public static List<String> getX509CertificateCommonNames(String dn) throws Exception { List<String> names = new ArrayList<>(); if (!PlatformDependent.isAndroid()) { LdapName ldapDN = new LdapName(dn); for (Rdn rdn : ldapDN.getRdns()) { if (rdn.getType().equalsIgnoreCase("cn")) { String name = rdn.getValue().toString(); names.add(name); } } } else { String [] rdns = dn.trim().split("[,;]"); for(String rdn : rdns) { String [] nvp = rdn.trim().split("="); if(nvp.length == 2 && "cn".equalsIgnoreCase(nvp[0])) { names.add(nvp[1]); } } } return names; }
private List<String> getDnAttribute(LdapName rfc2253dn, String attribute) { final List<String> attrValues = new ArrayList<>(rfc2253dn.size()); final List<Rdn> reverseRdn = new ArrayList<>(rfc2253dn.getRdns()); Collections.reverse(reverseRdn); for (Rdn rdn : reverseRdn) { if (rdn.getType().equalsIgnoreCase(attribute)) { attrValues.add(rdn.getValue().toString()); } } return Collections.unmodifiableList(attrValues); } }
private static String extractCN(final String subjectPrincipal) throws SSLException { if (subjectPrincipal == null) { return null; } try { final LdapName subjectDN = new LdapName(subjectPrincipal); final List<Rdn> rdns = subjectDN.getRdns(); for (int i = rdns.size() - 1; i >= 0; i--) { final Rdn rds = rdns.get(i); final Attributes attributes = rds.toAttributes(); final Attribute cn = attributes.get("cn"); if (cn != null) { try { final Object value = cn.get(); if (value != null) { return value.toString(); } } catch (final NoSuchElementException ignore) { // ignore exception } catch (final NamingException ignore) { // ignore exception } } } return null; } catch (final InvalidNameException e) { throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); } }
String dn = "CN=Jimmy Blooptoop,OU=Someplace,OU=Employees,DC=Bloopsoft-Inc"; LdapName ln = new LdapName(dn); for(Rdn rdn : ln.getRdns()) { if(rdn.getType().equalsIgnoreCase("CN")) { System.err.println("CN is: " + rdn.getValue()); break; } }
/** * A helper method to get the Relative Distinguished Name (RDN) from * Distinguished name (DN). According to Active Directory documentation, * a group object's RDN is a CN. * * @param distinguishedName A string representing a distinguished name. * @throws NamingException if the DN is malformed. * @return a string which represents the RDN */ private String getRelativeDistinguishedName(String distinguishedName) throws NamingException { LdapName ldn = new LdapName(distinguishedName); List<Rdn> rdns = ldn.getRdns(); if (rdns.isEmpty()) { throw new NamingException("DN is empty"); } Rdn rdn = rdns.get(rdns.size()-1); if (rdn.getType().equalsIgnoreCase(groupNameAttr)) { String groupName = (String)rdn.getValue(); return groupName; } throw new NamingException("Unable to find RDN: The DN " + distinguishedName + " is malformed."); }
private void invokeCacheUpdateListener(NamingEvent evt) { Binding oldBinding = evt.getOldBinding(); LdapName ldapName; try { ldapName = new LdapName(oldBinding.getName()); } catch (InvalidNameException e) { throw log.ldapInvalidLdapName(oldBinding.getName(), e); } ldapName.getRdns().stream() .filter(rdn -> rdn.getType().equals(identityMapping.rdnIdentifier)) .map(rdn -> new NamePrincipal(rdn.getValue().toString())) .findFirst() .ifPresent(listener::accept); } }
for (Rdn rdn : dn.getRdns()) { if (rdn.getType().equalsIgnoreCase("CN")) { if (matchesPerRfc2818(name, rdn.getValue().toString())) {
private String extractRdn(AttributeMapping mapping, final String dn) { String valueRdn = mapping.getRdn(); try { for (Rdn rdn : new LdapName(dn).getRdns()) { if (rdn.getType().equalsIgnoreCase(valueRdn)) { return rdn.getValue().toString(); } } } catch (Exception cause) { throw log.ldapRealmInvalidRdnForAttribute(mapping.getName(), dn, valueRdn, cause); } return null; }
private User resolveTransportUsernameAttribute(User pkiUser) { //#547 if(transportUsernameAttribute != null && !transportUsernameAttribute.isEmpty()) { try { final LdapName sslPrincipalAsLdapName = new LdapName(pkiUser.getName()); for(final Rdn rdn: sslPrincipalAsLdapName.getRdns()) { if(rdn.getType().equals(transportUsernameAttribute)) { return new User((String) rdn.getValue()); } } } catch (InvalidNameException e) { //cannot happen } } return pkiUser; } }
for (Rdn rdn : DN.getRdns()) { if ("CN".equals(rdn.getType())) { commonNames.add((String) rdn.getValue());
private LdapSearch createLdapSearchByDn() { if ( ! name.regionMatches(true, 0, identityMapping.rdnIdentifier, 0, identityMapping.rdnIdentifier.length())) { return null; } // equal sign not checked here as whitespaces can be between yet try { LdapName ldapName = new LdapName(name); int rdnPosition = ldapName.size() - 1; Rdn rdnIdentifier = ldapName.getRdn(rdnPosition); if ( ! rdnIdentifier.getType().equalsIgnoreCase(identityMapping.rdnIdentifier)) { // uid=... log.tracef("Getting identity [%s] by DN skipped - RDN does not match [%s]", name, identityMapping.rdnIdentifier); return null; } if (identityMapping.searchDn != null) { List<Rdn> expectedStart = new LdapName(identityMapping.searchDn).getRdns(); if ( ! ldapName.startsWith(expectedStart)) { // ...,search-dn log.tracef("Getting identity [%s] by DN skipped - DN not in search-dn [%s]", name, identityMapping.searchDn); return null; } if ( ! identityMapping.searchRecursive && ldapName.size() != expectedStart.size() + 1) { log.tracef("Getting identity [%s] by DN skipped - DN not directly in search-dn and recursive search not enabled [%s]", name, identityMapping.searchDn); return null; } } return new LdapSearch(ldapName.toString(), SearchControls.OBJECT_SCOPE, 0, identityMapping.filterName, rdnIdentifier.getValue().toString()); } catch (InvalidNameException e) { log.tracef(e, "Getting identity [%s] by DN failed - will continue by name", name); } return null; }
LdapName newLdapName = new LdapName(identityLdapName.getRdns().subList(0, identityLdapName.size()-1)); newLdapName.add(new Rdn(identityMapping.rdnIdentifier, renameTo)); identity.getDirContext().rename(identityLdapName, newLdapName);
private Set<Rdn> getPrincipalRdns(X500Principal principal) { try { LdapName certAsLdapName =new LdapName(principal.getName()); return new HashSet<Rdn>(certAsLdapName.getRdns()); } catch (InvalidNameException e) { throw new SecurityException("Cannot parse '" + principal + "' as LDAP name"); } }
static String extractCN(final String subjectPrincipal) throws SSLException { if (subjectPrincipal == null) { return null; } try { final LdapName subjectDN = new LdapName(subjectPrincipal); final List<Rdn> rdns = subjectDN.getRdns(); for (int i = rdns.size() - 1; i >= 0; i--) { final Rdn rds = rdns.get(i); final Attributes attributes = rds.toAttributes(); final Attribute cn = attributes.get("cn"); if (cn != null) { try { final Object value = cn.get(); if (value != null) { return value.toString(); } } catch (NoSuchElementException | NamingException ignore) { // } } } return null; } catch (InvalidNameException e) { throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); } }
static String extractCN(final String subjectPrincipal) throws SSLException { if (subjectPrincipal == null) { return null; } try { final LdapName subjectDN = new LdapName(subjectPrincipal); final List<Rdn> rdns = subjectDN.getRdns(); for (int i = rdns.size() - 1; i >= 0; i--) { final Rdn rds = rdns.get(i); final Attributes attributes = rds.toAttributes(); final Attribute cn = attributes.get("cn"); if (cn != null) { try { final Object value = cn.get(); if (value != null) { return value.toString(); } } catch (NoSuchElementException ignore) { } catch (NamingException ignore) { } } } return null; } catch (InvalidNameException e) { throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); } }
public static List<String> getX509CertificateCommonNames(String dn) throws Exception { List<String> names = new ArrayList<>(); if (!PlatformDependent.isAndroid()) { LdapName ldapDN = new LdapName(dn); for (Rdn rdn : ldapDN.getRdns()) { if (rdn.getType().equalsIgnoreCase("cn")) { String name = rdn.getValue().toString(); names.add(name); } } } else { String [] rdns = dn.trim().split("[,;]"); for(String rdn : rdns) { String [] nvp = rdn.trim().split("="); if(nvp.length == 2 && "cn".equalsIgnoreCase(nvp[0])) { names.add(nvp[1]); } } } return names; }
private void checkCertForAllowedPrincipals(HttpsExchange pHttpsExchange) { if (allowedPrincipals != null) { X500Principal certPrincipal; try { certPrincipal = (X500Principal) pHttpsExchange.getSSLSession().getPeerPrincipal(); Set<Rdn> certPrincipalRdns = getPrincipalRdns(certPrincipal); boolean matchFound = false; for (LdapName principal : allowedPrincipals) { if (certPrincipalRdns.containsAll(principal.getRdns())) { matchFound = true; break; } } if (!matchFound) { throw new SecurityException("Principal " + certPrincipal + " not allowed"); } } catch (SSLPeerUnverifiedException e) { throw new SecurityException("SSLPeer unverified"); } catch (ClassCastException e) { throw new SecurityException("Internal: Invalid Principal class provided " + e); } } }
for (Rdn rdn : name.getRdns())
for (Rdn rdn : ldapName.getRdns()) { if ("CN".equalsIgnoreCase(rdn.getType())) { cn = rdn.getValue().toString();