001/*
002 *   Licensed to the Apache Software Foundation (ASF) under one
003 *   or more contributor license agreements.  See the NOTICE file
004 *   distributed with this work for additional information
005 *   regarding copyright ownership.  The ASF licenses this file
006 *   to you under the Apache License, Version 2.0 (the
007 *   "License"); you may not use this file except in compliance
008 *   with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *   Unless required by applicable law or agreed to in writing,
013 *   software distributed under the License is distributed on an
014 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *   KIND, either express or implied.  See the License for the
016 *   specific language governing permissions and limitations
017 *   under the License.
018 *
019 */
020
021package org.apache.directory.ldap.client.api;
022
023
024import java.security.KeyStore;
025import java.security.KeyStoreException;
026import java.security.NoSuchAlgorithmException;
027import java.security.SecureRandom;
028
029import javax.net.ssl.KeyManager;
030import javax.net.ssl.TrustManager;
031import javax.net.ssl.TrustManagerFactory;
032import javax.net.ssl.X509TrustManager;
033
034import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
035import org.apache.directory.api.ldap.codec.api.LdapApiService;
036import org.apache.directory.api.util.Network;
037import org.slf4j.Logger;
038import org.slf4j.LoggerFactory;
039
040
041/**
042 * A class to hold the configuration for creating an LdapConnection.
043 *
044 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
045 */
046public class LdapConnectionConfig
047{
048    /** A logger for this class */
049    private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class );
050
051    /** Default ports for LDAP */
052    public static final int DEFAULT_LDAP_PORT = 389;
053
054    /** Default port for LDAPS */
055    public static final int DEFAULT_LDAPS_PORT = 636;
056
057    /** The default host : localhost */
058    public static final String DEFAULT_LDAP_HOST = "localhost";
059
060    /** The LDAP version */
061    public static final int LDAP_V3 = 3;
062
063    /** The default timeout for operation : 30 seconds */
064    public static final long DEFAULT_TIMEOUT = 30000L;
065
066    /** the default protocol used for creating SSL context */
067    public static final String DEFAULT_SSL_PROTOCOL = "TLS";
068
069    // --- private members ----
070    /** A flag indicating if we are using SSL or not, default value is false */
071    private boolean useSsl = false;
072
073    /** The session timeout */
074    private long timeout = DEFAULT_TIMEOUT;
075
076    /** A flag indicating if we are using TLS or not, default value is false */
077    private boolean useTls = false;
078
079    /** The selected LDAP port */
080    private int ldapPort;
081
082    /** the remote LDAP host */
083    private String ldapHost;
084
085    /** a valid Dn to authenticate the user */
086    private String name;
087
088    /** user's credentials ( current implementation supports password only); it must be a non-null value */
089    private String credentials;
090
091    /** an array of key managers, if set, will be used while initializing the SSL context */
092    private KeyManager[] keyManagers;
093
094    /** an instance of SecureRandom, if set, will be used while initializing the SSL context */
095    private SecureRandom secureRandom;
096
097    /** an array of certificate trust managers, if set, will be used while initializing the SSL context */
098    private TrustManager[] trustManagers;
099
100    /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */
101    private String[] enabledCipherSuites;
102
103    /** an array of protocols which are enabled, if set, will be used while initializing the SSL context */
104    private String[] enabledProtocols;
105
106    /** name of the protocol used for creating SSL context, default value is "TLS" */
107    private String sslProtocol = DEFAULT_SSL_PROTOCOL;
108
109    /** The class used to detect if an attribute is HR or not */
110    private BinaryAttributeDetector binaryAttributeDetector;
111
112    /** The Service to use internally when creating connections */
113    private LdapApiService ldapApiService;
114
115
116    /**
117     * Creates a default LdapConnectionConfig instance
118     */
119    public LdapConnectionConfig()
120    {
121        setDefaultTrustManager();
122    }
123
124
125    /**
126     * sets the default trust manager based on the SunX509 trustManagement algorithm
127     */
128    private void setDefaultTrustManager()
129    {
130        String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm();
131
132        try
133        {
134            TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo );
135            tmFactory.init( ( KeyStore ) null );
136
137            TrustManager[] factoryTrustManagers = tmFactory.getTrustManagers();
138
139            for ( int i = 0; i < factoryTrustManagers.length; i++ )
140            {
141                if ( factoryTrustManagers[i] instanceof X509TrustManager )
142                {
143                    trustManagers = new TrustManager[]
144                        { factoryTrustManagers[i] };
145                    LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] );
146                    break;
147                }
148            }
149        }
150        catch ( NoSuchAlgorithmException e )
151        {
152            LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo );
153        }
154        catch ( KeyStoreException e )
155        {
156            LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() );
157        }
158    }
159
160
161    /**
162     * Checks if SSL (ldaps://) is used.
163     *
164     * @return true, if SSL is used
165     */
166    public boolean isUseSsl()
167    {
168        return useSsl;
169    }
170
171
172    /**
173     * Sets whether SSL should be used.
174     *
175     * @param useSsl true to use SSL
176     */
177    public void setUseSsl( boolean useSsl )
178    {
179        this.useSsl = useSsl;
180    }
181
182
183    /**
184     * Gets the LDAP port.
185     *
186     * @return the LDAP port
187     */
188    public int getLdapPort()
189    {
190        return ldapPort;
191    }
192
193
194    /**
195     * Sets the LDAP port.
196     *
197     * @param ldapPort the new LDAP port
198     */
199    public void setLdapPort( int ldapPort )
200    {
201        this.ldapPort = ldapPort;
202    }
203
204
205    /**
206     * Gets the LDAP host.
207     *
208     * @return the LDAP host
209     */
210    public String getLdapHost()
211    {
212        return ldapHost;
213    }
214
215
216    /**
217     * Sets the LDAP host.
218     *
219     * @param ldapHost the new LDAP host
220     */
221    public void setLdapHost( String ldapHost )
222    {
223        this.ldapHost = ldapHost;
224    }
225
226
227    /**
228     * Gets the name that is used to authenticate the user.
229     *
230     * @return the name
231     */
232    public String getName()
233    {
234        return name;
235    }
236
237
238    /**
239     * Sets the name which is used to authenticate the user.
240     *
241     * @param name the new name
242     */
243    public void setName( String name )
244    {
245        this.name = name;
246    }
247
248
249    /**
250     * Gets the credentials.
251     *
252     * @return the credentials
253     */
254    public String getCredentials()
255    {
256        return credentials;
257    }
258
259
260    /**
261     * Sets the credentials.
262     *
263     * @param credentials the new credentials
264     */
265    public void setCredentials( String credentials )
266    {
267        this.credentials = credentials;
268    }
269
270
271    /**
272     * Gets the default LDAP port.
273     *
274     * @return the default LDAP port
275     */
276    public int getDefaultLdapPort()
277    {
278        return DEFAULT_LDAP_PORT;
279    }
280
281
282    /**
283     * Gets the default LDAPS port.
284     *
285     * @return the default LDAPS port
286     */
287    public int getDefaultLdapsPort()
288    {
289        return DEFAULT_LDAPS_PORT;
290    }
291
292
293    /**
294     * Gets the default LDAP host.
295     *
296     * @return the default LDAP host
297     */
298    public String getDefaultLdapHost()
299    {
300        return Network.LOOPBACK_HOSTNAME;
301    }
302
303
304    /**
305     * Gets the default timeout.
306     *
307     * @return the default timeout
308     */
309    public long getDefaultTimeout()
310    {
311        return DEFAULT_TIMEOUT;
312    }
313
314
315    /**
316     * Gets the timeout.
317     *
318     * @return the timeout
319     */
320    public long getTimeout()
321    {
322        return timeout;
323    }
324
325
326    /**
327     * Sets the timeout.
328     *
329     * @return the timeout
330     */
331    public void setTimeout( long timeout )
332    {
333        this.timeout = timeout;
334    }
335
336
337    /**
338     * Gets the supported LDAP version.
339     *
340     * @return the supported LDAP version
341     */
342    public int getSupportedLdapVersion()
343    {
344        return LDAP_V3;
345    }
346
347
348    /**
349     * Gets the trust managers.
350     *
351     * @return the trust managers
352     */
353    public TrustManager[] getTrustManagers()
354    {
355        return trustManagers;
356    }
357
358
359    /**
360     * Sets the trust managers.
361     *
362     * @param trustManagers the new trust managers
363     */
364    public void setTrustManagers( TrustManager... trustManagers )
365    {
366        this.trustManagers = trustManagers;
367    }
368
369
370    /**
371     * Gets the SSL protocol.
372     *
373     * @return the SSL protocol
374     */
375    public String getSslProtocol()
376    {
377        return sslProtocol;
378    }
379
380
381    /**
382     * Sets the SSL protocol.
383     *
384     * @param sslProtocol the new SSL protocol
385     */
386    public void setSslProtocol( String sslProtocol )
387    {
388        this.sslProtocol = sslProtocol;
389    }
390
391
392    /**
393     * Gets the key managers.
394     *
395     * @return the key managers
396     */
397    public KeyManager[] getKeyManagers()
398    {
399        return keyManagers;
400    }
401
402
403    /**
404     * Sets the key managers.
405     *
406     * @param keyManagers the new key managers
407     */
408    public void setKeyManagers( KeyManager[] keyManagers )
409    {
410        this.keyManagers = keyManagers;
411    }
412
413
414    /**
415     * Gets the secure random.
416     *
417     * @return the secure random
418     */
419    public SecureRandom getSecureRandom()
420    {
421        return secureRandom;
422    }
423
424
425    /**
426     * Sets the secure random.
427     *
428     * @param secureRandom the new secure random
429     */
430    public void setSecureRandom( SecureRandom secureRandom )
431    {
432        this.secureRandom = secureRandom;
433    }
434
435
436    /**
437     * Gets the cipher suites which are enabled.
438     * 
439     * @return the cipher suites which are enabled
440     */
441    public String[] getEnabledCipherSuites()
442    {
443        return enabledCipherSuites;
444    }
445
446
447    /**
448     * Sets the cipher suites which are enabled
449     * 
450     * @param enabledCipherSuites the cipher suites which are enabled
451     */
452    public void setEnabledCipherSuites( String[] enabledCipherSuites )
453    {
454        this.enabledCipherSuites = enabledCipherSuites;
455    }
456
457
458    /**
459     * Gets the protocols which are enabled.
460     * 
461     * @return the protocol which are enabled
462     */
463    public String[] getEnabledProtocols()
464    {
465        return enabledProtocols;
466    }
467
468
469    /**
470     * Sets the protocols which are enabled
471     * 
472     * @param enabledProtocols the protocols which are enabled
473     */
474    public void setEnabledProtocols( String... enabledProtocols )
475    {
476        this.enabledProtocols = enabledProtocols;
477    }
478
479
480    /**
481     * @return the binaryAttributeDetector
482     */
483    public BinaryAttributeDetector getBinaryAttributeDetector()
484    {
485        return binaryAttributeDetector;
486    }
487
488
489    /**
490     * @param binaryAttributeDetector the binaryAttributeDetector to set
491     */
492    public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector )
493    {
494        this.binaryAttributeDetector = binaryAttributeDetector;
495    }
496
497
498    /**
499     * Checks if TLS is used.
500     *
501     * @return true, if TLS is used
502     */
503    public boolean isUseTls()
504    {
505        return useTls;
506    }
507
508
509    /**
510     * Sets whether TLS should be used.
511     *
512     * @param useTls true to use TLS
513     */
514    public void setUseTls( boolean useTls )
515    {
516        this.useTls = useTls;
517    }
518
519
520    /**
521     * @return the ldapApiService
522     */
523    public LdapApiService getLdapApiService()
524    {
525        return ldapApiService;
526    }
527
528
529    /**
530     * @param ldapApiService the ldapApiService to set
531     */
532    public void setLdapApiService( LdapApiService ldapApiService )
533    {
534        this.ldapApiService = ldapApiService;
535    }
536}