1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * https://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 *
19 */
20
21 package org.apache.directory.ldap.client.api;
22
23
24 import java.security.KeyStore;
25 import java.security.KeyStoreException;
26 import java.security.NoSuchAlgorithmException;
27 import java.security.SecureRandom;
28
29 import javax.net.ssl.KeyManager;
30 import javax.net.ssl.TrustManager;
31 import javax.net.ssl.TrustManagerFactory;
32
33 import org.apache.directory.api.i18n.I18n;
34 import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
35 import org.apache.directory.api.ldap.codec.api.LdapApiService;
36 import org.apache.directory.api.util.Network;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39
40
41 /**
42 * A class to hold the configuration for creating an LdapConnection.
43 *
44 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
45 */
46 public class LdapConnectionConfig
47 {
48 /** A logger for this class */
49 private static final Logger LOG = LoggerFactory.getLogger( LdapConnectionConfig.class );
50
51 /** Default ports for LDAP */
52 public static final int DEFAULT_LDAP_PORT = 389;
53
54 /** Default port for LDAPS */
55 public static final int DEFAULT_LDAPS_PORT = 636;
56
57 /** The default host : localhost */
58 public static final String DEFAULT_LDAP_HOST = "localhost";
59
60 /** The LDAP version */
61 public static final int LDAP_V3 = 3;
62
63 /** The default timeout for operation : 30 seconds */
64 public static final long DEFAULT_TIMEOUT = 30000L;
65
66 /** the default protocol used for creating SSL context */
67 public static final String DEFAULT_SSL_PROTOCOL = "TLS";
68
69 // --- private members ----
70 /** A flag indicating if we are using SSL or not, default value is false */
71 private boolean useSsl = false;
72
73 /** The session timeout in milliseconds */
74 private long timeout = DEFAULT_TIMEOUT;
75
76 /** Timeout for connect and bind operations */
77 private Long connectTimeout;
78
79 /** Timeout for write operations (add, modify, delete, ...) */
80 private Long writeOperationTimeout;
81
82 /** Timeout for read operations (search, compare) */
83 private Long readOperationTimeout;
84
85 /** Timeout for close and unbind operations */
86 private Long closeTimeout;
87
88 /** Timeout for I/O (TCP) writes */
89 private Long sendTimeout;
90
91 /** A flag indicating if we are using TLS or not, default value is false */
92 private boolean useTls = false;
93
94 /** The selected LDAP port */
95 private int ldapPort;
96
97 /** the remote LDAP host */
98 private String ldapHost;
99
100 /** a valid Dn to authenticate the user */
101 private String name;
102
103 /** user's credentials ( current implementation supports password only); it must be a non-null value */
104 private String credentials;
105
106 /** an array of key managers, if set, will be used while initializing the SSL context */
107 private KeyManager[] keyManagers;
108
109 /** an instance of SecureRandom, if set, will be used while initializing the SSL context */
110 private SecureRandom secureRandom;
111
112 /** an array of certificate trust managers, if set, will be used while initializing the SSL context */
113 private TrustManager[] trustManagers;
114
115 /** an array of cipher suites which are enabled, if set, will be used while initializing the SSL context */
116 private String[] enabledCipherSuites;
117
118 /** an array of protocols which are enabled, if set, will be used while initializing the SSL context */
119 private String[] enabledProtocols;
120
121 /** name of the protocol used for creating SSL context, default value is "TLS" */
122 private String sslProtocol = DEFAULT_SSL_PROTOCOL;
123
124 /** The class used to detect if an attribute is HR or not */
125 private BinaryAttributeDetector binaryAttributeDetector;
126
127 /** The Service to use internally when creating connections */
128 private LdapApiService ldapApiService;
129
130
131 /**
132 * Creates a default LdapConnectionConfig instance
133 */
134 public LdapConnectionConfig()
135 {
136 setDefaultTrustManager();
137 }
138
139
140 /**
141 * Sets the default trust manager based on the SunX509 trustManagement algorithm
142 **/
143 private void setDefaultTrustManager()
144 {
145 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
146
147 try
148 {
149 TrustManagerFactory tmf = TrustManagerFactory.getInstance( defaultAlgorithm );
150 tmf.init( ( KeyStore ) null );
151 trustManagers = tmf.getTrustManagers();
152 }
153 catch ( KeyStoreException kse )
154 {
155 LOG.error( I18n.err( I18n.ERR_04172_KEYSTORE_INIT_FAILURE ) );
156 throw new RuntimeException( kse.getMessage(), kse );
157 }
158 catch ( NoSuchAlgorithmException nsae )
159 {
160 LOG.error( I18n.err( I18n.ERR_04173_ALGORITHM_NOT_FOUND, defaultAlgorithm ) );
161 throw new RuntimeException( nsae.getMessage(), nsae );
162 }
163 }
164
165
166 /**
167 * Checks if SSL (ldaps://) is used.
168 *
169 * @return true, if SSL is used
170 */
171 public boolean isUseSsl()
172 {
173 return useSsl;
174 }
175
176
177 /**
178 * Sets whether SSL should be used.
179 *
180 * @param useSsl true to use SSL
181 */
182 public void setUseSsl( boolean useSsl )
183 {
184 this.useSsl = useSsl;
185 }
186
187
188 /**
189 * Gets the LDAP port.
190 *
191 * @return the LDAP port
192 */
193 public int getLdapPort()
194 {
195 return ldapPort;
196 }
197
198
199 /**
200 * Sets the LDAP port.
201 *
202 * @param ldapPort the new LDAP port
203 */
204 public void setLdapPort( int ldapPort )
205 {
206 this.ldapPort = ldapPort;
207 }
208
209
210 /**
211 * Gets the LDAP host.
212 *
213 * @return the LDAP host
214 */
215 public String getLdapHost()
216 {
217 return ldapHost;
218 }
219
220
221 /**
222 * Sets the LDAP host.
223 *
224 * @param ldapHost the new LDAP host
225 */
226 public void setLdapHost( String ldapHost )
227 {
228 this.ldapHost = ldapHost;
229 }
230
231
232 /**
233 * Gets the name that is used to authenticate the user.
234 *
235 * @return the name
236 */
237 public String getName()
238 {
239 return name;
240 }
241
242
243 /**
244 * Sets the name which is used to authenticate the user.
245 *
246 * @param name the new name
247 */
248 public void setName( String name )
249 {
250 this.name = name;
251 }
252
253
254 /**
255 * Gets the credentials.
256 *
257 * @return the credentials
258 */
259 public String getCredentials()
260 {
261 return credentials;
262 }
263
264
265 /**
266 * Sets the credentials.
267 *
268 * @param credentials the new credentials
269 */
270 public void setCredentials( String credentials )
271 {
272 this.credentials = credentials;
273 }
274
275
276 /**
277 * Gets the default LDAP port.
278 *
279 * @return the default LDAP port
280 */
281 public int getDefaultLdapPort()
282 {
283 return DEFAULT_LDAP_PORT;
284 }
285
286
287 /**
288 * Gets the default LDAPS port.
289 *
290 * @return the default LDAPS port
291 */
292 public int getDefaultLdapsPort()
293 {
294 return DEFAULT_LDAPS_PORT;
295 }
296
297
298 /**
299 * Gets the default LDAP host.
300 *
301 * @return the default LDAP host
302 */
303 public String getDefaultLdapHost()
304 {
305 return Network.LOOPBACK_HOSTNAME;
306 }
307
308
309 /**
310 * Gets the default timeout in milliseconds.
311 *
312 * @return the default timeout in milliseconds
313 */
314 public long getDefaultTimeout()
315 {
316 return DEFAULT_TIMEOUT;
317 }
318
319
320 /**
321 * Gets the timeout in milliseconds.
322 * This is a "global" timeout.
323 * It is used when operation-specific timeouts are not specified.
324 * It is also used for extended operations.
325 *
326 * @return the timeout in milliseconds
327 */
328 public long getTimeout()
329 {
330 return timeout;
331 }
332
333
334 /**
335 * Sets the timeout in milliseconds.
336 * This is a "global" timeout.
337 * It is used when operation-specific timeouts are not specified.
338 * It is also used for extended operations.
339 *
340 * @param timeout the timeout in milliseconds to set. If < 0, will be set to infinite
341 */
342 public void setTimeout( long timeout )
343 {
344 if ( timeout == -1L )
345 {
346 this.timeout = Long.MAX_VALUE;
347 }
348 else
349 {
350 this.timeout = timeout;
351 }
352 }
353
354
355 /**
356 * Gets connect timeout in milliseconds.
357 * Connect timeout is applied to connect and bind operations.
358 * If not specified, global timeout setting is applied.
359 *
360 * @return the timeout in milliseconds
361 */
362 public Long getConnectTimeout()
363 {
364 return connectTimeout;
365 }
366
367
368 /**
369 * Sets connect timeout in milliseconds.
370 * Connect timeout is applied to connect and bind operations.
371 * If not specified, global timeout setting is applied.
372 *
373 * @param timeout the timeout in milliseconds to set. If < 0, will be set to infinite
374 */
375 public void setConnectTimeout( Long timeout )
376 {
377 if ( timeout == -1L )
378 {
379 this.connectTimeout = Long.MAX_VALUE;
380 }
381 else
382 {
383 this.connectTimeout = timeout;
384 }
385 }
386
387
388 /**
389 * Gets write operation timeout in milliseconds.
390 * Write operation timeout is applied to operations that write data, such as add, modify and delete.
391 * If not specified, global timeout setting is applied.
392 *
393 * @return the timeout in milliseconds
394 */
395 public Long getWriteOperationTimeout()
396 {
397 return writeOperationTimeout;
398 }
399
400
401 /**
402 * Sets write operation timeout in milliseconds.
403 * Write operation timeout is applied to operations that write data, such as add, modify and delete.
404 * If not specified, global timeout setting is applied.
405 *
406 * @param timeout the timeout in milliseconds to set. If < 0, will be set to infinite
407 */
408 public void setWriteOperationTimeout( Long timeout )
409 {
410 if ( timeout == -1L )
411 {
412 this.writeOperationTimeout = Long.MAX_VALUE;
413 }
414 else
415 {
416 this.writeOperationTimeout = timeout;
417 }
418 }
419
420
421 /**
422 * Gets read operation timeout in milliseconds.
423 * This timeout is applied to read operations, such as search and compare.
424 * If not specified, global timeout setting is applied.
425 *
426 * @return the timeout in milliseconds
427 */
428 public Long getReadOperationTimeout()
429 {
430 return readOperationTimeout;
431 }
432
433
434 /**
435 * Sets read operation timeout in milliseconds.
436 * This timeout is applied to read operations, such as search and compare.
437 * If not specified, global timeout setting is applied.
438 *
439 * @param timeout the timeout in milliseconds to set. If < 0, will be set to infinite
440 */
441 public void setReadOperationTimeout( Long timeout )
442 {
443 if ( timeout == -1L )
444 {
445 this.readOperationTimeout = Long.MAX_VALUE;
446 }
447 else
448 {
449 this.readOperationTimeout = timeout;
450 }
451 }
452
453
454 /**
455 * Gets close timeout in milliseconds.
456 * Close timeout is applied to close and unbind operations.
457 * If not specified, global timeout setting is applied.
458 *
459 * @return the timeout in milliseconds
460 */
461 public Long getCloseTimeout()
462 {
463 return closeTimeout;
464 }
465
466
467 /**
468 * Sets close timeout in milliseconds.
469 * Close timeout is applied to close and unbind operations.
470 * If not specified, global timeout setting is applied.
471 *
472 * @param timeout the timeout in milliseconds to set. If < 0, will be set to infinite
473 */
474 public void setCloseTimeout( Long timeout )
475 {
476 if ( timeout == -1L )
477 {
478 this.closeTimeout = Long.MAX_VALUE;
479 }
480 else
481 {
482 this.closeTimeout = timeout;
483 }
484 }
485
486
487 /**
488 * Gets send timeout in milliseconds.
489 * Send timeout is used for I/O (TCP) write operations.
490 * If not specified, global timeout setting is applied.
491 *
492 * @return the timeout in milliseconds
493 */
494 public Long getSendTimeout()
495 {
496 return sendTimeout;
497 }
498
499
500 /**
501 * Sets the send timeout in milliseconds.
502 * Send timeout is used for I/O (TCP) write operations.
503 * If not specified, global timeout setting is applied.
504 *
505 * @param timeout the timeout in milliseconds to set. If < 0, will be set to infinite
506 */
507 public void setSendTimeout( Long timeout )
508 {
509 if ( timeout == -1L )
510 {
511 this.sendTimeout = Long.MAX_VALUE;
512 }
513 else
514 {
515 this.sendTimeout = timeout;
516 }
517 }
518
519
520 /**
521 * Gets the supported LDAP version.
522 *
523 * @return the supported LDAP version
524 */
525 public int getSupportedLdapVersion()
526 {
527 return LDAP_V3;
528 }
529
530
531 /**
532 * Gets the trust managers.
533 *
534 * @return the trust managers
535 */
536 public TrustManager[] getTrustManagers()
537 {
538 return trustManagers;
539 }
540
541
542 /**
543 * Sets the trust managers.
544 *
545 * @param trustManagers the new trust managers
546 * @throws IllegalArgumentException if the trustManagers parameter is null or empty
547 */
548 public void setTrustManagers( TrustManager... trustManagers )
549 {
550 if ( ( trustManagers == null ) || ( trustManagers.length == 0 )
551 || ( trustManagers.length == 1 && trustManagers[0] == null ) )
552 {
553 throw new IllegalArgumentException( "TrustManagers must not be null or empty" );
554 }
555 this.trustManagers = trustManagers;
556 }
557
558
559 /**
560 * Gets the SSL protocol.
561 *
562 * @return the SSL protocol
563 */
564 public String getSslProtocol()
565 {
566 return sslProtocol;
567 }
568
569
570 /**
571 * Sets the SSL protocol.
572 *
573 * @param sslProtocol the new SSL protocol
574 */
575 public void setSslProtocol( String sslProtocol )
576 {
577 this.sslProtocol = sslProtocol;
578 }
579
580
581 /**
582 * Gets the key managers.
583 *
584 * @return the key managers
585 */
586 public KeyManager[] getKeyManagers()
587 {
588 return keyManagers;
589 }
590
591
592 /**
593 * Sets the key managers.
594 *
595 * @param keyManagers the new key managers
596 */
597 public void setKeyManagers( KeyManager[] keyManagers )
598 {
599 this.keyManagers = keyManagers;
600 }
601
602
603 /**
604 * Gets the secure random.
605 *
606 * @return the secure random
607 */
608 public SecureRandom getSecureRandom()
609 {
610 return secureRandom;
611 }
612
613
614 /**
615 * Sets the secure random.
616 *
617 * @param secureRandom the new secure random
618 */
619 public void setSecureRandom( SecureRandom secureRandom )
620 {
621 this.secureRandom = secureRandom;
622 }
623
624
625 /**
626 * Gets the cipher suites which are enabled.
627 *
628 * @return the cipher suites which are enabled
629 */
630 public String[] getEnabledCipherSuites()
631 {
632 return enabledCipherSuites;
633 }
634
635
636 /**
637 * Sets the cipher suites which are enabled
638 *
639 * @param enabledCipherSuites the cipher suites which are enabled
640 */
641 public void setEnabledCipherSuites( String[] enabledCipherSuites )
642 {
643 this.enabledCipherSuites = enabledCipherSuites;
644 }
645
646
647 /**
648 * Gets the protocols which are enabled.
649 *
650 * @return the protocol which are enabled
651 */
652 public String[] getEnabledProtocols()
653 {
654 return enabledProtocols;
655 }
656
657
658 /**
659 * Sets the protocols which are enabled
660 *
661 * @param enabledProtocols the protocols which are enabled
662 */
663 public void setEnabledProtocols( String... enabledProtocols )
664 {
665 this.enabledProtocols = enabledProtocols;
666 }
667
668
669 /**
670 * @return the binaryAttributeDetector
671 */
672 public BinaryAttributeDetector getBinaryAttributeDetector()
673 {
674 return binaryAttributeDetector;
675 }
676
677
678 /**
679 * @param binaryAttributeDetector the binaryAttributeDetector to set
680 */
681 public void setBinaryAttributeDetector( BinaryAttributeDetector binaryAttributeDetector )
682 {
683 this.binaryAttributeDetector = binaryAttributeDetector;
684 }
685
686
687 /**
688 * Checks if TLS is used.
689 *
690 * @return true, if TLS is used
691 */
692 public boolean isUseTls()
693 {
694 return useTls;
695 }
696
697
698 /**
699 * Sets whether TLS should be used.
700 *
701 * @param useTls true to use TLS
702 */
703 public void setUseTls( boolean useTls )
704 {
705 this.useTls = useTls;
706 }
707
708
709 /**
710 * @return the ldapApiService
711 */
712 public LdapApiService getLdapApiService()
713 {
714 return ldapApiService;
715 }
716
717
718 /**
719 * @param ldapApiService the ldapApiService to set
720 */
721 public void setLdapApiService( LdapApiService ldapApiService )
722 {
723 this.ldapApiService = ldapApiService;
724 }
725 }