Example 6 with LdapName
use of javax.naming.ldap.LdapName in project gpconnect-demonstrator by nhsconnect.
the class CertificateValidator method getIssuerCommonName.
private String getIssuerCommonName(X509Certificate x509Certificate) throws InvalidNameException {
String value = x509Certificate.getIssuerX500Principal().getName();
LdapName ldapDN = new LdapName(value);
for (Rdn rdn : ldapDN.getRdns()) {
if (rdn.getType().equals("CN")) {
return rdn.getValue().toString();
}
}
return "";
}Example 7 with LdapName
use of javax.naming.ldap.LdapName in project ranger by apache.
the class AssetMgr method getLatestRepoPolicy.
public String getLatestRepoPolicy(VXAsset xAsset, List<VXResource> xResourceList, Long updatedTime, X509Certificate[] certchain, boolean httpEnabled, String epoch, String ipAddress, boolean isSecure, String count, String agentId) {
if (xAsset == null) {
logger.error("Requested repository not found");
throw restErrorUtil.createRESTException("No Data Found.", MessageEnums.DATA_NOT_FOUND);
}
if (xResourceList == null) {
logger.error("ResourceList is found");
throw restErrorUtil.createRESTException("No Data Found.", MessageEnums.DATA_NOT_FOUND);
}
if (xAsset.getActiveStatus() == RangerCommonEnums.ACT_STATUS_DISABLED) {
logger.error("Requested repository is disabled");
throw restErrorUtil.createRESTException("Unauthorized access.", MessageEnums.OPER_NO_EXPORT);
}
HashMap<String, Object> updatedRepo = new HashMap<String, Object>();
updatedRepo.put("repository_name", xAsset.getName());
XXPolicyExportAudit policyExportAudit = new XXPolicyExportAudit();
policyExportAudit.setRepositoryName(xAsset.getName());
if (agentId != null && !agentId.isEmpty()) {
policyExportAudit.setAgentId(agentId);
}
policyExportAudit.setClientIP(ipAddress);
if (epoch != null && !epoch.trim().isEmpty() && !"null".equalsIgnoreCase(epoch)) {
policyExportAudit.setRequestedEpoch(Long.parseLong(epoch));
} else {
policyExportAudit.setRequestedEpoch(0L);
}
if (!httpEnabled) {
if (!isSecure) {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST);
createPolicyAudit(policyExportAudit);
throw restErrorUtil.createRESTException("Unauthorized access -" + " only https allowed", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
if (certchain == null || certchain.length == 0) {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST);
createPolicyAudit(policyExportAudit);
throw restErrorUtil.createRESTException("Unauthorized access -" + " unable to get client certificate", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
Long policyCount = restErrorUtil.parseLong(count, "Invalid value for " + "policyCount", MessageEnums.INVALID_INPUT_DATA, null, "policyCount");
String commonName = null;
if (certchain != null) {
X509Certificate clientCert = certchain[0];
String dn = clientCert.getSubjectX500Principal().getName();
try {
LdapName ln = new LdapName(dn);
for (Rdn rdn : ln.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
commonName = rdn.getValue() + "";
break;
}
}
if (commonName == null) {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST);
createPolicyAudit(policyExportAudit);
throw restErrorUtil.createRESTException("Unauthorized access - Unable to find Common Name from [" + dn + "]", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
} catch (InvalidNameException e) {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST);
createPolicyAudit(policyExportAudit);
logger.error("Invalid Common Name.", e);
throw restErrorUtil.createRESTException("Unauthorized access - Invalid Common Name", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
if (policyCount == null) {
policyCount = 0L;
}
if (commonName != null) {
String config = xAsset.getConfig();
Map<String, String> configMap = jsonUtil.jsonToMap(config);
String cnFromConfig = configMap.get("commonNameForCertificate");
if (cnFromConfig == null || !commonName.equalsIgnoreCase(cnFromConfig)) {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST);
createPolicyAudit(policyExportAudit);
throw restErrorUtil.createRESTException("Unauthorized access. expected [" + cnFromConfig + "], found [" + commonName + "]", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
long epochTime = epoch != null ? Long.parseLong(epoch) : 0;
if (epochTime == updatedTime) {
int resourceListSz = xResourceList.size();
if (policyCount == resourceListSz) {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_NOT_MODIFIED);
createPolicyAudit(policyExportAudit);
throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_MODIFIED, "No change since last update", false);
}
}
List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String, Object>>();
// HDFS Repository
if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
for (VXResource xResource : xResourceList) {
HashMap<String, Object> resourceMap = new HashMap<String, Object>();
resourceMap.put("id", xResource.getId());
resourceMap.put("resource", xResource.getName());
resourceMap.put("isRecursive", getBooleanValue(xResource.getIsRecursive()));
resourceMap.put("policyStatus", RangerCommonEnums.getLabelFor_ActiveStatus(xResource.getResourceStatus()));
// resourceMap.put("isEncrypt",
// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS);
List<VXAuditMap> xAuditMaps = xResource.getAuditList();
if (xAuditMaps.size() != 0) {
resourceMap.put("audit", 1);
} else {
resourceMap.put("audit", 0);
}
resourceList.add(resourceMap);
}
} else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
for (VXResource xResource : xResourceList) {
HashMap<String, Object> resourceMap = new HashMap<String, Object>();
resourceMap.put("id", xResource.getId());
resourceMap.put("database_name", xResource.getDatabases());
resourceMap.put("policyStatus", RangerCommonEnums.getLabelFor_ActiveStatus(xResource.getResourceStatus()));
resourceMap.put("tablePolicyType", AppConstants.getLabelFor_PolicyType(xResource.getTableType()));
resourceMap.put("columnPolicyType", AppConstants.getLabelFor_PolicyType(xResource.getColumnType()));
int resourceType = xResource.getResourceType();
if (resourceType == AppConstants.RESOURCE_UDF) {
resourceMap.put("udf_name", xResource.getUdfs());
} else if (resourceType == AppConstants.RESOURCE_COLUMN) {
resourceMap.put("table_name", xResource.getTables());
resourceMap.put("column_name", xResource.getColumns());
} else if (resourceType == AppConstants.RESOURCE_TABLE) {
resourceMap.put("table_name", xResource.getTables());
}
populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE);
List<VXAuditMap> xAuditMaps = xResource.getAuditList();
if (xAuditMaps.size() != 0) {
resourceMap.put("audit", 1);
} else {
resourceMap.put("audit", 0);
}
resourceList.add(resourceMap);
}
} else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
for (VXResource xResource : xResourceList) {
HashMap<String, Object> resourceMap = new HashMap<String, Object>();
resourceMap.put("id", xResource.getId());
resourceMap.put("table_name", xResource.getTables());
resourceMap.put("column_name", xResource.getColumns());
resourceMap.put("column_families", xResource.getColumnFamilies());
resourceMap.put("policyStatus", RangerCommonEnums.getLabelFor_ActiveStatus(xResource.getResourceStatus()));
if (xResource.getIsEncrypt() == 1) {
resourceMap.put("encrypt", 1);
} else {
resourceMap.put("encrypt", 0);
}
// resourceMap.put("isEncrypt",
// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE);
List<VXAuditMap> xAuditMaps = xResource.getAuditList();
if (xAuditMaps.size() != 0) {
resourceMap.put("audit", 1);
} else {
resourceMap.put("audit", 0);
}
resourceList.add(resourceMap);
}
} else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
for (VXResource xResource : xResourceList) {
HashMap<String, Object> resourceMap = new HashMap<String, Object>();
resourceMap.put("id", xResource.getId());
resourceMap.put("topology_name", xResource.getTopologies());
resourceMap.put("service_name", xResource.getServices());
resourceMap.put("policyStatus", RangerCommonEnums.getLabelFor_ActiveStatus(xResource.getResourceStatus()));
if (xResource.getIsEncrypt() == 1) {
resourceMap.put("encrypt", 1);
} else {
resourceMap.put("encrypt", 0);
}
// resourceMap.put("isEncrypt",
// AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt()));
populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX);
List<VXAuditMap> xAuditMaps = xResource.getAuditList();
if (xAuditMaps.size() != 0) {
resourceMap.put("audit", 1);
} else {
resourceMap.put("audit", 0);
}
resourceList.add(resourceMap);
}
} else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
for (VXResource xResource : xResourceList) {
HashMap<String, Object> resourceMap = new HashMap<String, Object>();
resourceMap.put("id", xResource.getId());
resourceMap.put("topology_name", xResource.getTopologies());
resourceMap.put("policyStatus", RangerCommonEnums.getLabelFor_ActiveStatus(xResource.getResourceStatus()));
if (xResource.getIsEncrypt() == 1) {
resourceMap.put("encrypt", 1);
} else {
resourceMap.put("encrypt", 0);
}
populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM);
List<VXAuditMap> xAuditMaps = xResource.getAuditList();
if (xAuditMaps.size() != 0) {
resourceMap.put("audit", 1);
} else {
resourceMap.put("audit", 0);
}
resourceList.add(resourceMap);
}
} else {
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST);
createPolicyAudit(policyExportAudit);
throw restErrorUtil.createRESTException("The operation isn't yet supported for the repository", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
policyCount = Long.valueOf(resourceList.size());
updatedRepo.put("last_updated", updatedTime);
updatedRepo.put("policyCount", policyCount);
updatedRepo.put("acl", resourceList);
String updatedPolicyStr = jsonUtil.readMapToString(updatedRepo);
// File file = null;
// try {
// file = jsonUtil.writeMapToFile(updatedRepo, repository);
// } catch (JsonGenerationException e) {
// logger.error("Error exporting policies for repository : "
// + repository, e);
// } catch (JsonMappingException e) {
// logger.error("Error exporting policies for repository : "
// + repository, e);
// } catch (IOException e) {
// logger.error("Error exporting policies for repository : "
// + repository, e);
// }
policyExportAudit.setHttpRetCode(HttpServletResponse.SC_OK);
createPolicyAudit(policyExportAudit);
return updatedPolicyStr;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
XXPolicyExportAudit(org.apache.ranger.entity.XXPolicyExportAudit)
X509Certificate(java.security.cert.X509Certificate)
LdapName(javax.naming.ldap.LdapName)
InvalidNameException(javax.naming.InvalidNameException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Rdn(javax.naming.ldap.Rdn)
Example 8 with LdapName
use of javax.naming.ldap.LdapName in project qpid-broker-j by apache.
the class SSLUtil method getNamesFromCert.
private static SortedSet<String> getNamesFromCert(final X509Certificate cert) throws InvalidNameException, CertificateParsingException {
Principal p = cert.getSubjectDN();
String dn = p.getName();
SortedSet<String> names = new TreeSet<>();
LdapName ldapName = new LdapName(dn);
for (Rdn part : ldapName.getRdns()) {
if (part.getType().equalsIgnoreCase("CN")) {
names.add(part.getValue().toString());
break;
}
}
if (cert.getSubjectAlternativeNames() != null) {
for (List<?> entry : cert.getSubjectAlternativeNames()) {
if (DNS_NAME_TYPE.equals(entry.get(0))) {
names.add((String) entry.get(1));
}
}
}
return names;
}Example 9 with LdapName
use of javax.naming.ldap.LdapName in project qpid-broker-j by apache.
the class SSLUtil method getIdFromSubjectDN.
public static String getIdFromSubjectDN(String dn) {
String cnStr = null;
String dcStr = null;
if (dn == null) {
return "";
} else {
try {
LdapName ln = new LdapName(dn);
for (Rdn rdn : ln.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
cnStr = rdn.getValue().toString();
} else if ("DC".equalsIgnoreCase(rdn.getType())) {
if (dcStr == null) {
dcStr = rdn.getValue().toString();
} else {
dcStr = rdn.getValue().toString() + '.' + dcStr;
}
}
}
return cnStr == null || cnStr.length() == 0 ? "" : dcStr == null ? cnStr : cnStr + '@' + dcStr;
} catch (InvalidNameException e) {
LOGGER.warn("Invalid name: '{}'", dn);
return "";
}
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Example 10 with LdapName
use of javax.naming.ldap.LdapName in project qpid-broker-j by apache.
the class NonJavaKeyStoreImpl method getSubjectName.
@Override
public String getSubjectName() {
if (_certificate != null) {
try {
String dn = _certificate.getSubjectX500Principal().getName();
LdapName ldapDN = new LdapName(dn);
String name = dn;
for (Rdn rdn : ldapDN.getRdns()) {
if (rdn.getType().equalsIgnoreCase("CN")) {
name = String.valueOf(rdn.getValue());
break;
}
}
return name;
} catch (InvalidNameException e) {
LOGGER.error("Error getting subject name from certificate");
return null;
}
} else {
return null;
}
}
Also used :
InvalidNameException(javax.naming.InvalidNameException)
Rdn(javax.naming.ldap.Rdn)
LdapName(javax.naming.ldap.LdapName)
Aggregations
LdapName (javax.naming.ldap.LdapName)86
Rdn (javax.naming.ldap.Rdn)43
InvalidNameException (javax.naming.InvalidNameException)27
Attribute (javax.naming.directory.Attribute)18
NamingException (javax.naming.NamingException)16
Attributes (javax.naming.directory.Attributes)12
SearchResult (javax.naming.directory.SearchResult)10
Test (org.junit.Test)10
IOException (java.io.IOException)6
X509Certificate (java.security.cert.X509Certificate)6
ArrayList (java.util.ArrayList)6
HashMap (java.util.HashMap)6
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)5
Test (org.junit.jupiter.api.Test)5
HashSet (java.util.HashSet)4
List (java.util.List)4
NoSuchElementException (java.util.NoSuchElementException)4
TreeSet (java.util.TreeSet)4
SearchControls (javax.naming.directory.SearchControls)4
SSLException (javax.net.ssl.SSLException)4
