SONAR-14222 Allow to configure sasl QoP in LDAP context

2 files changed, 23 insertions, 2 deletions

diff --git a/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java b/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java
index e9264d06275..507cb1d611d 100644
--- a/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java
+++ b/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java
@@ -21,6 +21,7 @@ package org.sonar.auth.ldap;
 
 import org.junit.ClassRule;
 import org.junit.Test;
+import org.sonar.api.config.internal.MapSettings;
 import org.sonar.api.server.http.HttpRequest;
 import org.sonar.auth.ldap.server.LdapServer;
 
@@ -115,8 +116,12 @@ public class DefaultLdapAuthenticatorIT {
 
   @Test
   public void testSasl() {
-    LdapSettingsManager settingsManager = new LdapSettingsManager(
-      LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_CRAM_MD5).asConfig());
+    MapSettings mapSettings = LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_DIGEST_MD5);
+    //set sasl QoP properties as per https://docs.oracle.com/javase/jndi/tutorial/ldap/security/digest.html
+    mapSettings.setProperty("ldap.saslQop", "auth")
+      .setProperty("ldap.saslStrength", "high")
+      .setProperty("ldap.saslMaxbuf", "16384");
+    LdapSettingsManager settingsManager = new LdapSettingsManager(mapSettings.asConfig());
     DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings());
 
     LdapAuthenticationResult user1Success = authenticator.doAuthenticate(createContext("godin", "secret1"));
diff --git a/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java b/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java
index abe882e62c1..c4084d173e1 100644
--- a/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java
+++ b/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java
@@ -73,6 +73,9 @@ public class LdapContextFactory {
   private final String password;
   private final String realm;
   private final String referral;
+  private final String saslQop;
+  private final String saslStrength;
+  private final String saslMaxbuf;
 
   public LdapContextFactory(org.sonar.api.config.Configuration config, String settingsPrefix, String ldapUrl) {
     this.authentication = StringUtils.defaultString(config.get(settingsPrefix + ".authentication").orElse(null), DEFAULT_AUTHENTICATION);
@@ -83,6 +86,9 @@ public class LdapContextFactory {
     this.username = config.get(settingsPrefix + ".bindDn").orElse(null);
     this.password = config.get(settingsPrefix + ".bindPassword").orElse(null);
     this.referral = getReferralsMode(config, settingsPrefix + ".followReferrals");
+    this.saslQop = config.get(settingsPrefix + ".saslQop").orElse(null);
+    this.saslStrength = config.get(settingsPrefix + ".saslStrength").orElse(null);
+    this.saslMaxbuf = config.get(settingsPrefix + ".saslMaxbuf").orElse(null);
   }
 
   /**
@@ -179,6 +185,16 @@ public class LdapContextFactory {
     if (principal != null) {
       env.put(Context.SECURITY_PRINCIPAL, principal);
     }
+    if (saslQop != null) {
+      env.put("javax.security.sasl.qop", saslQop);
+    }
+    if (saslStrength != null) {
+      env.put("javax.security.sasl.strength", saslStrength);
+    }
+    if (saslMaxbuf != null) {
+      env.put("javax.security.sasl.maxbuf", saslMaxbuf);
+    }
+
     // Note: debug is intentionally was placed here - in order to not expose password in log
     LOG.debug("Initializing LDAP context {}", env);
     if (credentials != null) {