示例#1
0
 private void configureSSL(LDAPConnectionHandlerCfg config) throws DirectoryException {
   protocol = config.isUseSSL() ? "LDAPS" : "LDAP";
   if (config.isUseSSL() || config.isAllowStartTLS()) {
     sslContext = createSSLContext(config);
     sslEngine = createSSLEngine(config, sslContext);
   } else {
     sslContext = null;
     sslEngine = null;
   }
 }
示例#2
0
  /** {@inheritDoc} */
  @Override
  public boolean isConfigurationAcceptable(
      ConnectionHandlerCfg configuration, List<LocalizableMessage> unacceptableReasons) {
    LDAPConnectionHandlerCfg config = (LDAPConnectionHandlerCfg) configuration;

    if (currentConfig == null || (!currentConfig.isEnabled() && config.isEnabled())) {
      // Attempt to bind to the listen port on all configured addresses to
      // verify whether the connection handler will be able to start.
      LocalizableMessage errorMessage =
          checkAnyListenAddressInUse(
              config.getListenAddress(),
              config.getListenPort(),
              config.isAllowTCPReuseAddress(),
              config.dn());
      if (errorMessage != null) {
        unacceptableReasons.add(errorMessage);
        return false;
      }
    }

    if (config.isEnabled()
        // Check that the SSL configuration is valid.
        && (config.isUseSSL() || config.isAllowStartTLS())) {
      try {
        createSSLEngine(config, createSSLContext(config));
      } catch (DirectoryException e) {
        logger.traceException(e);

        unacceptableReasons.add(e.getMessageObject());
        return false;
      }
    }

    return true;
  }
  private ConnectionHandlerDescriptor getConnectionHandler(
      ConnectionHandlerCfg connHandler, String name) throws OpenDsException {
    SortedSet<InetAddress> addresses = new TreeSet<InetAddress>(getInetAddressComparator());
    int port;

    ConnectionHandlerDescriptor.Protocol protocol;

    ConnectionHandlerDescriptor.State state =
        connHandler.isEnabled()
            ? ConnectionHandlerDescriptor.State.ENABLED
            : ConnectionHandlerDescriptor.State.DISABLED;

    if (connHandler instanceof LDAPConnectionHandlerCfg) {
      LDAPConnectionHandlerCfg ldap = (LDAPConnectionHandlerCfg) connHandler;
      if (ldap.isUseSSL()) {
        protocol = ConnectionHandlerDescriptor.Protocol.LDAPS;
      } else if (ldap.isAllowStartTLS()) {
        protocol = ConnectionHandlerDescriptor.Protocol.LDAP_STARTTLS;
      } else {
        protocol = ConnectionHandlerDescriptor.Protocol.LDAP;
      }
      addAll(addresses, ldap.getListenAddress());
      port = ldap.getListenPort();
    } else if (connHandler instanceof HTTPConnectionHandlerCfg) {
      HTTPConnectionHandlerCfg http = (HTTPConnectionHandlerCfg) connHandler;
      if (http.isUseSSL()) {
        protocol = ConnectionHandlerDescriptor.Protocol.HTTPS;
      } else {
        protocol = ConnectionHandlerDescriptor.Protocol.HTTP;
      }
      addAll(addresses, http.getListenAddress());
      port = http.getListenPort();
    } else if (connHandler instanceof JMXConnectionHandlerCfg) {
      JMXConnectionHandlerCfg jmx = (JMXConnectionHandlerCfg) connHandler;
      if (jmx.isUseSSL()) {
        protocol = ConnectionHandlerDescriptor.Protocol.JMXS;
      } else {
        protocol = ConnectionHandlerDescriptor.Protocol.JMX;
      }
      addAll(addresses, jmx.getListenAddress());
      port = jmx.getListenPort();
    } else if (connHandler instanceof LDIFConnectionHandlerCfg) {
      protocol = ConnectionHandlerDescriptor.Protocol.LDIF;
      port = -1;
    } else if (connHandler instanceof SNMPConnectionHandlerCfg) {
      protocol = ConnectionHandlerDescriptor.Protocol.SNMP;
      SNMPConnectionHandlerCfg snmp = (SNMPConnectionHandlerCfg) connHandler;
      addAll(addresses, snmp.getListenAddress());
      port = snmp.getListenPort();
    } else {
      protocol = ConnectionHandlerDescriptor.Protocol.OTHER;
      port = -1;
    }
    Set<CustomSearchResult> emptySet = Collections.emptySet();
    return new ConnectionHandlerDescriptor(addresses, port, protocol, state, name, emptySet);
  }
示例#4
0
 /**
  * Indicates whether this connection handler should allow the use of the StartTLS extended
  * operation.
  *
  * @return <CODE>true</CODE> if StartTLS is allowed, or <CODE>false</CODE> if not.
  */
 public boolean allowStartTLS() {
   return currentConfig.isAllowStartTLS() && !currentConfig.isUseSSL();
 }
示例#5
0
 private void disableAndWarnIfUseSSL(LDAPConnectionHandlerCfg config) {
   if (config.isUseSSL()) {
     logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
     enabled = false;
   }
 }
示例#6
0
 /**
  * Indicates whether this connection handler should use SSL to communicate with clients.
  *
  * @return {@code true} if this connection handler should use SSL to communicate with clients, or
  *     {@code false} if not.
  */
 public boolean useSSL() {
   return currentConfig.isUseSSL();
 }