Example 66 with InvalidNameException
use of javax.naming.InvalidNameException in project kernel by exoplatform.
the class SimpleContext method lookup.
/**
* {@inheritDoc}
*/
public Object lookup(String name) throws NamingException {
if (name.isEmpty()) {
throw new InvalidNameException("Cannot bind empty name");
}
Object obj = getBindings().get(name);
if (obj instanceof Reference) {
synchronized (obj) {
obj = getBindings().get(name);
if (obj instanceof Reference) {
try {
obj = NamingManager.getObjectInstance(obj, NAME_PARSER.parse(name), this, getInternalEnv());
if (obj instanceof DataSource) {
obj = new CloseableDataSource((DataSource) obj);
}
// Re-bind with the object with its new value to be able to return the same ins
bindRefValue(name, obj);
} catch (Exception e) {
LOG.error(e.getLocalizedMessage(), e);
NamingException ne = new NamingException("getObjectInstance failed");
ne.setRootCause(e);
throw ne;
}
}
}
} else if (obj == null) {
throw new NameNotFoundException("No object has been binded with the name '" + name + "'");
}
return obj;
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
NameNotFoundException(javax.naming.NameNotFoundException)
Reference(javax.naming.Reference)
NamingException(javax.naming.NamingException)
CloseableDataSource(org.exoplatform.services.jdbc.impl.CloseableDataSource)
NameAlreadyBoundException(javax.naming.NameAlreadyBoundException)
NamingException(javax.naming.NamingException)
OperationNotSupportedException(javax.naming.OperationNotSupportedException)
InvalidNameException(javax.naming.InvalidNameException)
NameNotFoundException(javax.naming.NameNotFoundException)
CloseableDataSource(org.exoplatform.services.jdbc.impl.CloseableDataSource)
DataSource(javax.sql.DataSource)
Example 67 with InvalidNameException
use of javax.naming.InvalidNameException in project athenz by yahoo.
the class AuthZpeClient method issuerMatch.
static boolean issuerMatch(final String issuer) {
if (issuer == null || issuer.isEmpty()) {
return false;
}
if (X509_ISSUERS_NAMES.contains(issuer.replaceAll("\\s+", ""))) {
return true;
}
try {
X500Principal issuerCheck = new X500Principal(issuer);
List<Rdn> issuerRdns = new LdapName(issuerCheck.getName()).getRdns();
for (List<Rdn> rdns : X509_ISSUERS_RDNS) {
if (rdns.size() != issuerRdns.size()) {
continue;
}
if (rdns.containsAll(issuerRdns)) {
return true;
}
}
} catch (InvalidNameException ignored) {
// the caller will log the failure
}
return false;
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
X500Principal(javax.security.auth.x500.X500Principal)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 68 with InvalidNameException
use of javax.naming.InvalidNameException in project ranger by apache.
the class ServiceUtil method isValidateHttpsAuthentication.
public boolean isValidateHttpsAuthentication(String serviceName, HttpServletRequest request) {
boolean isValidAuthentication = false;
boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled", true);
X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
boolean isSecure = request.isSecure();
if (serviceName == null || serviceName.isEmpty()) {
LOG.error("ServiceName not provided");
throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
RangerService service = null;
try {
service = svcStore.getServiceByName(serviceName);
} catch (Exception e) {
LOG.error("Requested Service not found. serviceName=" + serviceName);
throw restErrorUtil.createRESTException("Service:" + serviceName + " not found", MessageEnums.DATA_NOT_FOUND);
}
if (service == null) {
LOG.error("Requested Service not found. serviceName=" + serviceName);
throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, RangerServiceNotFoundException.buildExceptionMsg(serviceName), false);
}
if (!service.getIsEnabled()) {
LOG.error("Requested Service is disabled. serviceName=" + serviceName);
throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
}
if (!httpEnabled) {
if (!isSecure) {
LOG.error("Unauthorized access. Only https is allowed. serviceName=" + serviceName);
throw restErrorUtil.createRESTException("Unauthorized access -" + " only https allowed", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
if (certchain == null || certchain.length == 0) {
LOG.error("Unauthorized access. Unable to get client certificate. serviceName=" + serviceName);
throw restErrorUtil.createRESTException("Unauthorized access -" + " unable to get client certificate", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
// Check if common name is found in service config
Map<String, String> configMap = service.getConfigs();
String cnFromConfig = configMap.get("commonNameForCertificate");
if (cnFromConfig == null || "".equals(cnFromConfig.trim())) {
LOG.error("Unauthorized access. No common name for certificate set. Please check your service config");
throw restErrorUtil.createRESTException("Unauthorized access. No common name for certificate set. Please check your service config", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
String cnFromConfigForTest = cnFromConfig;
boolean isRegEx = cnFromConfig.toLowerCase().startsWith(REGEX_PREFIX_STR);
if (isRegEx) {
cnFromConfigForTest = cnFromConfig.substring(REGEX_PREFIX_STR_LENGTH);
}
// Perform SAN validation
try {
Collection<List<?>> subjectAltNames = certchain[0].getSubjectAlternativeNames();
if (subjectAltNames != null) {
for (List<?> sanItem : subjectAltNames) {
if (sanItem.size() == 2) {
Integer sanType = (Integer) sanItem.get(0);
String sanValue = (String) sanItem.get(1);
if ((sanType == 2 || sanType == 7) && (matchNames(sanValue, cnFromConfigForTest, isRegEx))) {
if (LOG.isDebugEnabled())
LOG.debug("Client Cert verification successful, matched SAN:" + sanValue);
isValidAuthentication = true;
break;
}
}
}
}
} catch (Throwable e) {
LOG.error("Unauthorized access. Error getting SAN from certificate", e);
throw restErrorUtil.createRESTException("Unauthorized access - Error getting SAN from client certificate", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
// Perform common name validation only if SAN validation did not succeed
if (!isValidAuthentication) {
String commonName = null;
if (certchain != null) {
X509Certificate clientCert = certchain[0];
String dn = clientCert.getSubjectX500Principal().getName();
try {
LdapName ln = new LdapName(dn);
for (Rdn rdn : ln.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
commonName = rdn.getValue() + "";
break;
}
}
if (commonName == null) {
LOG.error("Unauthorized access. CName is null. serviceName=" + serviceName);
throw restErrorUtil.createRESTException("Unauthorized access - Unable to find Common Name from [" + dn + "]", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
} catch (InvalidNameException e) {
LOG.error("Invalid Common Name. CName=" + commonName + ", serviceName=" + serviceName, e);
throw restErrorUtil.createRESTException("Unauthorized access - Invalid Common Name", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
if (commonName != null) {
if (matchNames(commonName, cnFromConfigForTest, isRegEx)) {
if (LOG.isDebugEnabled())
LOG.debug("Client Cert verification successful, matched CN " + commonName + " with " + cnFromConfigForTest + ", wildcard match = " + isRegEx);
isValidAuthentication = true;
}
if (!isValidAuthentication) {
LOG.error("Unauthorized access. expected [" + cnFromConfigForTest + "], found [" + commonName + "], serviceName=" + serviceName);
throw restErrorUtil.createRESTException("Unauthorized access. expected [" + cnFromConfigForTest + "], found [" + commonName + "]", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
}
} else {
isValidAuthentication = true;
}
return isValidAuthentication;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
RangerServiceNotFoundException(org.apache.ranger.plugin.util.RangerServiceNotFoundException)
InvalidNameException(javax.naming.InvalidNameException)
WebApplicationException(javax.ws.rs.WebApplicationException)
LdapName(javax.naming.ldap.LdapName)
InvalidNameException(javax.naming.InvalidNameException)
ArrayList(java.util.ArrayList)
VXPolicyList(org.apache.ranger.view.VXPolicyList)
List(java.util.List)
VXRepositoryList(org.apache.ranger.view.VXRepositoryList)
RangerService(org.apache.ranger.plugin.model.RangerService)
Rdn(javax.naming.ldap.Rdn)
Aggregations
InvalidNameException (javax.naming.InvalidNameException)68
LdapName (javax.naming.ldap.LdapName)30
Rdn (javax.naming.ldap.Rdn)24
CompositeName (javax.naming.CompositeName)12
NamingException (javax.naming.NamingException)11
ArrayList (java.util.ArrayList)9
Name (javax.naming.Name)8
NameNotFoundException (javax.naming.NameNotFoundException)8
Context (javax.naming.Context)7
NameAlreadyBoundException (javax.naming.NameAlreadyBoundException)6
NotContextException (javax.naming.NotContextException)6
Attribute (javax.naming.directory.Attribute)6
X509Certificate (java.security.cert.X509Certificate)5
NoSuchElementException (java.util.NoSuchElementException)5
OperationNotSupportedException (javax.naming.OperationNotSupportedException)5
Attributes (javax.naming.directory.Attributes)5
IOException (java.io.IOException)4
URISyntaxException (java.net.URISyntaxException)4
SSLException (javax.net.ssl.SSLException)4
HashMap (java.util.HashMap)3
