Example 1 with LDAPConfiguration
use of edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration in project OA4MP by ncsa.
the class LDAPClaimsSource method getGid.
public static int getGid(LDAPConfiguration cfg2, String groupName) throws Throwable {
LDAPConfiguration cfg = cfg2.clone();
cfg.setSearchBase("ou=Groups,dc=ncsa,dc=illinois,dc=edu");
LDAPClaimsSource claimsSource = new LDAPClaimsSource(cfg, null);
DirContext dirContext = new InitialDirContext(claimsSource.createEnv(cfg));
LdapContext ctx = (LdapContext) dirContext.lookup(cfg.getSearchBase());
SearchControls ctls = new SearchControls();
ctls.setReturningAttributes(new String[] { "gidNumber" });
String filter = "(&(cn=" + groupName + "))";
NamingEnumeration e = ctx.search(cfg.getContextName(), filter, ctls);
while (e.hasMoreElements()) {
SearchResult entry = (SearchResult) e.next();
Attributes a = entry.getAttributes();
Attribute attribute = a.get("gidNumber");
if (attribute == null) {
continue;
}
String xxx = String.valueOf(attribute.get(0));
if (xxx != null && !xxx.isEmpty()) {
ctx.close();
return Integer.parseInt(xxx);
}
}
return -1;
}
Also used :
NamingEnumeration(javax.naming.NamingEnumeration)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
LdapContext(javax.naming.ldap.LdapContext)
Example 2 with LDAPConfiguration
use of edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration in project OA4MP by ncsa.
the class LDAPSSLSocketFactory method main.
public static void main(String[] args) {
try {
DebugUtil.dbg(LDAPSSLSocketFactory.class, System.getProperty("java.home") + "/lib/security/cacerts");
DebugUtil.setIsEnabled(true);
// System.setProperty("javax.net.debug", "ssl");
JSONObject json = JSONObject.fromObject(ldap);
LDAPConfiguration ldapConfiguration = LDAPConfigurationUtil.fromJSON(json);
setLdapConfiguration(ldapConfiguration);
ldapConfiguration.setContextName("");
getSslConfiguration().setTlsVersion(SSLConfigurationUtil.TLS_1_2);
getSslConfiguration().setUseDefaultJavaTrustStore(false);
getSslConfiguration().setKeystoreType("JKS");
getSslConfiguration().setKeystorePassword("changeit");
getSslConfiguration().setKeystore("/home/ncsa/temp/java-certs/cacerts2");
getSslConfiguration().setTrustRootType("JKS");
getSslConfiguration().setTrustRootPassword("changeit");
getSslConfiguration().setTrustRootPath("/home/ncsa/temp/java-certs/cacerts2");
LDAPClaimsSource x = new LDAPClaimsSource(ldapConfiguration, null);
LDAPSSLSocketFactory.setLdapConfiguration(ldapConfiguration);
x.createConnection();
UserInfo userInfo = new UserInfo();
userInfo.getMap().putAll(x.simpleSearch(x.context, "http://cilogon.org/serverA/users/10376", ldapConfiguration.getSearchAttributes()));
System.out.println(userInfo);
} catch (Throwable t) {
t.printStackTrace();
}
}
Also used :
JSONObject(net.sf.json.JSONObject)
UserInfo(edu.uiuc.ncsa.security.oauth_2_0.UserInfo)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
Example 3 with LDAPConfiguration
use of edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration in project OA4MP by ncsa.
the class ClientManagerTest method testldapExample.
@Test
public void testldapExample() throws Exception {
LDAPConfiguration ldap = createLDAP();
JSONObject json = LDAPConfigurationUtil.toJSON(ldap);
LDAPConfiguration ldap2 = LDAPConfigurationUtil.fromJSON(json);
}
Also used :
JSONObject(net.sf.json.JSONObject)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
Test(org.junit.Test)
Example 4 with LDAPConfiguration
use of edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration in project OA4MP by ncsa.
the class ClientManagerTest method testNix.
@Test
public void testNix(CMTestStoreProvider tp2) throws Exception {
LDAPConfiguration ldap = tp2.getCOSE().getLdapConfiguration();
JSONObject json = LDAPConfigurationUtil.toJSON(ldap);
System.out.println("");
System.out.println("***LDAP configuration for " + tp2.getCOSE().getClientStore().getClass());
prettyPrint(json);
System.out.println("");
}
Also used :
JSONObject(net.sf.json.JSONObject)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
Test(org.junit.Test)
Example 5 with LDAPConfiguration
use of edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration in project OA4MP by ncsa.
the class OA2RegistrationServlet method addNewClient.
protected Client addNewClient(HttpServletRequest request, HttpServletResponse response, boolean fireClientEvents) throws Throwable {
OA2Client client = (OA2Client) super.addNewClient(request, response);
String rawCBs = getRequiredParam(request, CALLBACK_URI, client);
String rawRTLifetime = getParameter(request, REFRESH_TOKEN_LIFETIME);
String[] rawScopes = request.getParameterValues("chkScopes");
if (rawScopes != null) {
Collection<String> newScopes = new LinkedList<>();
boolean hasDefaultScope = false;
for (String scope : rawScopes) {
if (OA2Scopes.SCOPE_OPENID.equals(scope))
hasDefaultScope = true;
newScopes.add(scope);
}
if (!hasDefaultScope) {
// has to be there or all requests are rejected.
newScopes.add(OA2Scopes.SCOPE_OPENID);
}
client.setScopes(newScopes);
}
String issuer = getParameter(request, ISSUER_NAME);
String ldap = getParameter(request, LDAP_NAME);
if (!isEmpty(issuer)) {
client.setIssuer(issuer);
}
if (!isEmpty(ldap)) {
try {
JSON json = JSONObject.fromObject(ldap);
Collection<LDAPConfiguration> ldapConfiguration = LDAPConfigurationUtil.fromJSON(json);
client.setLdaps(ldapConfiguration);
} catch (Throwable t) {
warn("Could not parse LDAP string during client registration for \"" + client.getIdentifierString() + "\". Skipping...");
}
}
try {
URI.create(client.getHomeUri());
} catch (Throwable t) {
throw new ClientRegistrationRetryException("Error. The stated home uri is invalid: " + t.getMessage(), null, client);
}
if (rawRTLifetime == null || rawRTLifetime.length() == 0) {
// This effectively means there is no refresh token set.
// FIXES CIL-309 (partial)
client.setRtLifetime(0);
} else {
long clientRtLifetime = 0L;
boolean rtLifetimeOK = true;
if (rawRTLifetime != null && 0 < rawRTLifetime.length()) {
try {
// The value is in seconds on the form
clientRtLifetime = Long.parseLong(rawRTLifetime) * 1000;
if (clientRtLifetime < 0) {
rtLifetimeOK = false;
} else {
rtLifetimeOK = true;
}
} catch (Throwable t) {
// do nix...
rtLifetimeOK = false;
}
if (!rtLifetimeOK) {
info("Client requested illegal value for refresh token lifetime at registration of \"" + rawRTLifetime + "\"");
}
}
// FIX CIL-309 (partial)
client.setRtLifetime(Math.min(getOA2SE().getMaxClientRefreshTokenLifetime(), clientRtLifetime));
}
// Now generate the client secret. We generate this here:
byte[] bytes = new byte[getOA2SE().getClientSecretLength()];
random.nextBytes(bytes);
String secret64 = Base64.encodeBase64URLSafeString(bytes);
// we have to return this to the client registration ok page and store a hash of it internally
// so we don't have a copy of it any place but the client.
// After this is displayed the secret is actually hashed and stored.
client.setSecret(secret64);
BufferedReader br = new BufferedReader(new StringReader(rawCBs));
String x = br.readLine();
LinkedList<String> uris = new LinkedList<>();
while (x != null) {
if (!x.toLowerCase().startsWith("https:")) {
warn("Attempt to add bad callback uri for client " + client.getIdentifierString());
throw new ClientRegistrationRetryException("The callback \"" + x + "\" is not secure.", null, client);
}
// passes here means it is a uri. All we want this to do is throw an exception if needed.
URI.create(x);
uris.add(x);
// skip it.
x = br.readLine();
}
br.close();
client.setCallbackURIs(uris);
// part of CIL-359, signing ID tokens.
client.setSignTokens(true);
// CIL-414 makes the approval record here so that we can get an accurate count later.
ClientApproval approval = (ClientApproval) getOA2SE().getClientApprovalStore().create();
approval.setApproved(false);
approval.setIdentifier(client.getIdentifier());
getOA2SE().getClientApprovalStore().save(approval);
if (fireClientEvents) {
fireNewClientEvent(client);
}
return client;
}
Also used :
JSON(net.sf.json.JSON)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
LinkedList(java.util.LinkedList)
OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client)
ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)
BufferedReader(java.io.BufferedReader)
StringReader(java.io.StringReader)
Aggregations
LDAPConfiguration (edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)11
JSONObject (net.sf.json.JSONObject)4
OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)3
LinkedList (java.util.LinkedList)3
LDAPEntry (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.ldap.LDAPEntry)2
UserInfo (edu.uiuc.ncsa.security.oauth_2_0.UserInfo)2
Test (org.junit.Test)2
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)1
ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)1
ClaimSource (edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)1
LDAPConfigurationUtil (edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfigurationUtil)1
SSLConfiguration (edu.uiuc.ncsa.security.util.ssl.SSLConfiguration)1
BufferedReader (java.io.BufferedReader)1
StringReader (java.io.StringReader)1
NamingEnumeration (javax.naming.NamingEnumeration)1
LdapContext (javax.naming.ldap.LdapContext)1
JSON (net.sf.json.JSON)1
