Example 1 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class OktaInsert method configure.
@Override
public void configure(String name, Properties props, NameSpace ns) throws LDAPException {
this.name = name;
this.nameSpace = ns;
this.target = props.getProperty("target");
this.objectClass = props.getProperty("objectClass");
String isusers = props.getProperty("users");
this.users = isusers == null || isusers.equalsIgnoreCase("true");
this.baseDN = new DN(ns.getBase().getDN().toString());
}Example 2 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class MapJitGroups method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
Attribute groupAttr = user.getAttribs().get(this.attributeName);
Set<String> groupDNs = new HashSet<String>();
if (groupAttr != null) {
for (String dnFromAttr : groupAttr.getValues()) {
groupDNs.add(new DN(dnFromAttr).toString().toLowerCase());
}
}
for (DN groupDN : groupMap.keySet()) {
if (groupDNs.contains(groupDN.toString().toLowerCase())) {
user.getGroups().addAll(groupMap.get(groupDN));
} else {
user.getGroups().removeAll(groupMap.get(groupDN));
}
}
return true;
}Example 3 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method configure.
@Override
public void configure(String name, Properties props, NameSpace nameSpace) throws LDAPException {
this.name = name;
this.baseDN = new DN(nameSpace.getBase().getDN().toString());
this.gson = new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create();
this.nameSpace = props.getProperty("nameSpace");
this.k8sTarget = props.getProperty("k8sTargetName");
this.alwaysMapUIDInFilter = props.getProperty("alwaysMapUIDInFilter") != null && props.getProperty("alwaysMapUIDInFilter").equalsIgnoreCase("true");
}
Also used :
GsonBuilder(com.google.gson.GsonBuilder)
DN(com.novell.ldap.util.DN)
RDN(com.novell.ldap.util.RDN)
Example 4 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDB method configure.
@Override
public void configure(String name, Properties props, NameSpace ns) throws LDAPException {
this.name = name;
this.accessKey = props.getProperty("accessKey");
this.secretKey = props.getProperty("secretKey");
this.userDomain = props.getProperty("userDomain");
this.groupDomain = props.getProperty("groupDomain");
this.userDN = new DN("ou=users," + ns.getBase().getDN().toString());
this.groupDN = new DN("ou=groups," + ns.getBase().getDN().toString());
this.baseDN = new DN(ns.getBase().getDN().toString());
this.sdb = new AmazonSimpleDBClient(new BasicAWSCredentials(accessKey, secretKey));
}
Also used :
AmazonSimpleDBClient(com.amazonaws.services.simpledb.AmazonSimpleDBClient)
DN(com.novell.ldap.util.DN)
RDN(com.novell.ldap.util.RDN)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
Example 5 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class CrlChecker method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
Attribute issuersParam = authParams.get("issuer");
HashSet<X500Principal> issuers = new HashSet<X500Principal>();
for (String dn : issuersParam.getValues()) {
issuers.add(new X500Principal(dn));
}
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (certs == null) {
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
X509Certificate cert = certs[0];
DN dn = new DN(cert.getSubjectX500Principal().getName());
Vector<RDN> rdns = dn.getRDNs();
HashMap<String, String> subject = new HashMap<String, String>();
for (RDN rdn : rdns) {
subject.put(rdn.getType(), rdn.getValue());
}
// Load SANS
try {
if (cert.getSubjectAlternativeNames() != null) {
java.util.Collection altNames = cert.getSubjectAlternativeNames();
Iterator iter = altNames.iterator();
while (iter.hasNext()) {
java.util.List item = (java.util.List) iter.next();
Integer type = (Integer) item.get(0);
subject.put(SAN_NAMES[type.intValue()], item.get(1).toString());
}
}
} catch (CertificateParsingException e1) {
throw new ServletException("Could not parse certificate", e1);
}
for (CertificateExtractSubjectAttribute cesa : this.extracts) {
cesa.addSubjects(subject, certs);
}
MyVDConnection myvd = cfgMgr.getMyVD();
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
boolean OK = false;
boolean certOK = true;
int i = 0;
for (X509Certificate certx : certs) {
if (issuers.contains(certx.getIssuerX500Principal())) {
OK = true;
}
if (certOK) {
for (CRLManager crlM : this.crls) {
X509Certificate issuer = null;
if (i + 1 < certs.length) {
issuer = certs[i + 1];
} else {
try {
Enumeration<String> enumer = cfgMgr.getKeyStore().aliases();
while (enumer.hasMoreElements()) {
String alias = enumer.nextElement();
X509Certificate lissuer = (X509Certificate) cfgMgr.getKeyStore().getCertificate(alias);
if (lissuer != null && lissuer.getSubjectX500Principal().equals(certs[i].getIssuerX500Principal())) {
try {
certs[i].verify(lissuer.getPublicKey());
issuer = lissuer;
} catch (Exception e) {
logger.warn("Issuer with wrong public key", e);
}
}
}
} catch (KeyStoreException e) {
throw new ServletException("Could not process CRLs", e);
}
}
if (issuer != null) {
if (!crlM.isValid(certx, issuer)) {
certOK = false;
break;
}
} else {
logger.warn("No issuer! not performing CRL check");
}
}
}
}
if (!OK || !certOK) {
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
String uidAttr = "uid";
if (authParams.get("uidAttr") != null) {
uidAttr = authParams.get("uidAttr").getValues().get(0);
}
boolean uidIsFilter = false;
if (authParams.get("uidIsFilter") != null) {
uidIsFilter = authParams.get("uidIsFilter").getValues().get(0).equalsIgnoreCase("true");
}
String filter = "";
if (uidIsFilter) {
StringBuffer b = new StringBuffer();
int lastIndex = 0;
int index = uidAttr.indexOf('$');
while (index >= 0) {
b.append(uidAttr.substring(lastIndex, index));
lastIndex = uidAttr.indexOf('}', index) + 1;
String reqName = uidAttr.substring(index + 2, lastIndex - 1);
b.append(subject.get(reqName));
index = uidAttr.indexOf('$', index + 1);
}
b.append(uidAttr.substring(lastIndex));
filter = b.toString();
} else {
StringBuffer b = new StringBuffer();
if (subject.get(uidAttr) == null) {
filter = "(!(objectClass=*))";
} else {
filter = equal(uidAttr, subject.get(uidAttr)).toString();
}
}
String rdnAttr = authParams.get("rdnAttribute").getValues().get(0);
ArrayList<String> rdnAttrs = new ArrayList<String>();
StringTokenizer toker = new StringTokenizer(rdnAttr, ",", false);
while (toker.hasMoreTokens()) {
rdnAttrs.add(toker.nextToken());
}
String defaultOC = authParams.get("defaultOC").getValues().get(0);
String dnLabel = authParams.get("dnLabel").getValues().get(0);
as.setSuccess(true);
try {
LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, filter, new ArrayList<String>());
if (res.hasMore()) {
createUserFromDir(session, act, res);
} else {
createUnlinkedUser(session, act, rdnAttrs, dnLabel, defaultOC, subject);
}
} catch (LDAPException e) {
if (e.getResultCode() == 32) {
createUnlinkedUser(session, act, rdnAttrs, dnLabel, defaultOC, subject);
} else {
throw new ServletException("Could not search for user", e);
}
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
/*try {
for (String oid : cert.getCriticalExtensionOIDs()) {
byte[] derEncoded = cert.getExtensionValue(oid);
//System.out.println("critical : " + oid);
}
for (String oid : cert.getNonCriticalExtensionOIDs()) {
byte[] derEncoded = cert.getExtensionValue(oid);
//System.out.println("noncritical : " + oid);
ASN1InputStream ain = new ASN1InputStream(new ByteArrayInputStream(derEncoded));
DEREncodable obj = ain.readObject();
do {
DEROctetString deros = (DEROctetString) obj;
//System.out.println(deros.toString());
X509Extension extension = new X509Extension(false,deros);
//System.out.println(extension.toString());
obj = ain.readObject();
} while (obj != null);
}
} catch (Exception e) {
throw new ServletException("Error parsing certificate",e);
}*/
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
DN(com.novell.ldap.util.DN)
RDN(com.novell.ldap.util.RDN)
CRLManager(com.tremolosecurity.proxy.auth.ssl.CRLManager)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
RDN(com.novell.ldap.util.RDN)
HashSet(java.util.HashSet)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
HttpSession(javax.servlet.http.HttpSession)
Collection(java.util.Collection)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
KeyStoreException(java.security.KeyStoreException)
X509Certificate(java.security.cert.X509Certificate)
LDAPException(com.novell.ldap.LDAPException)
ServletException(javax.servlet.ServletException)
CertificateParsingException(java.security.cert.CertificateParsingException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
List(java.util.List)
StringTokenizer(java.util.StringTokenizer)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
X500Principal(javax.security.auth.x500.X500Principal)
Aggregations
DN (com.novell.ldap.util.DN)15
RDN (com.novell.ldap.util.RDN)6
ArrayList (java.util.ArrayList)5
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
LDAPException (com.novell.ldap.LDAPException)3
Attribute (com.tremolosecurity.saml.Attribute)3
List (java.util.List)3
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)2
LDAPEntry (com.novell.ldap.LDAPEntry)2
IOException (java.io.IOException)2
HashSet (java.util.HashSet)2
Attribute (net.sourceforge.myvd.types.Attribute)2
Filter (net.sourceforge.myvd.types.Filter)2
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)2
AmazonDynamoDBClient (com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient)1
AmazonSimpleDBClient (com.amazonaws.services.simpledb.AmazonSimpleDBClient)1
Gson (com.google.gson.Gson)1
GsonBuilder (com.google.gson.GsonBuilder)1
LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
