com.floragunn.dlic.auth.ldap.util.LdapHelper Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of dlic-search-guard-enterprise-modules Show documentation
Show all versions of dlic-search-guard-enterprise-modules Show documentation
Enterprise Modules for Search Guard
/*
* Copyright 2016-2017 by floragunn GmbH - All rights reserved
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed here is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*
* This software is free of charge for non-commercial and academic use.
* For commercial use in a production environment you have to obtain a license
* from https://floragunn.com
*
*/
package com.floragunn.dlic.auth.ldap.util;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.elasticsearch.SpecialPermission;
import org.ldaptive.Connection;
import org.ldaptive.DerefAliases;
import org.ldaptive.LdapEntry;
import org.ldaptive.LdapException;
import org.ldaptive.Response;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchOperation;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchResult;
import org.ldaptive.SearchScope;
import org.ldaptive.referral.SearchReferralHandler;
public class LdapHelper {
private static SearchFilter ALL = new SearchFilter("(objectClass=*)");
public static List search(final Connection conn, final String unescapedDn, SearchFilter filter,
final SearchScope searchScope) throws LdapException {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
final String baseDn = escapeDn(unescapedDn);
return AccessController.doPrivileged(new PrivilegedExceptionAction>() {
@Override
public List run() throws Exception {
final List entries = new ArrayList<>();
final SearchRequest request = new SearchRequest(baseDn, filter);
request.setReferralHandler(new SearchReferralHandler());
request.setSearchScope(searchScope);
request.setDerefAliases(DerefAliases.ALWAYS);
request.setReturnAttributes(ReturnAttributes.ALL.value());
final SearchOperation search = new SearchOperation(conn);
// referrals will be followed to build the response
final Response r = search.execute(request);
final org.ldaptive.SearchResult result = r.getResult();
entries.addAll(result.getEntries());
return entries;
}
});
} catch (PrivilegedActionException e) {
if (e.getException() instanceof LdapException) {
throw (LdapException) e.getException();
} else if (e.getException() instanceof RuntimeException) {
throw (RuntimeException) e.getException();
} else {
throw new RuntimeException(e);
}
} catch (InvalidNameException e) {
throw new RuntimeException(e);
}
}
public static LdapEntry lookup(final Connection conn, final String unescapedDn) throws LdapException {
final List entries = search(conn, unescapedDn, ALL, SearchScope.OBJECT);
if (entries.size() == 1) {
return entries.get(0);
} else {
return null;
}
}
private static String escapeDn(String dn) throws InvalidNameException {
final LdapName dnName = new LdapName(dn);
final List escaped = new ArrayList<>(dnName.size());
for(Rdn rdn: dnName.getRdns()) {
escaped.add(new Rdn(rdn.getType(), escapeForwardSlash(rdn.getValue())));
}
return new LdapName(escaped).toString();
}
private static Object escapeForwardSlash(Object input) {
if(input != null && input instanceof String) {
return ((String)input).replace("/", "\\2f");
} else {
return input;
}
}
}