/*
* Copyright (C) 2015 Square, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package keywhiz.auth.ldap;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustStoreTrustManager;
import java.security.GeneralSecurityException;
import javax.net.SocketFactory;
public class LdapConnectionFactory {
private final String server;
private final int port;
private final String userDN;
private final String password;
private final String trustStorePath;
private final String trustStorePassword;
private final String trustStoreType;
public LdapConnectionFactory(String server, int port, String userDN, String password, String trustStorePath, String trustStorePassword, String trustStoreType) {
this.server = server;
this.port = port;
this.userDN = userDN;
this.password = password;
this.trustStorePath = trustStorePath;
this.trustStorePassword = trustStorePassword;
this.trustStoreType = trustStoreType;
}
public LDAPConnection getLDAPConnection() throws LDAPException, GeneralSecurityException {
return getLDAPConnection(userDN, password);
}
public LDAPConnection getLDAPConnection(String userDN, String password)
throws LDAPException, GeneralSecurityException {
TrustStoreTrustManager trust = new TrustStoreTrustManager(trustStorePath, trustStorePassword.toCharArray(), trustStoreType, false);
LDAPConnectionOptions options = new LDAPConnectionOptions();
options.setSSLSocketVerifier(new HostNameSSLSocketVerifier(false));
SSLUtil sslUtil = new SSLUtil(trust);
SocketFactory factory = new EndpointIdentificationSocketFactory(sslUtil.createSSLSocketFactory("TLSv1.2"));
LDAPConnection ldapConnection = new LDAPConnection(factory, options);
// Connect, retrieve the DN of the user (if any)
ldapConnection.connect(server, port);
ldapConnection.bind(userDN, password);
return ldapConnection;
}
}