Example 6 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class OpenUnisonRestful method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
String localBindDN = this.getRemoteMappedDN(base.getDN()).toString();
HttpCon con;
try {
con = this.createClient();
} catch (Exception e) {
throw new LDAPException(LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), LDAPException.OPERATIONS_ERROR, "Could not create connection", e);
}
try {
String searchScope;
switch(scope.getValue()) {
case 0:
searchScope = "base";
break;
case 1:
searchScope = "one";
break;
case 2:
searchScope = "sub";
break;
default:
throw new LDAPException(LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), LDAPException.OPERATIONS_ERROR, "Unknown search scope : " + scope.getValue());
}
StringBuffer b = new StringBuffer();
b.append(this.uriPath).append('/').append(URLEncoder.encode(localBindDN, "UTF-8")).append('/').append(URLEncoder.encode(searchScope, "UTF-8"));
StringBuffer urlBuffer = new StringBuffer();
urlBuffer.append(this.urlBase).append(b);
urlBuffer.append("?filter=").append(URLEncoder.encode(filter.getRoot().toString(), "UTF-8"));
for (Attribute attribute : attributes) {
urlBuffer.append("&attributes=").append(URLEncoder.encode(attribute.getAttribute().getName(), "UTF-8"));
}
HttpGet get = new HttpGet(urlBuffer.toString());
this.addAuthorizationHeader(b.toString(), get);
HttpResponse resp = con.getHttp().execute(get);
String json = EntityUtils.toString(resp.getEntity());
if (resp.getStatusLine().getStatusCode() == 200) {
ArrayList<Entry> toReturn = new ArrayList<Entry>();
Type listType = new TypeToken<List<LdapJsonEntry>>() {
}.getType();
List<LdapJsonEntry> returned = gson.fromJson(json, listType);
for (LdapJsonEntry fromServer : returned) {
LDAPAttributeSet attrs = new LDAPAttributeSet();
for (String attrName : fromServer.getAttrs().keySet()) {
LDAPAttribute attr = new LDAPAttribute(attrName);
for (String value : fromServer.getAttrs().get(attrName)) {
attr.addValue(value);
}
attrs.add(attr);
}
LDAPEntry ldapEntry = new LDAPEntry(this.getLocalMappedDN(new DN(fromServer.getDn())).toString(), attrs);
toReturn.add(new Entry(ldapEntry));
}
chain.addResult(results, new IteratorEntrySet(toReturn.iterator()), base, scope, filter, attributes, typesOnly, constraints);
} else {
LdapJsonError ldapResponse = gson.fromJson(json, LdapJsonError.class);
throw new LDAPException(LDAPException.resultCodeToString(ldapResponse.getResponseCode()), ldapResponse.getResponseCode(), ldapResponse.getErrorMessage());
}
} catch (LDAPException e) {
throw e;
} catch (Exception e) {
throw new LDAPException(LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), LDAPException.OPERATIONS_ERROR, "Could not create connection", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
// no point
}
con.getBcm().close();
}
}
}
Also used :
HttpGet(org.apache.http.client.methods.HttpGet)
ArrayList(java.util.ArrayList)
LdapJsonEntry(com.tremolosecurity.ldapJson.LdapJsonEntry)
HttpResponse(org.apache.http.HttpResponse)
DN(com.novell.ldap.util.DN)
IOException(java.io.IOException)
IOException(java.io.IOException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
LdapJsonEntry(com.tremolosecurity.ldapJson.LdapJsonEntry)
ContentType(org.apache.http.entity.ContentType)
Type(java.lang.reflect.Type)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LdapJsonError(com.tremolosecurity.ldapJson.LdapJsonError)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 7 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class OpenUnisonRestful method configure.
@Override
public void configure(String name, Properties props, NameSpace nameSpace) throws LDAPException {
this.name = name;
this.baseDN = props.getProperty("remoteBase");
this.localBase = nameSpace.getBase();
this.remoteBase = new DN(props.getProperty("remoteBase"));
this.explodedRemoteBase = this.remoteBase.explodeDN(false);
this.explodedLocalBase = nameSpace.getBase().getDN().explodeDN(false);
this.urlBase = props.getProperty("urlBase");
this.uriPath = props.getProperty("uriPath");
this.utils = new NamingUtils();
this.callAsUserID = props.getProperty("callAsUserID");
this.callAsUserIDAttributeName = props.getProperty("callAsUserIDAttributeName");
this.lastMileKeyName = props.getProperty("lastMileKeyName");
this.lastMileAttribute = new com.tremolosecurity.saml.Attribute(this.callAsUserIDAttributeName, this.callAsUserID);
}
Also used :
DN(com.novell.ldap.util.DN)
NamingUtils(net.sourceforge.myvd.util.NamingUtils)
Example 8 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class AuthTOTPInsert method bind.
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
DistinguishedName localdn = new DistinguishedName(new DN(dn.getDN().toString()));
logger.debug("In bind");
SearchInterceptorChain schain = chain.createSearchChain();
ArrayList<Attribute> searchattrs = new ArrayList<Attribute>();
// searchattrs.add(new Attribute(this.attribute));
logger.debug("searching...");
Results res = new Results(chain.getInterceptors(), chain.getPos());
logger.debug("Created res");
schain.nextSearch(localdn, new Int(0), new Filter("(objectClass=*)"), searchattrs, new Bool(false), res, new LDAPSearchConstraints());
logger.debug("ran search");
res.start();
logger.debug("res started");
if (!res.hasMore()) {
logger.debug("user not found");
throw new LDAPException("Could not find " + localdn.getDN().toString(), LDAPException.NO_SUCH_OBJECT, "Could not find " + localdn.getDN().toString());
}
logger.debug("user found");
LDAPEntry entry = res.next().getEntry();
LDAPAttribute key = entry.getAttribute(this.attribute);
if (key == null) {
logger.debug("No key");
throw new LDAPException("Invalid Credentials", LDAPException.NO_SUCH_OBJECT, "Invalid Credentials");
}
try {
String keyjson = key.getStringValue();
if (logger.isDebugEnabled())
logger.debug("token json : '" + keyjson + "'");
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encyrptionKey), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
if (logger.isDebugEnabled())
logger.debug("totp json : '" + totpJson + "'");
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(this.window);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String spwd = new String(pwd.getValue());
if (spwd.indexOf(':') == -1) {
logger.debug("no colon");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
String scode = spwd.substring(spwd.indexOf(':') + 1);
int code = Integer.parseInt(scode);
if (!ga.authorize(totp.getSecretKey(), code)) {
logger.debug("Verify failed");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
logger.debug("verify succeeded");
pwd.setValue(spwd.substring(0, spwd.indexOf(':')).getBytes("UTF-8"));
chain.nextBind(dn, pwd, constraints);
} catch (Exception e) {
logger.error("Could not work", e);
if (e instanceof LDAPException) {
throw ((LDAPException) e);
} else {
throw new LDAPException("Could not decrypt key", LDAPException.OPERATIONS_ERROR, "Could not decrypt key", e);
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
DN(com.novell.ldap.util.DN)
Token(com.tremolosecurity.json.Token)
Int(net.sourceforge.myvd.types.Int)
LDAPEntry(com.novell.ldap.LDAPEntry)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig)
GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)
LDAPException(com.novell.ldap.LDAPException)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
TOTPKey(com.tremolosecurity.proxy.auth.otp.TOTPKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
Example 9 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class MapJitGroups method init.
@Override
public void init(WorkflowTask task, Map<String, Attribute> params) throws ProvisioningException {
this.attributeName = params.get("attributeName").getValues().get(0);
this.groupMap = new HashMap<DN, List<String>>();
Attribute groups = params.get("groupMap");
for (String map : groups.getValues()) {
String groupName = map.substring(0, map.indexOf('='));
String dn = map.substring(map.indexOf('=') + 1);
DN groupDN = new DN(dn);
List<String> groupsToMapTo = this.groupMap.get(groupDN);
if (groupsToMapTo == null) {
groupsToMapTo = new ArrayList<String>();
this.groupMap.put(groupDN, groupsToMapTo);
}
groupsToMapTo.add(groupName);
}
}Example 10 with DN
use of com.novell.ldap.util.DN in project OpenUnison by TremoloSecurity.
the class ManagerAuthorization method isAuthorized.
@Override
public boolean isAuthorized(AuthInfo subject, String... params) throws AzException {
DN subjectDN = new DN(subject.getUserDN());
List<User> managers;
try {
managers = this.findManager(this.numLevels, this.allowLowerManagers);
} catch (Exception e) {
throw new AzException("Could not load managers", e);
}
for (User manager : managers) {
DN managerDN = new DN(manager.getAttribs().get(DISTINGUISHED_NAME).getValues().get(0));
if (managerDN.equals(subjectDN)) {
return true;
}
}
// nothing found
return false;
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
AzException(com.tremolosecurity.proxy.az.AzException)
DN(com.novell.ldap.util.DN)
AzException(com.tremolosecurity.proxy.az.AzException)
Aggregations
DN (com.novell.ldap.util.DN)15
RDN (com.novell.ldap.util.RDN)6
ArrayList (java.util.ArrayList)5
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
LDAPException (com.novell.ldap.LDAPException)3
Attribute (com.tremolosecurity.saml.Attribute)3
List (java.util.List)3
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)2
LDAPEntry (com.novell.ldap.LDAPEntry)2
IOException (java.io.IOException)2
HashSet (java.util.HashSet)2
Attribute (net.sourceforge.myvd.types.Attribute)2
Filter (net.sourceforge.myvd.types.Filter)2
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)2
AmazonDynamoDBClient (com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient)1
AmazonSimpleDBClient (com.amazonaws.services.simpledb.AmazonSimpleDBClient)1
Gson (com.google.gson.Gson)1
GsonBuilder (com.google.gson.GsonBuilder)1
LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
