NethServer-SavaPage module

gabriele_bulfon · December 16, 2017, 9:13am

Hello, at the moment we added code to manage “trust all certs” etc during setup of SSL/TLS sockets.
This is a recurrent problem when working with secure sockets in Java, as installing certificates is always a headache.

Here you can see the ldap auth code that sets up the connection using a library that already features “AllowAnyTrustManager” and “AllowAnyHostnameVerifier”:

github.com

sonicle-webtop/sonicle-security/blob/5ee22d7f2a97e57821cac3e0109b41f4680977ff/src/main/java/com/sonicle/security/auth/directory/AbstractLdapDirectory.java#L465


	
	protected void logConnectionSetup(ConnectionSetup setup) {
		ConnectionInitializer ci = setup.connectionConfig.getConnectionInitializer();
		if (ci instanceof BindConnectionInitializer) {
			logger.debug("Setting-up LDAP connection [url: {}, bindDn: {}]", setup.connectionConfig.getLdapUrl(), ((BindConnectionInitializer)ci).getBindDn());
		} else {
			logger.debug("Setting-up LDAP connection [url: {}]", setup.connectionConfig.getLdapUrl());
		}
	}
	
	protected ConnectionSetup setupConnection(String host, int port, ConnectionSecurity security, String dn, char[] password) {
		ConnectionConfig config = new ConnectionConfig("ldap://" + host + ":" + port);
		JndiProvider provider = null;
		
		if (EnumUtils.equals(security, ConnectionSecurity.SSL)) {
			provider = new JndiProvider();
			provider.getProviderConfig().setHostnameVerifier(new AllowAnyHostnameVerifier());
			config.setSslConfig(new SslConfig(new AllowAnyTrustManager()));
			config.setLdapUrl("ldaps://" + host + ":" + port);
			config.setUseSSL(true);
		} else if (EnumUtils.equals(security, ConnectionSecurity.STARTTLS)) {