@Override
public Component preview() {
final Label commonNameLabel = new Label("certCommonName", new Model<String>());
final ByteArrayInputStream certificateStream = new ByteArrayInputStream(uploadedBytes);
try {
final X509Certificate certificate =
(X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(certificateStream);
final StringBuilder commonNameBuilder = new StringBuilder("cn=");
final LdapName ldapName = new LdapName(certificate.getIssuerDN().getName());
for (Rdn rdn : ldapName.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
commonNameBuilder.append(
rdn.getValue() == null ? StringUtils.EMPTY : rdn.getValue().toString());
}
}
commonNameLabel.setDefaultModelObject(commonNameBuilder.toString());
} catch (Exception e) {
LOG.error("Error evaluating certificate file", e);
throw new IllegalArgumentException("Error evaluating certificate file", e);
} finally {
IOUtils.closeQuietly(certificateStream);
}
return this.add(commonNameLabel);
}
private Set<Rdn> getPrincipalRdns(X500Principal principal) {
try {
LdapName certAsLdapName = new LdapName(principal.getName());
return new HashSet<Rdn>(certAsLdapName.getRdns());
} catch (InvalidNameException e) {
throw new SecurityException("Cannot parse '" + principal + "' as LDAP name");
}
}
/**
* Returns <CODE>true</CODE> if the the provided strings represent the same DN and <CODE>false
* </CODE> otherwise.
*
* @param dn1 the first dn to compare.
* @param dn2 the second dn to compare.
* @return <CODE>true</CODE> if the the provided strings represent the same DN and <CODE>false
* </CODE> otherwise.
*/
private static boolean areDnsEqual(String dn1, String dn2) {
boolean areDnsEqual = false;
try {
LdapName name1 = new LdapName(dn1);
LdapName name2 = new LdapName(dn2);
areDnsEqual = name1.equals(name2);
} catch (Exception ex) {
/* ignore */
}
return areDnsEqual;
}
private static List<Rdn> getNonBaseRdns(String dn, String baseDN) throws InvalidNameException {
LdapName baseDnName = new LdapName(baseDN);
LdapName name = new LdapName(dn);
// ffd to the interesting part
List<Rdn> rdns = new LinkedList<Rdn>(name.getRdns());
Iterator<Rdn> nameIter = rdns.iterator();
Iterator<Rdn> baseIter = baseDnName.getRdns().iterator();
while (baseIter.hasNext() && baseIter.next().equals(nameIter.next())) nameIter.remove();
if (baseIter.hasNext())
throw new IllegalArgumentException("Dn " + dn + " does not match base dn " + baseDnName);
return rdns;
}
private static String cnFor(String dn) {
try {
LdapName name = new LdapName(dn);
if (!name.isEmpty()) {
String cn = name.get(name.size() - 1);
int index = cn.indexOf('=');
if (index >= 0) {
cn = cn.substring(index + 1);
}
return cn;
}
} catch (InvalidNameException e) {
log.warn("Cannot parse LDAP dn for cn", e);
}
return dn;
}
public void createLdapNameByBean(LdapName name, Object bean) throws InvalidNameException {
for (int i = 0; i < props.length; i++) {
Object v = props[i].getValue(bean);
Rdn rdn = new Rdn(props[i].getDbColumn(), v);
name.add(rdn);
}
}
private String getIssuer(X509Certificate certificate) {
try {
StringBuilder builder = new StringBuilder();
LdapName ldapDN = new LdapName(certificate.getSubjectX500Principal().getName());
for (Rdn rdn : ldapDN.getRdns()) {
String type = getTypeFullName(rdn.getType());
if (StringUtils.isEmpty(type)) {
builder
.append("Serial Number: ")
.append(toHexString(rdn.getValue().toString().getBytes()));
} else {
builder.append(type).append(": ").append(rdn.getValue()).append('\n');
}
}
return builder.toString();
} catch (InvalidNameException e) {
return "<Could not determine certificate issuer>";
}
}
private void checkCertForAllowedPrincipals(HttpsExchange pHttpsExchange) {
if (allowedPrincipals != null) {
X500Principal certPrincipal;
try {
certPrincipal = (X500Principal) pHttpsExchange.getSSLSession().getPeerPrincipal();
Set<Rdn> certPrincipalRdns = getPrincipalRdns(certPrincipal);
boolean matchFound = false;
for (LdapName principal : allowedPrincipals) {
if (certPrincipalRdns.containsAll(principal.getRdns())) {
matchFound = true;
break;
}
}
if (!matchFound) {
throw new SecurityException("Principal " + certPrincipal + " not allowed");
}
} catch (SSLPeerUnverifiedException e) {
throw new SecurityException("SSLPeer unverified");
} catch (ClassCastException e) {
throw new SecurityException("Internal: Invalid Principal class provided " + e);
}
}
}
/**
* Compares this principal to the specified object.
*
* @param object The object to compare this principal against.
* @return true if they are equal; false otherwise.
*/
public boolean equals(Object object) {
if (this == object) {
return true;
}
if (object instanceof LdapPrincipal) {
try {
return name.equals(getLdapName(((LdapPrincipal) object).getName()));
} catch (InvalidNameException e) {
return false;
}
}
return false;
}
public void createLdapNameById(LdapName name, Object id) throws InvalidNameException {
if (id instanceof Map<?, ?> == false) {
throw new RuntimeException("Expecting a Map for concatinated key");
}
Map<?, ?> mapId = (Map<?, ?>) id;
for (int i = 0; i < props.length; i++) {
Object v = mapId.get(props[i].getName());
if (v == null) {
throw new RuntimeException("No value in Map for key " + props[i].getName());
}
Rdn rdn = new Rdn(props[i].getDbColumn(), v);
name.add(rdn);
}
}
/**
* Creates a string representation of this principal's name in the format defined by <a
* href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>. If the name has zero components an
* empty string is returned.
*
* @return The principal's string name.
*/
public String toString() {
return name.toString();
}
/**
* Computes the hash code for this principal.
*
* @return The principal's hash code.
*/
public int hashCode() {
return name.hashCode();
}
private Object convertSingleValue(
Column modelElement, String modelAttrName, Class<?> modelAttrClass, Object objResult)
throws TranslatorException, InvalidNameException {
if (objResult == null) {
return null;
}
// GHH 20080326 - if attribute is not a string or empty, just
// return null.
if (!(objResult instanceof String)) {
return objResult;
}
String strResult = (String) objResult;
// MPW - 3.9.07 - Also return NULL when attribute is unset or empty string.
// There is no way to differentiate between being unset and being the empty string.
if (strResult.equals("")) { // $NON-NLS-1$
return null;
}
// MPW: 3-11-07: Added support for java.lang.Integer conversion.
if (TypeFacility.RUNTIME_TYPES.TIMESTAMP.equals(modelAttrClass)) {
String timestampFormat = modelElement.getFormat();
if (timestampFormat == null) {
timestampFormat = LDAPConnectorConstants.ldapTimestampFormat;
}
SimpleDateFormat dateFormat = new SimpleDateFormat(timestampFormat);
try {
Date dateResult = dateFormat.parse(strResult);
Timestamp tsResult = new Timestamp(dateResult.getTime());
return tsResult;
} catch (ParseException pe) {
throw new TranslatorException(
pe,
LDAPPlugin.Util.getString(
"LDAPSyncQueryExecution.timestampParseFailed", modelAttrName)); // $NON-NLS-1$
}
// TODO: Extend support for more types in the future.
// Specifically, add support for byte arrays, since that's actually supported
// in the underlying data source.
}
// extract rdn
String type = modelElement.getProperty(LDAPExecutionFactory.RDN_TYPE, false);
if (type != null) {
String prefix = modelElement.getProperty(LDAPExecutionFactory.DN_PREFIX, false);
LdapName name = new LdapName(strResult);
if (prefix != null) {
if (!name.getPrefix(name.size() - 1).toString().equals(prefix)) {
throw new InvalidNameException();
}
} else if (name.size() > 1) {
throw new InvalidNameException();
}
Rdn rdn = name.getRdn(name.size() - 1);
if (!rdn.getType().equals(type)) {
throw new InvalidNameException();
}
return rdn.getValue();
}
return strResult; // the Teiid type conversion logic will handle refine from here if necessary
}
@Before
public void before() throws Exception {
secureRandom = mock(SecureRandom.class);
whenNew(SecureRandom.class).withNoArguments().thenReturn(secureRandom);
encoder = mock(Base64.Encoder.class);
when(encoder.withoutPadding()).thenReturn(encoder);
when(encoder.encodeToString(any(byte[].class))).thenReturn("password");
mockStatic(Base64.class);
when(Base64.getEncoder()).thenReturn(encoder);
PropertiesGenerator propertiesGenerator = mock(PropertiesGenerator.class);
when(propertiesGenerator.getProperty(KeyStoreHelper.KEYPASS_PROPERTY, "password"))
.thenReturn("password");
whenNew(PropertiesGenerator.class)
.withArguments("/opt/traffic_router/conf/keystore.properties")
.thenReturn(propertiesGenerator);
KeyStoreLoader keyStoreLoader = mock(KeyStoreLoader.class);
whenNew(KeyStoreLoader.class)
.withArguments("/opt/traffic_router/db/.keystore", "password".toCharArray())
.thenReturn(keyStoreLoader);
keyStore = PowerMockito.mock(KeyStore.class);
when(keyStoreLoader.load()).thenReturn(keyStore);
mockStatic(Paths.class);
Path keystorePath = mock(Path.class);
when(Paths.get("/opt/traffic_router/db/.keystore")).thenReturn(keystorePath);
outputStream = mock(OutputStream.class);
mockStatic(Files.class);
when(Files.newOutputStream(keystorePath)).thenReturn(outputStream);
CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
certAndKeyGen.generate(2048);
privateKey = certAndKeyGen.getPrivateKey();
x509Certificate =
certAndKeyGen.getSelfCertificate(
new X500Name("CN=*.deliveryservice.cdn.example.com"), 600L);
Rdn rdn = mock(Rdn.class);
when(rdn.getType()).thenReturn("CN");
when(rdn.getValue()).thenReturn("*.deliveryservice1.cdn.example.com");
List<Rdn> rdnList = new ArrayList<>();
rdnList.add(rdn);
LdapName ldapName = mock(LdapName.class);
when(ldapName.getRdns()).thenReturn(rdnList);
whenNew(LdapName.class)
.withArguments(
"CN=*.deliveryservice1.cdn.example.com,OU=Traffic Routing,O=Traffic Control CDN,C=US")
.thenReturn(ldapName);
X509Certificate x509Certificate = PowerMockito.mock(X509Certificate.class);
X500Principal x500Principal =
new X500Principal(
"CN=*.deliveryservice1.cdn.example.com, OU=Traffic Routing, O=Traffic Control CDN, C=US");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
PowerMockito.when(keyStore.aliases())
.thenAnswer(
invocation -> {
Vector<String> vector = new Vector<>();
vector.add("alias-1");
vector.add("alias-2");
return vector.elements();
});
PowerMockito.when(keyStore.getCertificate("alias-1")).thenReturn(x509Certificate);
PowerMockito.when(keyStore.getCertificate("alias-2")).thenReturn(mock(Certificate.class));
}
public static void main(String args[]) throws Exception {
String[] rdnStr = new String[] {"one=voilet"};
ArrayList rdnList = new ArrayList();
for (int i = 0; i < rdnStr.length; i++) {
rdnList.add(i, new Rdn(rdnStr[i]));
}
LdapName dn = new LdapName(rdnList);
Collection rdns = dn.getRdns();
System.out.println("size is :" + dn.size());
System.out.println("isEmpty :" + dn.isEmpty());
System.out.println("************Printing as Rdns*********");
Iterator iter = rdns.iterator();
while (iter.hasNext()) {
System.out.println(iter.next());
}
System.out.println();
System.out.println("************Printing the Enumeration*********");
Enumeration dnEnum = dn.getAll();
while (dnEnum.hasMoreElements()) {
System.out.println(dnEnum.nextElement());
}
// addAll tests
System.out.println();
LdapName nameSuffix = new LdapName("two=Indigo");
System.out.println("addAll():" + dn.addAll(nameSuffix));
ArrayList list = new ArrayList();
list.add(new Rdn("five=Yellow"));
System.out.println("Rdn- addAll():" + dn.addAll(list));
nameSuffix = new LdapName("three=Blue");
System.out.println();
System.out.println("addAll at pos = 2");
System.out.println("addAll():" + dn.addAll(2, nameSuffix));
list = new ArrayList();
list.add(new Rdn("four=Green"));
System.out.println();
System.out.println("addAll at pos = 3");
System.out.println("Rdn- addAll():" + dn.addAll(3, list));
// add() tests
Rdn rdn;
System.out.println();
System.out.println("add():" + dn.add("eight=white"));
rdn = new Rdn("nine=Black");
System.out.println();
System.out.println("Rdn- add():" + dn.add(rdn));
/*
Rdn nullRdn = null;
System.out.println("Rdn- add() with null RDN:" +
dn.add(nullRdn));
*/
System.out.println();
System.out.println("add() at pos 5");
System.out.println("add():" + dn.add(5, "six=Orange"));
rdn = new Rdn("six=Orange");
System.out.println();
System.out.println("add() at pos 6");
System.out.println("Rdn- add():" + dn.add(6, "seven=Red"));
// remove tests
System.out.println();
System.out.println("Removing entries at positions: 7, 8");
System.out.println("Removed:" + dn.remove(8));
System.out.println("Removed:" + dn.remove(7));
// get tests
System.out.println();
System.out.println("toString():" + dn);
int size = dn.size();
System.out.println("get(0):" + dn.get(0));
System.out.println("get(size() - 1):" + dn.get(size - 1));
System.out.println("getRdn(0):" + dn.getRdn(0));
System.out.println("getRdn(size() - 1):" + dn.getRdn(size - 1));
System.out.println();
System.out.println("********Prefixes**********");
System.out.println("getPrefix(0):" + dn.getPrefix(0));
System.out.println("getPrefix(size / 2):" + dn.getPrefix(size / 2));
System.out.println("getPrefix(size):" + dn.getPrefix(size));
System.out.println();
System.out.println("********Suffixes**********");
System.out.println("getSuffix(0):" + dn.getSuffix(0));
System.out.println("getSuffix(size/2):" + dn.getSuffix(size / 2));
System.out.println("getSuffix(size):" + dn.getSuffix(size));
System.out.println();
System.out.println("startsWith(" + rdnStr[0] + "):" + dn.startsWith(new LdapName(rdnStr[0])));
String lastEntry = "seven=red";
System.out.println("startsWith(" + lastEntry + "):" + dn.startsWith(new LdapName(lastEntry)));
System.out.println(
"compositeName- startsWith("
+ rdnStr[0]
+ "): "
+ dn.startsWith(new CompositeName(rdnStr[0])));
java.util.List prefixList = (dn.getRdns()).subList(0, size / 2);
System.out.println("Rdn - startsWith(" + prefixList + "):" + dn.startsWith(prefixList));
System.out.println("Rdn - startsWith() - empty RDN list:" + dn.startsWith(new ArrayList()));
System.out.println();
System.out.println("endsWith(" + rdnStr[0] + "):" + dn.endsWith(new LdapName(rdnStr[0])));
System.out.println("endsWith(" + lastEntry + "):" + dn.endsWith(new LdapName(lastEntry)));
System.out.println(
"compositeName- endsWith("
+ rdnStr[0]
+ "): "
+ dn.endsWith(new CompositeName(rdnStr[0])));
System.out.println("Rdn - endsWith(" + prefixList + "):" + dn.endsWith(prefixList));
System.out.println("Rdn - endsWith() empty RDN list:" + dn.endsWith(new ArrayList()));
// test clone
System.out.println();
System.out.println("cloned name:" + dn.clone());
// test serialization
ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("dn.ser"));
out.writeObject(dn);
out.close();
ObjectInputStream in = new ObjectInputStream(new FileInputStream("dn.ser"));
System.out.println();
System.out.println("Deserialized name:" + in.readObject());
in.close();
}
@BeforeClass
public static void setUpClass() throws Exception {
// Start an LDAP server and import test data
LdapTestUtils.startEmbeddedServer(PORT, baseName.toString(), "odm-test");
}