You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by lp...@apache.org on 2017/10/17 16:42:41 UTC
[41/50] ambari git commit: AMBARI-21307 Ldapconnection template
optimization, basic support for custom trust store
AMBARI-21307 Ldapconnection template optimization, basic support for custom trust store
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8a57f21b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8a57f21b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8a57f21b
Branch: refs/heads/feature-branch-AMBARI-21307
Commit: 8a57f21b92e99d66a0fb2106657fc84065e12dc2
Parents: 999dc42
Author: lpuskas <lp...@apache.org>
Authored: Mon Oct 9 17:20:38 2017 +0200
Committer: lpuskas <lp...@apache.org>
Committed: Tue Oct 17 18:41:13 2017 +0200
----------------------------------------------------------------------
.../apache/ambari/server/ldap/LdapModule.java | 8 +-
.../service/LdapAttributeDetectionService.java | 4 +-
.../service/LdapConnectionConfigService.java | 34 ++++++
.../service/LdapConnectionTemplateProvider.java | 56 ---------
.../DefaultLdapAttributeDetectionService.java | 4 +-
.../ads/DefaultLdapConfigurationService.java | 11 +-
.../ads/LdapConnectionTemplateFactory.java | 56 +++++----
.../DefaultLdapConnectionConfigService.java | 116 +++++++++++++++++++
.../server/ldap/LdapModuleFunctionalTest.java | 28 +++++
9 files changed, 224 insertions(+), 93 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
index d59264a..4abf4e7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
@@ -21,11 +21,11 @@ import org.apache.ambari.server.ldap.service.AmbariLdapConfigurationProvider;
import org.apache.ambari.server.ldap.service.AmbariLdapFacade;
import org.apache.ambari.server.ldap.service.LdapAttributeDetectionService;
import org.apache.ambari.server.ldap.service.LdapConfigurationService;
-import org.apache.ambari.server.ldap.service.LdapConnectionTemplateProvider;
+import org.apache.ambari.server.ldap.service.LdapConnectionConfigService;
import org.apache.ambari.server.ldap.service.LdapFacade;
import org.apache.ambari.server.ldap.service.ads.DefaultLdapAttributeDetectionService;
import org.apache.ambari.server.ldap.service.ads.DefaultLdapConfigurationService;
-import org.apache.directory.ldap.client.template.LdapConnectionTemplate;
+import org.apache.ambari.server.ldap.service.ads.detectors.DefaultLdapConnectionConfigService;
import com.google.inject.AbstractModule;
import com.google.inject.assistedinject.FactoryModuleBuilder;
@@ -40,13 +40,11 @@ public class LdapModule extends AbstractModule {
bind(LdapFacade.class).to(AmbariLdapFacade.class);
bind(LdapConfigurationService.class).to(DefaultLdapConfigurationService.class);
bind(LdapAttributeDetectionService.class).to(DefaultLdapAttributeDetectionService.class);
+ bind(LdapConnectionConfigService.class).to(DefaultLdapConnectionConfigService.class);
// this binding requires the JPA module!
bind(AmbariLdapConfiguration.class).toProvider(AmbariLdapConfigurationProvider.class);
- // bind to the provider implementation (let GUICE deal with instantiating 3rd party instances)
- bind(LdapConnectionTemplate.class).toProvider(LdapConnectionTemplateProvider.class);
-
install(new FactoryModuleBuilder().build(AmbariLdapConfigurationFactory.class));
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapAttributeDetectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapAttributeDetectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapAttributeDetectionService.java
index 6cd369b..c08a2e0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapAttributeDetectionService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapAttributeDetectionService.java
@@ -27,7 +27,7 @@ public interface LdapAttributeDetectionService {
* @param ambariLdapConfiguration configuration instance holding connection details
* @return the configuration decorated with user related attributes
*/
- AmbariLdapConfiguration detectLdapUserAttributes(AmbariLdapConfiguration ambariLdapConfiguration);
+ AmbariLdapConfiguration detectLdapUserAttributes(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
/**
* Decorates the passed in configuration with the detected ldap group attribute values
@@ -35,6 +35,6 @@ public interface LdapAttributeDetectionService {
* @param ambariLdapConfiguration configuration instance holding connection details
* @return the configuration decorated with group related attributes
*/
- AmbariLdapConfiguration detectLdapGroupAttributes(AmbariLdapConfiguration ambariLdapConfiguration);
+ AmbariLdapConfiguration detectLdapGroupAttributes(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionConfigService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionConfigService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionConfigService.java
new file mode 100644
index 0000000..e2055bb
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionConfigService.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service;
+
+import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+
+/**
+ * Contract for creating connection configuration instances
+ */
+public interface LdapConnectionConfigService {
+
+ /**
+ * Creates and sets up an ldap connection configuration instance based on the provided ambari ldap configuration instance.
+ *
+ * @param ambariLdapConfiguration instance holding configuration values
+ * @return a set up ldap connection configuration instance
+ * @throws AmbariLdapException if an error occurs while setting up the connection configuration
+ */
+ LdapConnectionConfig createLdapConnectionConfig(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
+
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionTemplateProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionTemplateProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionTemplateProvider.java
deleted file mode 100644
index 5ed06e3..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionTemplateProvider.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.ldap.service;
-
-
-import javax.inject.Inject;
-import javax.inject.Provider;
-
-import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
-import org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory;
-import org.apache.directory.ldap.client.api.LdapConnectionConfig;
-import org.apache.directory.ldap.client.api.LdapConnectionFactory;
-import org.apache.directory.ldap.client.api.LdapConnectionPool;
-import org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory;
-import org.apache.directory.ldap.client.template.LdapConnectionTemplate;
-
-public class LdapConnectionTemplateProvider implements Provider<LdapConnectionTemplate> {
-
- // Inject the persisted configuration (when available) check the provider implementation for details.
- @Inject
- private Provider<AmbariLdapConfiguration> ambariLdapConfigurationProvider;
-
- @Override
- public LdapConnectionTemplate get() {
- return new LdapConnectionTemplate(new LdapConnectionPool(
- new ValidatingPoolableLdapConnectionFactory(getLdapConnectionFactory())));
- }
-
- private LdapConnectionConfig getLdapConnectionConfig() {
- LdapConnectionConfig config = new LdapConnectionConfig();
- config.setLdapHost(ambariLdapConfigurationProvider.get().serverHost());
- config.setLdapPort(ambariLdapConfigurationProvider.get().serverPort());
- config.setName(ambariLdapConfigurationProvider.get().bindDn());
- config.setCredentials(ambariLdapConfigurationProvider.get().bindPassword());
-
- return config;
- }
-
- private LdapConnectionFactory getLdapConnectionFactory() {
- return new DefaultLdapConnectionFactory(getLdapConnectionConfig());
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
index 639d48d..204c46a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
@@ -73,7 +73,7 @@ public class DefaultLdapAttributeDetectionService implements LdapAttributeDetect
}
@Override
- public AmbariLdapConfiguration detectLdapUserAttributes(AmbariLdapConfiguration ambariLdapConfiguration) {
+ public AmbariLdapConfiguration detectLdapUserAttributes(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
LOGGER.info("Detecting LDAP user attributes ...");
LdapConnectionTemplate ldapConnectionTemplate = ldapConnectionTemplateFactory.create(ambariLdapConfiguration);
@@ -116,7 +116,7 @@ public class DefaultLdapAttributeDetectionService implements LdapAttributeDetect
@Override
- public AmbariLdapConfiguration detectLdapGroupAttributes(AmbariLdapConfiguration ambariLdapConfiguration) {
+ public AmbariLdapConfiguration detectLdapGroupAttributes(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
LOGGER.info("Detecting LDAP group attributes ...");
// perform a search using the user search base
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
index bbe4d0a..60c1272 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
@@ -28,7 +28,6 @@ import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.LdapConnection;
@@ -117,7 +116,6 @@ public class DefaultLdapConfigurationService implements LdapConfigurationService
/**
* Checks whether the provided group related settings are correct.
- * The algorithm implemented in this method per
*
* @param userDn a user DN to check
* @param ambariLdapConfiguration the available LDAP configuration to be validated
@@ -137,18 +135,15 @@ public class DefaultLdapConfigurationService implements LdapConfigurationService
).toString();
LOGGER.info("Searching for the groups the user dn: {} is member of using the search filter: {}", userDn, filter);
+ LdapConnectionTemplate ldapConnectionTemplate = ldapConnectionTemplateFactory.create(ambariLdapConfiguration);
// assemble a search request
- SearchRequest searchRequest = new SearchRequestImpl();
- searchRequest.setFilter(filter);
- searchRequest.setBase(new Dn(ambariLdapConfiguration.groupSearchBase()));
- searchRequest.setScope(SearchScope.SUBTREE);
+ SearchRequest searchRequest = ldapConnectionTemplate.newSearchRequest(new Dn(ambariLdapConfiguration.groupSearchBase()), filter, SearchScope.SUBTREE);
// attributes to be returned
searchRequest.addAttributes(ambariLdapConfiguration.groupMemberAttribute(), ambariLdapConfiguration.groupNameAttribute());
// perform the search
- groups = ldapConnectionTemplateFactory.create(ambariLdapConfiguration).search(searchRequest, getGroupNameEntryMapper(ambariLdapConfiguration));
-
+ groups = ldapConnectionTemplate.search(searchRequest, getGroupNameEntryMapper(ambariLdapConfiguration));
} catch (Exception e) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/LdapConnectionTemplateFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/LdapConnectionTemplateFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/LdapConnectionTemplateFactory.java
index 50345bc..8467af0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/LdapConnectionTemplateFactory.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/LdapConnectionTemplateFactory.java
@@ -18,7 +18,10 @@ import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
+import org.apache.ambari.server.events.AmbariLdapConfigChangedEvent;
import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.service.AmbariLdapException;
+import org.apache.ambari.server.ldap.service.LdapConnectionConfigService;
import org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionFactory;
@@ -28,6 +31,8 @@ import org.apache.directory.ldap.client.template.LdapConnectionTemplate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.eventbus.Subscribe;
+
/**
* Factory for creating LdapConnectionTemplate instances.
* Depending on the usage context, the instance can be constructed based on the provided configuration or based on the persisted settings.
@@ -37,8 +42,17 @@ public class LdapConnectionTemplateFactory {
private static final Logger LOG = LoggerFactory.getLogger(LdapConnectionTemplateFactory.class);
+ // Inject the persisted configuration (when available) check the provider implementation for details.
+ @Inject
+ private Provider<AmbariLdapConfiguration> ambariLdapConfigurationProvider;
+
+
@Inject
- private Provider<LdapConnectionTemplate> ldapConnectionTemplate;
+ private LdapConnectionConfigService ldapConnectionConfigService;
+
+ // cached instance that only changes when the underlying configuration changes.
+ private LdapConnectionTemplate ldapConnectionTemplateInstance;
+
@Inject
public LdapConnectionTemplateFactory() {
@@ -50,11 +64,11 @@ public class LdapConnectionTemplateFactory {
* @param ambariLdapConfiguration ambari ldap configuration instance
* @return an instance of LdapConnectionTemplate
*/
- public LdapConnectionTemplate create(AmbariLdapConfiguration ambariLdapConfiguration) {
+ public LdapConnectionTemplate create(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
LOG.info("Constructing new instance based on the provided ambari ldap configuration: {}", ambariLdapConfiguration);
// create the connection config
- LdapConnectionConfig ldapConnectionConfig = getLdapConnectionConfig(ambariLdapConfiguration);
+ LdapConnectionConfig ldapConnectionConfig = ldapConnectionConfigService.createLdapConnectionConfig(ambariLdapConfiguration);
// create the connection factory
LdapConnectionFactory ldapConnectionFactory = new DefaultLdapConnectionFactory(ldapConnectionConfig);
@@ -69,26 +83,28 @@ public class LdapConnectionTemplateFactory {
}
- public LdapConnectionTemplate load() {
- // the construction logic is implemented in the provider class
- return ldapConnectionTemplate.get();
- }
-
-
- private LdapConnectionConfig getLdapConnectionConfig(AmbariLdapConfiguration ambariLdapConfiguration) {
-
- LdapConnectionConfig config = new LdapConnectionConfig();
- config.setLdapHost(ambariLdapConfiguration.serverHost());
- config.setLdapPort(ambariLdapConfiguration.serverPort());
- config.setName(ambariLdapConfiguration.bindDn());
- config.setCredentials(ambariLdapConfiguration.bindPassword());
+ /**
+ * Loads the persisted LDAP configuration.
+ *
+ * @return theh persisted
+ */
+ public LdapConnectionTemplate load() throws AmbariLdapException {
- // todo set the other required properties here, eg.: trustmanager
- return config;
+ if (null == ldapConnectionTemplateInstance) {
+ ldapConnectionTemplateInstance = create(ambariLdapConfigurationProvider.get());
+ }
+ return ldapConnectionTemplateInstance;
}
- private LdapConnectionFactory getLdapConnectionFactory(AmbariLdapConfiguration ambariLdapConfiguration) {
- return new DefaultLdapConnectionFactory(getLdapConnectionConfig(ambariLdapConfiguration));
+ /**
+ * The returned connection template instance is recreated whenever the ambari ldap configuration changes
+ *
+ * @param event
+ * @throws AmbariLdapException
+ */
+ @Subscribe
+ public void onConfigChange(AmbariLdapConfigChangedEvent event) throws AmbariLdapException {
+ ldapConnectionTemplateInstance = create(ambariLdapConfigurationProvider.get());
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/DefaultLdapConnectionConfigService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/DefaultLdapConnectionConfigService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/DefaultLdapConnectionConfigService.java
new file mode 100644
index 0000000..b12cc85
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/DefaultLdapConnectionConfigService.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.ldap.service.ads.detectors;
+
+import static javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.service.AmbariLdapException;
+import org.apache.ambari.server.ldap.service.LdapConnectionConfigService;
+import org.apache.directory.api.util.Strings;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Singleton
+public class DefaultLdapConnectionConfigService implements LdapConnectionConfigService {
+
+ private static Logger LOG = LoggerFactory.getLogger(DefaultLdapConnectionConfigService.class);
+
+ @Inject
+ public DefaultLdapConnectionConfigService() {
+ }
+
+ @Override
+ public LdapConnectionConfig createLdapConnectionConfig(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+
+ LOG.debug("Assembling ldap connection config based on: {}", ambariLdapConfiguration);
+
+ LdapConnectionConfig config = new LdapConnectionConfig();
+ config.setLdapHost(ambariLdapConfiguration.serverHost());
+ config.setLdapPort(ambariLdapConfiguration.serverPort());
+ config.setName(ambariLdapConfiguration.bindDn());
+ config.setCredentials(ambariLdapConfiguration.bindPassword());
+ config.setUseSsl(ambariLdapConfiguration.useSSL());
+
+ // todo implement proper validation logic here: identify optional/mandatory settings
+ // todo suggest proper naming
+ if ("custom".equals(ambariLdapConfiguration.trustStore())) {
+ LOG.info("Using custom trust manager configuration");
+ config.setTrustManagers(trustManagers(ambariLdapConfiguration));
+ }
+
+
+ return config;
+ }
+
+
+ /**
+ * Configure the trustmanagers to use the custom keystore.
+ *
+ * @param ambariLdapConfiguration congiguration instance holding current values
+ * @return the array of trust managers
+ * @throws AmbariLdapException if an error occurs while setting up the connection
+ */
+ private TrustManager[] trustManagers(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+ try {
+
+ TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(getDefaultAlgorithm());
+ tmFactory.init(keyStore(ambariLdapConfiguration));
+ return tmFactory.getTrustManagers();
+
+ } catch (Exception e) {
+
+ LOG.error("Failed to initialize trust managers", e);
+ throw new AmbariLdapException(e);
+
+ }
+
+ }
+
+ private KeyStore keyStore(AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
+
+ // validating configuration settings
+ if (Strings.isEmpty(ambariLdapConfiguration.trustStoreType())) {
+ throw new AmbariLdapException("Key Store Type must be specified");
+ }
+
+ if (Strings.isEmpty(ambariLdapConfiguration.trustStorePath())) {
+ throw new AmbariLdapException("Key Store Path must be specified");
+ }
+
+ try {
+
+ KeyStore ks = KeyStore.getInstance(ambariLdapConfiguration.trustStoreType());
+ FileInputStream fis = new FileInputStream(ambariLdapConfiguration.trustStorePath());
+ ks.load(fis, ambariLdapConfiguration.trustStorePassword().toCharArray());
+ return ks;
+
+ } catch (Exception e) {
+
+ LOG.error("Failed to create keystore", e);
+ throw new AmbariLdapException(e);
+
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a57f21b/ambari-server/src/test/java/org/apache/ambari/server/ldap/LdapModuleFunctionalTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/LdapModuleFunctionalTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/LdapModuleFunctionalTest.java
index 8059723..b9f140e 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/LdapModuleFunctionalTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/LdapModuleFunctionalTest.java
@@ -21,6 +21,7 @@ import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
import org.apache.ambari.server.ldap.domain.TestAmbariAmbariLdapConfigurationFactory;
import org.apache.ambari.server.ldap.service.LdapConfigurationService;
import org.apache.ambari.server.ldap.service.LdapFacade;
+import org.apache.ambari.server.ldap.service.ads.LdapConnectionTemplateFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
@@ -130,14 +131,41 @@ public class LdapModuleFunctionalTest {
ldapPropsMap.put(AmbariLdapConfigKeys.SERVER_PORT.key(), "389");
ldapPropsMap.put(AmbariLdapConfigKeys.BIND_DN.key(), "cn=read-only-admin,dc=example,dc=com");
ldapPropsMap.put(AmbariLdapConfigKeys.BIND_PASSWORD.key(), "password");
+ ldapPropsMap.put(AmbariLdapConfigKeys.USE_SSL.key(), "true");
ldapPropsMap.put(AmbariLdapConfigKeys.USER_OBJECT_CLASS.key(), SchemaConstants.PERSON_OC);
ldapPropsMap.put(AmbariLdapConfigKeys.USER_NAME_ATTRIBUTE.key(), SchemaConstants.UID_AT);
ldapPropsMap.put(AmbariLdapConfigKeys.USER_SEARCH_BASE.key(), "dc=example,dc=com");
ldapPropsMap.put(AmbariLdapConfigKeys.DN_ATTRIBUTE.key(), SchemaConstants.UID_AT);
+ ldapPropsMap.put(AmbariLdapConfigKeys.TRUST_STORE.key(), "custom");
+ ldapPropsMap.put(AmbariLdapConfigKeys.TRUST_STORE_TYPE.key(), "JKS");
+ ldapPropsMap.put(AmbariLdapConfigKeys.TRUST_STORE_PATH.key(), "/Users/lpuskas/my_truststore/KeyStore.jks");
+ ldapPropsMap.put(AmbariLdapConfigKeys.TRUST_STORE_PASSWORD.key(), "lofasz");
return ldapPropsMap;
}
+
+ @Test
+ public void testShouldCustomTrustManagersBeSetForLdapConnection() throws Exception {
+ // GIVEN
+ AmbariLdapConfiguration ambariLdapConfiguration = ldapConfigurationFactory.createLdapConfiguration(getProps());
+
+ LdapFacade ldapFacade = injector.getInstance(LdapFacade.class);
+
+ LdapConnectionTemplateFactory lctFactory = injector.getInstance(LdapConnectionTemplateFactory.class);
+
+ LdapConnectionTemplate template1 = lctFactory.load();
+ LdapConnectionTemplate template2 = lctFactory.create(ambariLdapConfiguration);
+
+
+ // WHEN
+ ldapFacade.checkConnection(ambariLdapConfiguration);
+
+ ldapFacade.detectAttributes(ambariLdapConfiguration);
+
+ // THEN
+ // no exceptions thrown
+ }
}
\ No newline at end of file