package org.openslx.imagemaster.db; import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.X509TrustManager; import org.apache.directory.api.ldap.model.cursor.CursorException; import org.apache.directory.api.ldap.model.cursor.EntryCursor; import org.apache.directory.api.ldap.model.entry.Entry; import org.apache.directory.api.ldap.model.exception.LdapException; import org.apache.directory.api.ldap.model.message.SearchScope; import org.apache.directory.ldap.client.api.LdapConnectionConfig; import org.apache.directory.ldap.client.api.LdapNetworkConnection; import org.openslx.imagemaster.session.User; import org.openslx.imagemaster.thrift.iface.AuthenticationException; import org.openslx.imagemaster.util.Sha512Crypt; /* * This TrustManager is used to accept custom certificates. */ class MyTrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } public class LDAPUser extends User { protected LDAPUser(String username, String password, String organization, String firstName, String lastName, String eMail, String satelliteAddress) { super(username, password, organization, firstName, lastName, eMail, satelliteAddress); } /** * Query LDAP for user with given login * @param login (user@organization) * @return instance of LDAPUser for matching entry from LDAP, or null if not found */ @SuppressWarnings("finally") public static LDAPUser forLogin( final String login, final String password ) throws AuthenticationException { String username, organization, firstName, lastName, eMail, satelliteAddress; LdapConnectionConfig ldapConfig = new LdapConnectionConfig(); ldapConfig.setTrustManagers(new MyTrustManager()); ldapConfig.setLdapPort(636); ldapConfig.setLdapHost("bv1.ruf.uni-freiburg.de"); ldapConfig.setUseSsl(true); LdapNetworkConnection connection = new LdapNetworkConnection( ldapConfig ); // bind connection try { connection.bind("uid=" + login + ",ou=people,dc=uni-freiburg,dc=de", password); } catch (LdapException e1) { try { connection.unBind(); connection.close(); } catch (LdapException | IOException e) { } finally { AuthenticationException ae = new AuthenticationException(); ae.message = "Could not bind to LDAP server. Invalid credentials."; throw ae; } } // test authorization if (!connection.isConnected() || !connection.isAuthenticated()) { try { connection.unBind(); connection.close(); } catch (LdapException | IOException e) { } finally { AuthenticationException ae = new AuthenticationException(); ae.message = "Could not connect / authenticate to LDAP server. Invalid credentials?"; throw ae; } } // make search query try { EntryCursor cursor = connection.search("ou=people,dc=uni-freiburg,dc=de", "(&(objectclass=person)(uid=" + login + "))", SearchScope.SUBTREE); // only use the first result cursor.next(); Entry entry = cursor.get(); username = entry.get("uid").getString(); organization = "Test Organization"; // will be filled with bwIDM LDAP server firstName = entry.get("givenName").getString(); lastName = entry.get("sn").getString(); eMail = entry.get("rufPreferredMail").getString(); // get the satellite address from db DbSatellite dbSatellite = DbSatellite.fromOrganization(organization); if (dbSatellite != null) { satelliteAddress = dbSatellite.getAddress(); } else { /* * Organization is not known.. * TODO: Handle this */ satelliteAddress = "addressNotKown"; } } catch (LdapException | CursorException e1) { return null; } finally { // close connection try { connection.unBind(); } catch (LdapException e) { return null; } try { connection.close(); } catch (IOException e) { return null; } } return new LDAPUser(username, Sha512Crypt.Sha512_crypt(password, null, 0), organization, firstName, lastName, eMail, satelliteAddress); } }