List of usage examples for javax.naming.ldap Rdn getType
public String getType()
From source file:org.nuxeo.ecm.directory.ldap.LDAPReference.java
/** * Simple helper that replaces ", " by "," in the provided dn and returns the lower case version of the result for * comparison purpose./*from ww w .j a v a2 s .c om*/ * * @param dn the raw unnormalized dn * @return lowercase version without whitespace after commas * @throws InvalidNameException */ protected static String pseudoNormalizeDn(String dn) throws InvalidNameException { LdapName ldapName = new LdapName(dn); List<String> rdns = new ArrayList<>(); for (Rdn rdn : ldapName.getRdns()) { String value = rdn.getValue().toString().toLowerCase().replaceAll(",", "\\\\,"); String rdnStr = rdn.getType().toLowerCase() + "=" + value; rdns.add(0, rdnStr); } return StringUtils.join(rdns, ','); }
From source file:org.security4java.X509SubjectDnRetriever.java
public String getUserName(X509Certificate clientCert) { if (log.isDebugEnabled()) { log.debug("getUserName(X509Certificate) - start"); }/*from ww w . ja v a2s.co m*/ String subject = getSubjectDN(clientCert); String userName = null; if (subject != null) { if (log.isDebugEnabled()) { log.debug("Subject is [" + subject + "]."); } if (subjectDnAttribute == null) { if (log.isDebugEnabled()) { log.debug("subjectDnAttribute is null, so return the whole subject."); } userName = subject; } else { boolean foundUserName = false; try { LdapName ldapName = new LdapName(subject); List<Rdn> list = ldapName.getRdns(); if (list != null) { for (Rdn rdn : list) { String type = rdn.getType(); if (subjectDnAttribute.equalsIgnoreCase(type.toString())) { Object value = rdn.getValue(); if (value instanceof String) { userName = (String) value; foundUserName = true; if (log.isDebugEnabled()) { log.debug("Success to retreive userName [" + userName + "]."); } break; } } } } } catch (InvalidNameException e) { log.info("subject [" + subject + "] is not valid name : [" + e.getMessage() + "]."); } if (!foundUserName) { log.info("subject [" + subject + "] does not contain the required attribute [" + subjectDnAttributeConfiguration + "]. Return the whole subject."); userName = subject; } } } if (log.isDebugEnabled()) { log.debug("getUserName(X509Certificate) - end; Ret is [" + userName + "]."); } return userName; }
From source file:org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator.java
/** * To set the authentication context in current message context. * * @param messageContext Relevant message context. * @param sslCertObject SSL certificate object. * @throws APISecurityException API Security Exception. *///from w ww . java 2s . c o m private void setAuthContext(MessageContext messageContext, Object sslCertObject) throws APISecurityException { X509Certificate[] certs = (X509Certificate[]) sslCertObject; X509Certificate x509Certificate = certs[0]; String subjectDN = x509Certificate.getSubjectDN().getName(); String uniqueIdentifier = String .valueOf(x509Certificate.getSerialNumber() + "_" + x509Certificate.getIssuerDN()) .replaceAll(",", "#").replaceAll("\"", "'").trim(); String tier = certificates.get(uniqueIdentifier); if (StringUtils.isEmpty(tier)) { if (log.isDebugEnabled()) { log.debug( "The client certificate presented is available in gateway, however it was not added against " + "the API " + getAPIIdentifier(messageContext)); } throw new APISecurityException(APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE, APISecurityConstants.MUTUAL_SSL_VALIDATION_FAILURE_MESSAGE); } AuthenticationContext authContext = new AuthenticationContext(); authContext.setAuthenticated(true); authContext.setUsername(subjectDN); try { LdapName ldapDN = new LdapName(subjectDN); for (Rdn rdn : ldapDN.getRdns()) { if (APIConstants.CERTIFICATE_COMMON_NAME.equalsIgnoreCase(rdn.getType())) { authContext.setUsername((String) rdn.getValue()); } } } catch (InvalidNameException e) { log.warn("Cannot get the CN name from certificate:" + e.getMessage() + ". Please make sure the " + "certificate to include a proper common name that follows naming convention."); authContext.setUsername(subjectDN); } authContext.setApiTier(apiLevelPolicy); APIIdentifier apiIdentifier = getAPIIdentifier(messageContext); authContext.setKeyType(APIConstants.API_KEY_TYPE_PRODUCTION); authContext.setStopOnQuotaReach(true); authContext.setApiKey(uniqueIdentifier + "_" + apiIdentifier.toString()); authContext.setTier(tier); /* For the mutual SSL based authenticated request, the resource level throttling is not considered, hence assigning the unlimited tier for that. */ VerbInfoDTO verbInfoDTO = new VerbInfoDTO(); verbInfoDTO.setThrottling(APIConstants.UNLIMITED_TIER); messageContext.setProperty(APIConstants.VERB_INFO_DTO, verbInfoDTO); if (log.isDebugEnabled()) { log.debug("Auth context for the API " + getAPIIdentifier(messageContext) + ": Username[" + authContext.getUsername() + "APIKey[(" + authContext.getApiKey() + "] Tier[" + authContext.getTier() + "]"); } APISecurityUtils.setAuthenticationContext(messageContext, authContext, null); }
From source file:org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateAuthenticator.java
/** * get String that matches UsernameRegex from subjectDN. * * @param certAttributes certificate x500 principal * @param authenticationContext authentication context * @throws AuthenticationFailedException *//*from ww w. j a va2s . co m*/ private String getMatchedSubjectAttribute(String certAttributes, AuthenticationContext authenticationContext) throws AuthenticationFailedException { LdapName ldapDN; try { ldapDN = new LdapName(certAttributes); } catch (InvalidNameException e) { throw new AuthenticationFailedException("error occurred while get the certificate claims", e); } String userNameAttribute = getAuthenticatorConfig().getParameterMap() .get(X509CertificateConstants.USERNAME); List<String> matchedStringList = new ArrayList<>(); for (Rdn distinguishNames : ldapDN.getRdns()) { if (subjectPatternCompiled != null && userNameAttribute.equals(distinguishNames.getType())) { Matcher m = subjectPatternCompiled.matcher(String.valueOf(distinguishNames.getValue())); addMatchStringsToList(m, matchedStringList); } } if (matchedStringList.isEmpty()) { authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_SUBJECTDN_REGEX_NO_MATCHES_ERROR_CODE); log.debug(X509CertificateConstants.X509_CERTIFICATE_SUBJECTDN_REGEX_NO_MATCHES_ERROR); throw new AuthenticationFailedException( X509CertificateConstants.X509_CERTIFICATE_SUBJECTDN_REGEX_NO_MATCHES_ERROR); } else if (matchedStringList.size() > 1) { authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_SUBJECTDN_REGEX_MULTIPLE_MATCHES_ERROR_CODE); log.debug("More than one value matched with the given regex, matches: " + Arrays.toString(matchedStringList.toArray())); throw new AuthenticationFailedException("More than one value matched with the given regex"); } else { if (log.isDebugEnabled()) { log.debug("Setting X509Certificate username attribute: " + userNameAttribute + " ,and value is " + matchedStringList.get(0)); } authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_USERNAME, matchedStringList.get(0)); return matchedStringList.get(0); } }
From source file:org.wso2.carbon.identity.authenticator.x509Certificate.X509CertificateAuthenticator.java
/** * @param authenticationContext authentication context * @param certAttributes principal attributes from certificate. * @return claim map/* w w w .j a v a 2s .c om*/ * @throws AuthenticationFailedException */ protected Map<ClaimMapping, String> getSubjectAttributes(AuthenticationContext authenticationContext, String certAttributes) throws AuthenticationFailedException { Map<ClaimMapping, String> claims = new HashMap<>(); LdapName ldapDN; try { ldapDN = new LdapName(certAttributes); } catch (InvalidNameException e) { throw new AuthenticationFailedException("error occurred while get the certificate claims", e); } String userNameAttribute = getAuthenticatorConfig().getParameterMap() .get(X509CertificateConstants.USERNAME); if (log.isDebugEnabled()) { log.debug("Getting username attribute: " + userNameAttribute); } for (Rdn distinguishNames : ldapDN.getRdns()) { claims.put(ClaimMapping.build(distinguishNames.getType(), distinguishNames.getType(), null, false), String.valueOf(distinguishNames.getValue())); if (StringUtils.isNotEmpty(userNameAttribute)) { if (userNameAttribute.equals(distinguishNames.getType())) { if (log.isDebugEnabled()) { log.debug("Setting X509Certificate username attribute: " + userNameAttribute + "and value is " + distinguishNames.getValue()); } authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_USERNAME, String.valueOf(distinguishNames.getValue())); } } } return claims; }
From source file:org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java
/** * @param groupDNs// ww w.java 2 s .co m * @return * @throws UserStoreException */ private List<String> getGroupNameAttributeValuesOfGroups(List<LdapName> groupDNs) throws UserStoreException { log.debug("GetGroupNameAttributeValuesOfGroups with DN"); boolean debug = log.isDebugEnabled(); // get the DNs of the groups to which user belongs to, as per the search // parameters String groupNameAttribute = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE); String[] returnedAttributes = { groupNameAttribute }; List<String> groupNameAttributeValues = new ArrayList<String>(); DirContext dirContext = null; try { dirContext = this.connectionSource.getContext(); for (LdapName group : groupDNs) { if (!isInSearchBase(group, new LdapName(groupSearchBase))) { // ignore those groups outside the group search base continue; } if (debug) { log.debug("Using DN: " + group); } Rdn rdn = group.getRdn(group.getRdns().size() - 1); // get the last element of the RDNs. if (rdn.getType().equalsIgnoreCase(groupNameAttribute)) { /* * Checking to see if the required information can be retrieved from the RDN * If so, we can add that value and continue without creating an LDAP context * Connection * */ groupNameAttributeValues.add(rdn.getValue().toString()); continue; } Attributes groupAttributes = dirContext.getAttributes(group, returnedAttributes); if (groupAttributes != null) { Attribute groupAttribute = groupAttributes.get(groupNameAttribute); if (groupAttribute != null) { String groupNameAttributeValue = (String) groupAttribute.get(); if (debug) { log.debug(groupNameAttribute + " : " + groupNameAttributeValue); } groupNameAttributeValues.add(groupNameAttributeValue); } } } } catch (UserStoreException e) { String errorMessage = "Error in getting group name attribute values of groups"; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } catch (NamingException e) { String errorMessage = "Error in getting group name attribute values of groups"; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeContext(dirContext); } return groupNameAttributeValues; }