src/main/java/org/openslx/imagemaster/db/LDAPUser.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

package org.openslx.imagemaster.db;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509TrustManager;

import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.openslx.imagemaster.session.User;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;
import org.openslx.imagemaster.util.Sha512Crypt;

/*
 * This TrustManager is used to accept custom certificates.
 */
class MyTrustManager implements X509TrustManager {

	@Override
	public void checkClientTrusted(X509Certificate[] arg0, String arg1)
			throws CertificateException {}

	@Override
	public void checkServerTrusted(X509Certificate[] arg0, String arg1)
			throws CertificateException {}

	@Override
	public X509Certificate[] getAcceptedIssuers() {
		return new X509Certificate[0];
	}
	
}

public class LDAPUser extends User {

	protected LDAPUser(String username, String password, String organization,
			String firstName, String lastName, String eMail,
			String satelliteAddress) {
		super(username, password, organization, firstName, lastName, eMail,
				satelliteAddress);
	}
	
	/**
	 * Query LDAP for user with given login
	 * @param login (user@organization)
	 * @return instance of LDAPUser for matching entry from LDAP, or null if not found
	 */
	@SuppressWarnings("finally")
	public static LDAPUser forLogin( final String login, final String password ) throws AuthenticationException {
		String username, organization, firstName, lastName, eMail, satelliteAddress; 
		
		LdapConnectionConfig ldapConfig = new LdapConnectionConfig();
		ldapConfig.setTrustManagers(new MyTrustManager());
		ldapConfig.setLdapPort(636);
		ldapConfig.setLdapHost("bv1.ruf.uni-freiburg.de");
		ldapConfig.setUseSsl(true);
		
		LdapNetworkConnection connection = new LdapNetworkConnection( ldapConfig );
		
		// bind connection
		try {
			connection.bind("uid=" + login + ",ou=people,dc=uni-freiburg,dc=de", password);
		} catch (LdapException e1) {
			try {
				connection.unBind();
				connection.close();
			} catch (LdapException | IOException e) {
			} finally {
				AuthenticationException ae = new AuthenticationException();
				ae.message = "Could not bind to LDAP server. Invalid credentials.";
				throw ae;
			}
		}
		
		// test authorization
		if (!connection.isConnected() || !connection.isAuthenticated()) {
			try {
				connection.unBind();
				connection.close();
			} catch (LdapException | IOException e) {
			} finally {
				AuthenticationException ae = new AuthenticationException();
				ae.message = "Could not connect / authenticate to LDAP server. Invalid credentials?";
				throw ae;
			}
		}
		
		// make search query
		try {
			EntryCursor cursor = connection.search("ou=people,dc=uni-freiburg,dc=de", "(&(objectclass=person)(uid="
					+ login + "))", SearchScope.SUBTREE);
			// only use the first result
			cursor.next();
			Entry entry = cursor.get();
			username = entry.get("uid").getString();
			organization = "Test Organization"; // will be filled with bwIDM LDAP server
			firstName = entry.get("givenName").getString();
			lastName = entry.get("sn").getString();
			eMail = entry.get("rufPreferredMail").getString();
			// get the satellite address from db
			DbSatellite dbSatellite = DbSatellite.fromOrganization(organization);
			if (dbSatellite != null) {
				satelliteAddress = dbSatellite.getAddress();
			} else {
				/*
				 * Organization is not known..
				 * TODO: Handle this
				 */
				satelliteAddress = "addressNotKown";
			}
		} catch (LdapException | CursorException e1) {
			return null;
		} finally {
			// close connection
			try {
				connection.unBind();
			} catch (LdapException e) {
				return null;
			}
			try {
				connection.close();
			} catch (IOException e) {
				return null;
			}
		}
		return new LDAPUser(username, Sha512Crypt.Sha512_crypt(password, null, 0), organization, firstName, lastName, eMail, satelliteAddress);
	}
}