javax.naming.ldap.StartTlsResponse Java Examples

/**
 * Initialize the LDAP context with secured connection by applying StartTLS extended operation.
 *
 * @param environment        environment used to create the initial Context.
 * @param connectionControls connection request controls for the initial context.
 * @return secured ldap connection context.
 * @throws NamingException    if a naming exception is encountered.
 * @throws UserStoreException if a user store related exception is encountered.
 */
public static LdapContext startTLS(Hashtable<?, ?> environment, Control[] connectionControls)
        throws NamingException, UserStoreException {

    Hashtable<String, Object> tempEnv = getEnvironmentForSecuredLdapInitialization(environment);
    LdapContext ldapContext = new InitialLdapContext(tempEnv, connectionControls);
    try {
        StartTlsResponse startTlsResponse = (StartTlsResponse) ldapContext.extendedOperation(new StartTlsRequest());
        startTlsResponse.negotiate();
        if (log.isDebugEnabled()) {
            log.debug("StartTLS connection established successfully with LDAP server");
        }
        LdapContextWrapper ldapContextWrapper = new LdapContextWrapper(ldapContext, startTlsResponse);
        ldapContextWrapper.performAuthenticationIfProvided(environment);
        return ldapContextWrapper;
    } catch (IOException e) {
        throw new UserStoreException("Unable to establish the StartTLS connection", e);
    }
}
 

protected void closeDirContext(DirContext dirCtx) {
    if (null == dirCtx) {
        return;
    }
    try {
        if (dirCtx instanceof InitialLdapContext && null != ((InitialLdapContext) dirCtx).getExtendedResponse()) {
            ((StartTlsResponse) ((InitialLdapContext) dirCtx).getExtendedResponse()).close();
        }
        dirCtx.close();
    } catch (IOException ex) {
        logger.error("Error closing DirContext", ex);
    } catch (NamingException e) {
        logger.error("Error closing DirContext", e);
        throw new RuntimeException("Error closing DirContext", e);
    }
}
 

private LdapContextWrapper(LdapContext ldapContext, StartTlsResponse startTlsResponse) {

        this.ldapContext = ldapContext;
        this.startTlsResponse = startTlsResponse;
        this.startTlsResponseWrapper = new StartTlsResponseWrapper(this.startTlsResponse);
        this.startTlsResponseWrapper.incrementReferenceCounter();
    }
 

private void createLdapContext() throws Throwable {
	Properties env = new Properties();
	env.put(Context.INITIAL_CONTEXT_FACTORY,
			"com.sun.jndi.ldap.LdapCtxFactory");
	env.put(Context.PROVIDER_URL, ldapUrl);
	if (ldapUrl.startsWith("ldaps") && (config.getSSLTrustStorePath() != null && !config.getSSLTrustStorePath().trim().isEmpty())) {
		env.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory");
	}

	ldapContext = new InitialLdapContext(env, null);
	if (!ldapUrl.startsWith("ldaps")) {
		if (config.isStartTlsEnabled()) {
			tls = (StartTlsResponse) ldapContext.extendedOperation(new StartTlsRequest());
			if (config.getSSLTrustStorePath() != null && !config.getSSLTrustStorePath().trim().isEmpty()) {
				tls.negotiate(CustomSSLSocketFactory.getDefault());
			} else {
				tls.negotiate();
			}
			LOG.info("Starting TLS session...");
		}
	}

	ldapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapBindDn);
	ldapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, ldapBindPassword);
	ldapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, ldapAuthenticationMechanism);
	ldapContext.addToEnvironment(Context.REFERRAL, ldapReferral);
}
 

protected InitialLdapContext getDirContext() throws NamingException, CommunicationException, ConnectException {
    InitialLdapContext dirCtx = null;
    try {
        if (this.isTlsSecurityConnection()) {
            dirCtx = new InitialLdapContext(this.getParams(true), null);
            StartTlsResponse tls = (StartTlsResponse) dirCtx.extendedOperation(new StartTlsRequest());
            if (this.isTlsFreeSecurityConnection()) {
                // Set the (our) HostVerifier
                tls.setHostnameVerifier(new MyTLSHostnameVerifier());
                SSLSocketFactory sslsf = null;
                try {
                    TrustManager[] tm = new TrustManager[]{new MyX509TrustManager()};
                    SSLContext sslC = SSLContext.getInstance("TLSv1.2");
                    sslC.init(null, tm, null);
                    sslsf = sslC.getSocketFactory();
                } catch (NoSuchAlgorithmException nSAE) {
                    logger.error("error Hier: {}", nSAE.getMessage(), nSAE);
                } catch (KeyManagementException kME) {
                    logger.error("error Hier: {}", kME.getMessage(), kME);
                }
                tls.negotiate(sslsf);
            } else {
                tls.negotiate();
            }
            if (null != this.getSecurityPrincipal() && null != this.getSecurityCredentials()) {
                dirCtx.addToEnvironment(Context.SECURITY_PRINCIPAL, this.getSecurityPrincipal());
                dirCtx.addToEnvironment(Context.SECURITY_CREDENTIALS, this.getSecurityCredentials());
                dirCtx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
            }
        } else {
            dirCtx = new InitialLdapContext(this.getParams(false), null);
        }
    } catch (IOException ex) {
        logger.error("error in getDirContext", ex);
    } catch (NamingException e) {
        throw e;
    }
    return dirCtx;
}
 

public final DirContext processContextAfterCreation(DirContext ctx, String userDn, String password)
		throws NamingException {

	if (ctx instanceof LdapContext) {
		final LdapContext ldapCtx = (LdapContext) ctx;
		final StartTlsResponse tlsResponse = (StartTlsResponse) ldapCtx.extendedOperation(new StartTlsRequest());
		try {
			if (hostnameVerifier != null) {
				tlsResponse.setHostnameVerifier(hostnameVerifier);
			}
			tlsResponse.negotiate(sslSocketFactory); // If null, the default SSL socket factory is used
			applyAuthentication(ldapCtx, userDn, password);

			if (shutdownTlsGracefully) {
				// Wrap the target context in a proxy to intercept any calls
				// to 'close', so that we can shut down the TLS connection
				// gracefully first.
				return (DirContext) Proxy.newProxyInstance(DirContextProxy.class.getClassLoader(), new Class<?>[] {
						LdapContext.class, DirContextProxy.class }, new TlsAwareDirContextProxy(ldapCtx,
						tlsResponse));
			}
			else {
				return ctx;
			}
		}
		catch (IOException e) {
			LdapUtils.closeContext(ctx);
			throw new UncategorizedLdapException("Failed to negotiate TLS session", e);
		}
	}
	else {
		throw new IllegalArgumentException(
				"Processed Context must be an LDAPv3 context, i.e. an LdapContext implementation");
	}

}
 

@Before
public void setup() throws NamingException {
  mockLogChannelInterface = mock( LogChannelInterface.class );
  mockVariableSpace = mock( VariableSpace.class );
  mockLdapMeta = mock( LdapMeta.class );
  mockInitialLdapContext = mock( InitialLdapContext.class );
  mockStartTlsResponse = mock( StartTlsResponse.class );
  when( mockInitialLdapContext.extendedOperation( any( StartTlsRequest.class ) ) ).thenReturn(
    mockStartTlsResponse );
}
 

public ContextHandler(DirContext dirContext, StartTlsResponse tlsResponse) {
    this.dirContext = dirContext;
    this.tlsResponse = tlsResponse;
}
 

public StartTlsResponse getTlsResponse() {
    return tlsResponse;
}
 

public StartTlsResponse getTlsResponse() {
    return tlsResp;
}
 

public void setTlsResponse(StartTlsResponse tlsResp) {
    this.tlsResp = tlsResp;
}
 

public TlsAwareDirContextProxy(LdapContext target, StartTlsResponse tlsResponse) {
	this.target = target;
	this.tlsResponse = tlsResponse;
}
 

public StartTlsResponseWrapper(StartTlsResponse startTlsResponse) {

        this.startTlsResponse = startTlsResponse;
    }