Examples with ByteString org.forgerock.opendj.ldap.ByteString used on opensource projects

Example 16 with ByteString

use of org.forgerock.opendj.ldap.ByteString in project OpenAM by OpenRock.

the class LDAPRoles method getUserRoles.

/**
     *  returns user's roles from userLDAPRoleCache if found, 
     *  else gets users roles from the directory
     *  @return <code>Set</code> of Role DNs.
     */
private Set getUserRoles(SSOToken token, SearchResultEntry userEntry) throws SSOException, PolicyException {
    if (token == null) {
        return null;
    }
    String tokenIDStr = token.getTokenID().toString();
    Map serverRoleMap = null;
    if ((serverRoleMap = (Map) userLDAPRoleCache.get(tokenIDStr)) != null) {
        Object[] element = (Object[]) serverRoleMap.get(ldapServer);
        if (element != null) {
            long timeToLive = (element[0] == null) ? 0 : ((Long) element[0]).longValue();
            long currentTime = System.currentTimeMillis();
            if (timeToLive > currentTime) {
                if (debug.messageEnabled()) {
                    debug.message("LDAPRoles.getUserRoles():" + " get the nsrole values from cache.\n");
                }
                return (Set) element[1];
            }
        }
    }
    // add or update the cache entry.
    // we come here either the token is not registered with the
    // cache or the cache element is out of date. 
    // get the user DN from the directory server.
    Set<String> roles = new HashSet<>();
    if (userEntry != null) {
        Attribute attribute = userEntry.getAttribute(LDAP_USER_ROLE_ATTR);
        if (attribute != null) {
            for (ByteString value : attribute) {
                roles.add(DN.valueOf(value.toString()).toString());
            }
        }
        // If the cache is enabled
        if (SubjectEvaluationCache.getSubjectEvalTTL() > 0) {
            Object[] elem = new Object[2];
            elem[0] = new Long(System.currentTimeMillis() + SubjectEvaluationCache.getSubjectEvalTTL());
            elem[1] = roles;
            serverRoleMap = null;
            if ((serverRoleMap = (Map) userLDAPRoleCache.get(tokenIDStr)) == null) {
                serverRoleMap = Collections.synchronizedMap(new HashMap());
                serverRoleMap.put(ldapServer, elem);
                userLDAPRoleCache.put(tokenIDStr, serverRoleMap);
            } else {
                serverRoleMap.put(ldapServer, elem);
            }
        }
    }
    return roles;
}

Example 17 with ByteString

use of org.forgerock.opendj.ldap.ByteString in project OpenAM by OpenRock.

the class LDAPGroups method isMemberOfGroup.

/**
     * Find out if a user belongs to a particular group
     * @param groupName the ldap DN of the group
     * @param userDN the ldap DN of the user
     * @return <code>true</code> if the user is member of the group;
     * <code>false</code> otherwise.
     */
private boolean isMemberOfGroup(String groupName, DN userDN, String userRDN, SSOToken token) throws SSOException, PolicyException {
    if (debug.messageEnabled()) {
        debug.message("LDAPGroups.isMemberOfGroup():" + " entering with groupName = " + groupName + ",userDN = " + userDN);
    }
    if ((groupName == null) || (groupName.length() == 0) || (userDN == null)) {
        return false;
    }
    String tokenID = token.getTokenID().toString();
    boolean groupMatch = false;
    SearchResultEntry entry;
    try (Connection conn = connPool.getConnection()) {
        entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(groupName));
    } catch (Exception e) {
        debug.warning("LDAPGroups: invalid group name {} specified in the policy definition.", groupName);
        return false;
    }
    debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ATTR);
    Attribute attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ATTR);
    if (attribute != null) {
        for (ByteString memberDNStr : attribute) {
            debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
            DN memberDN = DN.valueOf(memberDNStr.toString());
            if (userDN.equals(memberDN)) {
                groupMatch = true;
                break;
            }
        }
    }
    if (!groupMatch) {
        debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ALT_ATTR);
        attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ALT_ATTR);
        if (attribute != null) {
            for (ByteString memberDNStr : attribute) {
                debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
                DN memberDN = DN.valueOf(memberDNStr.toString());
                if (userDN.equals(memberDN)) {
                    groupMatch = true;
                    break;
                }
            }
        }
    }
    if (!groupMatch) {
        attribute = entry.getAttribute(DYNAMIC_GROUP_MEMBER_URL);
        if (attribute != null) {
            for (ByteString memberUrl : attribute) {
                try {
                    LDAPUrl ldapUrl = LDAPUrl.valueOf(memberUrl.toString());
                    Set members = findDynamicGroupMembersByUrl(ldapUrl, userRDN);
                    Iterator iter = members.iterator();
                    while (iter.hasNext()) {
                        String memberDNStr = (String) iter.next();
                        DN memberDN = DN.valueOf(memberDNStr);
                        if (userDN.equals(memberDN)) {
                            groupMatch = true;
                            break;
                        }
                    }
                } catch (LocalizedIllegalArgumentException e) {
                    throw new PolicyException(e);
                }
            }
        }
    }
    debug.message("LDAPGroups.isMemberOfGroup():adding entry {} {} {} {} in subject evaluation cache.", tokenID, ldapServer, groupName, groupMatch);
    SubjectEvaluationCache.addEntry(tokenID, ldapServer, groupName, groupMatch);
    return groupMatch;
}

Example 18 with ByteString

use of org.forgerock.opendj.ldap.ByteString in project OpenAM by OpenRock.

the class LDAPUsers method toStringArray.

private String[] toStringArray(Attribute lAttr) {
    String[] values = new String[lAttr.size()];
    int j = 0;
    for (ByteString value : lAttr) {
        values[j++] = value.toString();
    }
    return values;
}

Example 19 with ByteString

use of org.forgerock.opendj.ldap.ByteString in project OpenAM by OpenRock.

the class EmbeddedOpenDS method getServerSet.

/**
     * Gets list of replicated servers from local OpenDJ directory.
     */
public static Set getServerSet(Connection lc) {
    final String[] attrs = { "uniqueMember" };
    Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
    try {
        if (lc != null) {
            SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replDN, attrs));
            if (le != null) {
                Set hostSet = new HashSet();
                Attribute la = le.getAttribute(attrs[0]);
                if (la != null) {
                    for (ByteString value : la) {
                        hostSet.add(value.toString().substring(3, value.length()));
                    }
                }
                return hostSet;
            } else {
                debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replDN);
            }
        } else {
            debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local opends instance.");
        }
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
    }
    return null;
}

Example 20 with ByteString

use of org.forgerock.opendj.ldap.ByteString in project OpenAM by OpenRock.

the class IndexChangeHandler method handleEntry.

@Override
public boolean handleEntry(SearchResultEntry entry) {
    EntryChangeNotificationResponseControl control = null;
    try {
        // Retrieve details of the policy change.
        control = entry.getControl(EntryChangeNotificationResponseControl.DECODER, new DecodeOptions());
    } catch (DecodeException dE) {
        DEBUG.error("Error occurred attempting to read policy rule change.", dE);
        // Notify observers of the exception and proceed no further.
        observable.notifyObservers(ErrorEventType.SEARCH_FAILURE.createEvent());
        return true;
    }
    // Extract the realm from the DN to be passed as part of the event.
    String dn = entry.getName().toString();
    String orgName = dn.substring(dn.indexOf(SERVICE_DECLARATION) + SERVICE_DECLARATION.length());
    String realm = dnMapper.orgNameToRealmName(orgName);
    // Retrieve all sunxmlKeyValue attributes.
    Attribute attributes = entry.getAttribute(AttributeDescription.valueOf("sunxmlKeyValue"));
    for (ByteString attrValue : attributes) {
        String attStrValue = attrValue.toString();
        if (attStrValue.startsWith(INDEX_PATH_ATT)) {
            // Extract the path index out of the attribute value.
            String pathIndex = attStrValue.substring(INDEX_PATH_ATT.length() + 1);
            switch(control.getChangeType()) {
                case MODIFY:
                // this will result in the old index remaining.
                case ADD:
                    observable.notifyObservers(ModificationEventType.ADD.createEvent(pathIndex, realm));
                    break;
                case DELETE:
                    observable.notifyObservers(ModificationEventType.DELETE.createEvent(pathIndex, realm));
                    break;
            }
        }
    }
    return true;
}