Search in sources :

Example 1 with Modification

use of com.unboundid.ldap.sdk.Modification in project gitblit by gitblit.

the class LdapPublicKeyManagerTest method testGetKeysPrefixedPermissions.

@Test
public void testGetKeysPrefixedPermissions() throws LDAPException {
    // This test is independent from authentication mode, so run only once.
    assumeTrue(authMode == AuthMode.ANONYMOUS);
    String keyRsaOne = getRsaPubKey("UserOne@example.com");
    String keyRsaTwo = getRsaPubKey("UserTwo at example.com");
    String keyDsaTwo = getDsaPubKey("UserTwo@example.com");
    String keyRsaThree = getRsaPubKey("example.com: user Three");
    String keyDsaThree = getDsaPubKey("");
    String keyEcThree = getEcPubKey("  ");
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "permitopen=\"host:220\"" + keyRsaOne));
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "sshkey:" + "  	 " + keyRsaTwo));
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHKEY :" + "no-agent-forwarding " + keyDsaTwo));
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " command=\"sh /etc/netstart tun0 \" " + keyRsaThree));
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " command=\"netstat -nult\",environment=\"gb=\\\"What now\\\"\" " + keyDsaThree));
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"SSH=git\",command=\"netstat -nult\",environment=\"gbPerms=VIEW\" " + keyEcThree));
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "environment=\"gbPerm=R\" " + keyRsaOne));
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHKey : " + " restrict,environment=\"gbPerm=V\",permitopen=\"sshkey: 220\" " + keyRsaTwo));
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "permitopen=\"sshkey: 443\",restrict,environment=\"gbPerm=RW\",pty " + keyDsaTwo));
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"gbPerm=CLONE\",permitopen=\"pubkey: 29184\",environment=\"X=\\\" Y \\\"\" " + keyRsaThree));
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " environment=\"A = B \",from=\"*.example.com,!pc.example.com\",environment=\"gbPerm=VIEW\" " + keyDsaThree));
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"SSH=git\",environment=\"gbPerm=PUSH\",environemnt=\"XYZ='Ali Baba'\" " + keyEcThree));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "environment=\"gbPerm=R\",environment=\"josh=\\\"mean\\\"\",tunnel=\"0\" " + keyRsaOne));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey : " + " environment=\" gbPerm = V \" 	 " + keyRsaTwo));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "command=\"sh echo \\\"Nope, not you! \\b (bell)\\\" \",user-rc,environment=\"gbPerm=RW\" " + keyDsaTwo));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"gbPerm=VIEW\",command=\"sh /etc/netstart tun0 \",environment=\"gbPerm=CLONE\",no-pty " + keyRsaThree));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "	command=\"netstat -nult\",environment=\"gbPerm=VIEW\" " + keyDsaThree));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"SSH=git\",command=\"netstat -nult\",environment=\"gbPerm=PUSH\" " + keyEcThree));
    // Weird stuff, not to specification but shouldn't make it stumble.
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "opttest: " + "permitopen=host:443,command=,environment=\"gbPerm=CLONE\",no-pty= " + keyRsaThree));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", " opttest: " + "	cmd=git,environment=\"gbPerm=\\\"VIEW\\\"\" " + keyDsaThree));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "	opttest:" + "environment=,command=netstat,environment=gbperm=push " + keyEcThree));
    LdapKeyManager kmgr = new LdapKeyManager(settings);
    settings.put(Keys.realm.ldap.sshPublicKey, "altSecurityIdentities:SSHkey");
    List<SshKey> keys = kmgr.getKeys("UserOne");
    assertNotNull(keys);
    assertEquals(2, keys.size());
    int seen = 0;
    for (SshKey key : keys) {
        assertEquals(AccessPermission.PUSH, key.getPermission());
        if (keyRsaOne.equals(key.getRawData())) {
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            seen += 1 << 5;
        }
    }
    assertEquals(6, seen);
    keys = kmgr.getKeys("UserTwo");
    assertNotNull(keys);
    assertEquals(3, keys.size());
    seen = 0;
    for (SshKey key : keys) {
        if (keyRsaOne.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 5;
        }
    }
    assertEquals(7, seen);
    keys = kmgr.getKeys("UserThree");
    assertNotNull(keys);
    assertEquals(3, keys.size());
    seen = 0;
    for (SshKey key : keys) {
        if (keyRsaOne.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 5;
        }
    }
    assertEquals(7, seen);
    settings.put(Keys.realm.ldap.sshPublicKey, "altSecurityIdentities:pubKey");
    keys = kmgr.getKeys("UserOne");
    assertNotNull(keys);
    assertEquals(3, keys.size());
    seen = 0;
    for (SshKey key : keys) {
        assertEquals(AccessPermission.PUSH, key.getPermission());
        if (keyRsaOne.equals(key.getRawData())) {
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            seen += 1 << 5;
        }
    }
    assertEquals(56, seen);
    keys = kmgr.getKeys("UserTwo");
    assertNotNull(keys);
    assertEquals(3, keys.size());
    seen = 0;
    for (SshKey key : keys) {
        if (keyRsaOne.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 5;
        }
    }
    assertEquals(56, seen);
    keys = kmgr.getKeys("UserThree");
    assertNotNull(keys);
    assertEquals(3, keys.size());
    seen = 0;
    for (SshKey key : keys) {
        if (keyRsaOne.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 5;
        }
    }
    assertEquals(56, seen);
    settings.put(Keys.realm.ldap.sshPublicKey, "altSecurityIdentities:opttest");
    keys = kmgr.getKeys("UserThree");
    assertNotNull(keys);
    assertEquals(3, keys.size());
    seen = 0;
    for (SshKey key : keys) {
        if (keyRsaOne.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 0;
        } else if (keyRsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 1;
        } else if (keyDsaTwo.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 2;
        } else if (keyRsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.CLONE, key.getPermission());
            seen += 1 << 3;
        } else if (keyDsaThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.VIEW, key.getPermission());
            seen += 1 << 4;
        } else if (keyEcThree.equals(key.getRawData())) {
            assertEquals(AccessPermission.PUSH, key.getPermission());
            seen += 1 << 5;
        }
    }
    assertEquals(56, seen);
}
Also used : SshKey(com.gitblit.transport.ssh.SshKey) Modification(com.unboundid.ldap.sdk.Modification) LdapKeyManager(com.gitblit.transport.ssh.LdapKeyManager) Test(org.junit.Test)

Example 2 with Modification

use of com.unboundid.ldap.sdk.Modification in project gitblit by gitblit.

the class LdapPublicKeyManagerTest method testKeyValidity.

@Test
public void testKeyValidity() throws LDAPException, GeneralSecurityException {
    LdapKeyManager kmgr = new LdapKeyManager(settings);
    String comment = "UserTwo@example.com";
    String keyDsaTwo = getDsaPubKey(comment);
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "sshPublicKey", keyDsaTwo));
    List<SshKey> keys = kmgr.getKeys("UserTwo");
    assertNotNull(keys);
    assertEquals(1, keys.size());
    SshKey sshKey = keys.get(0);
    assertEquals(keyDsaTwo, sshKey.getRawData());
    Signature signature = SecurityUtils.getSignature("DSA");
    signature.initSign(getDsaKeyPair(comment).getPrivate());
    byte[] message = comment.getBytes();
    signature.update(message);
    byte[] sigBytes = signature.sign();
    signature.initVerify(sshKey.getPublicKey());
    signature.update(message);
    assertTrue("Verify failed with retrieved SSH key.", signature.verify(sigBytes));
}
Also used : SshKey(com.gitblit.transport.ssh.SshKey) Modification(com.unboundid.ldap.sdk.Modification) Signature(java.security.Signature) LdapKeyManager(com.gitblit.transport.ssh.LdapKeyManager) Test(org.junit.Test)

Example 3 with Modification

use of com.unboundid.ldap.sdk.Modification in project zm-mailbox by Zimbra.

the class UBIDModificationList method removeAttr.

@Override
public void removeAttr(String name, String[] value, Entry entry, boolean containsBinaryData, boolean isBinaryTransfer) {
    String[] currentValues = entry.getMultiAttr(name, false, true);
    if (currentValues == null || currentValues.length == 0) {
        return;
    }
    List<ASN1OctetString> valuesToRemove = null;
    for (int i = 0; i < value.length; i++) {
        if (!LdapUtil.contains(currentValues, value[i])) {
            continue;
        }
        if (valuesToRemove == null) {
            valuesToRemove = new ArrayList<ASN1OctetString>();
        }
        valuesToRemove.add(UBIDUtil.newASN1OctetString(containsBinaryData, value[i]));
    }
    if (valuesToRemove != null) {
        String transferAttrName = LdapUtil.attrNameToBinaryTransferAttrName(isBinaryTransfer, name);
        Modification mod = new Modification(ModificationType.DELETE, transferAttrName, valuesToRemove.toArray(new ASN1OctetString[valuesToRemove.size()]));
        modList.add(mod);
    }
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) Modification(com.unboundid.ldap.sdk.Modification) ASN1OctetString(com.unboundid.asn1.ASN1OctetString)

Example 4 with Modification

use of com.unboundid.ldap.sdk.Modification in project zm-mailbox by Zimbra.

the class UBIDModificationList method removeAttr.

@Override
public void removeAttr(String attrName, boolean isBinaryTransfer) {
    String transferAttrName = LdapUtil.attrNameToBinaryTransferAttrName(isBinaryTransfer, attrName);
    Modification mod = new Modification(ModificationType.DELETE, transferAttrName);
    modList.add(mod);
}
Also used : Modification(com.unboundid.ldap.sdk.Modification) ASN1OctetString(com.unboundid.asn1.ASN1OctetString)

Example 5 with Modification

use of com.unboundid.ldap.sdk.Modification in project gitblit by gitblit.

the class LdapPublicKeyManagerTest method testGetKeysAttributeName.

@Test
public void testGetKeysAttributeName() throws LDAPException {
    settings.put(Keys.realm.ldap.sshPublicKey, "sshPublicKey");
    String keyRsaOne = getRsaPubKey("UserOne@example.com");
    getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "sshPublicKey", keyRsaOne));
    String keyDsaTwo = getDsaPubKey("UserTwo@example.com");
    getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "publicsshkey", keyDsaTwo));
    String keyRsaThree = getRsaPubKey("UserThree@example.com");
    String keyDsaThree = getDsaPubKey("UserThree@example.com");
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "sshPublicKey", keyRsaThree));
    getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "publicsshkey", keyDsaThree));
    LdapKeyManager kmgr = new LdapKeyManager(settings);
    List<SshKey> keys = kmgr.getKeys("UserOne");
    assertNotNull(keys);
    assertEquals(1, keys.size());
    assertEquals(keyRsaOne, keys.get(0).getRawData());
    keys = kmgr.getKeys("UserTwo");
    assertNotNull(keys);
    assertEquals(0, keys.size());
    keys = kmgr.getKeys("UserThree");
    assertNotNull(keys);
    assertEquals(1, keys.size());
    assertEquals(keyRsaThree, keys.get(0).getRawData());
    keys = kmgr.getKeys("UserFour");
    assertNotNull(keys);
    assertEquals(0, keys.size());
    settings.put(Keys.realm.ldap.sshPublicKey, "publicsshkey");
    keys = kmgr.getKeys("UserOne");
    assertNotNull(keys);
    assertEquals(0, keys.size());
    keys = kmgr.getKeys("UserTwo");
    assertNotNull(keys);
    assertEquals(1, keys.size());
    assertEquals(keyDsaTwo, keys.get(0).getRawData());
    keys = kmgr.getKeys("UserThree");
    assertNotNull(keys);
    assertEquals(1, keys.size());
    assertEquals(keyDsaThree, keys.get(0).getRawData());
    keys = kmgr.getKeys("UserFour");
    assertNotNull(keys);
    assertEquals(0, keys.size());
}
Also used : SshKey(com.gitblit.transport.ssh.SshKey) Modification(com.unboundid.ldap.sdk.Modification) LdapKeyManager(com.gitblit.transport.ssh.LdapKeyManager) Test(org.junit.Test)

Aggregations

Modification (com.unboundid.ldap.sdk.Modification)11 LdapKeyManager (com.gitblit.transport.ssh.LdapKeyManager)6 SshKey (com.gitblit.transport.ssh.SshKey)6 Test (org.junit.Test)6 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)5 Signature (java.security.Signature)1 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1