All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.test.security.common.elytron.LdapRealm Maven / Gradle / Ivy

/*
 * Copyright 2020 Red Hat, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.test.security.common.elytron;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.test.integration.management.util.CLIWrapper;
import org.jboss.as.test.integration.security.common.Utils;
import org.jboss.dmr.ModelNode;

/**
 * A {@link ConfigurableElement} to define the ldap-realm resource within the Elytron subsystem.
 *
 * @author Ondrej Kotek
 */
public class LdapRealm implements SecurityRealm {

    private final PathAddress address;
    private final String name;
    private final String dirContext;
    private final Boolean directVerification;
    private final Boolean allowBlankPassword;
    private final IdentityMapping identityMapping;

    LdapRealm(Builder builder) {
        this.name = builder.name;
        this.address = PathAddress.pathAddress(PathElement.pathElement("subsystem", "elytron"), PathElement.pathElement("ldap-realm", name));
        this.dirContext = builder.dirContext;
        this.directVerification = builder.directVerification;
        this.allowBlankPassword = builder.allowBlankPassword;
        this.identityMapping = builder.identityMapping;
    }

    @Override
    public String getName() {
        return name;
    }

    public ModelNode getAddOperation() {
        ModelNode addOperation = Util.createAddOperation(address);
        addOperation.get("ldap-realm");
        if (dirContext != null) {
            addOperation.get("dir-context").set(dirContext);
        }
        if (directVerification != null) {
            addOperation.get("direct-verification").set(directVerification);
        }
        if (allowBlankPassword != null) {
            addOperation.get("allow-blank-password").set(allowBlankPassword);
        }
        if (identityMapping != null) {
            addOperation.get("identity-mapping").set(getIdentityMappingModel().asObject());
        }

        return addOperation;
    }

    private ModelNode getIdentityMappingModel() {
        ModelNode identityMappingModelNode = new ModelNode();
        if (!identityMapping.getAttributeMappings().isEmpty()) {
            List attributeMappingNodeList = new ArrayList();
            for (AttributeMapping attributeMapping : identityMapping.getAttributeMappings()) {
                ModelNode node = new ModelNode();
                if (attributeMapping.getFrom() != null) {
                    node.add("from", attributeMapping.getFrom());
                }
                if (attributeMapping.getTo() != null) {
                    node.add("to", attributeMapping.getTo());
                }
                if (attributeMapping.getFilter() != null) {
                    node.add("filter", attributeMapping.getFilter());
                }
                if (attributeMapping.getFilterBaseDn() != null) {
                    node.add("filter-base-dn", attributeMapping.getFilterBaseDn());
                }
                if (attributeMapping.getExtractRdn() != null) {
                    node.add("extract-rdn", attributeMapping.getExtractRdn());
                }
                if (attributeMapping.getSearchRecursive() != null) {
                    node.add("search-recursive", attributeMapping.getSearchRecursive());
                }
                if (attributeMapping.getRoleRecursion() != null) {
                    node.add("role-recursion", attributeMapping.getRoleRecursion());
                }
                if (attributeMapping.getRoleRecursionName() != null) {
                    node.add("role-recursion-name", attributeMapping.getRoleRecursionName());
                }
                if (attributeMapping.getReference() != null) {
                    node.add("reference", attributeMapping.getReference());
                }
                attributeMappingNodeList.add(node.asObject());
            }
            ModelNode attributeMappingNode = new ModelNode();
            attributeMappingNode.set(attributeMappingNodeList);
            identityMappingModelNode.add("attribute-mapping", attributeMappingNode);
        }
        if (identityMapping.getFilterName() != null) {
            identityMappingModelNode.add("filter-name", identityMapping.getFilterName());
        }
        if (identityMapping.getIteratorFilter() != null) {
            identityMappingModelNode.add("iterator-filter", identityMapping.getIteratorFilter());
        }
        if (!identityMapping.getNewIdentityAttributes().isEmpty()) {
            List newIdentityAttributesNodeList = new ArrayList();
            for (NewIdentityAttributes newIdentityAttribute : identityMapping.getNewIdentityAttributes()) {
                ModelNode attributeNode = new ModelNode();
                if (newIdentityAttribute.getName() != null) {
                    attributeNode.add("name", newIdentityAttribute.getName());
                }

                ModelNode valuesList = new ModelNode().setEmptyList();
                for (String value : newIdentityAttribute.getValues()) {
                    valuesList.add(value);
                }
                attributeNode.add("value", valuesList);

                newIdentityAttributesNodeList.add(attributeNode.asObject());
            }
            ModelNode newIdentityAttributesNode = new ModelNode();
            newIdentityAttributesNode.set(newIdentityAttributesNodeList);
            identityMappingModelNode.add("new-identity-attributes", newIdentityAttributesNode);
        }
        if (identityMapping.getNewIdentityParentDn() != null) {
            identityMappingModelNode.add("new-identity-parent-dn", identityMapping.getNewIdentityParentDn());
        }
        if (identityMapping.getOtpCredentialMapper() != null) {
            OtpCredentialMapper otpCredentialMapper = identityMapping.getOtpCredentialMapper();
            ModelNode node = new ModelNode();
            node.add("algorithm-from", otpCredentialMapper.getAlgorithmFrom());
            node.add("hash-from", otpCredentialMapper.getHashFrom());
            node.add("seed-from", otpCredentialMapper.getSeedFrom());
            node.add("sequence-from", otpCredentialMapper.getSequenceFrom());
            identityMappingModelNode.add("otp-credential-mapper", node.asObject());
        }
        if (identityMapping.getRdnIdentifier() != null) {
            identityMappingModelNode.add("rdn-identifier", identityMapping.getRdnIdentifier());
        }
        if (identityMapping.getSearchBaseDn() != null) {
            identityMappingModelNode.add("search-base-dn", identityMapping.getSearchBaseDn());
        }
        if (identityMapping.getUseRecursiveSearch() != null) {
            identityMappingModelNode.add("use-recursive-search", identityMapping.getUseRecursiveSearch());
        }
        if (identityMapping.getUserPasswordMapper() != null) {
            UserPasswordMapper userPasswordMapper = identityMapping.getUserPasswordMapper();
            ModelNode node = new ModelNode();
            node.add("from", userPasswordMapper.getFrom());
            if (userPasswordMapper.getWritable() != null) {
                node.add("writable", userPasswordMapper.getWritable());
            }
            if (userPasswordMapper.getVerifiable() != null) {
                node.add("verifiable", userPasswordMapper.getVerifiable());
            }
            identityMappingModelNode.add("user-password-mapper", node.asObject());
        }
        if (identityMapping.getX509CredentialMapper() != null) {
            X509CredentialMapper x509CredentialMapper = identityMapping.getX509CredentialMapper();
            ModelNode node = new ModelNode();
            if (x509CredentialMapper.getDigestFrom() != null) {
                node.add("digest-from", x509CredentialMapper.getDigestFrom());
            }
            if (x509CredentialMapper.getDigestAlgorithm() != null) {
                node.add("digest-algorithm", x509CredentialMapper.getDigestAlgorithm());
            }
            if (x509CredentialMapper.getCertificateFrom() != null) {
                node.add("certificate-from", x509CredentialMapper.getCertificateFrom());
            }
            if (x509CredentialMapper.getSerialNumberFrom() != null) {
                node.add("serial-number-from", x509CredentialMapper.getSerialNumberFrom());
            }
            if (x509CredentialMapper.getSubjectDnFrom() != null) {
                node.add("subject-dn-from", x509CredentialMapper.getSubjectDnFrom());
            }
            identityMappingModelNode.add("x509-credential-mapper", node.asObject());
        }
        return identityMappingModelNode;
    }

    public ModelNode getRemoveOperation() {
        return Util.createRemoveOperation(address);
    }

    @Override
    public void create(ModelControllerClient client, CLIWrapper cli) throws Exception {
        Utils.applyUpdate(getAddOperation(), client);
    }

    @Override
    public void remove(ModelControllerClient client, CLIWrapper cli) throws Exception {
        Utils.applyUpdate(getRemoveOperation(), client);
    }

    public static Builder builder(final String name) {
        return new Builder(name);
    }

    public static IdentityMappingBuilder identityMappingBuilder() {
        return new IdentityMappingBuilder();
    }

    public static final class Builder {

        private final String name;
        private String dirContext;
        private Boolean directVerification;
        private Boolean allowBlankPassword;
        private IdentityMapping identityMapping;

        public Builder(String name) {
            this.name = name;
        }

        public Builder withDirContext(String dirContext) {
            this.dirContext = dirContext;

            return this;
        }

        public Builder withDirectVerification(Boolean directVerification) {
            this.directVerification = directVerification;

            return this;
        }

        public Builder withAllowBlankPassword(Boolean allowBlankPassword) {
            this.allowBlankPassword = allowBlankPassword;

            return this;
        }

        public Builder withIdentityMapping(IdentityMapping identityMapping) {
            this.identityMapping = identityMapping;

            return this;
        }

        public LdapRealm build() {
            return new LdapRealm(this);
        }
    }

    public static final class IdentityMapping {

        private final String rdnIdentifier;
        private final String searchBaseDn;
        private final Boolean useRecursiveSearch;
        private final String filterName;
        private final String iteratorFilter;
        private final String newIdentityParentDn;
        private final List attributeMappings;
        private final UserPasswordMapper userPasswordMapper;
        private final OtpCredentialMapper otpCredentialMapper;
        private final X509CredentialMapper x509CredentialMapper;
        private final List newIdentityAttributes;

        private IdentityMapping(IdentityMappingBuilder builder) {
            this.rdnIdentifier = builder.rdnIdentifier;
            this.searchBaseDn = builder.searchBaseDn;
            this.useRecursiveSearch = builder.useRecursiveSearch;
            this.filterName = builder.filterName;
            this.iteratorFilter = builder.iteratorFilter;
            this.newIdentityParentDn = builder.newIdentityParentDn;
            this.attributeMappings = builder.attributeMappings;
            this.userPasswordMapper = builder.userPasswordMapper;
            this.otpCredentialMapper = builder.otpCredentialMapper;
            this.newIdentityAttributes = builder.newIdentityAttributes;
            this.x509CredentialMapper = builder.x509CredentialMapper;
        }

        public String getRdnIdentifier() {
            return rdnIdentifier;
        }

        public String getSearchBaseDn() {
            return searchBaseDn;
        }

        public Boolean getUseRecursiveSearch() {
            return useRecursiveSearch;
        }

        public String getFilterName() {
            return filterName;
        }

        public String getIteratorFilter() {
            return iteratorFilter;
        }

        public String getNewIdentityParentDn() {
            return newIdentityParentDn;
        }

        public List getAttributeMappings() {
            return attributeMappings;
        }

        public UserPasswordMapper getUserPasswordMapper() {
            return userPasswordMapper;
        }

        public OtpCredentialMapper getOtpCredentialMapper() {
            return otpCredentialMapper;
        }

        public X509CredentialMapper getX509CredentialMapper() {
            return x509CredentialMapper;
        }

        public List getNewIdentityAttributes() {
            return newIdentityAttributes;
        }

    }

    public static final class IdentityMappingBuilder {

        private String rdnIdentifier;
        private String searchBaseDn;
        private Boolean useRecursiveSearch;
        private String filterName;
        private String iteratorFilter;
        private String newIdentityParentDn;
        private List attributeMappings = new ArrayList();
        private UserPasswordMapper userPasswordMapper;
        private OtpCredentialMapper otpCredentialMapper;
        private X509CredentialMapper x509CredentialMapper;
        private List newIdentityAttributes = new ArrayList();

        public IdentityMappingBuilder withRdnIdentifier(String rdnIdentifier) {
            this.rdnIdentifier = rdnIdentifier;

            return this;
        }

        public IdentityMappingBuilder withSearchBaseDn(String searchBaseDn) {
            this.searchBaseDn = searchBaseDn;

            return this;
        }

        public IdentityMappingBuilder withUseRecursiveSearch(Boolean useRecursiveSearch) {
            this.useRecursiveSearch = useRecursiveSearch;

            return this;
        }

        public IdentityMappingBuilder withFilterName(String filterName) {
            this.filterName = filterName;

            return this;
        }

        public IdentityMappingBuilder withIteratorFilter(String iteratorFilter) {
            this.iteratorFilter = iteratorFilter;

            return this;
        }

        public IdentityMappingBuilder withNewIdentityParentDn(String newIdentityParentDn) {
            this.newIdentityParentDn = newIdentityParentDn;

            return this;
        }

        public IdentityMappingBuilder withAttributeMappings(AttributeMapping... attributeMappings) {
            if (attributeMappings != null) {
                Collections.addAll(this.attributeMappings, attributeMappings);
            }

            return this;
        }

        public IdentityMappingBuilder withUserPasswordMapper(UserPasswordMapper userPasswordMapper) {
            this.userPasswordMapper = userPasswordMapper;

            return this;
        }

        public IdentityMappingBuilder withOtpCredentialMapper(OtpCredentialMapper otpCredentialMapper) {
            this.otpCredentialMapper = otpCredentialMapper;

            return this;
        }

        public IdentityMappingBuilder withX509CredentialMapper(X509CredentialMapper x509CredentialMapper) {
            this.x509CredentialMapper = x509CredentialMapper;

            return this;
        }

        public IdentityMappingBuilder withNewIdentityAttributes(NewIdentityAttributes... newIdentityAttributes) {
            if (newIdentityAttributes != null) {
                Collections.addAll(this.newIdentityAttributes, newIdentityAttributes);
            }

            return this;
        }

        public IdentityMapping build() {
            return new IdentityMapping(this);
        }
    }

    public static final class AttributeMapping {

        private final String from;
        private final String to;
        private final String filter;
        private final String filterBaseDn;
        private final String extractRdn;
        private final Boolean searchRecursive;
        private final Integer roleRecursion;
        private final String roleRecursionName;
        private final String reference;

        private AttributeMapping(AttributeMappingBuilder builder) {
            this.from = builder.from;
            this.to = builder.to;
            this.filter = builder.filter;
            this.filterBaseDn = builder.filterBaseDn;
            this.extractRdn = builder.extractRdn;
            this.searchRecursive = builder.searchRecursive;
            this.roleRecursion = builder.roleRecursion;
            this.roleRecursionName = builder.roleRecursionName;
            this.reference = builder.reference;
        }

        public String getFrom() {
            return from;
        }

        public String getTo() {
            return to;
        }

        public String getFilter() {
            return filter;
        }

        public String getFilterBaseDn() {
            return filterBaseDn;
        }

        public String getExtractRdn() {
            return extractRdn;
        }

        public Boolean getSearchRecursive() {
            return searchRecursive;
        }

        public Integer getRoleRecursion() {
            return roleRecursion;
        }

        public String getRoleRecursionName() {
            return roleRecursionName;
        }

        public String getReference() {
            return reference;
        }

    }

    public static final class AttributeMappingBuilder {

        private String from;
        private String to;
        private String filter;
        private String filterBaseDn;
        private String extractRdn;
        private Boolean searchRecursive;
        private Integer roleRecursion;
        private String roleRecursionName;
        private String reference;

        public AttributeMappingBuilder withFrom(String from) {
            this.from = from;

            return this;
        }

        public AttributeMappingBuilder withTo(String to) {
            this.to = to;

            return this;
        }

        public AttributeMappingBuilder withFilter(String filter) {
            this.filter = filter;

            return this;
        }

        public AttributeMappingBuilder withFilterBaseDn(String filterBaseDn) {
            this.filterBaseDn = filterBaseDn;

            return this;
        }

        public AttributeMappingBuilder withExtractRdn(String extractRdn) {
            this.extractRdn = extractRdn;

            return this;
        }

        public AttributeMappingBuilder withSearchRecursive(Boolean searchRecursive) {
            this.searchRecursive = searchRecursive;

            return this;
        }

        public AttributeMappingBuilder withRoleRecursion(Integer roleRecursion) {
            this.roleRecursion = roleRecursion;

            return this;
        }

        public AttributeMappingBuilder withRoleRecursionName(String roleRecursionName) {
            this.roleRecursionName = roleRecursionName;

            return this;
        }

        public AttributeMappingBuilder withReference(String reference) {
            this.reference = reference;

            return this;
        }

        public AttributeMapping build() {
            return new AttributeMapping(this);
        }

    }

    public static final class UserPasswordMapper {

        private final String from;
        private final Boolean writable;
        private final Boolean verifiable;

        private UserPasswordMapper(UserPasswordMapperBuilder builder) {
            this.from = builder.from;
            this.writable = builder.writable;
            this.verifiable = builder.verifiable;
        }

        public String getFrom() {
            return from;
        }

        public Boolean getWritable() {
            return writable;
        }

        public Boolean getVerifiable() {
            return verifiable;
        }

    }

    public static final class UserPasswordMapperBuilder {

        private String from;
        private Boolean writable;
        private Boolean verifiable;

        public UserPasswordMapperBuilder withFrom(String from) {
            this.from = from;

            return this;
        }

        public UserPasswordMapperBuilder withWritable(Boolean writable) {
            this.writable = writable;

            return this;
        }

        public UserPasswordMapperBuilder withVerifiable(Boolean verifiable) {
            this.verifiable = verifiable;

            return this;
        }

        public UserPasswordMapper build() {
            return new UserPasswordMapper(this);
        }
    }

    public static final class OtpCredentialMapper {

        private final String algorithmFrom;
        private final String hashFrom;
        private final String seedFrom;
        private final String sequenceFrom;

        private OtpCredentialMapper(OtpCredentialMapperBuilder builder) {
            this.algorithmFrom = builder.algorithmFrom;
            this.hashFrom = builder.hashFrom;
            this.seedFrom = builder.seedFrom;
            this.sequenceFrom = builder.sequenceFrom;
        }

        public String getAlgorithmFrom() {
            return algorithmFrom;
        }

        public String getHashFrom() {
            return hashFrom;
        }

        public String getSeedFrom() {
            return seedFrom;
        }

        public String getSequenceFrom() {
            return sequenceFrom;
        }

    }

    public static final class OtpCredentialMapperBuilder {

        private String algorithmFrom;
        private String hashFrom;
        private String seedFrom;
        private String sequenceFrom;

        public OtpCredentialMapperBuilder withAlgorithmFrom(String algorithmFrom) {
            this.algorithmFrom = algorithmFrom;

            return this;
        }

        public OtpCredentialMapperBuilder withHashFrom(String hashFrom) {
            this.hashFrom = hashFrom;

            return this;
        }

        public OtpCredentialMapperBuilder withSeedFrom(String seedFrom) {
            this.seedFrom = seedFrom;
            return this;
        }

        public OtpCredentialMapperBuilder withSequenceFrom(String sequenceFrom) {
            this.sequenceFrom = sequenceFrom;

            return this;
        }

        public OtpCredentialMapper build() {
            return new OtpCredentialMapper(this);
        }
    }

    public static final class X509CredentialMapper {

        private final String digestFrom;
        private final String digestAlgorithm;
        private final String certificateFrom;
        private final String serialNumberFrom;
        private final String subjectDnFrom;

        private X509CredentialMapper(X509CredentialMapperBuilder builder) {
            this.digestFrom = builder.digestFrom;
            this.digestAlgorithm = builder.digestAlgorithm;
            this.certificateFrom = builder.certificateFrom;
            this.serialNumberFrom = builder.serialNumberFrom;
            this.subjectDnFrom = builder.subjectDnFrom;
        }

        public String getDigestFrom() {
            return digestFrom;
        }

        public String getDigestAlgorithm() {
            return digestAlgorithm;
        }

        public String getCertificateFrom() {
            return certificateFrom;
        }

        public String getSerialNumberFrom() {
            return serialNumberFrom;
        }

        public String getSubjectDnFrom() {
            return subjectDnFrom;
        }

    }

    public static final class X509CredentialMapperBuilder {

        private String digestFrom;
        private String digestAlgorithm;
        private String certificateFrom;
        private String serialNumberFrom;
        private String subjectDnFrom;

        public X509CredentialMapperBuilder withDigestFrom(String digestFrom) {
            this.digestFrom = digestFrom;

            return this;
        }

        public X509CredentialMapperBuilder withDigestAlgorithm(String digestAlgorithm) {
            this.digestAlgorithm = digestAlgorithm;

            return this;
        }

        public X509CredentialMapperBuilder withCertificateFrom(String certificateFrom) {
            this.certificateFrom = certificateFrom;

            return this;
        }

        public X509CredentialMapperBuilder withSerialNumberFrom(String serialNumberFrom) {
            this.serialNumberFrom = serialNumberFrom;

            return this;
        }

        public X509CredentialMapperBuilder withSubjectDnFrom(String subjectDnFrom) {
            this.subjectDnFrom = subjectDnFrom;

            return this;
        }

        public X509CredentialMapper build() {
            return new X509CredentialMapper(this);
        }
    }

    public static final class NewIdentityAttributes {

        private final String name;
        private List values;

        private NewIdentityAttributes(NewIdentityAttributesBuilder builder) {
            this.name = builder.name;
            this.values = builder.values;
        }

        public String getName() {
            return name;
        }

        public List getValues() {
            return values;
        }

    }

    public static final class NewIdentityAttributesBuilder {

        private String name;
        private List values = new ArrayList();

        public NewIdentityAttributesBuilder withName(String name) {
            this.name = name;

            return this;
        }

        public NewIdentityAttributesBuilder withValues(String... values) {
            if (values != null) {
                Collections.addAll(this.values, values);
            }

            return this;
        }

        public NewIdentityAttributes build() {
            return new NewIdentityAttributes(this);
        }
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy