Example 61 with LdapName
use of javax.naming.ldap.LdapName in project knox by apache.
the class KnoxLdapRealm method isUserMemberOfDynamicGroup.
boolean isUserMemberOfDynamicGroup(LdapName userLdapDn, String memberUrl, final LdapContextFactory ldapContextFactory) throws NamingException {
// ldap://host:port/dn?attributes?scope?filter?extensions
boolean member = false;
if (memberUrl == null) {
return false;
}
String[] tokens = memberUrl.split("\\?");
if (tokens.length < 4) {
return false;
}
String searchBaseString = tokens[0].substring(tokens[0].lastIndexOf("/") + 1);
String searchScope = tokens[2];
String searchFilter = tokens[3];
LdapName searchBaseDn = new LdapName(searchBaseString);
// do scope test
if (searchScope.equalsIgnoreCase("base")) {
return false;
}
if (!userLdapDn.toString().endsWith(searchBaseDn.toString())) {
return false;
}
if (searchScope.equalsIgnoreCase("one") && (userLdapDn.size() != searchBaseDn.size() - 1)) {
return false;
}
// search for the filter, substituting base with userDn
// search for base_dn=userDn, scope=base, filter=filter
LdapContext systemLdapCtx = null;
systemLdapCtx = ldapContextFactory.getSystemLdapContext();
NamingEnumeration<SearchResult> searchResultEnum = null;
try {
searchResultEnum = systemLdapCtx.search(userLdapDn, searchFilter, searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE);
if (searchResultEnum.hasMore()) {
return true;
}
} finally {
try {
if (searchResultEnum != null) {
searchResultEnum.close();
}
} finally {
LdapUtils.closeContext(systemLdapCtx);
}
}
return member;
}
Also used :
SearchResult(javax.naming.directory.SearchResult)
LdapContext(javax.naming.ldap.LdapContext)
LdapName(javax.naming.ldap.LdapName)
Example 62 with LdapName
use of javax.naming.ldap.LdapName in project syncope by apache.
the class BinaryCertPreviewer method preview.
@Override
public Component preview(final byte[] uploadedBytes) {
Label commonNameLabel = new Label("certCommonName", new Model<>());
if (uploadedBytes.length == 0) {
LOG.info("Enpty certificate");
return commonNameLabel;
}
try (ByteArrayInputStream certificateStream = new ByteArrayInputStream(uploadedBytes)) {
X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certificateStream);
StringBuilder commonNameBuilder = new StringBuilder("cn=");
LdapName ldapName = new LdapName(certificate.getIssuerDN().getName());
for (Rdn rdn : ldapName.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
commonNameBuilder.append(rdn.getValue() == null ? StringUtils.EMPTY : rdn.getValue().toString());
}
}
commonNameLabel.setDefaultModelObject(commonNameBuilder.toString());
} catch (Exception e) {
LOG.error("Error evaluating certificate file", e);
commonNameLabel.setDefaultModelObject(getString(Constants.ERROR));
}
return this.addOrReplace(commonNameLabel);
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
Label(org.apache.wicket.markup.html.basic.Label)
Rdn(javax.naming.ldap.Rdn)
X509Certificate(java.security.cert.X509Certificate)
LdapName(javax.naming.ldap.LdapName)
Example 63 with LdapName
use of javax.naming.ldap.LdapName in project modesti by jlsalmon.
the class LdapUserService method memberOf.
private OrFilter memberOf(List<String> groups) throws InvalidNameException {
OrFilter or = new OrFilter();
for (String group : groups) {
LdapName ln = new LdapName(ldapGroupFilter);
ln.add(new Rdn("cn", group));
// The magic number will trigger a recursive search of nested groups. It's slow, but it works.
// See https://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx
EqualsFilter filter = new EqualsFilter("memberOf:1.2.840.113556.1.4.1941:", ln.toString());
or.or(filter);
}
return or;
}
Also used :
OrFilter(org.springframework.ldap.filter.OrFilter)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 64 with LdapName
use of javax.naming.ldap.LdapName in project i2p.i2p by i2p.
the class DefaultHostnameVerifier method extractCN.
static String extractCN(final String subjectPrincipal) throws SSLException {
if (subjectPrincipal == null) {
return null;
}
try {
final LdapName subjectDN = new LdapName(subjectPrincipal);
final List<Rdn> rdns = subjectDN.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
final Rdn rds = rdns.get(i);
final Attributes attributes = rds.toAttributes();
final Attribute cn = attributes.get("cn");
if (cn != null) {
try {
final Object value = cn.get();
if (value != null) {
return value.toString();
}
} catch (NoSuchElementException ignore) {
} catch (NamingException ignore) {
}
}
}
return null;
} catch (InvalidNameException e) {
throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Attribute(javax.naming.directory.Attribute)
Attributes(javax.naming.directory.Attributes)
NamingException(javax.naming.NamingException)
Rdn(javax.naming.ldap.Rdn)
SSLException(javax.net.ssl.SSLException)
NoSuchElementException(java.util.NoSuchElementException)
LdapName(javax.naming.ldap.LdapName)
Example 65 with LdapName
use of javax.naming.ldap.LdapName in project nifi-registry by apache.
the class CertificateUtils method compareDNs.
/**
* Returns true if the two provided DNs are equivalent, regardless of the order of the elements. Returns false if one or both are invalid DNs.
*
* Example:
*
* CN=test1, O=testOrg, C=US compared to CN=test1, O=testOrg, C=US -> true
* CN=test1, O=testOrg, C=US compared to O=testOrg, CN=test1, C=US -> true
* CN=test1, O=testOrg, C=US compared to CN=test2, O=testOrg, C=US -> false
* CN=test1, O=testOrg, C=US compared to O=testOrg, CN=test2, C=US -> false
* CN=test1, O=testOrg, C=US compared to -> false
* compared to -> true
*
* @param dn1 the first DN to compare
* @param dn2 the second DN to compare
* @return true if the DNs are equivalent, false otherwise
*/
public static boolean compareDNs(String dn1, String dn2) {
if (dn1 == null) {
dn1 = "";
}
if (dn2 == null) {
dn2 = "";
}
if (StringUtils.isEmpty(dn1) || StringUtils.isEmpty(dn2)) {
return dn1.equals(dn2);
}
try {
List<Rdn> rdn1 = new LdapName(dn1).getRdns();
List<Rdn> rdn2 = new LdapName(dn2).getRdns();
return rdn1.size() == rdn2.size() && rdn1.containsAll(rdn2);
} catch (InvalidNameException e) {
logger.warn("Cannot compare DNs: {} and {} because one or both is not a valid DN", dn1, dn2);
return false;
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Aggregations
LdapName (javax.naming.ldap.LdapName)88
Rdn (javax.naming.ldap.Rdn)44
InvalidNameException (javax.naming.InvalidNameException)27
Attribute (javax.naming.directory.Attribute)18
NamingException (javax.naming.NamingException)17
Attributes (javax.naming.directory.Attributes)12
SearchResult (javax.naming.directory.SearchResult)10
Test (org.junit.Test)10
ArrayList (java.util.ArrayList)8
X509Certificate (java.security.cert.X509Certificate)6
HashMap (java.util.HashMap)6
IOException (java.io.IOException)5
Test (org.junit.jupiter.api.Test)5
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)4
HashSet (java.util.HashSet)4
List (java.util.List)4
NoSuchElementException (java.util.NoSuchElementException)4
TreeSet (java.util.TreeSet)4
SearchControls (javax.naming.directory.SearchControls)4
SSLException (javax.net.ssl.SSLException)4
