apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add check for ldap truststore password (#11055)

Browse Source
This commit is contained in:
Pearl Dsilva 2025-06-19 04:03:58 -04:00 committed by GitHub
parent 0d5a0ea681
commit cbd2b5a022
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java
View File

@ -16,6 +16,7 @@
// under the License. // under the License.
package org.apache.cloudstack.ldap; package org.apache.cloudstack.ldap;
import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.util.Hashtable; import java.util.Hashtable;
@ -24,6 +25,7 @@ import javax.naming.Context;
import javax.naming.NamingException; import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext; import javax.naming.ldap.LdapContext;
import java.security.KeyStore;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
@ -72,8 +74,36 @@ public class LdapContextFactory {
if (sslStatus) { if (sslStatus) {
s_logger.info("LDAP SSL enabled."); s_logger.info("LDAP SSL enabled.");
environment.put(Context.SECURITY_PROTOCOL, "ssl"); environment.put(Context.SECURITY_PROTOCOL, "ssl");
System.setProperty("javax.net.ssl.trustStore", _ldapConfiguration.getTrustStore(domainId)); String trustStore = _ldapConfiguration.getTrustStore(domainId);
System.setProperty("javax.net.ssl.trustStorePassword", _ldapConfiguration.getTrustStorePassword(domainId)); String trustStorePassword = _ldapConfiguration.getTrustStorePassword(domainId);
if (!validateTrustStore(trustStore, trustStorePassword)) {
throw new RuntimeException("Invalid truststore or truststore password");
}
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
}
}
private boolean validateTrustStore(String trustStore, String trustStorePassword) {
if (trustStore == null) {
return true;
}
if (trustStorePassword == null) {
return false;
}
try {
KeyStore.getInstance("JKS").load(
new FileInputStream(trustStore),
trustStorePassword.toCharArray()
);
return true;
} catch (Exception e) {
s_logger.warn("Failed to validate truststore: " + e.getMessage());
return false;
} }
} }

5
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
View File

@ -186,6 +186,11 @@ public class LdapManagerImpl extends ComponentLifecycleBase implements LdapManag
} catch (NamingException | IOException e) { } catch (NamingException | IOException e) {
LOGGER.debug("NamingException while doing an LDAP bind", e); LOGGER.debug("NamingException while doing an LDAP bind", e);
throw new InvalidParameterValueException("Unable to bind to the given LDAP server"); throw new InvalidParameterValueException("Unable to bind to the given LDAP server");
} catch (RuntimeException e) {
if (e.getMessage().contains("Invalid truststore")) {
throw new InvalidParameterValueException("Invalid truststore or truststore password");
}
throw e;
} finally { } finally {
closeContext(context); closeContext(context);
} }