Example 81 with LdapName
use of javax.naming.ldap.LdapName in project druid by druid-io.
the class LDAPRoleProvider method getGroupsFromLdap.
Set<LdapName> getGroupsFromLdap(SearchResult userResult) throws NamingException {
Set<LdapName> groups = new TreeSet<>();
Attribute memberOf = userResult.getAttributes().get("memberOf");
if (memberOf == null) {
LOG.debug("No memberOf attributes");
// not part of any groups
return groups;
}
for (int i = 0; i < memberOf.size(); i++) {
String memberDn = memberOf.get(i).toString();
LdapName ln;
try {
ln = new LdapName(memberDn);
} catch (InvalidNameException e) {
LOG.debug("Invalid LDAP name: %s", memberDn);
continue;
}
if (this.groupFilters != null) {
if (allowedLdapGroup(ln, new TreeSet<>(Arrays.asList(this.groupFilters)))) {
groups.add(ln);
}
} else {
groups.add(ln);
}
}
return groups;
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Attribute(javax.naming.directory.Attribute)
TreeSet(java.util.TreeSet)
LdapName(javax.naming.ldap.LdapName)
Example 82 with LdapName
use of javax.naming.ldap.LdapName in project SSM by Intel-bigdata.
the class LdapRealm method addRoleIfMember.
private void addRoleIfMember(final String userDn, final SearchResult group, final Set<String> roleNames, final Set<String> groupNames, final LdapContextFactory ldapContextFactory) throws NamingException {
NamingEnumeration<? extends Attribute> attributeEnum = null;
NamingEnumeration<?> ne = null;
try {
LdapName userLdapDn = new LdapName(userDn);
Attribute attribute = group.getAttributes().get(getGroupIdAttribute());
String groupName = attribute.get().toString();
attributeEnum = group.getAttributes().getAll();
while (attributeEnum.hasMore()) {
final Attribute attr = attributeEnum.next();
if (!memberAttribute.equalsIgnoreCase(attr.getID())) {
continue;
}
ne = attr.getAll();
while (ne.hasMore()) {
String attrValue = ne.next().toString();
if (memberAttribute.equalsIgnoreCase(MEMBER_URL)) {
boolean dynamicGroupMember = isUserMemberOfDynamicGroup(userLdapDn, attrValue, ldapContextFactory);
if (dynamicGroupMember) {
groupNames.add(groupName);
String roleName = roleNameFor(groupName);
if (roleName != null) {
roleNames.add(roleName);
} else {
roleNames.add(groupName);
}
}
} else {
if (groupObjectClass.equalsIgnoreCase(POSIX_GROUP)) {
attrValue = memberAttributeValuePrefix + attrValue + memberAttributeValueSuffix;
}
if (userLdapDn.equals(new LdapName(attrValue))) {
groupNames.add(groupName);
String roleName = roleNameFor(groupName);
if (roleName != null) {
roleNames.add(roleName);
} else {
roleNames.add(groupName);
}
break;
}
}
}
}
} finally {
try {
if (attributeEnum != null) {
attributeEnum.close();
}
} finally {
if (ne != null) {
ne.close();
}
}
}
}Example 83 with LdapName
use of javax.naming.ldap.LdapName in project vert.x by eclipse.
the class KeyStoreHelper method getX509CertificateCommonNames.
public static List<String> getX509CertificateCommonNames(String dn) throws Exception {
List<String> names = new ArrayList<>();
if (!PlatformDependent.isAndroid()) {
LdapName ldapDN = new LdapName(dn);
for (Rdn rdn : ldapDN.getRdns()) {
if (rdn.getType().equalsIgnoreCase("cn")) {
String name = rdn.getValue().toString();
names.add(name);
}
}
} else {
String[] rdns = dn.trim().split("[,;]");
for (String rdn : rdns) {
String[] nvp = rdn.trim().split("=");
if (nvp.length == 2 && "cn".equalsIgnoreCase(nvp[0])) {
names.add(nvp[1]);
}
}
}
return names;
}Example 84 with LdapName
use of javax.naming.ldap.LdapName in project zm-mailbox by Zimbra.
the class CertUtil method getSubjectAttr.
private String getSubjectAttr(String needAttrName, String needAttrOid) {
String subjectDN = getSubjectDN();
try {
LdapName dn = new LdapName(subjectDN);
List<Rdn> rdns = dn.getRdns();
for (Rdn rdn : rdns) {
String type = rdn.getType();
boolean isOid = type.contains(".");
boolean matched = (isOid ? type.equals(needAttrOid) : type.equals(needAttrName));
if (matched) {
Object value = rdn.getValue();
if (value == null) {
continue;
}
if (isOid) {
byte[] bytes = (byte[]) value;
ASN1InputStream decoder = null;
try {
decoder = new ASN1InputStream(bytes);
ASN1Encodable encoded = decoder.readObject();
DERIA5String str = DERIA5String.getInstance(encoded);
return str.getString();
} catch (IOException e) {
ZimbraLog.account.warn(LOG_PREFIX + "unable to decode " + type, e);
} finally {
ByteUtil.closeStream(decoder);
}
} else {
return value.toString();
}
}
}
} catch (InvalidNameException e) {
ZimbraLog.account.warn(LOG_PREFIX + "Invalid subject dn value" + subjectDN, e);
}
return null;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
InvalidNameException(javax.naming.InvalidNameException)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
IOException(java.io.IOException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 85 with LdapName
use of javax.naming.ldap.LdapName in project zookeeper by apache.
the class ZKHostnameVerifier method extractCN.
private static String extractCN(final String subjectPrincipal) throws SSLException {
if (subjectPrincipal == null) {
return null;
}
try {
final LdapName subjectDN = new LdapName(subjectPrincipal);
final List<Rdn> rdns = subjectDN.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
final Rdn rds = rdns.get(i);
final Attributes attributes = rds.toAttributes();
final Attribute cn = attributes.get("cn");
if (cn != null) {
try {
final Object value = cn.get();
if (value != null) {
return value.toString();
}
} catch (final NoSuchElementException ignore) {
// ignore exception
} catch (final NamingException ignore) {
// ignore exception
}
}
}
return null;
} catch (final InvalidNameException e) {
throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Attribute(javax.naming.directory.Attribute)
Attributes(javax.naming.directory.Attributes)
NamingException(javax.naming.NamingException)
Rdn(javax.naming.ldap.Rdn)
SSLException(javax.net.ssl.SSLException)
NoSuchElementException(java.util.NoSuchElementException)
LdapName(javax.naming.ldap.LdapName)
Aggregations
LdapName (javax.naming.ldap.LdapName)88
Rdn (javax.naming.ldap.Rdn)44
InvalidNameException (javax.naming.InvalidNameException)27
Attribute (javax.naming.directory.Attribute)18
NamingException (javax.naming.NamingException)17
Attributes (javax.naming.directory.Attributes)12
SearchResult (javax.naming.directory.SearchResult)10
Test (org.junit.Test)10
ArrayList (java.util.ArrayList)8
X509Certificate (java.security.cert.X509Certificate)6
HashMap (java.util.HashMap)6
IOException (java.io.IOException)5
Test (org.junit.jupiter.api.Test)5
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)4
HashSet (java.util.HashSet)4
List (java.util.List)4
NoSuchElementException (java.util.NoSuchElementException)4
TreeSet (java.util.TreeSet)4
SearchControls (javax.naming.directory.SearchControls)4
SSLException (javax.net.ssl.SSLException)4
