diff --git a/sugoi-api-model/src/main/java/fr/insee/sugoi/model/exceptions/LdapDecoratorException.java b/sugoi-api-model/src/main/java/fr/insee/sugoi/model/exceptions/LdapDecoratorException.java new file mode 100644 index 00000000..a5ccb2f2 --- /dev/null +++ b/sugoi-api-model/src/main/java/fr/insee/sugoi/model/exceptions/LdapDecoratorException.java @@ -0,0 +1,29 @@ +/* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package fr.insee.sugoi.model.exceptions; + +public class LdapDecoratorException extends RuntimeException { + + public LdapDecoratorException() { + super("Problem using ldap decorator"); + } + + public LdapDecoratorException(String message) { + super(message); + } + + public LdapDecoratorException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/sugoi-api-seealso-ldap/src/main/java/fr/insee/sugoi/seealso/LdapSeeAlsoDecorator.java b/sugoi-api-seealso-ldap/src/main/java/fr/insee/sugoi/seealso/LdapSeeAlsoDecorator.java index 04d4c0ba..f985b871 100644 --- a/sugoi-api-seealso-ldap/src/main/java/fr/insee/sugoi/seealso/LdapSeeAlsoDecorator.java +++ b/sugoi-api-seealso-ldap/src/main/java/fr/insee/sugoi/seealso/LdapSeeAlsoDecorator.java @@ -13,14 +13,14 @@ */ package fr.insee.sugoi.seealso; -import com.unboundid.ldap.sdk.Attribute; -import com.unboundid.ldap.sdk.LDAPConnection; -import com.unboundid.ldap.sdk.LDAPConnectionPool; -import com.unboundid.ldap.sdk.LDAPException; -import com.unboundid.ldap.sdk.LDAPURL; -import com.unboundid.ldap.sdk.SearchResultEntry; +import com.unboundid.ldap.sdk.*; +import com.unboundid.util.ssl.AggregateTrustManager; +import com.unboundid.util.ssl.JVMDefaultTrustManager; +import com.unboundid.util.ssl.SSLUtil; import fr.insee.sugoi.core.seealso.SeeAlsoCredentialsConfiguration.SeeAlsoCredential; import fr.insee.sugoi.core.seealso.SeeAlsoDecorator; +import fr.insee.sugoi.model.exceptions.LdapDecoratorException; +import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.HashMap; import java.util.List; @@ -41,7 +41,9 @@ public class LdapSeeAlsoDecorator implements SeeAlsoDecorator { @Override public List getProtocols() { - return List.of("ldap", "ldaps"); + return Arrays.stream(SupportedProtocol.values()) + .map(SupportedProtocol::getStringValue) + .collect(Collectors.toList()); } /** @@ -89,6 +91,18 @@ private LDAPConnectionPool getConnectionByHost(String host, int port) throws LDA } private LDAPConnectionPool createHostConnection(String host, int port) throws LDAPException { + SupportedProtocol hostProtocol = SupportedProtocol.getProtocolFromHost(host); + switch (hostProtocol) { + case LDAP: + return createLdapHostConnection(host, port); + case LDAPS: + return createLdapsHostConnection(host, port); + default: + throw new LdapDecoratorException("Unimplemented host protocol for host " + host); + } + } + + private LDAPConnectionPool createLdapHostConnection(String host, int port) throws LDAPException { if (credentialsByDomain != null && credentialsByDomain.containsKey(host)) { try (LDAPConnection initialConnection = new LDAPConnection( @@ -104,4 +118,61 @@ private LDAPConnectionPool createHostConnection(String host, int port) throws LD } } } + + private LDAPConnectionPool createLdapsHostConnection(String host, int port) { + if (credentialsByDomain != null && credentialsByDomain.containsKey(host)) { + try (LDAPConnection initialConnection = + new LDAPConnection( + getSslUtil().createSSLSocketFactory(), + host, + port, + credentialsByDomain.get(host).getUsername(), + credentialsByDomain.get(host).getPassword())) { + return new LDAPConnectionPool(initialConnection, 10); + } catch (GeneralSecurityException e) { + throw new LdapDecoratorException("SSL context for ldap decorator is misconfigured", e); + } catch (LDAPException e) { + throw new LdapDecoratorException("Ldap during pool creation for seeAlso resolution", e); + } + } else { + try (LDAPConnection initialConnection = + new LDAPConnection(getSslUtil().createSSLSocketFactory(), host, port)) { + return new LDAPConnectionPool(initialConnection, 10); + } catch (GeneralSecurityException e) { + throw new LdapDecoratorException("SSL context for ldap decorator is misconfigured", e); + } catch (LDAPException e) { + throw new LdapDecoratorException("Ldap during pool creation for seeAlso resolution", e); + } + } + } + + private SSLUtil getSslUtil() { + AggregateTrustManager trustManager = + new AggregateTrustManager(false, JVMDefaultTrustManager.getInstance()); + return new SSLUtil(trustManager); + } + + public enum SupportedProtocol { + LDAP("ldap"), + LDAPS("ldaps"); + + private String stringValue; + + public String getStringValue() { + return stringValue; + } + + public SupportedProtocol(String stringValue) { + this.stringValue = stringValue; + } + + public static SupportedProtocol getProtocolFromHost(String host) { + for (SupportedProtocol supportedProtocol : SupportedProtocol.values()) { + if (host.contains(supportedProtocol.getStringValue() + ":")) { + return supportedProtocol; + } + } + throw new LdapDecoratorException(); + } + } }