001/*
002 *   Licensed to the Apache Software Foundation (ASF) under one
003 *   or more contributor license agreements.  See the NOTICE file
004 *   distributed with this work for additional information
005 *   regarding copyright ownership.  The ASF licenses this file
006 *   to you under the Apache License, Version 2.0 (the
007 *   "License"); you may not use this file except in compliance
008 *   with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *   Unless required by applicable law or agreed to in writing,
013 *   software distributed under the License is distributed on an
014 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *   KIND, either express or implied.  See the License for the
016 *   specific language governing permissions and limitations
017 *   under the License.
018 *
019 */
020
021package org.apache.directory.ldap.client.api;
022
023
024import java.security.KeyStore;
025import java.security.KeyStoreException;
026import java.security.NoSuchAlgorithmException;
027import java.security.SecureRandom;
028
029import javax.net.ssl.KeyManager;
030import javax.net.ssl.TrustManager;
031import javax.net.ssl.TrustManagerFactory;
032import javax.net.ssl.X509TrustManager;
033
034import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
035import org.apache.directory.api.ldap.codec.api.LdapApiService;
036import org.slf4j.Logger;
037import org.slf4j.LoggerFactory;
038
039
040/**
041 * A class to hold the configuration for creating an LdapConnection.
042 *
043 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
044 */
045public class LdapConnectionConfig
046{
047    /** A logger for this class */
048    private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class );
049
050    /** Default ports for LDAP */
051    public static final int DEFAULT_LDAP_PORT = 389;
052
053    /** Default port for LDAPS */
054    public static final int DEFAULT_LDAPS_PORT = 636;
055
056    /** The default host : localhost */
057    public static final String DEFAULT_LDAP_HOST = "127.0.0.1";
058
059    /** The LDAP version */
060    public static final int LDAP_V3 = 3;
061
062    /** The default timeout for operation : 30 seconds */
063    public static final long DEFAULT_TIMEOUT = 30000L;
064
065    /** the default protocol used for creating SSL context */
066    public static final String DEFAULT_SSL_PROTOCOL = "TLS";
067
068    // --- private members ----
069    /** A flag indicating if we are using SSL or not, default value is false */
070    private boolean useSsl = false;
071
072    /** The session timeout */
073    private long timeout = DEFAULT_TIMEOUT;
074
075    /** A flag indicating if we are using TLS or not, default value is false */
076    private boolean useTls = false;
077
078    /** The selected LDAP port */
079    private int ldapPort;
080
081    /** the remote LDAP host */
082    private String ldapHost;
083
084    /** a valid Dn to authenticate the user */
085    private String name;
086
087    /** user's credentials ( current implementation supports password only); it must be a non-null value */
088    private String credentials;
089
090    /** an array of key managers, if set, will be used while initializing the SSL context */
091    private KeyManager[] keyManagers;
092
093    /** an instance of SecureRandom, if set, will be used while initializing the SSL context */
094    private SecureRandom secureRandom;
095
096    /** an array of certificate trust managers, if set, will be used while initializing the SSL context */
097    private TrustManager[] trustManagers;
098
099    /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */
100    private String[] enabledCipherSuites;
101
102    /** name of the protocol used for creating SSL context, default value is "TLS" */
103    private String sslProtocol = DEFAULT_SSL_PROTOCOL;
104
105    /** The class used to detect if an attribute is HR or not */
106    private BinaryAttributeDetector binaryAttributeDetector;
107
108    /** The Service to use internally when creating connections */
109    private LdapApiService ldapApiService;
110
111
112    /**
113     * Creates a default LdapConnectionConfig instance
114     */
115    public LdapConnectionConfig()
116    {
117        setDefaultTrustManager();
118    }
119
120
121    /**
122     * sets the default trust manager based on the SunX509 trustManagement algorithm
123     */
124    private void setDefaultTrustManager()
125    {
126        String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm();
127
128        try
129        {
130            TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo );
131            tmFactory.init( ( KeyStore ) null );
132
133            TrustManager factoryTrustManagers[] = tmFactory.getTrustManagers();
134
135            for ( int i = 0; i < factoryTrustManagers.length; i++ )
136            {
137                if ( factoryTrustManagers[i] instanceof X509TrustManager )
138                {
139                    trustManagers = new TrustManager[]
140                        { factoryTrustManagers[i] };
141                    LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] );
142                    break;
143                }
144            }
145        }
146        catch ( NoSuchAlgorithmException e )
147        {
148            LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo );
149        }
150        catch ( KeyStoreException e )
151        {
152            LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() );
153        }
154    }
155
156
157    /**
158     * Checks if SSL (ldaps://) is used.
159     *
160     * @return true, if SSL is used
161     */
162    public boolean isUseSsl()
163    {
164        return useSsl;
165    }
166
167
168    /**
169     * Sets whether SSL should be used.
170     *
171     * @param useSsl true to use SSL
172     */
173    public void setUseSsl( boolean useSsl )
174    {
175        this.useSsl = useSsl;
176    }
177
178
179    /**
180     * Gets the LDAP port.
181     *
182     * @return the LDAP port
183     */
184    public int getLdapPort()
185    {
186        return ldapPort;
187    }
188
189
190    /**
191     * Sets the LDAP port.
192     *
193     * @param ldapPort the new LDAP port
194     */
195    public void setLdapPort( int ldapPort )
196    {
197        this.ldapPort = ldapPort;
198    }
199
200
201    /**
202     * Gets the LDAP host.
203     *
204     * @return the LDAP host
205     */
206    public String getLdapHost()
207    {
208        return ldapHost;
209    }
210
211
212    /**
213     * Sets the LDAP host.
214     *
215     * @param ldapHost the new LDAP host
216     */
217    public void setLdapHost( String ldapHost )
218    {
219        this.ldapHost = ldapHost;
220    }
221
222
223    /**
224     * Gets the name that is used to authenticate the user.
225     *
226     * @return the name
227     */
228    public String getName()
229    {
230        return name;
231    }
232
233
234    /**
235     * Sets the name which is used to authenticate the user.
236     *
237     * @param name the new name
238     */
239    public void setName( String name )
240    {
241        this.name = name;
242    }
243
244
245    /**
246     * Gets the credentials.
247     *
248     * @return the credentials
249     */
250    public String getCredentials()
251    {
252        return credentials;
253    }
254
255
256    /**
257     * Sets the credentials.
258     *
259     * @param credentials the new credentials
260     */
261    public void setCredentials( String credentials )
262    {
263        this.credentials = credentials;
264    }
265
266
267    /**
268     * Gets the default LDAP port.
269     *
270     * @return the default LDAP port
271     */
272    public int getDefaultLdapPort()
273    {
274        return DEFAULT_LDAP_PORT;
275    }
276
277
278    /**
279     * Gets the default LDAPS port.
280     *
281     * @return the default LDAPS port
282     */
283    public int getDefaultLdapsPort()
284    {
285        return DEFAULT_LDAPS_PORT;
286    }
287
288
289    /**
290     * Gets the default LDAP host.
291     *
292     * @return the default LDAP host
293     */
294    public String getDefaultLdapHost()
295    {
296        return DEFAULT_LDAP_HOST;
297    }
298
299
300    /**
301     * Gets the default timeout.
302     *
303     * @return the default timeout
304     */
305    public long getDefaultTimeout()
306    {
307        return DEFAULT_TIMEOUT;
308    }
309
310
311    /**
312     * Gets the timeout.
313     *
314     * @return the timeout
315     */
316    public long getTimeout()
317    {
318        return timeout;
319    }
320
321
322    /**
323     * Sets the timeout.
324     *
325     * @return the timeout
326     */
327    public void setTimeout( long timeout )
328    {
329        this.timeout = timeout;
330    }
331
332
333    /**
334     * Gets the supported LDAP version.
335     *
336     * @return the supported LDAP version
337     */
338    public int getSupportedLdapVersion()
339    {
340        return LDAP_V3;
341    }
342
343
344    /**
345     * Gets the trust managers.
346     *
347     * @return the trust managers
348     */
349    public TrustManager[] getTrustManagers()
350    {
351        return trustManagers;
352    }
353
354
355    /**
356     * Sets the trust managers.
357     *
358     * @param trustManagers the new trust managers
359     */
360    public void setTrustManagers( TrustManager... trustManagers )
361    {
362        this.trustManagers = trustManagers;
363    }
364
365
366    /**
367     * Gets the SSL protocol.
368     *
369     * @return the SSL protocol
370     */
371    public String getSslProtocol()
372    {
373        return sslProtocol;
374    }
375
376
377    /**
378     * Sets the SSL protocol.
379     *
380     * @param sslProtocol the new SSL protocol
381     */
382    public void setSslProtocol( String sslProtocol )
383    {
384        this.sslProtocol = sslProtocol;
385    }
386
387
388    /**
389     * Gets the key managers.
390     *
391     * @return the key managers
392     */
393    public KeyManager[] getKeyManagers()
394    {
395        return keyManagers;
396    }
397
398
399    /**
400     * Sets the key managers.
401     *
402     * @param keyManagers the new key managers
403     */
404    public void setKeyManagers( KeyManager[] keyManagers )
405    {
406        this.keyManagers = keyManagers;
407    }
408
409
410    /**
411     * Gets the secure random.
412     *
413     * @return the secure random
414     */
415    public SecureRandom getSecureRandom()
416    {
417        return secureRandom;
418    }
419
420
421    /**
422     * Sets the secure random.
423     *
424     * @param secureRandom the new secure random
425     */
426    public void setSecureRandom( SecureRandom secureRandom )
427    {
428        this.secureRandom = secureRandom;
429    }
430
431
432    /**
433     * Gets the cipher suites which are enabled.
434     * 
435     * @return the cipher suites which are enabled
436     */
437    public String[] getEnabledCipherSuites()
438    {
439        return enabledCipherSuites;
440    }
441
442
443    /**
444     * Sets the cipher suites which are enabled
445     * 
446     * @param enabledCipherSuites the cipher suites which are enabled
447     */
448    public void setEnabledCipherSuites( String[] enabledCipherSuites )
449    {
450        this.enabledCipherSuites = enabledCipherSuites;
451    }
452
453
454    /**
455     * @return the binaryAttributeDetector
456     */
457    public BinaryAttributeDetector getBinaryAttributeDetector()
458    {
459        return binaryAttributeDetector;
460    }
461
462
463    /**
464     * @param binaryAttributeDetector the binaryAttributeDetector to set
465     */
466    public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector )
467    {
468        this.binaryAttributeDetector = binaryAttributeDetector;
469    }
470
471
472    /**
473     * Checks if TLS is used.
474     *
475     * @return true, if TLS is used
476     */
477    public boolean isUseTls()
478    {
479        return useTls;
480    }
481
482
483    /**
484     * Sets whether TLS should be used.
485     *
486     * @param useTls true to use TLS
487     */
488    public void setUseTls( boolean useTls )
489    {
490        this.useTls = useTls;
491    }
492
493
494    /**
495     * @return the ldapApiService
496     */
497    public LdapApiService getLdapApiService()
498    {
499        return ldapApiService;
500    }
501
502
503    /**
504     * @param ldapApiService the ldapApiService to set
505     */
506    public void setLdapApiService( LdapApiService ldapApiService )
507    {
508        this.ldapApiService = ldapApiService;
509    }
510}