Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enable configuration of LDAPS and allow SSL verification to be skipped
https://www.pivotaltracker.com/story/show/89437874 [#89437874] Set ldap.ssl.skipverification default to false
- Loading branch information
Showing
10 changed files
with
345 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
common/src/main/java/org/cloudfoundry/identity/uaa/ldap/ProcessLdapProperties.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,55 @@ | |||
/* | |||
* ***************************************************************************** | |||
* Cloud Foundry | |||
* Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. | |||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | |||
* You may not use this product except in compliance with the License. | |||
* | |||
* This product includes a number of subcomponents with | |||
* separate copyright notices and license terms. Your use of these | |||
* subcomponents is subject to the terms and conditions of the | |||
* subcomponent's license, as noted in the LICENSE file. | |||
* ***************************************************************************** | |||
*/ | |||
|
|||
package org.cloudfoundry.identity.uaa.ldap; | |||
|
|||
import java.util.LinkedHashMap; | |||
import java.util.Map; | |||
|
|||
public class ProcessLdapProperties { | |||
|
|||
public static final String LDAP_SOCKET_FACTORY = "java.naming.ldap.factory.socket"; | |||
public static final String SKIP_SSL_VERIFICATION_SOCKET_FACTORY = "org.apache.directory.shared.ldap.util.DummySSLSocketFactory"; | |||
|
|||
private boolean disableSslVerification; | |||
private String baseUrl; | |||
|
|||
public ProcessLdapProperties(String baseUrl, boolean disableSslVerification) { | |||
this.baseUrl = baseUrl; | |||
this.disableSslVerification = disableSslVerification; | |||
} | |||
|
|||
public Map process(Map map) { | |||
Map result = new LinkedHashMap(map); | |||
if (isDisableSslVerification() && isLdapsUrl()) { | |||
result.put(LDAP_SOCKET_FACTORY, SKIP_SSL_VERIFICATION_SOCKET_FACTORY); | |||
} | |||
return result; | |||
} | |||
|
|||
public boolean isLdapsUrl() { | |||
return baseUrl!=null && baseUrl.startsWith("ldaps"); | |||
} | |||
public boolean isDisableSslVerification() { | |||
return disableSslVerification; | |||
} | |||
|
|||
public void setDisableSslVerification(boolean disableSslVerification) { | |||
this.disableSslVerification = disableSslVerification; | |||
} | |||
|
|||
public void setBaseUrl(String baseUrl) { | |||
this.baseUrl = baseUrl; | |||
} | |||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
common/src/test/java/org/cloudfoundry/identity/uaa/ldap/ProcessLdapPropertiesTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,38 @@ | |||
/* | |||
* ***************************************************************************** | |||
* Cloud Foundry | |||
* Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. | |||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | |||
* You may not use this product except in compliance with the License. | |||
* | |||
* This product includes a number of subcomponents with | |||
* separate copyright notices and license terms. Your use of these | |||
* subcomponents is subject to the terms and conditions of the | |||
* subcomponent's license, as noted in the LICENSE file. | |||
* ***************************************************************************** | |||
*/ | |||
|
|||
package org.cloudfoundry.identity.uaa.ldap; | |||
|
|||
import org.junit.Test; | |||
|
|||
import java.util.HashMap; | |||
import java.util.Map; | |||
|
|||
import static org.cloudfoundry.identity.uaa.ldap.ProcessLdapProperties.LDAP_SOCKET_FACTORY; | |||
import static org.junit.Assert.assertEquals; | |||
import static org.junit.Assert.assertNull; | |||
|
|||
public class ProcessLdapPropertiesTest { | |||
|
|||
@Test | |||
public void testProcess() throws Exception { | |||
Map<String,String> properties = new HashMap<>(); | |||
ProcessLdapProperties process = new ProcessLdapProperties("ldap://localhost:389", false); | |||
assertNull(process.process(properties).get(LDAP_SOCKET_FACTORY)); | |||
process.setDisableSslVerification(true); | |||
assertNull(process.process(properties).get(LDAP_SOCKET_FACTORY)); | |||
process.setBaseUrl("ldaps://localhost:636"); | |||
assertEquals(ProcessLdapProperties.SKIP_SSL_VERIFICATION_SOCKET_FACTORY, process.process(properties).get(LDAP_SOCKET_FACTORY)); | |||
} | |||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.