@Override public void engineSetKeyEntry(String alias, byte[] keystoreBytes, Certificate[] chain) throws KeyStoreException { try { List<ModificationItem> items = new LinkedList<>(); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(keyAttribute, keystoreBytes))); CertificateFactory certFactory = CertificateFactory.getInstance(certificateType); CertPath certPath = certFactory.generateCertPath(Arrays.asList(chain)); BasicAttribute chainAttr = new BasicAttribute(certificateChainAttribute, certPath.getEncoded(certificateChainEncoding)); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, chainAttr)); BasicAttribute certificateAttr = new BasicAttribute(certificateAttribute, chain[0].getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, certificateAttr)); storeAttributes(alias, items); } catch (CertificateException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } }
@Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { List<ModificationItem> items = new LinkedList<>(); try { BasicAttribute attribute = new BasicAttribute(certificateAttribute); attribute.add(cert.getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); } catch (CertificateEncodingException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } storeAttributes(alias, items); }
private void modifyAuthorities(final DistinguishedName userDn, final Collection<? extends GrantedAuthority> authorities, final int modType) { template.executeReadWrite(new ContextExecutor() { public Object executeWithContext(DirContext ctx) throws NamingException { for (GrantedAuthority authority : authorities) { String group = convertAuthorityToGroup(authority); DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx); ModificationItem addGroup = new ModificationItem(modType, new BasicAttribute(groupMemberAttributeName, fullDn.toUrl())); ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup }); } return null; } }); }
public Object executeWithContext(DirContext ctx) throws NamingException { for (GrantedAuthority authority : authorities) { String group = convertAuthorityToGroup(authority); DistinguishedName fullDn = LdapUtils.getFullDn(userDn, ctx); ModificationItem addGroup = new ModificationItem(modType, new BasicAttribute(groupMemberAttributeName, fullDn.toUrl())); ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup }); } return null; } });
private void storeAttributes(String alias, List<ModificationItem> items) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); LdapName distinguishName; if (result == null) { // alias not exists yet - create if (createPath == null || createAttributes == null || createRdn == null) throw log.creationNotConfigured(alias); distinguishName = (LdapName) createPath.clone(); distinguishName.add(new Rdn(createRdn, alias)); log.debugf("Creating keystore alias [%s] with DN [%s] in LDAP", alias, distinguishName.toString()); context.createSubcontext(distinguishName, createAttributes); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(aliasAttribute, alias))); } else { distinguishName = new LdapName(result.getNameInNamespace()); } context.modifyAttributes(distinguishName, items.toArray(new ModificationItem[items.size()])); } catch (NamingException e) { throw log.ldapKeyStoreFailedToStore(alias, e); } finally { returnDirContext(context); } }
private void changePasswordUsingAttributeModification (DistinguishedName userDn, String oldPassword, String newPassword) { final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) }; if (oldPassword == null) { template.modifyAttributes(userDn, passwordChange); return; } template.executeReadWrite(dirCtx -> { LdapContext ctx = (LdapContext) dirCtx; ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool"); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString()); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword); // TODO: reconnect doesn't appear to actually change the credentials try { ctx.reconnect(null); } catch (javax.naming.AuthenticationException e) { throw new BadCredentialsException( "Authentication for password change failed."); } ctx.modifyAttributes(userDn, passwordChange); return null; }); }
if (attributes.size(mapping.getName()) == 0) { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); modItems.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, attribute)); } else { BasicAttribute attribute = new BasicAttribute(mapping.getLdapName()); attributes.get(mapping.getName()).forEach(attribute::add); modItems.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute));
public int update( String dn, String[] attributes, String[] values, boolean checkEntry ) throws KettleException { try { int nrAttributes = attributes.length; ModificationItem[] mods = new ModificationItem[nrAttributes]; for ( int i = 0; i < nrAttributes; i++ ) { // Define attribute Attribute mod = new BasicAttribute( attributes[i], values[i] ); if ( log.isDebug() ) { log .logDebug( BaseMessages.getString( PKG, "LDAPConnection.Update.Attribute", attributes[i], values[i] ) ); } // Save update action on attribute mods[i] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, mod ); } // We have all requested attribute // let's update now getInitialContext().modifyAttributes( dn, mods ); return STATUS_UPDATED; } catch ( NameNotFoundException n ) { // The entry is not found if ( checkEntry ) { throw new KettleException( BaseMessages.getString( PKG, "LDAPConnection.Error.Deleting.NameNotFound", dn ), n ); } return STATUS_SKIPPED; } catch ( Exception e ) { throw new KettleException( BaseMessages.getString( PKG, "LDAPConnection.Error.Update", dn ), e ); } }
/** * <p> * Modifies the given {@link Attribute} instance using the given DN. This method performs a REPLACE_ATTRIBUTE operation. * </p> * * @param dn * @param attribute */ public void modifyAttribute(String dn, Attribute attribute) { ModificationItem[] mods = new ModificationItem[] { new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute) }; modifyAttributes(dn, mods); }
/** * <p> * Removes the given {@link Attribute} instance using the given DN. This method performs a REMOVE_ATTRIBUTE operation. * </p> * * @param dn * @param attribute */ public void removeAttribute(String dn, Attribute attribute) { ModificationItem[] mods = new ModificationItem[] { new ModificationItem(DirContext.REMOVE_ATTRIBUTE, attribute) }; modifyAttributes(dn, mods); }
@Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { List<ModificationItem> items = new LinkedList<>(); try { BasicAttribute attribute = new BasicAttribute(certificateAttribute); attribute.add(cert.getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); } catch (CertificateEncodingException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } storeAttributes(alias, items); }
@Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { List<ModificationItem> items = new LinkedList<>(); try { BasicAttribute attribute = new BasicAttribute(certificateAttribute); attribute.add(cert.getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); } catch (CertificateEncodingException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } storeAttributes(alias, items); }
@Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { List<ModificationItem> items = new LinkedList<>(); try { BasicAttribute attribute = new BasicAttribute(certificateAttribute); attribute.add(cert.getEncoded()); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)); } catch (CertificateEncodingException e) { throw log.ldapKeyStoreFailedToSerializeCertificate(alias, e); } storeAttributes(alias, items); }
public static void storeDiff(ConfigurationChanges.ModifiedObject ldapObj, List<ModificationItem> mods, String attrId, int prev, int val, int defVal) { if (val != prev) { mods.add((val == defVal) ? new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute(attrId)) : new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(attrId, Integer.toString(val)))); if (ldapObj != null) ldapObj.add(new ConfigurationChanges.ModifiedAttribute(attrId, prev, val)); } }
public static void storeDiff(ConfigurationChanges.ModifiedObject ldapObj, List<ModificationItem> mods, String attrId, boolean prev, boolean val, boolean defVal) { if (val != prev) { mods.add((val == defVal) ? new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute(attrId)) : new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(attrId, LdapUtils.toString(val)))); if (ldapObj != null) ldapObj.add(new ConfigurationChanges.ModifiedAttribute(attrId, prev, val)); } }
public static void replaceAttribute(DirContext ctx, String dn, String attrName, String newValue) throws NamingException { ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(attrName, newValue)); ctx.modifyAttributes(dn, mods); }
public void assignUser(String username, String groupName) throws NamingException { try { ModificationItem[] mods = new ModificationItem[1]; Attribute mod = new BasicAttribute("member", getUserDN(username)); mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod); context.modifyAttributes(getGroupDN(groupName), mods); } catch (AttributeInUseException e) { // If user is already added, ignore exception } }
public void removeUser(String username, String groupName) throws NamingException { try { ModificationItem[] mods = new ModificationItem[1]; Attribute mod = new BasicAttribute("member", getUserDN(username)); mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, mod); context.modifyAttributes(getGroupDN(groupName), mods); } catch (NoSuchAttributeException e) { // If user is not assigned, ignore the error } }
@Override public synchronized void removeCertificates(String dn) throws ConfigurationException { try { ModificationItem removeCert = new ModificationItem( DirContext.REMOVE_ATTRIBUTE, new BasicAttribute(userCertificate)); ctx.modifyAttributes(dn, new ModificationItem[] { removeCert }); } catch (NameNotFoundException e) { throw new ConfigurationNotFoundException(e); } catch (NamingException e) { throw new ConfigurationException(e); } }
@Override public synchronized void removeCertificates(String dn) throws ConfigurationException { try { ModificationItem removeCert = new ModificationItem( DirContext.REMOVE_ATTRIBUTE, new BasicAttribute(userCertificate)); ctx.modifyAttributes(dn, new ModificationItem[] { removeCert }); } catch (NameNotFoundException e) { throw new ConfigurationNotFoundException(e); } catch (NamingException e) { throw new ConfigurationException(e); } }