Example 1 with DistinguishedNameMatchingRule
use of com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule in project ldapsdk by pingidentity.
the class ScrambleAttributeTransformation method scrambleAttribute.
/**
* Creates a copy of the provided attribute with its values scrambled if
* appropriate.
*
* @param a The attribute to scramble.
*
* @return A copy of the provided attribute with its values scrambled, or
* the original attribute if no scrambling should be performed.
*/
@Nullable()
public Attribute scrambleAttribute(@NotNull final Attribute a) {
if ((a == null) || (a.size() == 0)) {
return a;
}
final String baseName = StaticUtils.toLowerCase(a.getBaseName());
final MatchingRule matchingRule = attributes.get(baseName);
if (matchingRule == null) {
return a;
}
if (matchingRule instanceof BooleanMatchingRule) {
// results. We will just pick boolean values at random.
if (a.size() == 1) {
return new Attribute(a.getName(), schema, ThreadLocalRandom.get().nextBoolean() ? "TRUE" : "FALSE");
} else {
// regardless of how many values the provided attribute actually had.
return new Attribute(a.getName(), schema, "TRUE", "FALSE");
}
} else if (matchingRule instanceof DistinguishedNameMatchingRule) {
final String[] originalValues = a.getValues();
final String[] scrambledValues = new String[originalValues.length];
for (int i = 0; i < originalValues.length; i++) {
try {
scrambledValues[i] = scrambleDN(new DN(originalValues[i])).toString();
} catch (final Exception e) {
Debug.debugException(e);
scrambledValues[i] = scrambleString(originalValues[i]);
}
}
return new Attribute(a.getName(), schema, scrambledValues);
} else if (matchingRule instanceof GeneralizedTimeMatchingRule) {
final String[] originalValues = a.getValues();
final String[] scrambledValues = new String[originalValues.length];
for (int i = 0; i < originalValues.length; i++) {
scrambledValues[i] = scrambleGeneralizedTime(originalValues[i]);
}
return new Attribute(a.getName(), schema, scrambledValues);
} else if ((matchingRule instanceof IntegerMatchingRule) || (matchingRule instanceof NumericStringMatchingRule) || (matchingRule instanceof TelephoneNumberMatchingRule)) {
final String[] originalValues = a.getValues();
final String[] scrambledValues = new String[originalValues.length];
for (int i = 0; i < originalValues.length; i++) {
scrambledValues[i] = scrambleNumericValue(originalValues[i]);
}
return new Attribute(a.getName(), schema, scrambledValues);
} else if (matchingRule instanceof OctetStringMatchingRule) {
// If the target attribute is userPassword, then treat it like an encoded
// password.
final byte[][] originalValues = a.getValueByteArrays();
final byte[][] scrambledValues = new byte[originalValues.length][];
for (int i = 0; i < originalValues.length; i++) {
if (baseName.equals("userpassword") || baseName.equals("2.5.4.35")) {
scrambledValues[i] = StaticUtils.getBytes(scrambleEncodedPassword(StaticUtils.toUTF8String(originalValues[i])));
} else {
scrambledValues[i] = scrambleBinaryValue(originalValues[i]);
}
}
return new Attribute(a.getName(), schema, scrambledValues);
} else {
final String[] originalValues = a.getValues();
final String[] scrambledValues = new String[originalValues.length];
for (int i = 0; i < originalValues.length; i++) {
if (baseName.equals("userpassword") || baseName.equals("2.5.4.35") || baseName.equals("authpassword") || baseName.equals("1.3.6.1.4.1.4203.1.3.4")) {
scrambledValues[i] = scrambleEncodedPassword(originalValues[i]);
} else if (originalValues[i].startsWith("{") && originalValues[i].endsWith("}")) {
scrambledValues[i] = scrambleJSONObject(originalValues[i]);
} else {
scrambledValues[i] = scrambleString(originalValues[i]);
}
}
return new Attribute(a.getName(), schema, scrambledValues);
}
}
Also used :
GeneralizedTimeMatchingRule(com.unboundid.ldap.matchingrules.GeneralizedTimeMatchingRule)
Attribute(com.unboundid.ldap.sdk.Attribute)
NumericStringMatchingRule(com.unboundid.ldap.matchingrules.NumericStringMatchingRule)
IntegerMatchingRule(com.unboundid.ldap.matchingrules.IntegerMatchingRule)
DN(com.unboundid.ldap.sdk.DN)
RDN(com.unboundid.ldap.sdk.RDN)
JSONString(com.unboundid.util.json.JSONString)
BooleanMatchingRule(com.unboundid.ldap.matchingrules.BooleanMatchingRule)
TelephoneNumberMatchingRule(com.unboundid.ldap.matchingrules.TelephoneNumberMatchingRule)
DistinguishedNameMatchingRule(com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule)
OctetStringMatchingRule(com.unboundid.ldap.matchingrules.OctetStringMatchingRule)
MatchingRule(com.unboundid.ldap.matchingrules.MatchingRule)
NumericStringMatchingRule(com.unboundid.ldap.matchingrules.NumericStringMatchingRule)
IntegerMatchingRule(com.unboundid.ldap.matchingrules.IntegerMatchingRule)
BooleanMatchingRule(com.unboundid.ldap.matchingrules.BooleanMatchingRule)
DistinguishedNameMatchingRule(com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule)
TelephoneNumberMatchingRule(com.unboundid.ldap.matchingrules.TelephoneNumberMatchingRule)
GeneralizedTimeMatchingRule(com.unboundid.ldap.matchingrules.GeneralizedTimeMatchingRule)
CaseIgnoreStringMatchingRule(com.unboundid.ldap.matchingrules.CaseIgnoreStringMatchingRule)
OctetStringMatchingRule(com.unboundid.ldap.matchingrules.OctetStringMatchingRule)
Nullable(com.unboundid.util.Nullable)
Example 2 with DistinguishedNameMatchingRule
use of com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule in project ldapsdk by pingidentity.
the class RedactAttributeTransformation method transformEntry.
/**
* {@inheritDoc}
*/
@Override()
@Nullable()
public Entry transformEntry(@NotNull final Entry e) {
if (e == null) {
return null;
}
// If we should process entry DNs, then see if the DN contains any of the
// target attributes.
final String newDN;
if (redactDNAttributes) {
newDN = redactDN(e.getDN());
} else {
newDN = e.getDN();
}
// Create a copy of the entry with all appropriate attributes redacted.
final Collection<Attribute> originalAttributes = e.getAttributes();
final ArrayList<Attribute> newAttributes = new ArrayList<>(originalAttributes.size());
for (final Attribute a : originalAttributes) {
final String baseName = StaticUtils.toLowerCase(a.getBaseName());
if (attributes.contains(baseName)) {
if (preserveValueCount && (a.size() > 1)) {
final ASN1OctetString[] values = new ASN1OctetString[a.size()];
for (int i = 0; i < values.length; i++) {
values[i] = new ASN1OctetString("***REDACTED" + (i + 1) + "***");
}
newAttributes.add(new Attribute(a.getName(), values));
} else {
newAttributes.add(new Attribute(a.getName(), "***REDACTED***"));
}
} else if (redactDNAttributes && (schema != null) && (MatchingRule.selectEqualityMatchingRule(baseName, schema) instanceof DistinguishedNameMatchingRule)) {
final String[] originalValues = a.getValues();
final String[] newValues = new String[originalValues.length];
for (int i = 0; i < originalValues.length; i++) {
newValues[i] = redactDN(originalValues[i]);
}
newAttributes.add(new Attribute(a.getName(), schema, newValues));
} else {
newAttributes.add(a);
}
}
return new Entry(newDN, schema, newAttributes);
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Entry(com.unboundid.ldap.sdk.Entry)
Attribute(com.unboundid.ldap.sdk.Attribute)
ArrayList(java.util.ArrayList)
DistinguishedNameMatchingRule(com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Nullable(com.unboundid.util.Nullable)
Example 3 with DistinguishedNameMatchingRule
use of com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule in project ldapsdk by pingidentity.
the class RedactAttributeTransformation method transformChangeRecord.
/**
* {@inheritDoc}
*/
@Override()
@Nullable()
public LDIFChangeRecord transformChangeRecord(@NotNull final LDIFChangeRecord r) {
if (r == null) {
return null;
}
// entry.
if (r instanceof LDIFAddChangeRecord) {
final LDIFAddChangeRecord addRecord = (LDIFAddChangeRecord) r;
return new LDIFAddChangeRecord(transformEntry(addRecord.getEntryToAdd()), addRecord.getControls());
}
// that we might need to redact.
if (r instanceof LDIFDeleteChangeRecord) {
if (redactDNAttributes) {
final LDIFDeleteChangeRecord deleteRecord = (LDIFDeleteChangeRecord) r;
return new LDIFDeleteChangeRecord(redactDN(deleteRecord.getDN()), deleteRecord.getControls());
} else {
return r;
}
}
// If it's a modify change record, then redact all appropriate values.
if (r instanceof LDIFModifyChangeRecord) {
final LDIFModifyChangeRecord modifyRecord = (LDIFModifyChangeRecord) r;
final String newDN;
if (redactDNAttributes) {
newDN = redactDN(modifyRecord.getDN());
} else {
newDN = modifyRecord.getDN();
}
final Modification[] originalMods = modifyRecord.getModifications();
final Modification[] newMods = new Modification[originalMods.length];
for (int i = 0; i < originalMods.length; i++) {
// If the modification doesn't have any values, then just use the
// original modification.
final Modification m = originalMods[i];
if (!m.hasValue()) {
newMods[i] = m;
continue;
}
// See if the modification targets an attribute that we should redact.
// If not, then see if the attribute has a DN syntax.
final String attrName = StaticUtils.toLowerCase(Attribute.getBaseName(m.getAttributeName()));
if (!attributes.contains(attrName)) {
if (redactDNAttributes && (schema != null) && (MatchingRule.selectEqualityMatchingRule(attrName, schema) instanceof DistinguishedNameMatchingRule)) {
final String[] originalValues = m.getValues();
final String[] newValues = new String[originalValues.length];
for (int j = 0; j < originalValues.length; j++) {
newValues[j] = redactDN(originalValues[j]);
}
newMods[i] = new Modification(m.getModificationType(), m.getAttributeName(), newValues);
} else {
newMods[i] = m;
}
continue;
}
// Get the original values. If there's only one of them, or if we
// shouldn't preserve the original number of values, then just create a
// modification with a single value. Otherwise, create a modification
// with the appropriate number of values.
final ASN1OctetString[] originalValues = m.getRawValues();
if (preserveValueCount && (originalValues.length > 1)) {
final ASN1OctetString[] newValues = new ASN1OctetString[originalValues.length];
for (int j = 0; j < originalValues.length; j++) {
newValues[j] = new ASN1OctetString("***REDACTED" + (j + 1) + "***");
}
newMods[i] = new Modification(m.getModificationType(), m.getAttributeName(), newValues);
} else {
newMods[i] = new Modification(m.getModificationType(), m.getAttributeName(), "***REDACTED***");
}
}
return new LDIFModifyChangeRecord(newDN, newMods, modifyRecord.getControls());
}
// superior DN contain anything that we might need to redact.
if (r instanceof LDIFModifyDNChangeRecord) {
if (redactDNAttributes) {
final LDIFModifyDNChangeRecord modDNRecord = (LDIFModifyDNChangeRecord) r;
return new LDIFModifyDNChangeRecord(redactDN(modDNRecord.getDN()), redactDN(modDNRecord.getNewRDN()), modDNRecord.deleteOldRDN(), redactDN(modDNRecord.getNewSuperiorDN()), modDNRecord.getControls());
} else {
return r;
}
}
// We should never get here.
return r;
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Modification(com.unboundid.ldap.sdk.Modification)
LDIFAddChangeRecord(com.unboundid.ldif.LDIFAddChangeRecord)
DistinguishedNameMatchingRule(com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule)
LDIFModifyChangeRecord(com.unboundid.ldif.LDIFModifyChangeRecord)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
LDIFDeleteChangeRecord(com.unboundid.ldif.LDIFDeleteChangeRecord)
LDIFModifyDNChangeRecord(com.unboundid.ldif.LDIFModifyDNChangeRecord)
Nullable(com.unboundid.util.Nullable)
Example 4 with DistinguishedNameMatchingRule
use of com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule in project ldapsdk by pingidentity.
the class RenameAttributeTransformation method transformEntry.
/**
* {@inheritDoc}
*/
@Override()
@Nullable()
public Entry transformEntry(@NotNull final Entry e) {
if (e == null) {
return null;
}
final String newDN;
if (renameInDNs) {
newDN = replaceDN(e.getDN());
} else {
newDN = e.getDN();
}
// Iterate through the attributes in the entry and make any appropriate name
// replacements.
final Collection<Attribute> originalAttributes = e.getAttributes();
final ArrayList<Attribute> newAttributes = new ArrayList<>(originalAttributes.size());
for (final Attribute a : originalAttributes) {
// Determine if we we should rename this attribute.
final String newName;
final String baseName = StaticUtils.toLowerCase(a.getBaseName());
if (baseSourceNames.contains(baseName)) {
if (a.hasOptions()) {
final StringBuilder buffer = new StringBuilder();
buffer.append(baseTargetName);
for (final String option : a.getOptions()) {
buffer.append(';');
buffer.append(option);
}
newName = buffer.toString();
} else {
newName = baseTargetName;
}
} else {
newName = a.getName();
}
// If we should rename attributes in entry DNs, then see if this
// attribute has a DN syntax and if so then process its values.
final String[] newValues;
if (renameInDNs && (schema != null) && (MatchingRule.selectEqualityMatchingRule(baseName, schema) instanceof DistinguishedNameMatchingRule)) {
final String[] originalValues = a.getValues();
newValues = new String[originalValues.length];
for (int i = 0; i < originalValues.length; i++) {
newValues[i] = replaceDN(originalValues[i]);
}
} else {
newValues = a.getValues();
}
newAttributes.add(new Attribute(newName, schema, newValues));
}
return new Entry(newDN, newAttributes);
}
Also used :
Entry(com.unboundid.ldap.sdk.Entry)
Attribute(com.unboundid.ldap.sdk.Attribute)
ArrayList(java.util.ArrayList)
DistinguishedNameMatchingRule(com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule)
Nullable(com.unboundid.util.Nullable)
Aggregations
DistinguishedNameMatchingRule (com.unboundid.ldap.matchingrules.DistinguishedNameMatchingRule)4
Nullable (com.unboundid.util.Nullable)4
Attribute (com.unboundid.ldap.sdk.Attribute)3
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)2
Entry (com.unboundid.ldap.sdk.Entry)2
ArrayList (java.util.ArrayList)2
BooleanMatchingRule (com.unboundid.ldap.matchingrules.BooleanMatchingRule)1
CaseIgnoreStringMatchingRule (com.unboundid.ldap.matchingrules.CaseIgnoreStringMatchingRule)1
GeneralizedTimeMatchingRule (com.unboundid.ldap.matchingrules.GeneralizedTimeMatchingRule)1
IntegerMatchingRule (com.unboundid.ldap.matchingrules.IntegerMatchingRule)1
MatchingRule (com.unboundid.ldap.matchingrules.MatchingRule)1
NumericStringMatchingRule (com.unboundid.ldap.matchingrules.NumericStringMatchingRule)1
OctetStringMatchingRule (com.unboundid.ldap.matchingrules.OctetStringMatchingRule)1
TelephoneNumberMatchingRule (com.unboundid.ldap.matchingrules.TelephoneNumberMatchingRule)1
DN (com.unboundid.ldap.sdk.DN)1
Modification (com.unboundid.ldap.sdk.Modification)1
RDN (com.unboundid.ldap.sdk.RDN)1
LDIFAddChangeRecord (com.unboundid.ldif.LDIFAddChangeRecord)1
LDIFDeleteChangeRecord (com.unboundid.ldif.LDIFDeleteChangeRecord)1
LDIFModifyChangeRecord (com.unboundid.ldif.LDIFModifyChangeRecord)1
