001/*
002 *   Licensed to the Apache Software Foundation (ASF) under one
003 *   or more contributor license agreements.  See the NOTICE file
004 *   distributed with this work for additional information
005 *   regarding copyright ownership.  The ASF licenses this file
006 *   to you under the Apache License, Version 2.0 (the
007 *   "License"); you may not use this file except in compliance
008 *   with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *   Unless required by applicable law or agreed to in writing,
013 *   software distributed under the License is distributed on an
014 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *   KIND, either express or implied.  See the License for the
016 *   specific language governing permissions and limitations
017 *   under the License.
018 *
019 */
020
021package org.apache.directory.ldap.client.api;
022
023
024import java.net.InetAddress;
025import java.net.UnknownHostException;
026import java.security.KeyStore;
027import java.security.KeyStoreException;
028import java.security.NoSuchAlgorithmException;
029import java.security.SecureRandom;
030
031import javax.net.ssl.KeyManager;
032import javax.net.ssl.TrustManager;
033import javax.net.ssl.TrustManagerFactory;
034import javax.net.ssl.X509TrustManager;
035
036import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
037import org.apache.directory.api.ldap.codec.api.LdapApiService;
038import org.slf4j.Logger;
039import org.slf4j.LoggerFactory;
040
041
042/**
043 * A class to hold the configuration for creating an LdapConnection.
044 *
045 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
046 */
047public class LdapConnectionConfig
048{
049    /** A logger for this class */
050    private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class );
051
052    /** Default ports for LDAP */
053    public static final int DEFAULT_LDAP_PORT = 389;
054
055    /** Default port for LDAPS */
056    public static final int DEFAULT_LDAPS_PORT = 636;
057
058    /** The default host : localhost */
059    public static final String DEFAULT_LDAP_HOST = "localhost";
060
061    /** The LDAP version */
062    public static final int LDAP_V3 = 3;
063
064    /** The default timeout for operation : 30 seconds */
065    public static final long DEFAULT_TIMEOUT = 30000L;
066
067    /** the default protocol used for creating SSL context */
068    public static final String DEFAULT_SSL_PROTOCOL = "TLS";
069
070    // --- private members ----
071    /** A flag indicating if we are using SSL or not, default value is false */
072    private boolean useSsl = false;
073
074    /** The session timeout */
075    private long timeout = DEFAULT_TIMEOUT;
076
077    /** A flag indicating if we are using TLS or not, default value is false */
078    private boolean useTls = false;
079
080    /** The selected LDAP port */
081    private int ldapPort;
082
083    /** the remote LDAP host */
084    private String ldapHost;
085
086    /** a valid Dn to authenticate the user */
087    private String name;
088
089    /** user's credentials ( current implementation supports password only); it must be a non-null value */
090    private String credentials;
091
092    /** an array of key managers, if set, will be used while initializing the SSL context */
093    private KeyManager[] keyManagers;
094
095    /** an instance of SecureRandom, if set, will be used while initializing the SSL context */
096    private SecureRandom secureRandom;
097
098    /** an array of certificate trust managers, if set, will be used while initializing the SSL context */
099    private TrustManager[] trustManagers;
100
101    /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */
102    private String[] enabledCipherSuites;
103
104    /** an array of protocols which are enabled, if set, will be used while initializing the SSL context */
105    private String[] enabledProtocols;
106
107    /** name of the protocol used for creating SSL context, default value is "TLS" */
108    private String sslProtocol = DEFAULT_SSL_PROTOCOL;
109
110    /** The class used to detect if an attribute is HR or not */
111    private BinaryAttributeDetector binaryAttributeDetector;
112
113    /** The Service to use internally when creating connections */
114    private LdapApiService ldapApiService;
115
116
117    /**
118     * Creates a default LdapConnectionConfig instance
119     */
120    public LdapConnectionConfig()
121    {
122        setDefaultTrustManager();
123    }
124
125
126    /**
127     * sets the default trust manager based on the SunX509 trustManagement algorithm
128     */
129    private void setDefaultTrustManager()
130    {
131        String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm();
132
133        try
134        {
135            TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo );
136            tmFactory.init( ( KeyStore ) null );
137
138            TrustManager[] factoryTrustManagers = tmFactory.getTrustManagers();
139
140            for ( int i = 0; i < factoryTrustManagers.length; i++ )
141            {
142                if ( factoryTrustManagers[i] instanceof X509TrustManager )
143                {
144                    trustManagers = new TrustManager[]
145                        { factoryTrustManagers[i] };
146                    LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] );
147                    break;
148                }
149            }
150        }
151        catch ( NoSuchAlgorithmException e )
152        {
153            LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo );
154        }
155        catch ( KeyStoreException e )
156        {
157            LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType() );
158        }
159    }
160
161
162    /**
163     * Checks if SSL (ldaps://) is used.
164     *
165     * @return true, if SSL is used
166     */
167    public boolean isUseSsl()
168    {
169        return useSsl;
170    }
171
172
173    /**
174     * Sets whether SSL should be used.
175     *
176     * @param useSsl true to use SSL
177     */
178    public void setUseSsl( boolean useSsl )
179    {
180        this.useSsl = useSsl;
181    }
182
183
184    /**
185     * Gets the LDAP port.
186     *
187     * @return the LDAP port
188     */
189    public int getLdapPort()
190    {
191        return ldapPort;
192    }
193
194
195    /**
196     * Sets the LDAP port.
197     *
198     * @param ldapPort the new LDAP port
199     */
200    public void setLdapPort( int ldapPort )
201    {
202        this.ldapPort = ldapPort;
203    }
204
205
206    /**
207     * Gets the LDAP host.
208     *
209     * @return the LDAP host
210     */
211    public String getLdapHost()
212    {
213        return ldapHost;
214    }
215
216
217    /**
218     * Sets the LDAP host.
219     *
220     * @param ldapHost the new LDAP host
221     */
222    public void setLdapHost( String ldapHost )
223    {
224        this.ldapHost = ldapHost;
225    }
226
227
228    /**
229     * Gets the name that is used to authenticate the user.
230     *
231     * @return the name
232     */
233    public String getName()
234    {
235        return name;
236    }
237
238
239    /**
240     * Sets the name which is used to authenticate the user.
241     *
242     * @param name the new name
243     */
244    public void setName( String name )
245    {
246        this.name = name;
247    }
248
249
250    /**
251     * Gets the credentials.
252     *
253     * @return the credentials
254     */
255    public String getCredentials()
256    {
257        return credentials;
258    }
259
260
261    /**
262     * Sets the credentials.
263     *
264     * @param credentials the new credentials
265     */
266    public void setCredentials( String credentials )
267    {
268        this.credentials = credentials;
269    }
270
271
272    /**
273     * Gets the default LDAP port.
274     *
275     * @return the default LDAP port
276     */
277    public int getDefaultLdapPort()
278    {
279        return DEFAULT_LDAP_PORT;
280    }
281
282
283    /**
284     * Gets the default LDAPS port.
285     *
286     * @return the default LDAPS port
287     */
288    public int getDefaultLdapsPort()
289    {
290        return DEFAULT_LDAPS_PORT;
291    }
292
293
294    /**
295     * Gets the default LDAP host.
296     *
297     * @return the default LDAP host
298     */
299    public String getDefaultLdapHost()
300    {
301        try
302        {
303            return InetAddress.getLocalHost().getHostName();
304        }
305        catch ( UnknownHostException uhe )
306        {
307            return DEFAULT_LDAP_HOST;
308        }
309    }
310
311
312    /**
313     * Gets the default timeout.
314     *
315     * @return the default timeout
316     */
317    public long getDefaultTimeout()
318    {
319        return DEFAULT_TIMEOUT;
320    }
321
322
323    /**
324     * Gets the timeout.
325     *
326     * @return the timeout
327     */
328    public long getTimeout()
329    {
330        return timeout;
331    }
332
333
334    /**
335     * Sets the timeout.
336     *
337     * @return the timeout
338     */
339    public void setTimeout( long timeout )
340    {
341        this.timeout = timeout;
342    }
343
344
345    /**
346     * Gets the supported LDAP version.
347     *
348     * @return the supported LDAP version
349     */
350    public int getSupportedLdapVersion()
351    {
352        return LDAP_V3;
353    }
354
355
356    /**
357     * Gets the trust managers.
358     *
359     * @return the trust managers
360     */
361    public TrustManager[] getTrustManagers()
362    {
363        return trustManagers;
364    }
365
366
367    /**
368     * Sets the trust managers.
369     *
370     * @param trustManagers the new trust managers
371     */
372    public void setTrustManagers( TrustManager... trustManagers )
373    {
374        this.trustManagers = trustManagers;
375    }
376
377
378    /**
379     * Gets the SSL protocol.
380     *
381     * @return the SSL protocol
382     */
383    public String getSslProtocol()
384    {
385        return sslProtocol;
386    }
387
388
389    /**
390     * Sets the SSL protocol.
391     *
392     * @param sslProtocol the new SSL protocol
393     */
394    public void setSslProtocol( String sslProtocol )
395    {
396        this.sslProtocol = sslProtocol;
397    }
398
399
400    /**
401     * Gets the key managers.
402     *
403     * @return the key managers
404     */
405    public KeyManager[] getKeyManagers()
406    {
407        return keyManagers;
408    }
409
410
411    /**
412     * Sets the key managers.
413     *
414     * @param keyManagers the new key managers
415     */
416    public void setKeyManagers( KeyManager[] keyManagers )
417    {
418        this.keyManagers = keyManagers;
419    }
420
421
422    /**
423     * Gets the secure random.
424     *
425     * @return the secure random
426     */
427    public SecureRandom getSecureRandom()
428    {
429        return secureRandom;
430    }
431
432
433    /**
434     * Sets the secure random.
435     *
436     * @param secureRandom the new secure random
437     */
438    public void setSecureRandom( SecureRandom secureRandom )
439    {
440        this.secureRandom = secureRandom;
441    }
442
443
444    /**
445     * Gets the cipher suites which are enabled.
446     * 
447     * @return the cipher suites which are enabled
448     */
449    public String[] getEnabledCipherSuites()
450    {
451        return enabledCipherSuites;
452    }
453
454
455    /**
456     * Sets the cipher suites which are enabled
457     * 
458     * @param enabledCipherSuites the cipher suites which are enabled
459     */
460    public void setEnabledCipherSuites( String[] enabledCipherSuites )
461    {
462        this.enabledCipherSuites = enabledCipherSuites;
463    }
464
465
466    /**
467     * Gets the protocols which are enabled.
468     * 
469     * @return the protocol which are enabled
470     */
471    public String[] getEnabledProtocols()
472    {
473        return enabledProtocols;
474    }
475
476
477    /**
478     * Sets the protocols which are enabled
479     * 
480     * @param enabledProtocols the protocols which are enabled
481     */
482    public void setEnabledProtocols( String... enabledProtocols )
483    {
484        this.enabledProtocols = enabledProtocols;
485    }
486
487
488    /**
489     * @return the binaryAttributeDetector
490     */
491    public BinaryAttributeDetector getBinaryAttributeDetector()
492    {
493        return binaryAttributeDetector;
494    }
495
496
497    /**
498     * @param binaryAttributeDetector the binaryAttributeDetector to set
499     */
500    public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector )
501    {
502        this.binaryAttributeDetector = binaryAttributeDetector;
503    }
504
505
506    /**
507     * Checks if TLS is used.
508     *
509     * @return true, if TLS is used
510     */
511    public boolean isUseTls()
512    {
513        return useTls;
514    }
515
516
517    /**
518     * Sets whether TLS should be used.
519     *
520     * @param useTls true to use TLS
521     */
522    public void setUseTls( boolean useTls )
523    {
524        this.useTls = useTls;
525    }
526
527
528    /**
529     * @return the ldapApiService
530     */
531    public LdapApiService getLdapApiService()
532    {
533        return ldapApiService;
534    }
535
536
537    /**
538     * @param ldapApiService the ldapApiService to set
539     */
540    public void setLdapApiService( LdapApiService ldapApiService )
541    {
542        this.ldapApiService = ldapApiService;
543    }
544}