LDAP functionallity

- added apache ldap client api to pom.xml
- added the LDAP user which authenticates to the LDAP server
- added testAuthentication to AppTest
- users get inserted into db after authenticating
- added log4j properties to filter unuseful debug messages

4 files changed, 206 insertions, 18 deletions

diff --git a/src/main/java/org/openslx/imagemaster/db/DbSatellite.java b/src/main/java/org/openslx/imagemaster/db/DbSatellite.java
new file mode 100644
index 0000000..da20fbc
--- /dev/null
+++ b/src/main/java/org/openslx/imagemaster/db/DbSatellite.java
@@ -0,0 +1,36 @@
+package org.openslx.imagemaster.db;
+
+public class DbSatellite {
+	/*
+	 * Get row from mysql db and
+	 */
+
+	private String organization, address, name;
+
+	// needs to be public in order to be found by MySQL
+	public DbSatellite(String organization, String address, String name) {
+		this.organization = organization;
+		this.address = address;
+		this.name = name;
+	}
+
+	public static DbSatellite createDbSatellite(String organization) {
+		return MySQL
+				.findUniqueOrNull(
+						DbSatellite.class,
+						"SELECT satellite.organization, satellite.address, satellite.name FROM satellite WHERE satellite.organization = ? LIMIT 1",
+						organization);
+	}
+
+	public String getAddress() {
+		return address;
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public String getOrganization() {
+		return organization;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/org/openslx/imagemaster/db/DbUser.java b/src/main/java/org/openslx/imagemaster/db/DbUser.java
index f8400a9..9370f40 100644
--- a/src/main/java/org/openslx/imagemaster/db/DbUser.java
+++ b/src/main/java/org/openslx/imagemaster/db/DbUser.java
@@ -1,30 +1,45 @@
 package org.openslx.imagemaster.db;
 
+import org.apache.log4j.Logger;
+import org.openslx.imagemaster.session.Authenticator;
 import org.openslx.imagemaster.session.User;
 
-
-public class DbUser extends User
-{
-	public DbUser(String username, String password, String organization, String firstName, String lastName, String eMail,
-			String satelliteAddress)
-	{
-		super( username, password, organization, firstName, lastName, eMail, satelliteAddress );
+public class DbUser extends User {
+	private static Logger log = Logger.getLogger( Authenticator.class );
+	
+	public DbUser(String username, String password, String organization,
+			String firstName, String lastName, String eMail,
+			String satelliteAddress) {
+		super(username, password, organization, firstName, lastName, eMail,
+				satelliteAddress);
 	}
 
 	/**
 	 * Query database for user with given login
-	 * @param login (user@organization)
-	 * @return instance of DbUser for matching entry from DB, or null if not found
+	 * 
+	 * @param login
+	 *            (user@organization)
+	 * @return instance of DbUser for matching entry from DB, or null if not
+	 *         found
 	 */
-	public static DbUser forLogin( final String login )
-	{
-		final String[] parts = login.split( "@" );
-		if ( parts.length != 2 )
+	public static DbUser forLogin(final String login) {
+		final String[] parts = login.split("@");
+		if (parts.length != 2)
 			return null;
-		return MySQL.findUniqueOrNull( DbUser.class,
-				"SELECT user.username, user.password, user.organization, user.firstname, user.lastname, user.email, satellite.address FROM user" +
-				" LEFT JOIN satellite USING (organization)" +
-				" WHERE user.username = ? AND user.organization = ? LIMIT 1", parts[0], parts[1] );
+		return MySQL
+				.findUniqueOrNull(
+						DbUser.class,
+						"SELECT user.username, user.password, user.organization, user.firstname, user.lastname, user.email, satellite.address FROM user"
+								+ " LEFT JOIN satellite USING (organization)"
+								+ " WHERE user.username = ? AND user.organization = ? LIMIT 1",
+						parts[0], parts[1]);
+	}
+
+	public static boolean insertOrUpdate(User user) {
+		log.debug("Inserted user '" + user.username + "' into db.");
+		MySQL.update("INSERT INTO user (username, password, organization, firstname, lastname, email) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE password=VALUES(password), organization=VALUES(organization), firstname=VALUES(firstname), lastname=VALUES(lastname), email=VALUES(email)",
+				user.username, user.password, user.organization, user.firstName, user.lastName, user.eMail);
+		return false;
 	}
 
 }
diff --git a/src/main/java/org/openslx/imagemaster/db/LDAPUser.java b/src/main/java/org/openslx/imagemaster/db/LDAPUser.java
new file mode 100644
index 0000000..ae8d38d
--- /dev/null
+++ b/src/main/java/org/openslx/imagemaster/db/LDAPUser.java
@@ -0,0 +1,134 @@
+package org.openslx.imagemaster.db;
+
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.directory.api.ldap.model.cursor.CursorException;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.ldap.client.api.LdapConnectionConfig;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.openslx.imagemaster.session.User;
+import org.openslx.imagemaster.thrift.iface.AuthenticationException;
+import org.openslx.imagemaster.util.Sha512Crypt;
+
+/*
+ * This TrustManager is used to accept custom certificates.
+ */
+class MyTrustManager implements X509TrustManager {
+
+	@Override
+	public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+			throws CertificateException {}
+
+	@Override
+	public void checkServerTrusted(X509Certificate[] arg0, String arg1)
+			throws CertificateException {}
+
+	@Override
+	public X509Certificate[] getAcceptedIssuers() {
+		return new X509Certificate[0];
+	}
+	
+}
+
+public class LDAPUser extends User {
+
+	protected LDAPUser(String username, String password, String organization,
+			String firstName, String lastName, String eMail,
+			String satelliteAddress) {
+		super(username, password, organization, firstName, lastName, eMail,
+				satelliteAddress);
+	}
+	
+	/**
+	 * Query LDAP for user with given login
+	 * @param login (user@organization)
+	 * @return instance of LDAPUser for matching entry from LDAP, or null if not found
+	 */
+	@SuppressWarnings("finally")
+	public static LDAPUser forLogin( final String login, final String password ) throws AuthenticationException {
+		String username, organization, firstName, lastName, eMail, satelliteAddress; 
+		
+		LdapConnectionConfig ldapConfig = new LdapConnectionConfig();
+		ldapConfig.setTrustManagers(new MyTrustManager());
+		ldapConfig.setLdapPort(636);
+		ldapConfig.setLdapHost("bv1.ruf.uni-freiburg.de");
+		ldapConfig.setUseSsl(true);
+		
+		LdapNetworkConnection connection = new LdapNetworkConnection( ldapConfig );
+		
+		// bind connection
+		try {
+			connection.bind("uid=" + login + ",ou=people,dc=uni-freiburg,dc=de", password);
+		} catch (LdapException e1) {
+			try {
+				connection.unBind();
+				connection.close();
+			} catch (LdapException | IOException e) {
+			} finally {
+				AuthenticationException ae = new AuthenticationException();
+				ae.message = "Could not bind to LDAP server. Invalid credentials.";
+				throw ae;
+			}
+		}
+		
+		// test authorization
+		if (!connection.isConnected() || !connection.isAuthenticated()) {
+			try {
+				connection.unBind();
+				connection.close();
+			} catch (LdapException | IOException e) {
+			} finally {
+				AuthenticationException ae = new AuthenticationException();
+				ae.message = "Could not connect / authenticate to LDAP server. Invalid credentials?";
+				throw ae;
+			}
+		}
+		
+		// make search query
+		try {
+			EntryCursor cursor = connection.search("ou=people,dc=uni-freiburg,dc=de", "(&(objectclass=person)(uid="
+					+ login + "))", SearchScope.SUBTREE);
+			// only use the first result
+			cursor.next();
+			Entry entry = cursor.get();
+			username = entry.get("uid").getString();
+			organization = "Test Organization"; // will be filled with bwIDM LDAP server
+			firstName = entry.get("givenName").getString();
+			lastName = entry.get("sn").getString();
+			eMail = entry.get("rufPreferredMail").getString();
+			// get the satellite address from db
+			DbSatellite dbSatellite = DbSatellite.createDbSatellite(organization);
+			if (dbSatellite != null) {
+				satelliteAddress = dbSatellite.getAddress();
+			} else {
+				/*
+				 * Organization is not known..
+				 * TODO: Handle this
+				 */
+				satelliteAddress = "addressNotKown";
+			}
+		} catch (LdapException | CursorException e1) {
+			return null;
+		} finally {
+			// close connection
+			try {
+				connection.unBind();
+			} catch (LdapException e) {
+				return null;
+			}
+			try {
+				connection.close();
+			} catch (IOException e) {
+				return null;
+			}
+		}
+		return new LDAPUser(username, Sha512Crypt.Sha512_crypt(password, null, 0), organization, firstName, lastName, eMail, satelliteAddress);
+	}
+}
diff --git a/src/main/java/org/openslx/imagemaster/db/MySQL.java b/src/main/java/org/openslx/imagemaster/db/MySQL.java
index 15bf5e2..a31046d 100644
--- a/src/main/java/org/openslx/imagemaster/db/MySQL.java
+++ b/src/main/java/org/openslx/imagemaster/db/MySQL.java
@@ -76,5 +76,8 @@ class MySQL
 	{
 		return db.findUniqueOrNull( clazz, sql, args );
 	}
-
+	
+	protected static int update(String query, Object... args) {
+		return db.update(query, args);
+	}
 }