Example 31 with InvalidNameException
use of javax.naming.InvalidNameException in project ranger by apache.
the class LdapUserGroupBuilder method getShortName.
private static String getShortName(String longName) {
if (StringUtils.isEmpty(longName)) {
return null;
}
String shortName = "";
try {
LdapName subjectDN = new LdapName(longName);
List<Rdn> rdns = subjectDN.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
if (StringUtils.isNotEmpty(shortName)) {
break;
}
Rdn rdn = rdns.get(i);
Attributes attributes = rdn.toAttributes();
try {
Attribute uid = attributes.get("uid");
if (uid != null) {
Object value = uid.get();
if (value != null) {
shortName = value.toString();
}
} else {
Attribute cn = attributes.get("cn");
if (cn != null) {
Object value = cn.get();
if (value != null) {
shortName = value.toString();
}
}
}
} catch (NoSuchElementException ignore) {
shortName = longName;
} catch (NamingException ignore) {
shortName = longName;
}
}
} catch (InvalidNameException ex) {
shortName = longName;
}
LOG.info("longName: " + longName + ", userName: " + shortName);
return shortName;
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Attribute(javax.naming.directory.Attribute)
Attributes(javax.naming.directory.Attributes)
NamingException(javax.naming.NamingException)
Rdn(javax.naming.ldap.Rdn)
NoSuchElementException(java.util.NoSuchElementException)
LdapName(javax.naming.ldap.LdapName)
Example 32 with InvalidNameException
use of javax.naming.InvalidNameException in project qpid-broker-j by apache.
the class SSLUtil method getIdFromSubjectDN.
public static String getIdFromSubjectDN(String dn) {
String cnStr = null;
String dcStr = null;
if (dn == null) {
return "";
} else {
try {
LdapName ln = new LdapName(dn);
for (Rdn rdn : ln.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
cnStr = rdn.getValue().toString();
} else if ("DC".equalsIgnoreCase(rdn.getType())) {
if (dcStr == null) {
dcStr = rdn.getValue().toString();
} else {
dcStr = rdn.getValue().toString() + '.' + dcStr;
}
}
}
return cnStr == null || cnStr.length() == 0 ? "" : dcStr == null ? cnStr : cnStr + '@' + dcStr;
} catch (InvalidNameException e) {
LOGGER.warn("Invalid name: '{}'", dn);
return "";
}
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 33 with InvalidNameException
use of javax.naming.InvalidNameException in project alfresco-repository by Alfresco.
the class LDAPUserRegistry method getGroups.
/*
* (non-Javadoc)
* @see org.alfresco.repo.security.sync.UserRegistry#getGroups(java.util.Date)
*/
public Collection<NodeDescription> getGroups(Date modifiedSince) {
// Work out whether the user and group trees are disjoint. This may allow us to optimize reverse DN
// resolution.
final LdapName groupDistinguishedNamePrefix;
try {
groupDistinguishedNamePrefix = fixedLdapName(this.groupSearchBase.toLowerCase());
} catch (InvalidNameException e) {
Object[] params = { this.groupSearchBase.toLowerCase(), e.getLocalizedMessage() };
throw new AlfrescoRuntimeException("synchronization.err.ldap.search.base.invalid", params, e);
}
final LdapName userDistinguishedNamePrefix;
try {
userDistinguishedNamePrefix = fixedLdapName(this.userSearchBase.toLowerCase());
} catch (InvalidNameException e) {
Object[] params = { this.userSearchBase.toLowerCase(), e.getLocalizedMessage() };
throw new AlfrescoRuntimeException("synchronization.err.ldap.search.base.invalid", params, e);
}
final boolean disjoint = !groupDistinguishedNamePrefix.startsWith(userDistinguishedNamePrefix) && !userDistinguishedNamePrefix.startsWith(groupDistinguishedNamePrefix);
// Choose / generate the query
String query;
if (modifiedSince == null) {
query = this.groupQuery;
} else {
query = MessageFormat.format(this.groupDifferentialQuery, this.timestampFormat.format(modifiedSince));
}
// Run the query and process the results
final Map<String, NodeDescription> lookup = new TreeMap<String, NodeDescription>();
processQuery(new AbstractSearchCallback() {
// We get a whole new context to avoid interference with cookies from paged results
private DirContext ctx = LDAPUserRegistry.this.ldapInitialContextFactory.getDefaultIntialDirContext();
protected void doProcess(SearchResult result) throws NamingException, ParseException {
Attributes attributes = result.getAttributes();
Attribute gidAttribute = attributes.get(LDAPUserRegistry.this.groupIdAttributeName);
if (gidAttribute == null) {
if (LDAPUserRegistry.this.errorOnMissingGID) {
Object[] params = { result.getNameInNamespace(), LDAPUserRegistry.this.groupIdAttributeName };
throw new AlfrescoRuntimeException("synchronization.err.ldap.get.group.id.missing", params);
} else {
LDAPUserRegistry.logger.warn("Missing GID on " + attributes);
return;
}
}
String groupShortName = gidAttribute.get(0).toString();
String gid = "GROUP_" + groupShortName;
NodeDescription group = lookup.get(gid);
if (group == null) {
// Apply the mapped properties to the node description
group = mapToNode(LDAPUserRegistry.this.groupAttributeMapping, LDAPUserRegistry.this.groupAttributeDefaults, result);
// Make sure the "GROUP_" prefix is applied
group.getProperties().put(ContentModel.PROP_AUTHORITY_NAME, gid);
lookup.put(gid, group);
} else if (LDAPUserRegistry.this.errorOnDuplicateGID) {
throw new AlfrescoRuntimeException("Duplicate group id found for " + gid);
} else {
LDAPUserRegistry.logger.warn("Duplicate gid found for " + gid + " -> merging definitions");
}
Set<String> childAssocs = group.getChildAssociations();
// Get the repeating (and possibly range restricted) member attribute
Attribute memAttribute = getRangeRestrictedAttribute(attributes, LDAPUserRegistry.this.memberAttributeName);
int nextStart = LDAPUserRegistry.this.attributeBatchSize;
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("Processing group: " + gid + ", from source: " + group.getSourceId());
}
// Loop until we get to the end of the range
while (memAttribute != null) {
for (int i = 0; i < memAttribute.size(); i++) {
String attribute = (String) memAttribute.get(i);
if (attribute != null && attribute.length() > 0) {
try {
// Attempt to parse the member attribute as a DN. If this fails we have a fallback
// in the catch block
LdapName distinguishedNameForComparison = fixedLdapName(attribute.toLowerCase());
Attribute nameAttribute;
// and group DNs without a secondary lookup
if (disjoint) {
LdapName distinguishedName = fixedLdapName(attribute);
Attributes nameAttributes = distinguishedName.getRdn(distinguishedName.size() - 1).toAttributes();
// Recognize user DNs
if (distinguishedNameForComparison.startsWith(userDistinguishedNamePrefix) && (nameAttribute = nameAttributes.get(LDAPUserRegistry.this.userIdAttributeName)) != null) {
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("User DN recognized: " + nameAttribute.get());
}
childAssocs.add((String) nameAttribute.get());
continue;
}
// Recognize group DNs
if (distinguishedNameForComparison.startsWith(groupDistinguishedNamePrefix) && (nameAttribute = nameAttributes.get(LDAPUserRegistry.this.groupIdAttributeName)) != null) {
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("Group DN recognized: " + "GROUP_" + nameAttribute.get());
}
childAssocs.add("GROUP_" + nameAttribute.get());
continue;
}
}
// If we can't determine the name and type from the DN alone, try a directory lookup
if (distinguishedNameForComparison.startsWith(userDistinguishedNamePrefix) || distinguishedNameForComparison.startsWith(groupDistinguishedNamePrefix)) {
try {
Attributes childAttributes = this.ctx.getAttributes(jndiName(attribute), new String[] { "objectclass", LDAPUserRegistry.this.groupIdAttributeName, LDAPUserRegistry.this.userIdAttributeName });
Attribute objectClass = childAttributes.get("objectclass");
if (hasAttributeValue(objectClass, LDAPUserRegistry.this.personType)) {
nameAttribute = childAttributes.get(LDAPUserRegistry.this.userIdAttributeName);
if (nameAttribute == null) {
if (LDAPUserRegistry.this.errorOnMissingUID) {
throw new AlfrescoRuntimeException("User missing user id attribute DN =" + attribute + " att = " + LDAPUserRegistry.this.userIdAttributeName);
} else {
LDAPUserRegistry.logger.warn("User missing user id attribute DN =" + attribute + " att = " + LDAPUserRegistry.this.userIdAttributeName);
continue;
}
}
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("User DN recognized by directory lookup: " + nameAttribute.get());
}
childAssocs.add((String) nameAttribute.get());
continue;
} else if (hasAttributeValue(objectClass, LDAPUserRegistry.this.groupType)) {
nameAttribute = childAttributes.get(LDAPUserRegistry.this.groupIdAttributeName);
if (nameAttribute == null) {
if (LDAPUserRegistry.this.errorOnMissingGID) {
Object[] params = { result.getNameInNamespace(), LDAPUserRegistry.this.groupIdAttributeName };
throw new AlfrescoRuntimeException("synchronization.err.ldap.get.group.id.missing", params);
} else {
LDAPUserRegistry.logger.warn("Missing GID on " + childAttributes);
continue;
}
}
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("Group DN recognized by directory lookup: " + "GROUP_" + nameAttribute.get());
}
childAssocs.add("GROUP_" + nameAttribute.get());
continue;
}
} catch (ServiceUnavailableException | CommunicationException e) {
// MNT-21614: Check & fail if communication breaks due to ServiceUnavailableException or CommunicationException
if (e.getMessage() != null) {
Object[] params = { e.getLocalizedMessage() };
throw new AlfrescoRuntimeException("synchronization.err.ldap.search", params, e);
}
continue;
} catch (NamingException e) {
// MNT-17966
if (e.getMessage() != null && e.getMessage().startsWith(NAMING_TIMEOUT_EXCEPTION_MESSAGE)) {
Object[] params = { e.getLocalizedMessage() };
throw new AlfrescoRuntimeException("synchronization.err.ldap.search", params, e);
}
// Unresolvable name
if (LDAPUserRegistry.this.errorOnMissingMembers) {
Object[] params = { groupShortName, attribute, e.getLocalizedMessage() };
throw new AlfrescoRuntimeException("synchronization.err.ldap.group.member.missing.exception", params, e);
}
LDAPUserRegistry.logger.warn("Failed to resolve member of group '" + groupShortName + "' with distinguished name: " + attribute, e);
continue;
}
}
if (LDAPUserRegistry.this.errorOnMissingMembers) {
Object[] params = { groupShortName, attribute };
throw new AlfrescoRuntimeException("synchronization.err.ldap.group.member.missing", params);
}
LDAPUserRegistry.logger.warn("Failed to resolve member of group '" + groupShortName + "' with distinguished name: " + attribute);
} catch (InvalidNameException e) {
// posixGroup (FDS) that directly lists user names
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("Member DN recognized as posixGroup: " + attribute);
}
childAssocs.add(attribute);
}
}
}
// fetch the next batch
if (nextStart > 0 && !LDAPUserRegistry.PATTERN_RANGE_END.matcher(memAttribute.getID().toLowerCase()).find()) {
Attributes childAttributes = this.ctx.getAttributes(jndiName(result.getNameInNamespace()), new String[] { LDAPUserRegistry.this.memberAttributeName + ";range=" + nextStart + '-' + (nextStart + LDAPUserRegistry.this.attributeBatchSize - 1) });
memAttribute = getRangeRestrictedAttribute(childAttributes, LDAPUserRegistry.this.memberAttributeName);
nextStart += LDAPUserRegistry.this.attributeBatchSize;
} else {
memAttribute = null;
}
}
}
public void close() throws NamingException {
this.ctx.close();
}
}, this.groupSearchBase, query, this.groupKeys.getFirst());
if (LDAPUserRegistry.logger.isDebugEnabled()) {
LDAPUserRegistry.logger.debug("Found " + lookup.size());
}
return lookup.values();
}
Also used :
Set(java.util.Set)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
Attribute(javax.naming.directory.Attribute)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
InitialDirContext(javax.naming.directory.InitialDirContext)
DirContext(javax.naming.directory.DirContext)
TreeMap(java.util.TreeMap)
LdapName(javax.naming.ldap.LdapName)
NodeDescription(org.alfresco.repo.security.sync.NodeDescription)
InvalidNameException(javax.naming.InvalidNameException)
AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)
NamingException(javax.naming.NamingException)
ParseException(java.text.ParseException)
Example 34 with InvalidNameException
use of javax.naming.InvalidNameException in project gpconnect-demonstrator by nhsconnect.
the class CertificateValidator method validateRequest.
public void validateRequest(HttpServletRequest request) {
try {
if (request.isSecure() && !HttpMethod.OPTIONS.name().equals(request.getMethod()) && (env.getProperty("clientAuth") == null || !env.getProperty("clientAuth").equals("false"))) {
X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (certificates == null) {
throw new CertificateException("No certificate found!", 496);
}
X509Certificate certificate = certificates[0];
if (logCertsToConsole) {
System.out.println("Known Certs: ");
for (X509Certificate knownCert : storeCertificates) {
System.out.println(knownCert.toString());
}
System.out.println("Recieved Cert: ");
System.out.println(certificate.toString());
}
if (!storeCertificates.contains(certificate)) {
String message = getCertificateError(certificate);
throw new CertificateException(message, 495);
}
}
} catch (CertificateException certificateException) {
StringBuilder requestURL = new StringBuilder(request.getRequestURL());
String queryString = request.getQueryString();
if (null != queryString) {
requestURL.append('?').append(queryString);
}
String warningMsg = "Bad signature detected for " + request.getMethod() + " to " + requestURL + ": " + certificateException.getMessage();
throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(certificateException.getStatusCode(), warningMsg), SystemCode.BAD_REQUEST, IssueType.FORBIDDEN);
} catch (InvalidNameException ex) {
java.util.logging.Logger.getLogger(CertificateValidator.class.getName()).log(Level.SEVERE, null, ex);
}
}
Also used :
UnclassifiedServerFailureException(ca.uhn.fhir.rest.server.exceptions.UnclassifiedServerFailureException)
InvalidNameException(javax.naming.InvalidNameException)
X509Certificate(java.security.cert.X509Certificate)
Example 35 with InvalidNameException
use of javax.naming.InvalidNameException in project qpid-broker-j by apache.
the class SSLUtil method verifyHostname.
public static void verifyHostname(final String hostnameExpected, final X509Certificate cert) {
try {
SortedSet<String> names = getNamesFromCert(cert);
if (names.isEmpty()) {
throw new TransportException("SSL hostname verification failed. Certificate for did not contain CN or DNS subjectAlt");
}
boolean match = verifyHostname(hostnameExpected, names);
if (!match) {
throw new TransportException("SSL hostname verification failed." + " Expected : " + hostnameExpected + " Found in cert : " + names);
}
} catch (InvalidNameException e) {
Principal p = cert.getSubjectDN();
String dn = p.getName();
throw new TransportException("SSL hostname verification failed. Could not parse name " + dn, e);
} catch (CertificateParsingException e) {
throw new TransportException("SSL hostname verification failed. Could not parse certificate: " + e.getMessage(), e);
}
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
InvalidNameException(javax.naming.InvalidNameException)
TransportException(org.apache.qpid.server.transport.TransportException)
Principal(java.security.Principal)
Aggregations
InvalidNameException (javax.naming.InvalidNameException)70
LdapName (javax.naming.ldap.LdapName)32
Rdn (javax.naming.ldap.Rdn)25
CompositeName (javax.naming.CompositeName)12
NamingException (javax.naming.NamingException)12
ArrayList (java.util.ArrayList)9
Name (javax.naming.Name)8
NameNotFoundException (javax.naming.NameNotFoundException)8
Context (javax.naming.Context)7
Attribute (javax.naming.directory.Attribute)7
NameAlreadyBoundException (javax.naming.NameAlreadyBoundException)6
NotContextException (javax.naming.NotContextException)6
Attributes (javax.naming.directory.Attributes)6
X509Certificate (java.security.cert.X509Certificate)5
NoSuchElementException (java.util.NoSuchElementException)5
OperationNotSupportedException (javax.naming.OperationNotSupportedException)5
IOException (java.io.IOException)4
URISyntaxException (java.net.URISyntaxException)4
SSLException (javax.net.ssl.SSLException)4
HashMap (java.util.HashMap)3
