/** * This method performs a simple DNS lookup using JNDI * @param queryInput String containing the query body itself (e.g. 4.3.3.1.in-addr.arpa); * @param queryType String containing the query type (e.g. TXT); */ protected Attributes doLookup(String queryInput, String queryType) throws NamingException { // This is a simple DNS lookup attempt Attributes attrs; try { // Uses pre-existing context to resolve attrs = ictx.getAttributes(queryInput, new String[]{queryType}); return attrs; } catch ( NameNotFoundException e) { getLogger().debug("Resolution for domain {} failed due to {}", new Object[]{queryInput, e}); attrs = new BasicAttributes(queryType, "NXDOMAIN",true); return attrs; } }
@Test public void testResolveIpAddress() throws Exception { Attributes records = new BasicAttributes("A", "63.246.7.80"); when(context.getAttributes("www.springsource.com", new String[] { "A" })) .thenReturn(records); String ipAddress = dnsResolver.resolveIpAddress("www.springsource.com"); assertThat(ipAddress).isEqualTo("63.246.7.80"); }
private Attributes buildAttributes( String dn, String[] attributes, String[] values, String multValuedSeparator ) { Attributes attrs = new javax.naming.directory.BasicAttributes( true ); int nrAttributes = attributes.length; for ( int i = 0; i < nrAttributes; i++ ) { if ( !Utils.isEmpty( values[i] ) ) { // We have a value String value = values[i].trim(); if ( multValuedSeparator != null && value.indexOf( multValuedSeparator ) > 0 ) { Attribute attr = new javax.naming.directory.BasicAttribute( attributes[i] ); for ( String attribute : value.split( multValuedSeparator ) ) { attr.add( attribute ); } attrs.put( attr ); } else { attrs.put( attributes[i], value ); } } } return attrs; }
@Test public void testResolveServiceIpAddress() throws Exception { BasicAttributes srvRecords = createSrvRecords(); BasicAttributes aRecords = new BasicAttributes("A", "63.246.7.80"); when(context.getAttributes("_ldap._tcp.springsource.com", new String[] { "SRV" })) .thenReturn(srvRecords); when(context.getAttributes("kdc.springsource.com", new String[] { "A" })) .thenReturn(aRecords); String ipAddress = dnsResolver .resolveServiceIpAddress("ldap", "springsource.com"); assertThat(ipAddress).isEqualTo("63.246.7.80"); }
@Override public void clearCredentials() throws RealmUnavailableException { try { Attributes attributes = new BasicAttributes(); attributes.put(new BasicAttribute(userPasswordAttributeName)); context.modifyAttributes(distinguishedName, DirContext.REMOVE_ATTRIBUTE, attributes); } catch (NoSuchAttributeException e) { // ignore if already clear } catch (NamingException e) { throw log.ldapRealmCredentialClearingFailed(distinguishedName, e); } } }
@Override public void persistCredential(final Credential credential) throws RealmUnavailableException { // TODO - We probably need some better resolution here of the existing attributes - i.e. different types we would want to add, same type we would want to replace. try { byte[] composedPassword = UserPasswordPasswordUtil.composeUserPassword(credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword)); Assert.assertNotNull(composedPassword); Attributes attributes = new BasicAttributes(); attributes.put(userPasswordAttributeName, composedPassword); context.modifyAttributes(distinguishedName, DirContext.REPLACE_ATTRIBUTE, attributes); } catch (NamingException | IOException e) { throw log.ldapRealmCredentialPersistingFailed(credential.toString(), distinguishedName, e); } }
@Test public void ldapCompareOperationIsUsedWhenPasswordIsNotRetrieved() throws Exception { final DirContext dirCtx = mock(DirContext.class); final BaseLdapPathContextSource source = mock(BaseLdapPathContextSource.class); final BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("uid", "bob")); PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator( source); authenticator.setUserDnPatterns(new String[] { "cn={0},ou=people" }); // Get the mock to return an empty attribute set when(source.getReadOnlyContext()).thenReturn(dirCtx); when(dirCtx.getAttributes(eq("cn=Bob,ou=people"), any(String[].class))) .thenReturn(attrs); when(dirCtx.getNameInNamespace()).thenReturn("dc=springframework,dc=org"); // Setup a single return value (i.e. success) final NamingEnumeration searchResults = new BasicAttributes("", null).getAll(); when( dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class), any(SearchControls.class))).thenReturn( searchResults); authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword")); } }
private static Attributes mockAttributes(NameValues... namedValues) throws NamingException { Attributes attributes = new BasicAttributes(); for (NameValues namedValue : namedValues) { Attribute attr = new BasicAttribute(namedValue.name); for (String value : namedValue.values) { attr.add(value); } attributes.put(attr); } return attributes; }
@Override public void persistCredential(final Credential credential) throws RealmUnavailableException { OneTimePassword password = credential.castAndApply(PasswordCredential.class, c -> c.getPassword(OneTimePassword.class)); try { Attributes attributes = new BasicAttributes(); attributes.put(algorithmAttributeName, password.getAlgorithm()); attributes.put(hashAttributeName, ByteIterator.ofBytes(password.getHash()).base64Encode().drainToString()); attributes.put(seedAttributeName, password.getSeed()); attributes.put(sequenceAttributeName, Integer.toString(password.getSequenceNumber())); context.modifyAttributes(distinguishedName, DirContext.REPLACE_ATTRIBUTE, attributes); } catch (NamingException e) { throw log.ldapRealmCredentialPersistingFailed(credential.toString(), distinguishedName, e); } }
@Test public void testPasswordAttributeIsMappedCorrectly() throws Exception { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); mapper.setPasswordAttributeName("myappsPassword"); BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes())); DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); assertThat(user.getPassword()).isEqualTo("mypassword"); }
@Override public void clearCredentials() throws RealmUnavailableException { try { Attributes attributes = new BasicAttributes(); attributes.put(new BasicAttribute(algorithmAttributeName)); attributes.put(new BasicAttribute(hashAttributeName)); attributes.put(new BasicAttribute(seedAttributeName)); attributes.put(new BasicAttribute(sequenceAttributeName)); context.modifyAttributes(distinguishedName, DirContext.REMOVE_ATTRIBUTE, attributes); } catch (NoSuchAttributeException e) { // ignore if already clear } catch (NamingException e) { throw log.ldapRealmCredentialClearingFailed(distinguishedName, e); } } }
private BasicAttributes createSrvRecords() { BasicAttributes records = new BasicAttributes(); BasicAttribute record = new BasicAttribute("SRV"); // the structure of the service records is: // priority weight port hostname // for more information: http://en.wikipedia.org/wiki/SRV_record record.add("20 80 389 kdc3.springsource.com."); record.add("10 70 389 kdc.springsource.com."); record.add("20 20 389 kdc4.springsource.com."); record.add("10 30 389 kdc2.springsource.com"); records.put(record); return records; } }
/** * SEC-303. Non-retrieved role attribute causes NullPointerException */ @Test public void testNonRetrievedRoleAttributeIsIgnored() throws Exception { LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); mapper.setRoleAttributes(new String[] { "userRole", "nonRetrievedAttribute" }); BasicAttributes attrs = new BasicAttributes(); attrs.put(new BasicAttribute("userRole", "x")); DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName")); ctx.setAttributeValue("uid", "ani"); LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani", AuthorityUtils.NO_AUTHORITIES); assertThat(user.getAuthorities()).hasSize(1); assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).contains("ROLE_X"); }
@Test(groups = "unit") public void should_return_new_address_when_match_found() throws Exception { InetSocketAddress expectedAddress = new InetSocketAddress("54.32.55.66", 9042); InitialDirContext mock = mock(InitialDirContext.class); when(mock.getAttributes("5.2.0.192.in-addr.arpa", new String[] {"PTR"})) .thenReturn(new BasicAttributes("PTR", expectedAddress.getHostName())); EC2MultiRegionAddressTranslator translator = new EC2MultiRegionAddressTranslator(mock); InetSocketAddress address = new InetSocketAddress("192.0.2.5", 9042); assertThat(translator.translate(address)).isEqualTo(expectedAddress); }
@Test(groups = "unit") public void should_return_same_address_when_no_entry_found() throws Exception { InitialDirContext mock = mock(InitialDirContext.class); when(mock.getAttributes(anyString(), any(String[].class))).thenReturn(new BasicAttributes()); EC2MultiRegionAddressTranslator translator = new EC2MultiRegionAddressTranslator(mock); InetSocketAddress address = new InetSocketAddress("192.0.2.5", 9042); assertThat(translator.translate(address)).isEqualTo(address); }
public static Attributes attrs(String objectclass, String attrID, String attrVal) { Attributes attrs = new BasicAttributes(true); // case-ignore attrs.put("objectclass", objectclass); storeNotNullOrDef(attrs, attrID, attrVal, null); return attrs; }
public void store(CompressionRules rules, String parentDN) throws NamingException { for (CompressionRule rule : rules) config.createSubcontext( LdapUtils.dnOf("cn", rule.getCommonName(), parentDN), storeTo(rule, new BasicAttributes(true))); }
private void store(ConfigurationChanges diffs, String deviceDN, AuditRecordRepository arr) throws NamingException { String dn = CN_AUDIT_RECORD_REPOSITORY + deviceDN; ConfigurationChanges.ModifiedObject ldapObj = ConfigurationChanges.addModifiedObject(diffs, dn, ConfigurationChanges.ChangeType.C); config.createSubcontext(dn, storeTo(ConfigurationChanges.nullifyIfNotVerbose(diffs, ldapObj), arr, deviceDN, new BasicAttributes(true))); }
private void store(ConfigurationChanges diffs, HL7Application hl7App, String deviceDN) throws NamingException { String appDN = hl7appDN(hl7App.getApplicationName(), deviceDN); ConfigurationChanges.ModifiedObject ldapObj = ConfigurationChanges.addModifiedObject(diffs, appDN, ConfigurationChanges.ChangeType.C); config.createSubcontext(appDN, storeTo(ConfigurationChanges.nullifyIfNotVerbose(diffs, ldapObj), hl7App, deviceDN, new BasicAttributes(true))); for (LdapHL7ConfigurationExtension ext : extensions) ext.storeChilds(ConfigurationChanges.nullifyIfNotVerbose(diffs, diffs), appDN, hl7App); }
private void store(ConfigurationChanges diffs, ApplicationEntity ae, String deviceDN) throws NamingException { String aeDN = aetDN(ae.getAETitle(), deviceDN); ConfigurationChanges.ModifiedObject ldapObj = ConfigurationChanges.addModifiedObject(diffs, aeDN, ConfigurationChanges.ChangeType.C); createSubcontext(aeDN, storeTo(ConfigurationChanges.nullifyIfNotVerbose(diffs, ldapObj), ae, deviceDN, new BasicAttributes(true))); storeChilds(ConfigurationChanges.nullifyIfNotVerbose(diffs, diffs), aeDN, ae); }