nifi git commit: NIFI-655: - Allowing the ldap provider to specify if client authentication is required/desired.

Thu, 12 Nov 2015 06:11:58 -0800 

Repository: nifi
Updated Branches:
  refs/heads/NIFI-655 cfee612a7 -> b3ae3e314


NIFI-655:
- Allowing the ldap provider to specify if client authentication is 
required/desired.

Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/b3ae3e31
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/b3ae3e31
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/b3ae3e31

Branch: refs/heads/NIFI-655
Commit: b3ae3e31497f2d6810c202ca0130f398c2f170ca
Parents: cfee612
Author: Matt Gilman <[email protected]>
Authored: Thu Nov 12 09:10:29 2015 -0500
Committer: Matt Gilman <[email protected]>
Committed: Thu Nov 12 09:10:29 2015 -0500

----------------------------------------------------------------------
 .../java/org/apache/nifi/ldap/LdapProvider.java   | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/b3ae3e31/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
----------------------------------------------------------------------
diff --git 
a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
 
b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index 7d471d5..cccff5d 100644
--- 
a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ 
b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -44,6 +44,8 @@ import 
org.springframework.security.ldap.search.LdapUserSearch;
  */
 public class LdapProvider extends AbstractLdapProvider {
 
+    private static final String TLS = "TLS";
+    
     @Override
     protected AbstractLdapAuthenticationProvider 
getLdapAuthenticationProvider(LoginIdentityProviderConfigurationContext 
configurationContext) throws ProviderCreationException {
         final LdapContextSource context = new LdapContextSource();
@@ -90,17 +92,23 @@ public class LdapProvider extends AbstractLdapProvider {
                         final String rawTruststore = 
configurationContext.getProperty("TLS - Truststore");
                         final String rawTruststorePassword = 
configurationContext.getProperty("TLS - Truststore Password");
                         final String rawTruststoreType = 
configurationContext.getProperty("TLS - Truststore Type");
+                        final String rawClientAuth = 
configurationContext.getProperty("TLS - Client Auth");
 
                         try {
                             final SSLContext sslContext;
                             if (StringUtils.isBlank(rawKeystore)) {
-                                sslContext = 
SslContextFactory.createTrustSslContext(rawTruststore, 
rawTruststorePassword.toCharArray(), rawTruststoreType, "TLS");
+                                sslContext = 
SslContextFactory.createTrustSslContext(rawTruststore, 
rawTruststorePassword.toCharArray(), rawTruststoreType, TLS);
                             } else {
                                 if (StringUtils.isBlank(rawTruststore)) {
-                                    sslContext = 
SslContextFactory.createSslContext(rawKeystore, 
rawKeystorePassword.toCharArray(), rawKeystoreType, "TLS");
+                                    sslContext = 
SslContextFactory.createSslContext(rawKeystore, 
rawKeystorePassword.toCharArray(), rawKeystoreType, TLS);
                                 } else {
-                                    sslContext = 
SslContextFactory.createSslContext(rawKeystore, 
rawKeystorePassword.toCharArray(), rawKeystoreType,
-                                            rawTruststore, 
rawTruststorePassword.toCharArray(), rawTruststoreType, ClientAuth.REQUIRED, 
"TLS");
+                                    try {
+                                        final ClientAuth clientAuth = 
ClientAuth.valueOf(rawClientAuth);
+                                        sslContext = 
SslContextFactory.createSslContext(rawKeystore, 
rawKeystorePassword.toCharArray(), rawKeystoreType,
+                                                rawTruststore, 
rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, TLS);
+                                    } catch (final IllegalArgumentException 
iae) {
+                                        throw new 
ProviderCreationException(String.format("Unrecgonized client auth '%s'", 
rawClientAuth));
+                                    }
                                 }
                             }
                             
tlsAuthenticationStrategy.setSslSocketFactory(sslContext.getSocketFactory());
@@ -133,7 +141,7 @@ public class LdapProvider extends AbstractLdapProvider {
         // query
         final LdapUserSearch userSearch = new 
FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
 
-        // bind vs password?
+        // bind
         final BindAuthenticator authenticator = new BindAuthenticator(context);
         authenticator.setUserSearch(userSearch);

Reply via email to