use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class AMCertStore method getCertificate.
/**
* Return matched certificate from ldap certificate store
*/
public X509Certificate getCertificate() {
/*
* Lookup the certificate in the LDAP certificate
* directory and compare the values.
*/
try (Connection ldc = getConnection()) {
if (ldc == null) {
return null;
}
ConnectionEntryReader results = getSearchResults(ldc, USERCERTIFICATE, USERCERTIFICATE_BINARY, CACERTIFICATE, CACERTIFICATE_BINARY);
while (results != null && results.hasNext()) {
// "Found search results for: " + cn , 2);
if (results.isEntry()) {
SearchResultEntry entry = results.readEntry();
/*
* Retrieve the certificate from the store
*/
Attribute certAttribute = entry.getAttribute(USERCERTIFICATE);
if (certAttribute == null) {
certAttribute = entry.getAttribute(USERCERTIFICATE_BINARY);
if (certAttribute == null) {
// an end-entity certificate can be a CA certificate
certAttribute = entry.getAttribute(CACERTIFICATE);
if (certAttribute == null) {
certAttribute = entry.getAttribute(CACERTIFICATE_BINARY);
}
if (certAttribute == null) {
debug.message("AMCertStore.getCertificate: Certificate - get usercertificate is null ");
continue;
}
}
}
for (ByteString value : certAttribute) {
byte[] bytes = value.toByteArray();
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
X509Certificate c = null;
try {
c = (X509Certificate) cf.generateCertificate(bis);
} catch (CertificateParsingException e) {
debug.error("AMCertStore.getCertificate : " + "Error in Certificate parsing : ", e);
}
if (c != null) {
return c;
}
}
// inner while
} else {
SearchResultReference reference = results.readReference();
debug.warning("Got an LDAP reference - only expected entries. Ignoring: {}", reference);
}
}
// outer while
} catch (Exception e) {
debug.error("AMCertStore.getCertificate : " + "Certificate - Error finding registered certificate = ", e);
}
return null;
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class LocalLdapAuthModule method getDN.
private String getDN(String uid) throws LoginException {
String retVal = "";
if (uid == null) {
throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
}
if (LDAPUtils.isDN(uid)) {
return uid;
}
String namingAttribute = UIDATTR;
try {
String orgName = (String) options.get(LoginContext.ORGNAME);
if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
// Use orgname only if it a DN, else baseDN
orgName = baseDN;
}
if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
}
} catch (Exception e) {
// Ignore the exception and use the default naming attribute
}
StringBuilder filter = new StringBuilder();
filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
String[] attrs = { "noAttr" };
ConnectionEntryReader results = null;
try {
// Read the serverconfig.xml for LDAP information
if (!readServerConfiguration) {
readServerConfig();
}
if (conn == null) {
debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
throw (new LoginException("INVALID_USER_NAME"));
} else {
results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
}
if (results.hasNext()) {
SearchResultEntry entry = results.readEntry();
retVal = entry.getName().toString();
}
if (retVal == null || retVal.equals("")) {
throw new LoginException("INVALID_USER_NAME");
}
return retVal;
} catch (LdapException | SearchResultReferenceIOException ex) {
throw new LoginException(ex.getMessage());
} finally {
IOUtils.closeIfNotNull(conn);
conn = null;
}
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DataLayer method read.
/**
* Reads an ldap entry.
*
* @param principal Authentication Principal.
* @param guid Globally unique identifier for the entry.
* @param attrNames Attributes to read.
* @return an attribute set representing the entry in LDAP.
* @exception EntryNotFoundException if the entry is not found.
* @exception UMSException if fail to read the entry.
*
* @supported.api
*/
public AttrSet read(java.security.Principal principal, Guid guid, String[] attrNames) throws UMSException {
String id = guid.getDn();
ConnectionEntryReader entryReader;
SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)", attrNames);
entryReader = readLDAPEntry(principal, request);
if (entryReader == null) {
throw new AccessRightsException(id);
}
Collection<Attribute> attrs = new ArrayList<>();
try (ConnectionEntryReader reader = entryReader) {
while (reader.hasNext()) {
if (reader.isReference()) {
reader.readReference();
//TODO AME-7017
}
SearchResultEntry entry = entryReader.readEntry();
for (Attribute attr : entry.getAllAttributes()) {
attrs.add(attr);
}
}
if (attrs.isEmpty()) {
throw new EntryNotFoundException(i18n.getString(IUMSConstants.ENTRY_NOT_FOUND, new String[] { id }));
}
return new AttrSet(attrs);
} catch (IOException e) {
throw new UMSException(i18n.getString(IUMSConstants.UNABLE_TO_READ_ENTRY, new String[] { id }), e);
}
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DataLayer method getAttributeString.
/**
* Returns String values of the attribute.
*
* @param principal Authentication Principal.
* @param guid distinguished name.
* @param attrName attribute name.
*
* @supported.api
*/
public String[] getAttributeString(Principal principal, Guid guid, String attrName) {
String id = guid.getDn();
SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)");
try {
try (ConnectionEntryReader reader = readLDAPEntry(principal, request)) {
Attribute attribute = reader.readEntry().getAttribute(attrName);
Collection<String> values = new ArrayList<>();
for (ByteString byteString : attribute) {
values.add(byteString.toString());
}
return values.toArray(new String[0]);
}
} catch (Exception e) {
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.getAttributeString for DN: " + id, e);
}
return null;
}
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class UserIdRepo method getADAMInstanceGUID.
private String getADAMInstanceGUID(Map userRepo) throws Exception {
try (Connection ld = getLDAPConnection(userRepo)) {
String attrName = "schemaNamingContext";
ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
if (res.hasNext()) {
SearchResultEntry entry = res.readEntry();
Attribute ldapAttr = entry.getAttribute(attrName);
if (ldapAttr != null) {
String value = ldapAttr.firstValueAsString();
int index = value.lastIndexOf("=");
if (index != -1) {
return value.substring(index + 1).trim();
}
}
}
}
return null;
}
Aggregations