Source Code of com.sonatype.security.ldap.LdapConnectionUtils

/*
 * Sonatype Nexus (TM) Open Source Version
 * Copyright (c) 2007-2014 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
 *
 * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
 * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
 *
 * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
 * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
 * Eclipse Foundation. All other trademarks are the property of their respective owners.
 */
package com.sonatype.security.ldap;

import java.net.MalformedURLException;
import java.util.HashMap;
import java.util.Map;

import com.sonatype.security.ldap.realms.persist.model.CConnectionInfo;
import com.sonatype.security.ldap.realms.persist.model.CLdapServerConfiguration;
import com.sonatype.security.ldap.realms.persist.model.CUserAndGroupAuthConfiguration;

import org.sonatype.security.ldap.dao.LdapAuthConfiguration;
import org.sonatype.security.ldap.dao.LdapDAOException;
import org.sonatype.security.ldap.dao.LdapGroupDAO;
import org.sonatype.security.ldap.dao.LdapUserDAO;
import org.sonatype.security.ldap.realms.DefaultLdapContextFactory;
import org.sonatype.security.ldap.realms.connector.DefaultLdapConnector;
import org.sonatype.security.ldap.realms.tools.LdapURL;

import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.codehaus.plexus.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class LdapConnectionUtils
{
  private static Logger logger = LoggerFactory.getLogger(LdapConnectionUtils.class);

  public static DefaultLdapContextFactory getLdapContextFactory(CLdapServerConfiguration ldapServer,
                                                                boolean useBackupUrl)
      throws LdapDAOException
  {
    DefaultLdapContextFactory defaultLdapContextFactory = new DefaultLdapContextFactory();

    if (ldapServer == null) {
      throw new LdapDAOException("Ldap connection is not configured.");
    }

    CConnectionInfo connInfo = ldapServer.getConnectionInfo();

    String url;
    try {
      if (useBackupUrl) {
        url = new LdapURL(connInfo.getBackupMirrorProtocol(), connInfo.getBackupMirrorHost(), connInfo
            .getBackupMirrorPort(), connInfo.getSearchBase()).toString();
      }
      else {
        url = new LdapURL(connInfo.getProtocol(), connInfo.getHost(), connInfo.getPort(), connInfo
            .getSearchBase()).toString();
      }
    }
    catch (MalformedURLException e) {
      // log an error, because the user could still log in and fix the config.
      logger.error("LDAP Configuration is Invalid.");
      throw new LdapDAOException("Invalid LDAP URL: " + e.getMessage());
    }

    defaultLdapContextFactory.setUsePooling(true);
    defaultLdapContextFactory.setUrl(url);
    defaultLdapContextFactory.setSystemUsername(connInfo.getSystemUsername());
    defaultLdapContextFactory.setSystemPassword(connInfo.getSystemPassword());
    defaultLdapContextFactory.setSearchBase(connInfo.getSearchBase());
    defaultLdapContextFactory.setAuthentication(connInfo.getAuthScheme());

    // get the timeout
    Map<String, String> connectionProperties = new HashMap<String, String>();
    connectionProperties.put("com.sun.jndi.ldap.connect.timeout",
        Integer.toString(ldapServer.getConnectionInfo().getConnectionTimeout() * 1000));

    // and the realm
    if (connInfo.getRealm() != null) {
      connectionProperties.put("java.naming.security.sasl.realm", connInfo.getRealm());
    }
    defaultLdapContextFactory.setAdditionalEnvironment(connectionProperties);

    return defaultLdapContextFactory;
  }

  public static LdapAuthConfiguration getLdapAuthConfiguration(CLdapServerConfiguration ldapServer) {
    CUserAndGroupAuthConfiguration userAndGroupsConf = ldapServer.getUserAndGroupConfig();
    LdapAuthConfiguration authConfig = new LdapAuthConfiguration();

    authConfig.setEmailAddressAttribute(userAndGroupsConf.getEmailAddressAttribute());
    authConfig.setUserBaseDn(StringUtils.defaultString(userAndGroupsConf.getUserBaseDn(), ""));
    authConfig.setUserIdAttribute(userAndGroupsConf.getUserIdAttribute());
    authConfig.setUserObjectClass(userAndGroupsConf.getUserObjectClass());
    authConfig.setPasswordAttribute(userAndGroupsConf.getUserPasswordAttribute());
    authConfig.setUserRealNameAttribute(userAndGroupsConf.getUserRealNameAttribute());

    authConfig.setGroupBaseDn(StringUtils.defaultString(userAndGroupsConf.getGroupBaseDn(), ""));
    authConfig.setGroupIdAttribute(userAndGroupsConf.getGroupIdAttribute());
    authConfig.setGroupMemberAttribute(userAndGroupsConf.getGroupMemberAttribute());
    authConfig.setGroupMemberFormat(userAndGroupsConf.getGroupMemberFormat());
    authConfig.setGroupObjectClass(userAndGroupsConf.getGroupObjectClass());
    authConfig.setUserSubtree(userAndGroupsConf.isUserSubtree());
    authConfig.setGroupSubtree(userAndGroupsConf.isGroupSubtree());
    authConfig.setUserMemberOfAttribute(userAndGroupsConf.getUserMemberOfAttribute());
    authConfig.setLdapGroupsAsRoles(userAndGroupsConf.isLdapGroupsAsRoles());
    authConfig.setLdapFilter(userAndGroupsConf.getLdapFilter());
    return authConfig;
  }

  public static void testUserAuthentication(CLdapServerConfiguration ldapServer, LdapUserDAO ldapUserDAO,
                                            LdapGroupDAO ldapGroupDAO) throws LdapDAOException
  {
    LdapContextFactory contextFactory = getLdapContextFactory(ldapServer, false);
    LdapAuthConfiguration authConfig = getLdapAuthConfiguration(ldapServer);

    new DefaultLdapConnector("test", ldapUserDAO, ldapGroupDAO, contextFactory, authConfig);

  }

}