001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 021package org.apache.directory.ldap.client.api; 022 023 024import java.security.KeyStore; 025import java.security.KeyStoreException; 026import java.security.NoSuchAlgorithmException; 027import java.security.SecureRandom; 028 029import javax.net.ssl.KeyManager; 030import javax.net.ssl.TrustManager; 031import javax.net.ssl.TrustManagerFactory; 032 033import org.apache.directory.api.i18n.I18n; 034import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector; 035import org.apache.directory.api.ldap.codec.api.LdapApiService; 036import org.apache.directory.api.util.Network; 037import org.slf4j.Logger; 038import org.slf4j.LoggerFactory; 039 040 041/** 042 * A class to hold the configuration for creating an LdapConnection. 043 * 044 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 045 */ 046public class LdapConnectionConfig 047{ 048 /** A logger for this class */ 049 private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class ); 050 051 /** Default ports for LDAP */ 052 public static final int DEFAULT_LDAP_PORT = 389; 053 054 /** Default port for LDAPS */ 055 public static final int DEFAULT_LDAPS_PORT = 636; 056 057 /** The default host : localhost */ 058 public static final String DEFAULT_LDAP_HOST = "localhost"; 059 060 /** The LDAP version */ 061 public static final int LDAP_V3 = 3; 062 063 /** The default timeout for operation : 30 seconds */ 064 public static final long DEFAULT_TIMEOUT = 30000L; 065 066 /** the default protocol used for creating SSL context */ 067 public static final String DEFAULT_SSL_PROTOCOL = "TLS"; 068 069 // --- private members ---- 070 /** A flag indicating if we are using SSL or not, default value is false */ 071 private boolean useSsl = false; 072 073 /** The session timeout */ 074 private long timeout = DEFAULT_TIMEOUT; 075 076 /** A flag indicating if we are using TLS or not, default value is false */ 077 private boolean useTls = false; 078 079 /** The selected LDAP port */ 080 private int ldapPort; 081 082 /** the remote LDAP host */ 083 private String ldapHost; 084 085 /** a valid Dn to authenticate the user */ 086 private String name; 087 088 /** user's credentials ( current implementation supports password only); it must be a non-null value */ 089 private String credentials; 090 091 /** an array of key managers, if set, will be used while initializing the SSL context */ 092 private KeyManager[] keyManagers; 093 094 /** an instance of SecureRandom, if set, will be used while initializing the SSL context */ 095 private SecureRandom secureRandom; 096 097 /** an array of certificate trust managers, if set, will be used while initializing the SSL context */ 098 private TrustManager[] trustManagers; 099 100 /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */ 101 private String[] enabledCipherSuites; 102 103 /** an array of protocols which are enabled, if set, will be used while initializing the SSL context */ 104 private String[] enabledProtocols; 105 106 /** name of the protocol used for creating SSL context, default value is "TLS" */ 107 private String sslProtocol = DEFAULT_SSL_PROTOCOL; 108 109 /** The class used to detect if an attribute is HR or not */ 110 private BinaryAttributeDetector binaryAttributeDetector; 111 112 /** The Service to use internally when creating connections */ 113 private LdapApiService ldapApiService; 114 115 116 /** 117 * Creates a default LdapConnectionConfig instance 118 */ 119 public LdapConnectionConfig() 120 { 121 setDefaultTrustManager(); 122 } 123 124 125 /** 126 * Sets the default trust manager based on the SunX509 trustManagement algorithm 127 * 128 * We use a non-verification Trust Manager 129 **/ 130 private void setDefaultTrustManager() 131 { 132 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 133 134 try 135 { 136 TrustManagerFactory tmf = TrustManagerFactory.getInstance( defaultAlgorithm ); 137 tmf.init( ( KeyStore ) null ); 138 trustManagers = tmf.getTrustManagers(); 139 } 140 catch ( KeyStoreException kse ) 141 { 142 LOG.error( I18n.err( I18n.ERR_04172_KEYSTORE_INIT_FAILURE ) ); 143 throw new RuntimeException( kse.getMessage(), kse ); 144 } 145 catch ( NoSuchAlgorithmException nsae ) 146 { 147 LOG.error( I18n.err( I18n.ERR_04173_ALGORITHM_NOT_FOUND, defaultAlgorithm ) ); 148 throw new RuntimeException( nsae.getMessage(), nsae ); 149 } 150 } 151 152 153 /** 154 * Checks if SSL (ldaps://) is used. 155 * 156 * @return true, if SSL is used 157 */ 158 public boolean isUseSsl() 159 { 160 return useSsl; 161 } 162 163 164 /** 165 * Sets whether SSL should be used. 166 * 167 * @param useSsl true to use SSL 168 */ 169 public void setUseSsl( boolean useSsl ) 170 { 171 this.useSsl = useSsl; 172 } 173 174 175 /** 176 * Gets the LDAP port. 177 * 178 * @return the LDAP port 179 */ 180 public int getLdapPort() 181 { 182 return ldapPort; 183 } 184 185 186 /** 187 * Sets the LDAP port. 188 * 189 * @param ldapPort the new LDAP port 190 */ 191 public void setLdapPort( int ldapPort ) 192 { 193 this.ldapPort = ldapPort; 194 } 195 196 197 /** 198 * Gets the LDAP host. 199 * 200 * @return the LDAP host 201 */ 202 public String getLdapHost() 203 { 204 return ldapHost; 205 } 206 207 208 /** 209 * Sets the LDAP host. 210 * 211 * @param ldapHost the new LDAP host 212 */ 213 public void setLdapHost( String ldapHost ) 214 { 215 this.ldapHost = ldapHost; 216 } 217 218 219 /** 220 * Gets the name that is used to authenticate the user. 221 * 222 * @return the name 223 */ 224 public String getName() 225 { 226 return name; 227 } 228 229 230 /** 231 * Sets the name which is used to authenticate the user. 232 * 233 * @param name the new name 234 */ 235 public void setName( String name ) 236 { 237 this.name = name; 238 } 239 240 241 /** 242 * Gets the credentials. 243 * 244 * @return the credentials 245 */ 246 public String getCredentials() 247 { 248 return credentials; 249 } 250 251 252 /** 253 * Sets the credentials. 254 * 255 * @param credentials the new credentials 256 */ 257 public void setCredentials( String credentials ) 258 { 259 this.credentials = credentials; 260 } 261 262 263 /** 264 * Gets the default LDAP port. 265 * 266 * @return the default LDAP port 267 */ 268 public int getDefaultLdapPort() 269 { 270 return DEFAULT_LDAP_PORT; 271 } 272 273 274 /** 275 * Gets the default LDAPS port. 276 * 277 * @return the default LDAPS port 278 */ 279 public int getDefaultLdapsPort() 280 { 281 return DEFAULT_LDAPS_PORT; 282 } 283 284 285 /** 286 * Gets the default LDAP host. 287 * 288 * @return the default LDAP host 289 */ 290 public String getDefaultLdapHost() 291 { 292 return Network.LOOPBACK_HOSTNAME; 293 } 294 295 296 /** 297 * Gets the default timeout. 298 * 299 * @return the default timeout 300 */ 301 public long getDefaultTimeout() 302 { 303 return DEFAULT_TIMEOUT; 304 } 305 306 307 /** 308 * Gets the timeout. 309 * 310 * @return the timeout 311 */ 312 public long getTimeout() 313 { 314 return timeout; 315 } 316 317 318 /** 319 * Sets the timeout. 320 * 321 * @param timeout the timeout to set 322 */ 323 public void setTimeout( long timeout ) 324 { 325 this.timeout = timeout; 326 } 327 328 329 /** 330 * Gets the supported LDAP version. 331 * 332 * @return the supported LDAP version 333 */ 334 public int getSupportedLdapVersion() 335 { 336 return LDAP_V3; 337 } 338 339 340 /** 341 * Gets the trust managers. 342 * 343 * @return the trust managers 344 */ 345 public TrustManager[] getTrustManagers() 346 { 347 return trustManagers; 348 } 349 350 351 /** 352 * Sets the trust managers. 353 * 354 * @param trustManagers the new trust managers 355 */ 356 public void setTrustManagers( TrustManager... trustManagers ) 357 { 358 this.trustManagers = trustManagers; 359 } 360 361 362 /** 363 * Gets the SSL protocol. 364 * 365 * @return the SSL protocol 366 */ 367 public String getSslProtocol() 368 { 369 return sslProtocol; 370 } 371 372 373 /** 374 * Sets the SSL protocol. 375 * 376 * @param sslProtocol the new SSL protocol 377 */ 378 public void setSslProtocol( String sslProtocol ) 379 { 380 this.sslProtocol = sslProtocol; 381 } 382 383 384 /** 385 * Gets the key managers. 386 * 387 * @return the key managers 388 */ 389 public KeyManager[] getKeyManagers() 390 { 391 return keyManagers; 392 } 393 394 395 /** 396 * Sets the key managers. 397 * 398 * @param keyManagers the new key managers 399 */ 400 public void setKeyManagers( KeyManager[] keyManagers ) 401 { 402 this.keyManagers = keyManagers; 403 } 404 405 406 /** 407 * Gets the secure random. 408 * 409 * @return the secure random 410 */ 411 public SecureRandom getSecureRandom() 412 { 413 return secureRandom; 414 } 415 416 417 /** 418 * Sets the secure random. 419 * 420 * @param secureRandom the new secure random 421 */ 422 public void setSecureRandom( SecureRandom secureRandom ) 423 { 424 this.secureRandom = secureRandom; 425 } 426 427 428 /** 429 * Gets the cipher suites which are enabled. 430 * 431 * @return the cipher suites which are enabled 432 */ 433 public String[] getEnabledCipherSuites() 434 { 435 return enabledCipherSuites; 436 } 437 438 439 /** 440 * Sets the cipher suites which are enabled 441 * 442 * @param enabledCipherSuites the cipher suites which are enabled 443 */ 444 public void setEnabledCipherSuites( String[] enabledCipherSuites ) 445 { 446 this.enabledCipherSuites = enabledCipherSuites; 447 } 448 449 450 /** 451 * Gets the protocols which are enabled. 452 * 453 * @return the protocol which are enabled 454 */ 455 public String[] getEnabledProtocols() 456 { 457 return enabledProtocols; 458 } 459 460 461 /** 462 * Sets the protocols which are enabled 463 * 464 * @param enabledProtocols the protocols which are enabled 465 */ 466 public void setEnabledProtocols( String... enabledProtocols ) 467 { 468 this.enabledProtocols = enabledProtocols; 469 } 470 471 472 /** 473 * @return the binaryAttributeDetector 474 */ 475 public BinaryAttributeDetector getBinaryAttributeDetector() 476 { 477 return binaryAttributeDetector; 478 } 479 480 481 /** 482 * @param binaryAttributeDetector the binaryAttributeDetector to set 483 */ 484 public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector ) 485 { 486 this.binaryAttributeDetector = binaryAttributeDetector; 487 } 488 489 490 /** 491 * Checks if TLS is used. 492 * 493 * @return true, if TLS is used 494 */ 495 public boolean isUseTls() 496 { 497 return useTls; 498 } 499 500 501 /** 502 * Sets whether TLS should be used. 503 * 504 * @param useTls true to use TLS 505 */ 506 public void setUseTls( boolean useTls ) 507 { 508 this.useTls = useTls; 509 } 510 511 512 /** 513 * @return the ldapApiService 514 */ 515 public LdapApiService getLdapApiService() 516 { 517 return ldapApiService; 518 } 519 520 521 /** 522 * @param ldapApiService the ldapApiService to set 523 */ 524 public void setLdapApiService( LdapApiService ldapApiService ) 525 { 526 this.ldapApiService = ldapApiService; 527 } 528}