Example 1 with ConnectionEntryReader
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class AMCertStore method getCertificate.
/**
* Return matched certificate from ldap certificate store
*/
public X509Certificate getCertificate() {
/*
* Lookup the certificate in the LDAP certificate
* directory and compare the values.
*/
try (Connection ldc = getConnection()) {
if (ldc == null) {
return null;
}
ConnectionEntryReader results = getSearchResults(ldc, USERCERTIFICATE, USERCERTIFICATE_BINARY, CACERTIFICATE, CACERTIFICATE_BINARY);
while (results != null && results.hasNext()) {
// "Found search results for: " + cn , 2);
if (results.isEntry()) {
SearchResultEntry entry = results.readEntry();
/*
* Retrieve the certificate from the store
*/
Attribute certAttribute = entry.getAttribute(USERCERTIFICATE);
if (certAttribute == null) {
certAttribute = entry.getAttribute(USERCERTIFICATE_BINARY);
if (certAttribute == null) {
// an end-entity certificate can be a CA certificate
certAttribute = entry.getAttribute(CACERTIFICATE);
if (certAttribute == null) {
certAttribute = entry.getAttribute(CACERTIFICATE_BINARY);
}
if (certAttribute == null) {
debug.message("AMCertStore.getCertificate: Certificate - get usercertificate is null ");
continue;
}
}
}
for (ByteString value : certAttribute) {
byte[] bytes = value.toByteArray();
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
X509Certificate c = null;
try {
c = (X509Certificate) cf.generateCertificate(bis);
} catch (CertificateParsingException e) {
debug.error("AMCertStore.getCertificate : " + "Error in Certificate parsing : ", e);
}
if (c != null) {
return c;
}
}
// inner while
} else {
SearchResultReference reference = results.readReference();
debug.warning("Got an LDAP reference - only expected entries. Ignoring: {}", reference);
}
}
// outer while
} catch (Exception e) {
debug.error("AMCertStore.getCertificate : " + "Certificate - Error finding registered certificate = ", e);
}
return null;
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
CertificateParsingException(java.security.cert.CertificateParsingException)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
SearchResultReference(org.forgerock.opendj.ldap.responses.SearchResultReference)
X509Certificate(java.security.cert.X509Certificate)
CertificateParsingException(java.security.cert.CertificateParsingException)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 2 with ConnectionEntryReader
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class LocalLdapAuthModule method getDN.
private String getDN(String uid) throws LoginException {
String retVal = "";
if (uid == null) {
throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
}
if (LDAPUtils.isDN(uid)) {
return uid;
}
String namingAttribute = UIDATTR;
try {
String orgName = (String) options.get(LoginContext.ORGNAME);
if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
// Use orgname only if it a DN, else baseDN
orgName = baseDN;
}
if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
}
} catch (Exception e) {
// Ignore the exception and use the default naming attribute
}
StringBuilder filter = new StringBuilder();
filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
String[] attrs = { "noAttr" };
ConnectionEntryReader results = null;
try {
// Read the serverconfig.xml for LDAP information
if (!readServerConfiguration) {
readServerConfig();
}
if (conn == null) {
debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
throw (new LoginException("INVALID_USER_NAME"));
} else {
results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
}
if (results.hasNext()) {
SearchResultEntry entry = results.readEntry();
retVal = entry.getName().toString();
}
if (retVal == null || retVal.equals("")) {
throw new LoginException("INVALID_USER_NAME");
}
return retVal;
} catch (LdapException | SearchResultReferenceIOException ex) {
throw new LoginException(ex.getMessage());
} finally {
IOUtils.closeIfNotNull(conn);
conn = null;
}
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
LoginException(javax.security.auth.login.LoginException)
Guid(com.iplanet.ums.Guid)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
LoginException(javax.security.auth.login.LoginException)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 3 with ConnectionEntryReader
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DataLayer method read.
/**
* Reads an ldap entry.
*
* @param principal Authentication Principal.
* @param guid Globally unique identifier for the entry.
* @param attrNames Attributes to read.
* @return an attribute set representing the entry in LDAP.
* @exception EntryNotFoundException if the entry is not found.
* @exception UMSException if fail to read the entry.
*
* @supported.api
*/
public AttrSet read(java.security.Principal principal, Guid guid, String[] attrNames) throws UMSException {
String id = guid.getDn();
ConnectionEntryReader entryReader;
SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)", attrNames);
entryReader = readLDAPEntry(principal, request);
if (entryReader == null) {
throw new AccessRightsException(id);
}
Collection<Attribute> attrs = new ArrayList<>();
try (ConnectionEntryReader reader = entryReader) {
while (reader.hasNext()) {
if (reader.isReference()) {
reader.readReference();
//TODO AME-7017
}
SearchResultEntry entry = entryReader.readEntry();
for (Attribute attr : entry.getAllAttributes()) {
attrs.add(attr);
}
}
if (attrs.isEmpty()) {
throw new EntryNotFoundException(i18n.getString(IUMSConstants.ENTRY_NOT_FOUND, new String[] { id }));
}
return new AttrSet(attrs);
} catch (IOException e) {
throw new UMSException(i18n.getString(IUMSConstants.UNABLE_TO_READ_ENTRY, new String[] { id }), e);
}
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
Attribute(org.forgerock.opendj.ldap.Attribute)
ArrayList(java.util.ArrayList)
ByteString(org.forgerock.opendj.ldap.ByteString)
IOException(java.io.IOException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
AttrSet(com.iplanet.services.ldap.AttrSet)
Example 4 with ConnectionEntryReader
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DataLayer method getAttributeString.
/**
* Returns String values of the attribute.
*
* @param principal Authentication Principal.
* @param guid distinguished name.
* @param attrName attribute name.
*
* @supported.api
*/
public String[] getAttributeString(Principal principal, Guid guid, String attrName) {
String id = guid.getDn();
SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)");
try {
try (ConnectionEntryReader reader = readLDAPEntry(principal, request)) {
Attribute attribute = reader.readEntry().getAttribute(attrName);
Collection<String> values = new ArrayList<>();
for (ByteString byteString : attribute) {
values.add(byteString.toString());
}
return values.toArray(new String[0]);
}
} catch (Exception e) {
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.getAttributeString for DN: " + id, e);
}
return null;
}
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
ArrayList(java.util.ArrayList)
ByteString(org.forgerock.opendj.ldap.ByteString)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
LdapException(org.forgerock.opendj.ldap.LdapException)
IOException(java.io.IOException)
Example 5 with ConnectionEntryReader
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class UserIdRepo method getADAMInstanceGUID.
private String getADAMInstanceGUID(Map userRepo) throws Exception {
try (Connection ld = getLDAPConnection(userRepo)) {
String attrName = "schemaNamingContext";
ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
if (res.hasNext()) {
SearchResultEntry entry = res.readEntry();
Attribute ldapAttr = entry.getAttribute(attrName);
if (ldapAttr != null) {
String value = ldapAttr.firstValueAsString();
int index = value.lastIndexOf("=");
if (index != -1) {
return value.substring(index + 1).trim();
}
}
}
}
return null;
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
Attribute(org.forgerock.opendj.ldap.Attribute)
Connection(org.forgerock.opendj.ldap.Connection)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)48
LdapException (org.forgerock.opendj.ldap.LdapException)38
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)38
Connection (org.forgerock.opendj.ldap.Connection)35
ByteString (org.forgerock.opendj.ldap.ByteString)26
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)26
SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)19
ResultCode (org.forgerock.opendj.ldap.ResultCode)18
HashSet (java.util.HashSet)17
Attribute (org.forgerock.opendj.ldap.Attribute)16
PolicyException (com.sun.identity.policy.PolicyException)12
SSOException (com.iplanet.sso.SSOException)11
IOException (java.io.IOException)10
InvalidNameException (com.sun.identity.policy.InvalidNameException)9
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9
SMSException (com.sun.identity.sm.SMSException)7
ArrayList (java.util.ArrayList)7
LinkedHashSet (java.util.LinkedHashSet)7
DN (org.forgerock.opendj.ldap.DN)7
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)5
