 098 public LdapConnectionConfig() 099 { 100 setDefaultTrustManager(); 101 } 102 103 104 /** 105 * sets the default trust manager based on the SunX509 trustManagement algorithm 106 */ 107 private void setDefaultTrustManager() 108 { 109 String trustMgmtAlgo = "SunX509"; 110 111 try 112 { 113 TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo ); 114 tmFactory.init( KeyStore.getInstance( KeyStore.getDefaultType() ) ); 115 116 TrustManager factoryTrustManagers[] = tmFactory.getTrustManagers(); 117 118 for ( int i = 0; i < factoryTrustManagers.length; i++ ) 119 { 120 if ( factoryTrustManagers[i] instanceof X509TrustManager ) 121 { 122 trustManagers = new TrustManager[] { factoryTrustManagers[i] }; 123 LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] ); 124 break; 125 } 126 } 127 } 128 catch( NoSuchAlgorithmException e ) 129 { 130 LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo ); 131 } 132 catch( KeyStoreException e ) 133 { 134 LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() ); 135 } 136 } 137 138 139 /** 140 * Checks if SSL (ldaps://) is used. 141 * 142 * @return true, if SSL is used 143 */ 144 public boolean isUseSsl() 145 { 146 return useSsl; 147 } 148 149 150 /** 151 * Sets whether SSL should be used. 152 * 153 * @param useSsl true to use SSL 154 */ 155 public void setUseSsl( boolean useSsl ) 156 { 157 this.useSsl = useSsl; 158 } 159 160 161 /** 162 * Gets the LDAP port. 163 * 164 * @return the LDAP port 165 */ 166 public int getLdapPort() 167 { 168 return ldapPort; 169 } 170 171 172 /** 173 * Sets the LDAP port. 174 * 175 * @param ldapPort the new LDAP port 176 */ 177 public void setLdapPort( int ldapPort ) 178 { 179 this.ldapPort = ldapPort; 180 } 181 182 183 /** 184 * Gets the LDAP host. 185 * 186 * @return the LDAP host 187 */ 188 public String getLdapHost() 189 { 190 return ldapHost; 191 } 192 193 194 /** 195 * Sets the LDAP host. 196 * 197 * @param ldapHost the new LDAP host 198 */ 199 public void setLdapHost( String ldapHost ) 200 { 201 this.ldapHost = ldapHost; 202 } 203 204 205 /** 206 * Gets the name that is used to authenticate the user. 207 * 208 * @return the name 209 */ 210 public String getName() 211 { 212 return name; 213 } 214 215 216 /** 217 * Sets the name which is used to authenticate the user. 218 * 219 * @param name the new name 220 */ 221 public void setName( String name ) 222 { 223 this.name = name; 224 } 225 226 227 /** 228 * Gets the credentials. 229 * 230 * @return the credentials 231 */ 232 public String getCredentials() 233 { 234 return credentials; 235 } 236 237 238 /** 239 * Sets the credentials. 240 * 241 * @param credentials the new credentials 242 */ 243 public void setCredentials( String credentials ) 244 { 245 this.credentials = credentials; 246 } 247 248 249 /** 250 * Gets the default LDAP port. 251 * 252 * @return the default LDAP port 253 */ 254 public int getDefaultLdapPort() 255 { 256 return DEFAULT_LDAP_PORT; 257 } 258 259 260 /** 261 * Gets the default LDAPS port. 262 * 263 * @return the default LDAPS port 264 */ 265 public int getDefaultLdapsPort() 266 { 267 return DEFAULT_LDAPS_PORT; 268 } 269 270 271 /** 272 * Gets the default LDAP host. 273 * 274 * @return the default LDAP host 275 */ 276 public String getDefaultLdapHost() 277 { 278 return DEFAULT_LDAP_HOST; 279 } 280 281 282 /** 283 * Gets the default timeout. 284 * 285 * @return the default timeout 286 */ 287 public long getDefaultTimeout() 288 { 289 return DEFAULT_TIMEOUT; 290 } 291 292 293 /** 294 * Gets the supported LDAP version. 295 * 296 * @return the supported LDAP version 297 */ 298 public int getSupportedLdapVersion() 299 { 300 return LDAP_V3; 301 } 302 303 304 /** 305 * Gets the trust managers. 306 * 307 * @return the trust managers 308 */ 309 public TrustManager[] getTrustManagers() 310 { 311 return trustManagers; 312 } 313 314 315 /** 316 * Sets the trust managers. 317 * 318 * @param trustManagers the new trust managers 319 */ 320 public void setTrustManagers( TrustManager... trustManagers ) 321 { 322 this.trustManagers = trustManagers; 323 } 324 325 326 /** 327 * Gets the SSL protocol. 328 * 329 * @return the SSL protocol 330 */ 331 public String getSslProtocol() 332 { 333 return sslProtocol; 334 } 335 336 337 /** 338 * Sets the SSL protocol. 339 * 340 * @param sslProtocol the new SSL protocol 341 */ 342 public void setSslProtocol( String sslProtocol ) 343 { 344 this.sslProtocol = sslProtocol; 345 } 346 347 348 /** 349 * Gets the key managers. 350 * 351 * @return the key managers 352 */ 353 public KeyManager[] getKeyManagers() 354 { 355 return keyManagers; 356 } 357 358 359 /** 360 * Sets the key managers. 361 * 362 * @param keyManagers the new key managers 363 */ 364 public void setKeyManagers( KeyManager[] keyManagers ) 365 { 366 this.keyManagers = keyManagers; 367 } 368 369 370 /** 371 * Gets the secure random. 372 * 373 * @return the secure random 374 */ 375 public SecureRandom getSecureRandom() 376 { 377 return secureRandom; 378 } 379 380 381 /** 382 * Sets the secure random. 383 * 384 * @param secureRandom the new secure random 385 */ 386 public void setSecureRandom( SecureRandom secureRandom ) 387 { 388 this.secureRandom = secureRandom; 389 } 390 391 392 /** 393 * Gets the cipher suites which are enabled. 394 * 395 * @return the cipher suites which are enabled 396 */ 397 public String[] getEnabledCipherSuites() 398 { 399 return enabledCipherSuites; 400 } 401 402 403 /** 404 * Sets the cipher suites which are enabled 405 * 406 * @param enabledCipherSuites the cipher suites which are enabled 407 */ 408 public void setEnabledCipherSuites( String[] enabledCipherSuites ) 409 { 410 this.enabledCipherSuites = enabledCipherSuites; 411 } 412}