Search in sources :

Example 1 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class AMCertStore method getCertificate.

/**
     * Return matched certificate from ldap certificate store 
     */
public X509Certificate getCertificate() {
    /*
         * Lookup the certificate in the LDAP certificate
         * directory and compare the values.
         */
    try (Connection ldc = getConnection()) {
        if (ldc == null) {
            return null;
        }
        ConnectionEntryReader results = getSearchResults(ldc, USERCERTIFICATE, USERCERTIFICATE_BINARY, CACERTIFICATE, CACERTIFICATE_BINARY);
        while (results != null && results.hasNext()) {
            // "Found search results for: " + cn , 2);
            if (results.isEntry()) {
                SearchResultEntry entry = results.readEntry();
                /*
                     * Retrieve the certificate from the store
                     */
                Attribute certAttribute = entry.getAttribute(USERCERTIFICATE);
                if (certAttribute == null) {
                    certAttribute = entry.getAttribute(USERCERTIFICATE_BINARY);
                    if (certAttribute == null) {
                        // an end-entity certificate can be a CA certificate
                        certAttribute = entry.getAttribute(CACERTIFICATE);
                        if (certAttribute == null) {
                            certAttribute = entry.getAttribute(CACERTIFICATE_BINARY);
                        }
                        if (certAttribute == null) {
                            debug.message("AMCertStore.getCertificate: Certificate - get usercertificate is null ");
                            continue;
                        }
                    }
                }
                for (ByteString value : certAttribute) {
                    byte[] bytes = value.toByteArray();
                    ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
                    X509Certificate c = null;
                    try {
                        c = (X509Certificate) cf.generateCertificate(bis);
                    } catch (CertificateParsingException e) {
                        debug.error("AMCertStore.getCertificate : " + "Error in Certificate parsing : ", e);
                    }
                    if (c != null) {
                        return c;
                    }
                }
            // inner while
            } else {
                SearchResultReference reference = results.readReference();
                debug.warning("Got an LDAP reference - only expected entries. Ignoring: {}", reference);
            }
        }
    // outer while  
    } catch (Exception e) {
        debug.error("AMCertStore.getCertificate : " + "Certificate - Error finding registered certificate = ", e);
    }
    return null;
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) CertificateParsingException(java.security.cert.CertificateParsingException) Attribute(org.forgerock.opendj.ldap.Attribute) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) SearchResultReference(org.forgerock.opendj.ldap.responses.SearchResultReference) X509Certificate(java.security.cert.X509Certificate) CertificateParsingException(java.security.cert.CertificateParsingException) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 2 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class LocalLdapAuthModule method getDN.

private String getDN(String uid) throws LoginException {
    String retVal = "";
    if (uid == null) {
        throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
    }
    if (LDAPUtils.isDN(uid)) {
        return uid;
    }
    String namingAttribute = UIDATTR;
    try {
        String orgName = (String) options.get(LoginContext.ORGNAME);
        if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
            // Use orgname only if it a DN, else baseDN
            orgName = baseDN;
        }
        if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
            namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
        }
    } catch (Exception e) {
    // Ignore the exception and use the default naming attribute
    }
    StringBuilder filter = new StringBuilder();
    filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
    String[] attrs = { "noAttr" };
    ConnectionEntryReader results = null;
    try {
        // Read the serverconfig.xml for LDAP information
        if (!readServerConfiguration) {
            readServerConfig();
        }
        if (conn == null) {
            debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
            throw (new LoginException("INVALID_USER_NAME"));
        } else {
            results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
        }
        if (results.hasNext()) {
            SearchResultEntry entry = results.readEntry();
            retVal = entry.getName().toString();
        }
        if (retVal == null || retVal.equals("")) {
            throw new LoginException("INVALID_USER_NAME");
        }
        return retVal;
    } catch (LdapException | SearchResultReferenceIOException ex) {
        throw new LoginException(ex.getMessage());
    } finally {
        IOUtils.closeIfNotNull(conn);
        conn = null;
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) LoginException(javax.security.auth.login.LoginException) Guid(com.iplanet.ums.Guid) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 3 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class DataLayer method read.

/**
     * Reads an ldap entry.
     * 
     * @param principal Authentication Principal.
     * @param guid Globally unique identifier for the entry.
     * @param attrNames Attributes to read.
     * @return an attribute set representing the entry in LDAP.
     * @exception EntryNotFoundException if the entry is not found.
     * @exception UMSException if fail to read the entry.
     *
     * @supported.api
     */
public AttrSet read(java.security.Principal principal, Guid guid, String[] attrNames) throws UMSException {
    String id = guid.getDn();
    ConnectionEntryReader entryReader;
    SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)", attrNames);
    entryReader = readLDAPEntry(principal, request);
    if (entryReader == null) {
        throw new AccessRightsException(id);
    }
    Collection<Attribute> attrs = new ArrayList<>();
    try (ConnectionEntryReader reader = entryReader) {
        while (reader.hasNext()) {
            if (reader.isReference()) {
                reader.readReference();
            //TODO AME-7017
            }
            SearchResultEntry entry = entryReader.readEntry();
            for (Attribute attr : entry.getAllAttributes()) {
                attrs.add(attr);
            }
        }
        if (attrs.isEmpty()) {
            throw new EntryNotFoundException(i18n.getString(IUMSConstants.ENTRY_NOT_FOUND, new String[] { id }));
        }
        return new AttrSet(attrs);
    } catch (IOException e) {
        throw new UMSException(i18n.getString(IUMSConstants.UNABLE_TO_READ_ENTRY, new String[] { id }), e);
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) Attribute(org.forgerock.opendj.ldap.Attribute) ArrayList(java.util.ArrayList) ByteString(org.forgerock.opendj.ldap.ByteString) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) AttrSet(com.iplanet.services.ldap.AttrSet)

Example 4 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class DataLayer method getAttributeString.

/**
     * Returns String values of the attribute.
     * 
     * @param principal Authentication Principal.
     * @param guid distinguished name.
     * @param attrName attribute name.
     *
     * @supported.api
     */
public String[] getAttributeString(Principal principal, Guid guid, String attrName) {
    String id = guid.getDn();
    SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)");
    try {
        try (ConnectionEntryReader reader = readLDAPEntry(principal, request)) {
            Attribute attribute = reader.readEntry().getAttribute(attrName);
            Collection<String> values = new ArrayList<>();
            for (ByteString byteString : attribute) {
                values.add(byteString.toString());
            }
            return values.toArray(new String[0]);
        }
    } catch (Exception e) {
        if (debug.warningEnabled()) {
            debug.warning("Exception in DataLayer.getAttributeString for DN: " + id, e);
        }
        return null;
    }
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) ArrayList(java.util.ArrayList) ByteString(org.forgerock.opendj.ldap.ByteString) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) LdapException(org.forgerock.opendj.ldap.LdapException) IOException(java.io.IOException)

Example 5 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class UserIdRepo method getADAMInstanceGUID.

private String getADAMInstanceGUID(Map userRepo) throws Exception {
    try (Connection ld = getLDAPConnection(userRepo)) {
        String attrName = "schemaNamingContext";
        ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
        if (res.hasNext()) {
            SearchResultEntry entry = res.readEntry();
            Attribute ldapAttr = entry.getAttribute(attrName);
            if (ldapAttr != null) {
                String value = ldapAttr.firstValueAsString();
                int index = value.lastIndexOf("=");
                if (index != -1) {
                    return value.substring(index + 1).trim();
                }
            }
        }
    }
    return null;
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Attribute(org.forgerock.opendj.ldap.Attribute) Connection(org.forgerock.opendj.ldap.Connection) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)48 LdapException (org.forgerock.opendj.ldap.LdapException)38 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)38 Connection (org.forgerock.opendj.ldap.Connection)35 ByteString (org.forgerock.opendj.ldap.ByteString)26 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)26 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)19 ResultCode (org.forgerock.opendj.ldap.ResultCode)18 HashSet (java.util.HashSet)17 Attribute (org.forgerock.opendj.ldap.Attribute)16 PolicyException (com.sun.identity.policy.PolicyException)12 SSOException (com.iplanet.sso.SSOException)11 IOException (java.io.IOException)10 InvalidNameException (com.sun.identity.policy.InvalidNameException)9 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9 SMSException (com.sun.identity.sm.SMSException)7 ArrayList (java.util.ArrayList)7 LinkedHashSet (java.util.LinkedHashSet)7 DN (org.forgerock.opendj.ldap.DN)7 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)5