From d65316c746990cbe4c2b433b007afe00e9492c36 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Mon, 30 Jul 2007 15:53:44 +0000
Subject: [PATCH] The following modifications are done in order to be able to handle properly secure connections in both the status command-line and the status panel. Some options to specify a keystore, a trustore, etc. have been added to the status command-line so that is consistent with the other command-lines that use LDAP. As for these command-lines if the user does not specify to use Start TLS or LDAPS, the command-line will try to use LDAP to connect. But if there is no LDAP port enabled, the command-line will try to connect to the LDAPS port.
---
opends/src/statuspanel/org/opends/statuspanel/ConfigFromLDAP.java | 202 ++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 192 insertions(+), 10 deletions(-)
diff --git a/opends/src/statuspanel/org/opends/statuspanel/ConfigFromLDAP.java b/opends/src/statuspanel/org/opends/statuspanel/ConfigFromLDAP.java
index d7b366b..c4e21b9 100644
--- a/opends/src/statuspanel/org/opends/statuspanel/ConfigFromLDAP.java
+++ b/opends/src/statuspanel/org/opends/statuspanel/ConfigFromLDAP.java
@@ -43,6 +43,7 @@
import javax.naming.ldap.LdapName;
import org.opends.statuspanel.i18n.ResourceProvider;
+import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.quicksetup.util.Utils;
/**
@@ -67,7 +68,10 @@
private String dn;
private String pwd;
- private String ldapUrl;
+ private String lastUrl;
+ private ConnectionProtocolPolicy policy;
+ private ConfigFromFile offlineConf;
+ private ApplicationTrustManager trustManager;
private InitialLdapContext ctx;
private String javaVersion;
@@ -83,15 +87,28 @@
/**
* Sets the connection information required to contact the server using LDAP.
- * @param ldapUrl the LDAP URL of the server.
+ * @param offlineConf the ConfigFromFile object used to retrieve the LDAP URL
+ * that will be used to connect to the server.
+ * @param policy the configuration policy to be used (whether we prefer the
+ * most secure, the less secure, a specific method...).
* @param dn the authentication Distinguished Name to bind.
* @param pwd the authentication password to bind.
+ * @param trustManager the trust manager to be used for the secure
+ * connections.
+ * @throws ConfigException if a valid URL could not be found with the provided
+ * parameters.
*/
- public void setConnectionInfo(String ldapUrl, String dn, String pwd)
+ public void setConnectionInfo(ConfigFromFile offlineConf,
+ ConnectionProtocolPolicy policy, String dn, String pwd,
+ ApplicationTrustManager trustManager) throws ConfigException
{
- if (ldapUrl == null)
+ if (offlineConf == null)
{
- throw new IllegalArgumentException("ldapUrl cannot be null.");
+ throw new IllegalArgumentException("offlineConf cannot be null.");
+ }
+ if (policy == null)
+ {
+ throw new IllegalArgumentException("policy cannot be null.");
}
if (dn == null)
{
@@ -101,9 +118,15 @@
{
throw new IllegalArgumentException("pwd cannot be null.");
}
+ this.trustManager = trustManager;
+ this.offlineConf = offlineConf;
+ this.policy = policy;
+ String ldapUrl = getURL(offlineConf, policy);
+
if (!Utils.areDnsEqual(dn, this.dn) ||
!pwd.equals(this.pwd) ||
- !ldapUrl.equals(this.ldapUrl))
+ (policy != this.policy) ||
+ !ldapUrl.equals(lastUrl))
{
if (ctx != null)
{
@@ -118,7 +141,7 @@
}
}
- this.ldapUrl = ldapUrl;
+ this.lastUrl = ldapUrl;
this.dn = dn;
this.pwd = pwd;
}
@@ -265,8 +288,11 @@
* @return the InitialLdapContext object to be used to retrieve configuration
* and monitoring information.
* @throws NamingException if we could not get an InitialLdapContext.
+ * @throws ConfigException if we could not retrieve a valid LDAP URL in
+ * the configuration.
*/
- private InitialLdapContext getDirContext() throws NamingException
+ private InitialLdapContext getDirContext() throws NamingException,
+ ConfigException
{
if (ctx != null)
{
@@ -288,8 +314,86 @@
}
if (ctx == null)
{
- ctx = Utils.createLdapContext(ldapUrl, dn, pwd,
- Utils.getDefaultLDAPTimeout(), null);
+ String ldapUrl = offlineConf.getLDAPURL();
+ String startTlsUrl = offlineConf.getStartTLSURL();
+ String ldapsUrl = offlineConf.getLDAPSURL();
+ switch (policy)
+ {
+ case USE_STARTTLS:
+ if (startTlsUrl != null)
+ {
+ ctx = Utils.createStartTLSContext(startTlsUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null, trustManager, null);
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_LDAPS:
+ if (ldapsUrl != null)
+ {
+ ctx = Utils.createLdapsContext(ldapsUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null, trustManager);
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_LDAP:
+ if (ldapUrl != null)
+ {
+ ctx = Utils.createLdapContext(ldapUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null);
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_MOST_SECURE_AVAILABLE:
+ if (ldapsUrl != null)
+ {
+ ctx = Utils.createLdapsContext(ldapsUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null, trustManager);
+ }
+ else if (startTlsUrl != null)
+ {
+ ctx = Utils.createStartTLSContext(startTlsUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null,
+ trustManager, null);
+ }
+ else if (ldapUrl != null)
+ {
+ ctx = Utils.createLdapContext(ldapUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null);
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_LESS_SECURE_AVAILABLE:
+ if (ldapUrl != null)
+ {
+ ctx = Utils.createLdapContext(ldapUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null);
+ }
+ else if (ldapsUrl != null)
+ {
+ ctx = Utils.createLdapsContext(ldapsUrl, dn, pwd,
+ Utils.getDefaultLDAPTimeout(), null, trustManager);
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ default:
+ throw new IllegalStateException("Unknown connection policy: "+
+ policy);
+ }
}
return ctx;
}
@@ -908,4 +1012,82 @@
{
return ResourceProvider.getInstance();
}
+
+ private String getURL(ConfigFromFile offlineConf,
+ ConnectionProtocolPolicy policy) throws ConfigException
+ {
+ String url;
+ String ldapUrl = offlineConf.getLDAPURL();
+ String startTlsUrl = offlineConf.getStartTLSURL();
+ String ldapsUrl = offlineConf.getLDAPSURL();
+ switch (policy)
+ {
+ case USE_STARTTLS:
+ if (startTlsUrl != null)
+ {
+ url = startTlsUrl;
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_LDAPS:
+ if (ldapsUrl != null)
+ {
+ url = ldapsUrl;
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_LDAP:
+ if (ldapUrl != null)
+ {
+ url = ldapUrl;
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_MOST_SECURE_AVAILABLE:
+ if (ldapsUrl != null)
+ {
+ url = ldapsUrl;
+ }
+ else if (startTlsUrl != null)
+ {
+ url = startTlsUrl;
+ }
+ else if (ldapUrl != null)
+ {
+ url = ldapUrl;
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ case USE_LESS_SECURE_AVAILABLE:
+ if (ldapUrl != null)
+ {
+ url = ldapUrl;
+ }
+ else if (ldapsUrl != null)
+ {
+ url = ldapsUrl;
+ }
+ else
+ {
+ throw new ConfigException(getMsg("could-not-find-valid-ldapurl"));
+ }
+ break;
+ default:
+ throw new IllegalStateException("Unknown connection policy: "+
+ policy);
+ }
+ return url;
+ }
}
--
Gitblit v1.10.0