From 34a7464aa0ef6785f1ae8f1baa4264b7e5f8120b Mon Sep 17 00:00:00 2001 From: Peter Hormanns Date: Mon, 17 Sep 2018 18:11:17 +0200 Subject: [PATCH] new entity LdapUser --- .../src/de/hsadmin/core/model/LdapDAO.java | 116 ++++++++++++++++++ .../src/de/hsadmin/core/model/LdapUser.java | 76 ++++++++++++ .../de/hsadmin/core/model/Transaction.java | 8 +- 3 files changed, 198 insertions(+), 2 deletions(-) create mode 100644 hsarback/src/de/hsadmin/core/model/LdapDAO.java create mode 100644 hsarback/src/de/hsadmin/core/model/LdapUser.java diff --git a/hsarback/src/de/hsadmin/core/model/LdapDAO.java b/hsarback/src/de/hsadmin/core/model/LdapDAO.java new file mode 100644 index 0000000..0ea4374 --- /dev/null +++ b/hsarback/src/de/hsadmin/core/model/LdapDAO.java @@ -0,0 +1,116 @@ +package de.hsadmin.core.model; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Properties; + +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.directory.Attributes; +import javax.naming.ldap.InitialLdapContext; +import javax.naming.ldap.StartTlsRequest; +import javax.naming.ldap.StartTlsResponse; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import de.hsadmin.core.util.Config; + +public class LdapDAO { + + private InitialLdapContext ctx; + private StartTlsResponse tls; + + public LdapUser read(final String uid) throws TechnicalException { + if (uid == null) { + throw new TechnicalException("uid is null"); + } + try { + String ldapDC = "dc=hostsharing,dc=net"; + connect(); + if (uid.length() == 2) { + ldapDC = "uid=" + uid + ",ou=users,ou=admins"; + } else if (uid.length() > 4 && uid.charAt(3) == '-') { + ldapDC = "uid=" + uid + ",ou=users,ou=" + uid.substring(0, 3) + ",ou=customers"; + } else { + throw new TechnicalException("no valid uid " + uid); + } + final LdapUser ldapUser = new LdapUser(); + final Attributes ldapAttrs = ctx.getAttributes(ldapDC); + ldapUser.setUid(getSingleAttributValue(ldapAttrs, "uid")); + ldapUser.setNickname(getSingleAttributValue(ldapAttrs, "nickName")); + ldapUser.setSurname(getSingleAttributValue(ldapAttrs, "sn")); + ldapUser.setGivenname(getSingleAttributValue(ldapAttrs, "givenName")); + ldapUser.setMail(getSingleAttributValue(ldapAttrs, "mail")); + return ldapUser; + } catch (NamingException e) { + throw new TechnicalException(e); + } catch (GeneralSecurityException e) { + throw new TechnicalException(e); + } catch (IOException e) { + throw new TechnicalException(e); + } finally { + close(); + } + } + + private void connect() throws NamingException, GeneralSecurityException, IOException { + final Config conf = Config.getInstance(); + final String ldapConnectString = conf.getProperty("ldap.connect.url"); + final String bind = conf.getProperty("ldap.connect.bind"); + final String passwd = conf.getProperty("ldap.connect.password"); + final Properties env = new Properties(); + env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + env.put("com.sun.jndi.ldap.connect.pool", "true"); + env.put(Context.PROVIDER_URL, ldapConnectString); + ctx = new InitialLdapContext(env, null); + tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest()); + final SSLContext sc = SSLContext.getInstance("TLSv1.2"); + final TrustManager tm = new X509TrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { + } + @Override + public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { + } + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + }; + sc.init(null, new TrustManager[] { tm } , new SecureRandom()); + final SSLSocketFactory ssf = sc.getSocketFactory(); + tls.negotiate(ssf); + ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); + String principal = bind; + ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal); + ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, passwd); + ctx.reconnect(null); + } + + private String getSingleAttributValue(final Attributes ldapAttrs, final String attributeName) throws NamingException { + return ldapAttrs.get(attributeName).getAll().next().toString(); + } + + private void close() { + if (tls != null) { + try { + tls.close(); + } catch (IOException e) { + // dont care + } + } + if (ctx != null) { + try { + ctx.close(); + } catch (NamingException e) { + // dont care + } + } + } + +} diff --git a/hsarback/src/de/hsadmin/core/model/LdapUser.java b/hsarback/src/de/hsadmin/core/model/LdapUser.java new file mode 100644 index 0000000..095c3cb --- /dev/null +++ b/hsarback/src/de/hsadmin/core/model/LdapUser.java @@ -0,0 +1,76 @@ +package de.hsadmin.core.model; + +public class LdapUser implements AuthenticatedUser { + + private String uid; + private String nickname; + private String surname; + private String givenname; + private String mail; + + @Override + public long id() { + return -1L; + } + + @Override + public String getName() { + return uid; + } + + @Override + public boolean hasHostmasterRole() { + return uid != null && uid.length() == 2; + } + + @Override + public boolean hasPacAdminRoleFor(AbstractEntity pac) { + return hasHostmasterRole(); + } + + @Override + public boolean hasCustomerRoleFor(AbstractEntity customer) { + return hasHostmasterRole(); + } + + public String getUid() { + return uid; + } + + public String getNickname() { + return nickname; + } + + public String getSurname() { + return surname; + } + + public String getGivenname() { + return givenname; + } + + public String getMail() { + return mail; + } + + public void setUid(String uid) { + this.uid = uid; + } + + public void setNickname(String nickname) { + this.nickname = nickname; + } + + public void setSurname(String surname) { + this.surname = surname; + } + + public void setGivenname(String givenname) { + this.givenname = givenname; + } + + public void setMail(String mail) { + this.mail = mail; + } + +} diff --git a/hsarback/src/de/hsadmin/core/model/Transaction.java b/hsarback/src/de/hsadmin/core/model/Transaction.java index 80a0a8b..25b818b 100644 --- a/hsarback/src/de/hsadmin/core/model/Transaction.java +++ b/hsarback/src/de/hsadmin/core/model/Transaction.java @@ -90,7 +90,6 @@ public class Transaction { for (String hive : taskStores.keySet()) { QueueTaskStore store = taskStores.get(hive); String queueName = "hsadminSystem-" + hive; -// queueName = "hsadminSystem-h99"; // FIXME nicht committen !!! Queue jmsSystemQueue = lookupJMSQueue(queueName); QueueClient qClient = null; try { @@ -176,7 +175,12 @@ public class Transaction { public AuthenticatedUser getLoginUser() { String loginName = getRunas(); if (loginName != null && loginName.length() == 2) { - loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName; + final LdapDAO ldapDAO = new LdapDAO(); + return ldapDAO.read(loginName); + } + if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') { + final LdapDAO ldapDAO = new LdapDAO(); + return ldapDAO.read(loginName); } if (loginName != null && loginName.length() == 3) { loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;