[ENH] ✨ add ldaps connexion to see also decorator

Signed-off-by: Antoine Brunetti <[email protected]>
InseeFr · Nov 17, 2023 · 397c744 · 397c744
1 parent 1e28669
commit 397c744
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 7 deletions.
diff --git a/sugoi-api-model/src/main/java/fr/insee/sugoi/model/exceptions/LdapDecoratorException.java b/sugoi-api-model/src/main/java/fr/insee/sugoi/model/exceptions/LdapDecoratorException.java
@@ -0,0 +1,29 @@
+/*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package fr.insee.sugoi.model.exceptions;
+
+public class LdapDecoratorException extends RuntimeException {
+
+  public LdapDecoratorException() {
+    super("Problem using ldap decorator");
+  }
+
+  public LdapDecoratorException(String message) {
+    super(message);
+  }
+
+  public LdapDecoratorException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/sugoi-api-seealso-ldap/src/main/java/fr/insee/sugoi/seealso/LdapSeeAlsoDecorator.java b/sugoi-api-seealso-ldap/src/main/java/fr/insee/sugoi/seealso/LdapSeeAlsoDecorator.java
@@ -13,14 +13,14 @@
 */
 package fr.insee.sugoi.seealso;
 
-import com.unboundid.ldap.sdk.Attribute;
-import com.unboundid.ldap.sdk.LDAPConnection;
-import com.unboundid.ldap.sdk.LDAPConnectionPool;
-import com.unboundid.ldap.sdk.LDAPException;
-import com.unboundid.ldap.sdk.LDAPURL;
-import com.unboundid.ldap.sdk.SearchResultEntry;
+import com.unboundid.ldap.sdk.*;
+import com.unboundid.util.ssl.AggregateTrustManager;
+import com.unboundid.util.ssl.JVMDefaultTrustManager;
+import com.unboundid.util.ssl.SSLUtil;
 import fr.insee.sugoi.core.seealso.SeeAlsoCredentialsConfiguration.SeeAlsoCredential;
 import fr.insee.sugoi.core.seealso.SeeAlsoDecorator;
+import fr.insee.sugoi.model.exceptions.LdapDecoratorException;
+import java.security.GeneralSecurityException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
@@ -41,7 +41,9 @@ public class LdapSeeAlsoDecorator implements SeeAlsoDecorator {
 
   @Override
   public List<String> getProtocols() {
-    return List.of("ldap", "ldaps");
+    return Arrays.stream(SupportedProtocol.values())
+        .map(SupportedProtocol::getStringValue)
+        .collect(Collectors.toList());
   }
 
   /**
@@ -89,6 +91,18 @@ private LDAPConnectionPool getConnectionByHost(String host, int port) throws LDA
   }
 
   private LDAPConnectionPool createHostConnection(String host, int port) throws LDAPException {
+    SupportedProtocol hostProtocol = SupportedProtocol.getProtocolFromHost(host);
+    switch (hostProtocol) {
+      case LDAP:
+        return createLdapHostConnection(host, port);
+      case LDAPS:
+        return createLdapsHostConnection(host, port);
+      default:
+        throw new LdapDecoratorException("Unimplemented host protocol for host " + host);
+    }
+  }
+
+  private LDAPConnectionPool createLdapHostConnection(String host, int port) throws LDAPException {
     if (credentialsByDomain != null && credentialsByDomain.containsKey(host)) {
       try (LDAPConnection initialConnection =
           new LDAPConnection(
@@ -104,4 +118,61 @@ private LDAPConnectionPool createHostConnection(String host, int port) throws LD
       }
     }
   }
+
+  private LDAPConnectionPool createLdapsHostConnection(String host, int port) {
+    if (credentialsByDomain != null && credentialsByDomain.containsKey(host)) {
+      try (LDAPConnection initialConnection =
+          new LDAPConnection(
+              getSslUtil().createSSLSocketFactory(),
+              host,
+              port,
+              credentialsByDomain.get(host).getUsername(),
+              credentialsByDomain.get(host).getPassword())) {
+        return new LDAPConnectionPool(initialConnection, 10);
+      } catch (GeneralSecurityException e) {
+        throw new LdapDecoratorException("SSL context for ldap decorator is misconfigured", e);
+      } catch (LDAPException e) {
+        throw new LdapDecoratorException("Ldap during pool creation for seeAlso resolution", e);
+      }
+    } else {
+      try (LDAPConnection initialConnection =
+          new LDAPConnection(getSslUtil().createSSLSocketFactory(), host, port)) {
+        return new LDAPConnectionPool(initialConnection, 10);
+      } catch (GeneralSecurityException e) {
+        throw new LdapDecoratorException("SSL context for ldap decorator is misconfigured", e);
+      } catch (LDAPException e) {
+        throw new LdapDecoratorException("Ldap during pool creation for seeAlso resolution", e);
+      }
+    }
+  }
+
+  private SSLUtil getSslUtil() {
+    AggregateTrustManager trustManager =
+        new AggregateTrustManager(false, JVMDefaultTrustManager.getInstance());
+    return new SSLUtil(trustManager);
+  }
+
+  public enum SupportedProtocol {
+    LDAP("ldap"),
+    LDAPS("ldaps");
+
+    private String stringValue;
+
+    public String getStringValue() {
+      return stringValue;
+    }
+
+    public SupportedProtocol(String stringValue) {
+      this.stringValue = stringValue;
+    }
+
+    public static SupportedProtocol getProtocolFromHost(String host) {
+      for (SupportedProtocol supportedProtocol : SupportedProtocol.values()) {
+        if (host.contains(supportedProtocol.getStringValue() + ":")) {
+          return supportedProtocol;
+        }
+      }
+      throw new LdapDecoratorException();
+    }
+  }
 }