private AuthenticationIdentity constructAuthenticationIdentity(X509Certificate certificate) { AuthenticationIdentity identity = new AuthenticationIdentity(); try { LdapName ln = new LdapName(certificate.getSubjectDN().getName()); for(Rdn rdn : ln.getRdns()) { if(rdn.getType().equalsIgnoreCase("GIVENNAME")) { identity.setGivenName(rdn.getValue().toString()); } else if(rdn.getType().equalsIgnoreCase("SURNAME")) { identity.setSurName(rdn.getValue().toString()); } else if(rdn.getType().equalsIgnoreCase("SERIALNUMBER")) { identity.setIdentityCode(rdn.getValue().toString().split("-")[1]); } else if(rdn.getType().equalsIgnoreCase("C")) { identity.setCountry(rdn.getValue().toString()); } } return identity; } catch (InvalidNameException e) { logger.error("Error getting authentication identity from the certificate", e); throw new TechnicalErrorException("Error getting authentication identity from the certificate", e); } }
/** * Returns true if the two provided DNs are equivalent, regardless of the order of the elements. Returns false if one or both are invalid DNs. * * Example: * * CN=test1, O=testOrg, C=US compared to CN=test1, O=testOrg, C=US -> true * CN=test1, O=testOrg, C=US compared to O=testOrg, CN=test1, C=US -> true * CN=test1, O=testOrg, C=US compared to CN=test2, O=testOrg, C=US -> false * CN=test1, O=testOrg, C=US compared to O=testOrg, CN=test2, C=US -> false * CN=test1, O=testOrg, C=US compared to -> false * compared to -> true * * @param dn1 the first DN to compare * @param dn2 the second DN to compare * @return true if the DNs are equivalent, false otherwise */ public static boolean compareDNs(String dn1, String dn2) { if (dn1 == null) { dn1 = ""; } if (dn2 == null) { dn2 = ""; } if (StringUtils.isEmpty(dn1) || StringUtils.isEmpty(dn2)) { return dn1.equals(dn2); } try { List<Rdn> rdn1 = new LdapName(dn1).getRdns(); List<Rdn> rdn2 = new LdapName(dn2).getRdns(); return rdn1.size() == rdn2.size() && rdn1.containsAll(rdn2); } catch (InvalidNameException e) { logger.warn("Cannot compare DNs: {} and {} because one or both is not a valid DN", dn1, dn2); return false; } }
/** * Extracts from DN a given attribute. * @param dn * The entire DN * @param attribute * The attribute to extract * @return the attribute value or null if not found an attribute with the given dn. */ public static String getAttributeFromDN(String dn, String attribute) { try { LdapName subjectDn = new LdapName(dn); for (Rdn rdn : subjectDn.getRdns()) { if (rdn.getType().equals(attribute)) { return rdn.getValue().toString(); } } } catch (InvalidNameException e) { throw new IllegalArgumentException(e); } return null; }
@Test public void testComposeDn() throws Exception { final String TEST_NAME = "testComposeDn"; TestUtil.displayTestTile(TEST_NAME); BasicExpressionFunctions basic = createBasicFunctions(); assertEquals("cn=foo,o=bar", basic.composeDn("cn","foo","o","bar")); assertEquals("cn=foo,o=bar", basic.composeDn("cn",PrismTestUtil.createPolyString("foo"),"o","bar")); assertEquals("cn=foo,o=bar", basic.composeDn("cn",PrismTestUtil.createPolyStringType("foo"),"o","bar")); assertEquals("cn=foo,o=bar", basic.composeDn("cn","foo",new Rdn("o","bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn","foo"),"ou","baz",new Rdn("o","bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn","foo"),"ou","baz","o","bar")); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn","foo"),new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn("cn","foo",new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo\\,foo,ou=baz,o=bar", basic.composeDn("cn","foo,foo",new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo\\=foo,ou=baz,o=bar", basic.composeDn("cn","foo=foo",new LdapName("ou=baz,o=bar"))); assertEquals(null, basic.composeDn(null)); assertEquals(null, basic.composeDn()); assertEquals(null, basic.composeDn("")); assertEquals(null, basic.composeDn(" ")); }
private String distributionGroupOU() throws InvalidNameException { LdapName container = new LdapName(getContainer()); List<String> ous = new ArrayList<>(); List<String> dcs = new ArrayList<>(); String retval = ""; for (Rdn rdn : container.getRdns()) { if (rdn.getType().equalsIgnoreCase("OU")) { ous.add(rdn.getValue().toString()); } else if (rdn.getType().equalsIgnoreCase("DC")) { dcs.add(rdn.getValue().toString()); } } for (int i = dcs.size()-1; i >= 0; i--) { if (!retval.isEmpty()) { retval += "."; } retval += dcs.get(i); } for (int i = 0; i < ous.size(); i++) { retval += "/" + ous.get(i); } return retval; }
static void printEscapedVal(Object[] values) { String escVal; for (int i = 0; i < values.length; i++) { escVal = Rdn.escapeValue(values[i]); System.out.println("Orig val: " + values[i] + " Escaped val: " + escVal); } }
/** * Convenience method. Equivalent to calling getSignerCert and * then parsing out the CN from the certificate's Subject field. * @return Signer CN or null if there's a problem. */ @Override public String getSignerCn() { try { X509Certificate signerCert = this.getSignerCert(); String dn = signerCert.getSubjectX500Principal().getName(); String cn = null; try { LdapName ldapDn = new LdapName(dn); List<Rdn> rdns = ldapDn.getRdns(); for(Rdn r : rdns) { if("CN".equals(r.getType())) { cn = r.getValue().toString(); } } } catch(InvalidNameException e) { log.warn("Invalid name", e); } return cn; } catch(Throwable t) { log.error("Failed to get signer CN: " + t.getMessage()); return null; } }
/** * Parse the given RND type from the given certificate's subject * @param cert Certificate * @param rdnType RND type * @return parsed value as String */ public static String parseSubjectName(final X509Certificate cert, final String rdnType) { String dn = cert.getSubjectX500Principal().getName(); String name = null; try { LdapName ldapDn = new LdapName(dn); List<Rdn> rdns = ldapDn.getRdns(); for(Rdn r : rdns) { if(rdnType.equals(r.getType())) { name = r.getValue().toString(); } } } catch(InvalidNameException e) { log.error(e); } return name; }
/** * Get the signer CN. * <p>Equivalent to calling getSignerCert and * then parsing out the CN from the certificate's Subject field. * @return Signer's CN or null if there's a problem. */ @Override public String getSignerCn() { try { X509Certificate signerCert = this.getSignerCert(); String dn = signerCert.getSubjectX500Principal().getName(); String cn = null; try { LdapName ldapDn = new LdapName(dn); List<Rdn> rdns = ldapDn.getRdns(); for (Rdn r : rdns) { if("CN".equals(r.getType())) { cn = r.getValue().toString(); } } } catch(InvalidNameException e) { log.warn("Invalid name", e); } return cn; } catch (Throwable t) { log.error("Failed to get Signer cert " + t.getMessage()); return null; } }
/** * This method can be removed the simple IssuerSerial verification can be * performed. In fact the hash verification is sufficient. * * @param generalNames * @return */ public static String getCanonicalizedName(final GeneralNames generalNames) { GeneralName[] names = generalNames.getNames(); TreeMap<String, String> treeMap = new TreeMap<String, String>(); for (GeneralName name : names) { String ldapString = String.valueOf(name.getName()); LOG.debug("ldapString to canonicalize: {} ", ldapString); try { LdapName ldapName = new LdapName(ldapString); List<Rdn> rdns = ldapName.getRdns(); for (final Rdn rdn : rdns) { treeMap.put(rdn.getType().toLowerCase(), String.valueOf(rdn.getValue()).toLowerCase()); } } catch (InvalidNameException e) { throw new DSSException(e); } } StringBuilder stringBuilder = new StringBuilder(); for (Entry<String, String> entry : treeMap.entrySet()) { stringBuilder.append(entry.getKey()).append('=').append(entry.getValue()).append('|'); } final String canonicalizedName = stringBuilder.toString(); LOG.debug("canonicalizedName: {} ", canonicalizedName); return canonicalizedName; }
protected Set<GroupPrincipal> getACLs(String destinationBase, SearchControls constraints, String roleBase, String roleAttribute) { try { Set<GroupPrincipal> roles = new HashSet<GroupPrincipal>(); Set<String> acls = new HashSet<String>(); NamingEnumeration<?> results = context.search(destinationBase, roleBase, constraints); while (results.hasMore()) { SearchResult result = (SearchResult)results.next(); Attributes attrs = result.getAttributes(); if (attrs == null) { continue; } acls = addAttributeValues(roleAttribute, attrs, acls); } for (Iterator<String> iter = acls.iterator(); iter.hasNext();) { String roleName = iter.next(); LdapName ldapname = new LdapName(roleName); Rdn rdn = ldapname.getRdn(ldapname.size() - 1); LOG.debug("Found role: [" + rdn.getValue().toString() + "]"); roles.add(new GroupPrincipal(rdn.getValue().toString())); } return roles; } catch (NamingException e) { LOG.error(e.toString()); return new HashSet<GroupPrincipal>(); } }
private static String extractCommonName(String principal) throws SSLException { if (principal == null) return null; try { LdapName ldapName = new LdapName(principal); for (Rdn rdn : ldapName.getRdns()) { if (rdn.getType().equalsIgnoreCase("CN")) { Object obj = rdn.getValue(); if (obj != null) return obj.toString(); } } return null; } catch (InvalidNameException e) { throw new SSLException("DN value \"" + principal + "\" is invalid"); } }
/** * Retrieves the name for the given certificate. * * @param certificate the certificate to get its name for, cannot be <code>null</code>. * @return the name for the given certificate, can be <code>null</code>. */ @Override public String getName(final X509Certificate certificate) { try { String dn = certificate.getSubjectX500Principal().getName(); if ("dn".equalsIgnoreCase("cn")) { return dn; } LdapName ldapDN = new LdapName(dn); for (Rdn rdn : ldapDN.getRdns()) { if ("cn".equalsIgnoreCase(rdn.getType())) { return (String) rdn.getValue(); } } } catch (InvalidNameException e) { // Ignore... } return null; }
/** * <p> * Test method for 'javax.naming.ldap.Rdn.compareTo(Object)' * </p> * <p> * Here we are testing if this method correctly compares an Rdn with another * object. * </p> * <p> * The expected result is 0. * </p> */ public void testCompareTo011() throws Exception { String x1 = "t=test+a= anything+A=\\#080808<a+c=c=#0808+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "a=<z>=at+a=<z>=at+a=<z>=at+a=<z>=at+a=>z<=at+a=>z<=at+a=>z<=at" + "+v================================+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=" + "+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a========a+s=s<>ss"; String x2 = "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "asd=asd=asd=asd=asd=asd=asd=Asd<asd<asd>asd>asd>asd+" + "a=<z>=at+a=<z>=at+a=<z>=at+a=<z>=at+a=>z<=at+a=>z<=at+a=>z<=at" + "+v================================+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=" + "+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a=+a========a+s=s<>ss+" + "A=\\#080808<a+c=c=#0808+t=test+a= anything"; Rdn rdn1 = new Rdn(x1); Rdn rdn2 = new Rdn(x2); assertEquals(0, rdn1.compareTo(rdn2)); }
@Test public void testComposeDn() throws Exception { final String TEST_NAME = "testComposeDn"; TestUtil.displayTestTitle(TEST_NAME); BasicExpressionFunctions basic = createBasicFunctions(); assertEquals("cn=foo,o=bar", basic.composeDn("cn","foo","o","bar")); assertEquals("cn=foo,o=bar", basic.composeDn("cn",PrismTestUtil.createPolyString("foo"),"o","bar")); assertEquals("cn=foo,o=bar", basic.composeDn("cn",PrismTestUtil.createPolyStringType("foo"),"o","bar")); assertEquals("cn=foo,o=bar", basic.composeDn("cn","foo",new Rdn("o","bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn","foo"),"ou","baz",new Rdn("o","bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn","foo"),"ou","baz","o","bar")); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn(new Rdn("cn","foo"),new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDn("cn","foo",new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo\\,foo,ou=baz,o=bar", basic.composeDn("cn","foo,foo",new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo\\=foo,ou=baz,o=bar", basic.composeDn("cn","foo=foo",new LdapName("ou=baz,o=bar"))); assertEquals(null, basic.composeDn(null)); assertEquals(null, basic.composeDn()); assertEquals(null, basic.composeDn("")); assertEquals(null, basic.composeDn(" ")); }
/** * <p> * Test method for 'javax.naming.ldap.LdapName.LdapName(List<Rdn>)' * </p> * <p> * Here we are testing the constructor method of LdapName reciving a list of * valid names. * </p> * <p> * The expected result is an instance of an object of LdapName, and also * that the indexing is made like the other way around. * </p> */ public void testLdapNameListOfRdn006() throws Exception { try { BasicAttributes bas = new BasicAttributes(); bas.put("test2", "test2"); bas.put("test1", "test1"); bas.put("test3", "test3"); Rdn rdn1 = new Rdn(bas); LinkedList<Rdn> rdns = new LinkedList<Rdn>(); rdns.add(rdn1); LdapName ln = new LdapName(rdns); assertEquals("test1=test1+test2=test2+test3=test3", ln.getAll().nextElement()); } catch (Exception e) { e.printStackTrace(); } }
private LdapEntry parseRole(String dn, String groupNameAttribute, URI groupReferralAddress) { try { LdapName ldapName = new LdapName(Rdn.unescapeValue(dn).toString()); for (int i = ldapName.size() - 1; i >= 0; i--) { String rdnString = ldapName.get(i); Rdn rdn = new Rdn(rdnString); Attribute attr = rdn.toAttributes().get(groupNameAttribute); if (attr != null) { Object value = attr.get(); if (value != null) { return new LdapEntry( (value instanceof byte[]) ? new String((byte[]) value, StandardCharsets.UTF_8) : value.toString(), dn, groupReferralAddress); } } } } catch (NamingException e) { SECURITY_LOGGER.tracef("Unable to parse role from DN (%s): %s", dn, e.getMessage()); } return null; }
/** * <p> * Test method for 'javax.naming.ldap.LdapName.getAll()' * </p> * <p> * Here we are testing if this method correctly returns all the RDNs that * make up this LdapName as Strings. * </p> * <p> * The expected result is if a non empty name returns a non-null * enumeration, and ordered like it should be. * </p> */ public void testGetAll003() throws Exception { LinkedList<Rdn> test = new LinkedList<Rdn>(); Rdn a = new Rdn("cn", "test"); Rdn b = new Rdn("uid", "test"); Rdn c = new Rdn("l", "test"); Rdn d = new Rdn("st", "test"); test.add(0, a); test.add(1, b); test.add(2, c); test.add(3, d); LdapName ln = new LdapName(test); Enumeration<String> e = ln.getAll(); for (Rdn rdn : test) { assertEquals(rdn.toString(), e.nextElement()); } }
private static String getSubjectName(final X509Certificate cert) throws InvalidNameException { final String fullSubjectDn = cert.getSubjectX500Principal().getName(); final LdapName fullSubjectLn = new LdapName(fullSubjectDn); for (final Rdn rdn: fullSubjectLn.getRdns()) { if ("CN".equalsIgnoreCase(rdn.getType())) { return rdn.getValue().toString(); } } throw new InvalidNameException("Common name not found"); }
public static String getCommonName(X509Certificate cert) throws InvalidNameException { // use LDAP API to parse the certifiate Subject :) // see http://stackoverflow.com/a/7634755/972463 LdapName ldapDN = new LdapName(cert.getSubjectX500Principal().getName()); String cn = ""; for (Rdn rdn : ldapDN.getRdns()) { if (rdn.getType().equals("CN")) { cn = rdn.getValue().toString(); } } return cn; }
/** * Maps a distinguished name (RFC 2253) to a fully qualified domain name. * Processes a sequence of RDNs having a DC attribute. * The special RDN "DC=." denotes the root of the domain tree. * Multi-valued RDNs, non-DC attributes, binary-valued attributes and the * RDN "DC=." all reset the domain name and processing continues. * * @param dn A string distinguished name (RFC 2253). * @return A domain name or null if none can be derived. * @throw InvalidNameException If the distinugished name is invalid. */ static String mapDnToDomainName(String dn) throws InvalidNameException { if (dn == null) { return null; } StringBuffer domain = new StringBuffer(); LdapName ldapName = new LdapName(dn); // process RDNs left-to-right //List<Rdn> rdnList = ldapName.getRdns(); List<Rdn> rdnList = ldapName.getRdns(); for (int i = rdnList.size() - 1; i >= 0; i--) { //Rdn rdn = rdnList.get(i); Rdn rdn = rdnList.get(i); // single-valued RDN with a DC attribute if ((rdn.size() == 1) && ("dc".equalsIgnoreCase(rdn.getType()) )) { Object attrval = rdn.getValue(); if (attrval instanceof String) { if (attrval.equals(".") || (domain.length() == 1 && domain.charAt(0) == '.')) { domain.setLength(0); // reset (when current or previous // RDN value is "DC=.") } if (domain.length() > 0) { domain.append('.'); } domain.append(attrval); } else { domain.setLength(0); // reset (when binary-valued attribute) } } else { domain.setLength(0); // reset (when multi-valued RDN or non-DC) } } return (domain.length() != 0) ? domain.toString() : null; }
/** * Maps a distinguished name (RFC 2253) to a fully qualified domain name. * Processes a sequence of RDNs having a DC attribute. * The special RDN "DC=." denotes the root of the domain tree. * Multi-valued RDNs, non-DC attributes, binary-valued attributes and the * RDN "DC=." all reset the domain name and processing continues. * * @param dn A string distinguished name (RFC 2253). * @return A domain name or null if none can be derived. * @throws InvalidNameException If the distinguished name is invalid. */ static String mapDnToDomainName(String dn) throws InvalidNameException { if (dn == null) { return null; } StringBuilder domain = new StringBuilder(); LdapName ldapName = new LdapName(dn); // process RDNs left-to-right //List<Rdn> rdnList = ldapName.getRdns(); List<Rdn> rdnList = ldapName.getRdns(); for (int i = rdnList.size() - 1; i >= 0; i--) { //Rdn rdn = rdnList.get(i); Rdn rdn = rdnList.get(i); // single-valued RDN with a DC attribute if ((rdn.size() == 1) && ("dc".equalsIgnoreCase(rdn.getType()) )) { Object attrval = rdn.getValue(); if (attrval instanceof String) { if (attrval.equals(".") || (domain.length() == 1 && domain.charAt(0) == '.')) { domain.setLength(0); // reset (when current or previous // RDN value is "DC=.") } if (domain.length() > 0) { domain.append('.'); } domain.append(attrval); } else { domain.setLength(0); // reset (when binary-valued attribute) } } else { domain.setLength(0); // reset (when multi-valued RDN or non-DC) } } return (domain.length() != 0) ? domain.toString() : null; }
private void assertAuthenticationIdentityValid(AuthenticationIdentity authenticationIdentity, X509Certificate certificate) throws InvalidNameException { LdapName ln = new LdapName(certificate.getSubjectDN().getName()); for(Rdn rdn : ln.getRdns()) { if(rdn.getType().equalsIgnoreCase("GIVENNAME")) { assertEquals(rdn.getValue().toString(), authenticationIdentity.getGivenName()); } else if(rdn.getType().equalsIgnoreCase("SURNAME")) { assertEquals(rdn.getValue().toString(), authenticationIdentity.getSurName()); } else if(rdn.getType().equalsIgnoreCase("SERIALNUMBER")) { assertEquals(rdn.getValue().toString().split("-")[1], authenticationIdentity.getIdentityCode()); } else if(rdn.getType().equalsIgnoreCase("C")) { assertEquals(rdn.getValue().toString(), authenticationIdentity.getCountry()); } } }
@Nonnull private static String _getCN (final String sPrincipal) throws InvalidNameException { for (final Rdn aRdn : new LdapName (sPrincipal).getRdns ()) if (aRdn.getType ().equalsIgnoreCase ("CN")) return (String) aRdn.getValue (); throw new IllegalStateException ("Failed to get CN from '" + sPrincipal + "'"); }
@Test public void testComposeDnWithSuffix() throws Exception { final String TEST_NAME = "testComposeDnWithSuffix"; TestUtil.displayTestTile(TEST_NAME); BasicExpressionFunctions basic = createBasicFunctions(); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDnWithSuffix(new Rdn("cn","foo"),"ou=baz,o=bar")); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDnWithSuffix(new Rdn("cn","foo"),new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn","foo","ou=baz,o=bar")); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn",PrismTestUtil.createPolyString("foo"),"ou=baz,o=bar")); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn",PrismTestUtil.createPolyStringType("foo"),"ou=baz,o=bar")); assertEquals("cn=foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn","foo",new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo,ou=baz\\,baz,o=bar", basic.composeDnWithSuffix("cn","foo","ou=baz\\,baz,o=bar")); assertEquals("cn=foo,ou=baz\\,baz,o=bar", basic.composeDnWithSuffix("cn","foo",new LdapName("ou=baz\\,baz,o=bar"))); assertEquals("cn=foo\\,foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn","foo,foo","ou=baz,o=bar")); assertEquals("cn=foo\\,foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn","foo,foo",new LdapName("ou=baz,o=bar"))); assertEquals("cn=foo\\=foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn","foo=foo","ou=baz,o=bar")); assertEquals("cn=foo\\=foo,ou=baz,o=bar", basic.composeDnWithSuffix("cn","foo=foo",new LdapName("ou=baz,o=bar"))); assertEquals("ou=baz,o=bar", basic.composeDnWithSuffix("ou=baz,o=bar")); assertEquals("ou=baz, o=bar", basic.composeDnWithSuffix("ou=baz, o=bar")); assertEquals("OU=baz, o=bar", basic.composeDnWithSuffix("OU=baz, o=bar")); assertEquals("ou=baz,o=bar", basic.composeDnWithSuffix(new LdapName("ou=baz,o=bar"))); assertEquals(null, basic.composeDnWithSuffix(null)); assertEquals(null, basic.composeDnWithSuffix()); assertEquals(null, basic.composeDnWithSuffix("")); assertEquals(null, basic.composeDnWithSuffix(" ")); }
private String getCn(String dn) { try { LdapName ln = new LdapName(dn); for (Rdn rdn : ln.getRdns()) { if (rdn.getType().equalsIgnoreCase("CN")) { return rdn.getValue().toString(); } } } catch (InvalidNameException e) {} return ""; }
public String buildQueryGroupsForUser(final LDAPConfiguration ldapConfigurator, final String userId) { String searchExpression = null; if (ldapConfigurator.getQueryGroupsForUser() != null) { // Fetch the dn of the user LDAPTemplate ldapTemplate = new LDAPTemplate(ldapConfigurator); String userDn = ldapTemplate.execute(new LDAPCallBack<String>() { @Override public String executeInContext(InitialDirContext initialDirContext) { String userDnSearch = buildQueryByUserId(ldapConfigurator, userId); try { String baseDn = ldapConfigurator.getUserBaseDn() != null ? ldapConfigurator.getUserBaseDn() : ldapConfigurator.getBaseDn(); NamingEnumeration<?> namingEnum = initialDirContext.search(baseDn, userDnSearch, createSearchControls(ldapConfigurator)); while (namingEnum.hasMore()) { // Should be only one SearchResult result = (SearchResult) namingEnum.next(); return result.getNameInNamespace(); } namingEnum.close(); } catch (NamingException e) { LOGGER.debug("Could not find user dn : {}", e.getMessage(), e); } return null; } }); searchExpression = MessageFormat.format(ldapConfigurator.getQueryGroupsForUser(), Rdn.escapeValue(userDn)); } else { searchExpression = userId; } return searchExpression; }
private static Map<String, String> parseLdapName(final String dn) { try { Map<String, String> result = new HashMap<>(); LdapName ldapName = new LdapName(dn); for (Rdn rdn : ldapName.getRdns()) { result.put(rdn.getType(), rdn.getValue().toString()); } return result; } catch (Exception e) { Throwables.throwIfUnchecked(e); throw new RuntimeException(e); } }
private List<String> getDnAttribute(LdapName rfc2253dn, String attribute) { final List<String> attrValues = new ArrayList<>(rfc2253dn.size()); final List<Rdn> reverseRdn = new ArrayList<>(rfc2253dn.getRdns()); Collections.reverse(reverseRdn); for (Rdn rdn : reverseRdn) { if (rdn.getType().equalsIgnoreCase(attribute)) { attrValues.add(rdn.getValue().toString()); } } return Collections.unmodifiableList(attrValues); }
@Nullable static String getClientUniqueID (@Nonnull final X509Certificate aCert) { try { // subject principal name must be in the order CN=XX,O=YY,C=ZZ // In some JDK versions it is O=YY,CN=XX,C=ZZ instead (e.g. 1.6.0_45) final LdapName aLdapName = new LdapName (aCert.getSubjectX500Principal ().getName ()); // Make a map from type to name final ICommonsMap <String, Rdn> aParts = new CommonsHashMap <> (); for (final Rdn aRdn : aLdapName.getRdns ()) aParts.put (aRdn.getType (), aRdn); // Re-order - least important item comes first (=reverse order)! final String sSubjectName = new LdapName (new CommonsArrayList <> (aParts.get ("C"), aParts.get ("O"), aParts.get ("CN"))).toString (); // subject-name + ":" + serial number hexstring return sSubjectName + ':' + aCert.getSerialNumber ().toString (16); } catch (final Exception ex) { s_aLogger.error ("Failed to parse '" + aCert.getSubjectX500Principal ().getName () + "'", ex); return null; } }
