Refine search
private static String extractCN(final String subjectPrincipal) throws SSLException { if (subjectPrincipal == null) { return null; } try { final LdapName subjectDN = new LdapName(subjectPrincipal); final List<Rdn> rdns = subjectDN.getRdns(); for (int i = rdns.size() - 1; i >= 0; i--) { final Rdn rds = rdns.get(i); final Attributes attributes = rds.toAttributes(); final Attribute cn = attributes.get("cn"); if (cn != null) { try { final Object value = cn.get(); if (value != null) { return value.toString(); } } catch (final NoSuchElementException ignore) { // ignore exception } catch (final NamingException ignore) { // ignore exception } } } return null; } catch (final InvalidNameException e) { throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); } }
LdapName identityLdapName = new LdapName(identity.getDistinguishedName()); String renameTo = null; identity.getDirContext().modifyAttributes(identityLdapName, modItemsArray); if (renameTo != null && ! renameTo.equals(identityLdapName.getRdn(identityLdapName.size()-1).getValue())) { LdapName newLdapName = new LdapName(identityLdapName.getRdns().subList(0, identityLdapName.size()-1)); newLdapName.add(new Rdn(identityMapping.rdnIdentifier, renameTo)); identity.getDirContext().rename(identityLdapName, newLdapName);
private List<String> getDnAttribute(LdapName rfc2253dn, String attribute) { final List<String> attrValues = new ArrayList<>(rfc2253dn.size()); final List<Rdn> reverseRdn = new ArrayList<>(rfc2253dn.getRdns()); Collections.reverse(reverseRdn); for (Rdn rdn : reverseRdn) { if (rdn.getType().equalsIgnoreCase(attribute)) { attrValues.add(rdn.getValue().toString()); } } return Collections.unmodifiableList(attrValues); } }
BigInteger serialNumber = cert.getSerialNumber(); String subject = cert.getSubjectX500Principal().getName(X500Principal.RFC2253); LdapName ldapName = new LdapName(subject); for (Rdn rdn : ldapName.getRdns()) { Attribute cn = rdn.toAttributes().get("CN"); String certName = (String)cn.get(); Collection<List<?>> allNames = cert.getSubjectAlternativeNames();
private List<String> getUserRolesFromLdap(SearchResult ldapUser) throws NamingException { List<String> groups = new ArrayList<>(); NamingEnumeration<?> groupAttributes = ldapUser.getAttributes().get("memberOf").getAll(); while (groupAttributes.hasMore()) { LdapName name = new LdapName((String) groupAttributes.next()); for (Rdn rdn : name.getRdns()) { if (rdn.getType().equalsIgnoreCase("cn")) { groups.add((String) rdn.getValue()); break; } } } return groups; } }
@Nullable static String getClientUniqueID (@Nonnull final X509Certificate aCert) { try { // subject principal name must be in the order CN=XX,O=YY,C=ZZ // In some JDK versions it is O=YY,CN=XX,C=ZZ instead (e.g. 1.6.0_45) final LdapName aLdapName = new LdapName (aCert.getSubjectX500Principal ().getName ()); // Make a map from type to name final ICommonsMap <String, Rdn> aParts = new CommonsHashMap <> (); for (final Rdn aRdn : aLdapName.getRdns ()) aParts.put (aRdn.getType (), aRdn); // Re-order - least important item comes first (=reverse order)! final String sSubjectName = new LdapName (new CommonsArrayList <> (aParts.get ("C"), aParts.get ("O"), aParts.get ("CN"))).toString (); // subject-name + ":" + serial number hexstring return sSubjectName + ':' + aCert.getSerialNumber ().toString (16); } catch (final Exception ex) { LOGGER.error ("Failed to parse '" + aCert.getSubjectX500Principal ().getName () + "'", ex); return null; } }
private LdapEntry parseRole(String dn, String groupNameAttribute, URI groupReferralAddress) { try { LdapName ldapName = new LdapName(Rdn.unescapeValue(dn).toString()); for (int i = ldapName.size() - 1; i >= 0; i--) { String rdnString = ldapName.get(i); Rdn rdn = new Rdn(rdnString); Attribute attr = rdn.toAttributes().get(groupNameAttribute); if (attr != null) { Object value = attr.get(); if (value != null) { return new LdapEntry( (value instanceof byte[]) ? new String((byte[]) value, StandardCharsets.UTF_8) : value.toString(), dn, groupReferralAddress); } } } } catch (NamingException e) { SECURITY_LOGGER.tracef("Unable to parse role from DN (%s): %s", dn, e.getMessage()); } return null; }
private static String getGroupNameFromDn(String dnString, String groupNameAttribute) throws NamingException { LdapName dn = new LdapName(dnString); // may throw InvalidNameException Attribute attribute = dn.getRdn(dn.size()-1).toAttributes().get(groupNameAttribute); if (attribute == null) { // We were configured with the wrong group name attribute throw new IdentityStoreConfigurationException("Group name attribute '" + groupNameAttribute + "' not found for DN: " + dnString); } return attribute.get(0).toString(); }
/** * Get the value of the Rdn with the requested key in the supplied Name. * * @param name the Name in which to search for the key. * @param key the attribute key to search for. * @return the value of the rdn corresponding to the <b>first</b> occurrence of the requested key. * @throws NoSuchElementException if no corresponding entry is found. * @since 2.0 */ public static Object getValue(Name name, String key) { NamingEnumeration<? extends Attribute> allAttributes = getRdn(name, key).toAttributes().getAll(); while (allAttributes.hasMoreElements()) { Attribute oneAttribute = allAttributes.nextElement(); if(key.equalsIgnoreCase(oneAttribute.getID())) { try { return oneAttribute.get(); } catch (javax.naming.NamingException e) { throw convertLdapException(e); } } } // This really shouldn't happen throw new NoSuchElementException("No Rdn with the requested key: '" + key + "'"); }
private LdapSearch createLdapSearchByDn() { if ( ! name.regionMatches(true, 0, identityMapping.rdnIdentifier, 0, identityMapping.rdnIdentifier.length())) { return null; } // equal sign not checked here as whitespaces can be between yet try { LdapName ldapName = new LdapName(name); int rdnPosition = ldapName.size() - 1; Rdn rdnIdentifier = ldapName.getRdn(rdnPosition); if ( ! rdnIdentifier.getType().equalsIgnoreCase(identityMapping.rdnIdentifier)) { // uid=... log.tracef("Getting identity [%s] by DN skipped - RDN does not match [%s]", name, identityMapping.rdnIdentifier); return null; } if (identityMapping.searchDn != null) { List<Rdn> expectedStart = new LdapName(identityMapping.searchDn).getRdns(); if ( ! ldapName.startsWith(expectedStart)) { // ...,search-dn log.tracef("Getting identity [%s] by DN skipped - DN not in search-dn [%s]", name, identityMapping.searchDn); return null; } if ( ! identityMapping.searchRecursive && ldapName.size() != expectedStart.size() + 1) { log.tracef("Getting identity [%s] by DN skipped - DN not directly in search-dn and recursive search not enabled [%s]", name, identityMapping.searchDn); return null; } } return new LdapSearch(ldapName.toString(), SearchControls.OBJECT_SCOPE, 0, identityMapping.filterName, rdnIdentifier.getValue().toString()); } catch (InvalidNameException e) { log.tracef(e, "Getting identity [%s] by DN failed - will continue by name", name); } return null; }
static String formatForUrl(LdapName ldapName) { StringBuilder sb = new StringBuilder(); ListIterator<Rdn> it = ldapName.getRdns().listIterator(ldapName.size()); while (it.hasPrevious()) { Rdn component = it.previous(); Attributes attributes = component.toAttributes(); NamingEnumeration<? extends Attribute> allAttributes = attributes.getAll(); while(allAttributes.hasMoreElements()) { Attribute oneAttribute = allAttributes.nextElement(); String encodedAttributeName = nameEncodeForUrl(oneAttribute.getID()); allValues = oneAttribute.getAll(); } catch (NamingException e) { throw new UncategorizedLdapException("Unexpected error occurred formatting base URL", e);
protected Set<GroupPrincipal> getACLs(String destinationBase, SearchControls constraints, String roleBase, String roleAttribute) { try { Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>(); Set<String> acls = new HashSet<String>(); NamingEnumeration<?> results = context.search(destinationBase, roleBase, constraints); while (results.hasMore()) { SearchResult result = (SearchResult)results.next(); Attributes attrs = result.getAttributes(); if (attrs == null) { continue; } acls = addAttributeValues(roleAttribute, attrs, acls); } for (Iterator<String> iter = acls.iterator(); iter.hasNext();) { String roleName = iter.next(); LdapName ldapname = new LdapName(roleName); Rdn rdn = ldapname.getRdn(ldapname.size() - 1); LOG.debug("Found role: [" + rdn.getValue().toString() + "]"); roles.add(new GroupPrincipal(rdn.getValue().toString())); } return roles; } catch (NamingException e) { LOG.error(e.toString()); return new HashSet<GroupPrincipal>(); } }
@Override public void create() throws RealmUnavailableException { if (identityMapping.newIdentityParent == null || identityMapping.newIdentityAttributes == null) { throw log.ldapRealmNotConfiguredToSupportCreatingIdentities(); } DirContext context = obtainContext(); try { LdapName distinguishName = (LdapName) identityMapping.newIdentityParent.clone(); distinguishName.add(new Rdn(identityMapping.rdnIdentifier, name)); log.debugf("Creating identity [%s] with DN [%s] in LDAP", name, distinguishName.toString()); context.createSubcontext(distinguishName, identityMapping.newIdentityAttributes); } catch (NamingException e) { throw log.ldapRealmFailedCreateIdentityOnServer(e); } finally { closeContext(context); } }
Rdn rdn = dn.getRdn(dn.size() - 1); if (record.get(rdn.getType()) != null) { Object object = record.get(rdn.getType()).get(); if (((String)rdn.getValue()).equalsIgnoreCase(value)) { return true; String rdnValue = LdapEncoder.printBase64Binary(((String)rdn.getValue()).getBytes()); String attributeValue = LdapEncoder.printBase64Binary((byte[]) object); if (rdnValue.equals(attributeValue)) return true;
/** * Find the Rdn with the requested key in the supplied Name. * * @param name the Name in which to search for the key. * @param key the attribute key to search for. * @return the rdn corresponding to the <b>first</b> occurrence of the requested key. * @throws NoSuchElementException if no corresponding entry is found. * @since 2.0 */ public static Rdn getRdn(Name name, String key) { Assert.notNull(name, "name must not be null"); Assert.hasText(key, "key must not be blank"); LdapName ldapName = returnOrConstructLdapNameFromName(name); List<Rdn> rdns = ldapName.getRdns(); for (Rdn rdn : rdns) { NamingEnumeration<String> ids = rdn.toAttributes().getIDs(); while (ids.hasMoreElements()) { String id = ids.nextElement(); if(key.equalsIgnoreCase(id)) { return rdn; } } } throw new NoSuchElementException("No Rdn with the requested key: '" + key + "'"); }
public Name getTemporaryName(Name originalName) { LdapName temporaryName = LdapUtils.newLdapName(originalName); // Add tempSuffix to the leaf node name. try { String leafNode = (String) temporaryName.remove(temporaryName.size() - 1); temporaryName.add(new Rdn(leafNode + tempSuffix)); } catch (InvalidNameException e) { throw new org.springframework.ldap.InvalidNameException(e); } return temporaryName; }
/** * Parses the RDN representing a destination name/pattern into the standard string representation of the * name/pattern. This implementation does not care about the type of the RDN such that the RDN could be a CN or OU. * * @param destinationName * the RDN representing the name or pattern for the destination * * @see #formatDestination(Rdn, Rdn) */ protected String formatDestinationName(Rdn destinationName) { return destinationName.getValue().toString().replaceAll(ANY_DESCENDANT, ">"); }