From 137b16de63e5d02a272874256ba738bc206c9cd6 Mon Sep 17 00:00:00 2001
From: ttnesby <ttnesby@gmail.com>
Date: Fri, 7 Dec 2018 09:47:54 +0100
Subject: [PATCH] - general refactoring, improved error handling for
 JAASContext and   binding information

---
 .../nav/common/security/ldap/JAASContext.kt   |  4 +--
 .../common/security/ldap/LDAPAuthorization.kt | 27 ++++++++++---------
 .../no/nav/common/security/ldap/LDAPBase.kt   |  8 +++---
 3 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/src/main/kotlin/no/nav/common/security/ldap/JAASContext.kt b/src/main/kotlin/no/nav/common/security/ldap/JAASContext.kt
index 305261ec..f8b5f18e 100644
--- a/src/main/kotlin/no/nav/common/security/ldap/JAASContext.kt
+++ b/src/main/kotlin/no/nav/common/security/ldap/JAASContext.kt
@@ -30,7 +30,7 @@ object JAASContext {
             emptyMap()
         }
 
-        username = options["username"].toString()
-        password = options["password"].toString()
+        username = options["username"] ?: ""
+        password = options["password"] ?: ""
     }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/no/nav/common/security/ldap/LDAPAuthorization.kt b/src/main/kotlin/no/nav/common/security/ldap/LDAPAuthorization.kt
index c7b6ea38..862b4b4f 100644
--- a/src/main/kotlin/no/nav/common/security/ldap/LDAPAuthorization.kt
+++ b/src/main/kotlin/no/nav/common/security/ldap/LDAPAuthorization.kt
@@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory
 import kotlin.system.measureTimeMillis
 
 /**
- * A class verifying group membership with LDAP compare-matched
+ * A class verifying group membership with LDAP
  */
 
 class LDAPAuthorization private constructor(
@@ -21,26 +21,29 @@ class LDAPAuthorization private constructor(
 
     // In authorization context, needs to bind the connection before compare-match between group and user
     // due to no anonymous access allowed for LDAP operations like search, compare, ...
-    private val bindDN = config.toUserDN(JAASContext.username)
-    private val bindPwd = JAASContext.password
     private val connectionAndBindIsOk: Boolean
 
     init {
-        log.debug("Binding information for authorization fetched from JAAS config file [$bindDN]")
+        connectionAndBindIsOk = when {
+            JAASContext.username.isEmpty() || JAASContext.password.isEmpty() -> false
+            !ldapConnection.isConnected -> false
+            else -> doBind(config.toUserDN(JAASContext.username), JAASContext.password)
+        }
+    }
 
-        connectionAndBindIsOk = if (ldapConnection.isConnected) {
+    private fun doBind(userDN: String, pwd: String): Boolean =
             try {
-                val connTime = measureTimeMillis { ldapConnection.bind(bindDN, bindPwd) }
-                log.debug("Successfully bind to (${config.host},${config.port}) with $bindDN")
-                log.info("${Monitoring.AUTHORIZATION_BIND_TIME.txt} $connTime")
+                log.debug("Binding information for authorization fetched from JAAS config file [$userDN]")
+                measureTimeMillis { ldapConnection.bind(userDN, pwd) }
+                        .also {
+                            log.debug("Successfully bind to (${config.host},${config.port}) with $userDN")
+                            log.info("${Monitoring.AUTHORIZATION_BIND_TIME.txt} $it")
+                        }
                 true
             } catch (e: LDAPException) {
-                log.error("${Monitoring.AUTHORIZATION_BIND_FAILED.txt} $bindDN to (${config.host},${config.port}) - ${e.diagnosticMessage}")
+                log.error("${Monitoring.AUTHORIZATION_BIND_FAILED.txt} $userDN to (${config.host},${config.port}) - ${e.diagnosticMessage}")
                 false
             }
-        } else
-            false
-    }
 
     private fun getGroupDN(groupName: String): String =
             try {
diff --git a/src/main/kotlin/no/nav/common/security/ldap/LDAPBase.kt b/src/main/kotlin/no/nav/common/security/ldap/LDAPBase.kt
index c755340a..728f662a 100644
--- a/src/main/kotlin/no/nav/common/security/ldap/LDAPBase.kt
+++ b/src/main/kotlin/no/nav/common/security/ldap/LDAPBase.kt
@@ -29,9 +29,11 @@ abstract class LDAPBase protected constructor(config: LDAPConfig.Config) : AutoC
     init {
         // initialize LDAP connection
         try {
-            val connTime = measureTimeMillis { ldapConnection.connect(config.host, config.port) }
-            log.debug("Successfully connected to (${config.host},${config.port})")
-            log.info("${Monitoring.LDAP_BASE_TIME.txt} $connTime")
+            measureTimeMillis { ldapConnection.connect(config.host, config.port) }
+                    .also {
+                        log.debug("Successfully connected to (${config.host},${config.port})")
+                        log.info("${Monitoring.LDAP_BASE_TIME.txt} $it")
+                    }
         } catch (e: LDAPException) {
             log.error("${Monitoring.LDAP_BASE_FAILURE.txt} (${config.host},${config.port}) - ${e.diagnosticMessage}")
             ldapConnection.setDisconnectInfo(