@Override
  public Component preview() {
    final Label commonNameLabel = new Label("certCommonName", new Model<String>());
    final ByteArrayInputStream certificateStream = new ByteArrayInputStream(uploadedBytes);
    try {
      final X509Certificate certificate =
          (X509Certificate)
              CertificateFactory.getInstance("X.509").generateCertificate(certificateStream);

      final StringBuilder commonNameBuilder = new StringBuilder("cn=");

      final LdapName ldapName = new LdapName(certificate.getIssuerDN().getName());

      for (Rdn rdn : ldapName.getRdns()) {
        if ("CN".equalsIgnoreCase(rdn.getType())) {
          commonNameBuilder.append(
              rdn.getValue() == null ? StringUtils.EMPTY : rdn.getValue().toString());
        }
      }
      commonNameLabel.setDefaultModelObject(commonNameBuilder.toString());
    } catch (Exception e) {
      LOG.error("Error evaluating certificate file", e);
      throw new IllegalArgumentException("Error evaluating certificate file", e);
    } finally {
      IOUtils.closeQuietly(certificateStream);
    }
    return this.add(commonNameLabel);
  }
 private Set<Rdn> getPrincipalRdns(X500Principal principal) {
   try {
     LdapName certAsLdapName = new LdapName(principal.getName());
     return new HashSet<Rdn>(certAsLdapName.getRdns());
   } catch (InvalidNameException e) {
     throw new SecurityException("Cannot parse '" + principal + "' as LDAP name");
   }
 }
 /**
  * Returns <CODE>true</CODE> if the the provided strings represent the same DN and <CODE>false
  * </CODE> otherwise.
  *
  * @param dn1 the first dn to compare.
  * @param dn2 the second dn to compare.
  * @return <CODE>true</CODE> if the the provided strings represent the same DN and <CODE>false
  *     </CODE> otherwise.
  */
 private static boolean areDnsEqual(String dn1, String dn2) {
   boolean areDnsEqual = false;
   try {
     LdapName name1 = new LdapName(dn1);
     LdapName name2 = new LdapName(dn2);
     areDnsEqual = name1.equals(name2);
   } catch (Exception ex) {
     /* ignore */
   }
   return areDnsEqual;
 }
Exemple #4
0
  private static List<Rdn> getNonBaseRdns(String dn, String baseDN) throws InvalidNameException {
    LdapName baseDnName = new LdapName(baseDN);
    LdapName name = new LdapName(dn);

    // ffd to the interesting part
    List<Rdn> rdns = new LinkedList<Rdn>(name.getRdns());
    Iterator<Rdn> nameIter = rdns.iterator();
    Iterator<Rdn> baseIter = baseDnName.getRdns().iterator();
    while (baseIter.hasNext() && baseIter.next().equals(nameIter.next())) nameIter.remove();
    if (baseIter.hasNext())
      throw new IllegalArgumentException("Dn " + dn + " does not match base dn " + baseDnName);
    return rdns;
  }
 private static String cnFor(String dn) {
   try {
     LdapName name = new LdapName(dn);
     if (!name.isEmpty()) {
       String cn = name.get(name.size() - 1);
       int index = cn.indexOf('=');
       if (index >= 0) {
         cn = cn.substring(index + 1);
       }
       return cn;
     }
   } catch (InvalidNameException e) {
     log.warn("Cannot parse LDAP dn for cn", e);
   }
   return dn;
 }
  public void createLdapNameByBean(LdapName name, Object bean) throws InvalidNameException {

    for (int i = 0; i < props.length; i++) {

      Object v = props[i].getValue(bean);
      Rdn rdn = new Rdn(props[i].getDbColumn(), v);
      name.add(rdn);
    }
  }
  private String getIssuer(X509Certificate certificate) {
    try {
      StringBuilder builder = new StringBuilder();
      LdapName ldapDN = new LdapName(certificate.getSubjectX500Principal().getName());
      for (Rdn rdn : ldapDN.getRdns()) {
        String type = getTypeFullName(rdn.getType());
        if (StringUtils.isEmpty(type)) {
          builder
              .append("Serial Number: ")
              .append(toHexString(rdn.getValue().toString().getBytes()));
        } else {
          builder.append(type).append(": ").append(rdn.getValue()).append('\n');
        }
      }

      return builder.toString();
    } catch (InvalidNameException e) {
      return "<Could not determine certificate issuer>";
    }
  }
 private void checkCertForAllowedPrincipals(HttpsExchange pHttpsExchange) {
   if (allowedPrincipals != null) {
     X500Principal certPrincipal;
     try {
       certPrincipal = (X500Principal) pHttpsExchange.getSSLSession().getPeerPrincipal();
       Set<Rdn> certPrincipalRdns = getPrincipalRdns(certPrincipal);
       boolean matchFound = false;
       for (LdapName principal : allowedPrincipals) {
         if (certPrincipalRdns.containsAll(principal.getRdns())) {
           matchFound = true;
           break;
         }
       }
       if (!matchFound) {
         throw new SecurityException("Principal " + certPrincipal + " not allowed");
       }
     } catch (SSLPeerUnverifiedException e) {
       throw new SecurityException("SSLPeer unverified");
     } catch (ClassCastException e) {
       throw new SecurityException("Internal: Invalid Principal class provided " + e);
     }
   }
 }
Exemple #9
0
  /**
   * Compares this principal to the specified object.
   *
   * @param object The object to compare this principal against.
   * @return true if they are equal; false otherwise.
   */
  public boolean equals(Object object) {
    if (this == object) {
      return true;
    }
    if (object instanceof LdapPrincipal) {
      try {

        return name.equals(getLdapName(((LdapPrincipal) object).getName()));

      } catch (InvalidNameException e) {
        return false;
      }
    }
    return false;
  }
  public void createLdapNameById(LdapName name, Object id) throws InvalidNameException {

    if (id instanceof Map<?, ?> == false) {
      throw new RuntimeException("Expecting a Map for concatinated key");
    }

    Map<?, ?> mapId = (Map<?, ?>) id;
    for (int i = 0; i < props.length; i++) {

      Object v = mapId.get(props[i].getName());
      if (v == null) {
        throw new RuntimeException("No value in Map for key " + props[i].getName());
      }

      Rdn rdn = new Rdn(props[i].getDbColumn(), v);
      name.add(rdn);
    }
  }
Exemple #11
0
 /**
  * Creates a string representation of this principal's name in the format defined by <a
  * href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>. If the name has zero components an
  * empty string is returned.
  *
  * @return The principal's string name.
  */
 public String toString() {
   return name.toString();
 }
Exemple #12
0
 /**
  * Computes the hash code for this principal.
  *
  * @return The principal's hash code.
  */
 public int hashCode() {
   return name.hashCode();
 }
  private Object convertSingleValue(
      Column modelElement, String modelAttrName, Class<?> modelAttrClass, Object objResult)
      throws TranslatorException, InvalidNameException {
    if (objResult == null) {
      return null;
    }
    // GHH 20080326 - if attribute is not a string or empty, just
    // return null.
    if (!(objResult instanceof String)) {
      return objResult;
    }

    String strResult = (String) objResult;
    // MPW - 3.9.07 - Also return NULL when attribute is unset or empty string.
    // There is no way to differentiate between being unset and being the empty string.
    if (strResult.equals("")) { // $NON-NLS-1$
      return null;
    }

    // MPW: 3-11-07: Added support for java.lang.Integer conversion.
    if (TypeFacility.RUNTIME_TYPES.TIMESTAMP.equals(modelAttrClass)) {
      String timestampFormat = modelElement.getFormat();
      if (timestampFormat == null) {
        timestampFormat = LDAPConnectorConstants.ldapTimestampFormat;
      }
      SimpleDateFormat dateFormat = new SimpleDateFormat(timestampFormat);
      try {
        Date dateResult = dateFormat.parse(strResult);
        Timestamp tsResult = new Timestamp(dateResult.getTime());
        return tsResult;
      } catch (ParseException pe) {
        throw new TranslatorException(
            pe,
            LDAPPlugin.Util.getString(
                "LDAPSyncQueryExecution.timestampParseFailed", modelAttrName)); // $NON-NLS-1$
      }

      //	TODO: Extend support for more types in the future.
      // Specifically, add support for byte arrays, since that's actually supported
      // in the underlying data source.
    }

    // extract rdn
    String type = modelElement.getProperty(LDAPExecutionFactory.RDN_TYPE, false);
    if (type != null) {
      String prefix = modelElement.getProperty(LDAPExecutionFactory.DN_PREFIX, false);
      LdapName name = new LdapName(strResult);
      if (prefix != null) {
        if (!name.getPrefix(name.size() - 1).toString().equals(prefix)) {
          throw new InvalidNameException();
        }
      } else if (name.size() > 1) {
        throw new InvalidNameException();
      }
      Rdn rdn = name.getRdn(name.size() - 1);
      if (!rdn.getType().equals(type)) {
        throw new InvalidNameException();
      }
      return rdn.getValue();
    }

    return strResult; // the Teiid type conversion logic will handle refine from here if necessary
  }
  @Before
  public void before() throws Exception {
    secureRandom = mock(SecureRandom.class);
    whenNew(SecureRandom.class).withNoArguments().thenReturn(secureRandom);

    encoder = mock(Base64.Encoder.class);
    when(encoder.withoutPadding()).thenReturn(encoder);

    when(encoder.encodeToString(any(byte[].class))).thenReturn("password");

    mockStatic(Base64.class);
    when(Base64.getEncoder()).thenReturn(encoder);

    PropertiesGenerator propertiesGenerator = mock(PropertiesGenerator.class);
    when(propertiesGenerator.getProperty(KeyStoreHelper.KEYPASS_PROPERTY, "password"))
        .thenReturn("password");

    whenNew(PropertiesGenerator.class)
        .withArguments("/opt/traffic_router/conf/keystore.properties")
        .thenReturn(propertiesGenerator);

    KeyStoreLoader keyStoreLoader = mock(KeyStoreLoader.class);
    whenNew(KeyStoreLoader.class)
        .withArguments("/opt/traffic_router/db/.keystore", "password".toCharArray())
        .thenReturn(keyStoreLoader);

    keyStore = PowerMockito.mock(KeyStore.class);
    when(keyStoreLoader.load()).thenReturn(keyStore);

    mockStatic(Paths.class);

    Path keystorePath = mock(Path.class);
    when(Paths.get("/opt/traffic_router/db/.keystore")).thenReturn(keystorePath);

    outputStream = mock(OutputStream.class);

    mockStatic(Files.class);
    when(Files.newOutputStream(keystorePath)).thenReturn(outputStream);

    CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
    certAndKeyGen.generate(2048);
    privateKey = certAndKeyGen.getPrivateKey();
    x509Certificate =
        certAndKeyGen.getSelfCertificate(
            new X500Name("CN=*.deliveryservice.cdn.example.com"), 600L);

    Rdn rdn = mock(Rdn.class);
    when(rdn.getType()).thenReturn("CN");
    when(rdn.getValue()).thenReturn("*.deliveryservice1.cdn.example.com");

    List<Rdn> rdnList = new ArrayList<>();
    rdnList.add(rdn);

    LdapName ldapName = mock(LdapName.class);
    when(ldapName.getRdns()).thenReturn(rdnList);

    whenNew(LdapName.class)
        .withArguments(
            "CN=*.deliveryservice1.cdn.example.com,OU=Traffic Routing,O=Traffic Control CDN,C=US")
        .thenReturn(ldapName);

    X509Certificate x509Certificate = PowerMockito.mock(X509Certificate.class);
    X500Principal x500Principal =
        new X500Principal(
            "CN=*.deliveryservice1.cdn.example.com, OU=Traffic Routing, O=Traffic Control CDN, C=US");

    when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);

    PowerMockito.when(keyStore.aliases())
        .thenAnswer(
            invocation -> {
              Vector<String> vector = new Vector<>();
              vector.add("alias-1");
              vector.add("alias-2");
              return vector.elements();
            });

    PowerMockito.when(keyStore.getCertificate("alias-1")).thenReturn(x509Certificate);
    PowerMockito.when(keyStore.getCertificate("alias-2")).thenReturn(mock(Certificate.class));
  }
Exemple #15
0
  public static void main(String args[]) throws Exception {

    String[] rdnStr = new String[] {"one=voilet"};

    ArrayList rdnList = new ArrayList();

    for (int i = 0; i < rdnStr.length; i++) {
      rdnList.add(i, new Rdn(rdnStr[i]));
    }
    LdapName dn = new LdapName(rdnList);

    Collection rdns = dn.getRdns();
    System.out.println("size is :" + dn.size());
    System.out.println("isEmpty :" + dn.isEmpty());
    System.out.println("************Printing as Rdns*********");
    Iterator iter = rdns.iterator();
    while (iter.hasNext()) {
      System.out.println(iter.next());
    }

    System.out.println();
    System.out.println("************Printing the Enumeration*********");
    Enumeration dnEnum = dn.getAll();
    while (dnEnum.hasMoreElements()) {
      System.out.println(dnEnum.nextElement());
    }

    // addAll tests
    System.out.println();
    LdapName nameSuffix = new LdapName("two=Indigo");
    System.out.println("addAll():" + dn.addAll(nameSuffix));

    ArrayList list = new ArrayList();
    list.add(new Rdn("five=Yellow"));
    System.out.println("Rdn- addAll():" + dn.addAll(list));

    nameSuffix = new LdapName("three=Blue");
    System.out.println();
    System.out.println("addAll at pos = 2");
    System.out.println("addAll():" + dn.addAll(2, nameSuffix));

    list = new ArrayList();
    list.add(new Rdn("four=Green"));
    System.out.println();
    System.out.println("addAll at pos = 3");
    System.out.println("Rdn- addAll():" + dn.addAll(3, list));

    // add() tests
    Rdn rdn;
    System.out.println();
    System.out.println("add():" + dn.add("eight=white"));
    rdn = new Rdn("nine=Black");
    System.out.println();
    System.out.println("Rdn- add():" + dn.add(rdn));

    /*
    Rdn nullRdn = null;
    System.out.println("Rdn- add() with null RDN:" +
                    dn.add(nullRdn));
    */

    System.out.println();
    System.out.println("add() at pos 5");
    System.out.println("add():" + dn.add(5, "six=Orange"));
    rdn = new Rdn("six=Orange");
    System.out.println();
    System.out.println("add() at pos 6");
    System.out.println("Rdn- add():" + dn.add(6, "seven=Red"));

    // remove tests
    System.out.println();
    System.out.println("Removing entries at positions: 7, 8");
    System.out.println("Removed:" + dn.remove(8));
    System.out.println("Removed:" + dn.remove(7));

    // get tests
    System.out.println();
    System.out.println("toString():" + dn);
    int size = dn.size();
    System.out.println("get(0):" + dn.get(0));
    System.out.println("get(size() - 1):" + dn.get(size - 1));
    System.out.println("getRdn(0):" + dn.getRdn(0));
    System.out.println("getRdn(size() - 1):" + dn.getRdn(size - 1));

    System.out.println();
    System.out.println("********Prefixes**********");
    System.out.println("getPrefix(0):" + dn.getPrefix(0));
    System.out.println("getPrefix(size / 2):" + dn.getPrefix(size / 2));
    System.out.println("getPrefix(size):" + dn.getPrefix(size));

    System.out.println();
    System.out.println("********Suffixes**********");
    System.out.println("getSuffix(0):" + dn.getSuffix(0));
    System.out.println("getSuffix(size/2):" + dn.getSuffix(size / 2));
    System.out.println("getSuffix(size):" + dn.getSuffix(size));

    System.out.println();
    System.out.println("startsWith(" + rdnStr[0] + "):" + dn.startsWith(new LdapName(rdnStr[0])));

    String lastEntry = "seven=red";
    System.out.println("startsWith(" + lastEntry + "):" + dn.startsWith(new LdapName(lastEntry)));

    System.out.println(
        "compositeName- startsWith("
            + rdnStr[0]
            + "): "
            + dn.startsWith(new CompositeName(rdnStr[0])));

    java.util.List prefixList = (dn.getRdns()).subList(0, size / 2);
    System.out.println("Rdn - startsWith(" + prefixList + "):" + dn.startsWith(prefixList));

    System.out.println("Rdn - startsWith() - empty RDN list:" + dn.startsWith(new ArrayList()));

    System.out.println();
    System.out.println("endsWith(" + rdnStr[0] + "):" + dn.endsWith(new LdapName(rdnStr[0])));

    System.out.println("endsWith(" + lastEntry + "):" + dn.endsWith(new LdapName(lastEntry)));

    System.out.println(
        "compositeName- endsWith("
            + rdnStr[0]
            + "):    "
            + dn.endsWith(new CompositeName(rdnStr[0])));

    System.out.println("Rdn - endsWith(" + prefixList + "):" + dn.endsWith(prefixList));

    System.out.println("Rdn - endsWith() empty RDN list:" + dn.endsWith(new ArrayList()));

    // test clone
    System.out.println();
    System.out.println("cloned name:" + dn.clone());

    // test serialization
    ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("dn.ser"));
    out.writeObject(dn);
    out.close();

    ObjectInputStream in = new ObjectInputStream(new FileInputStream("dn.ser"));

    System.out.println();
    System.out.println("Deserialized name:" + in.readObject());
    in.close();
  }
 @BeforeClass
 public static void setUpClass() throws Exception {
   // Start an LDAP server and import test data
   LdapTestUtils.startEmbeddedServer(PORT, baseName.toString(), "odm-test");
 }