Java Code Examples for javax.naming.ldap.LdapName#getRdns()
The following examples show how to use
javax.naming.ldap.LdapName#getRdns() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: LdapUtils.java From spring-ldap with Apache License 2.0 | 6 votes |
|
/**
* Find the Rdn with the requested key in the supplied Name.
*
* @param name the Name in which to search for the key.
* @param key the attribute key to search for.
* @return the rdn corresponding to the <b>first</b> occurrence of the requested key.
* @throws NoSuchElementException if no corresponding entry is found.
* @since 2.0
*/
public static Rdn getRdn(Name name, String key) {
Assert.notNull(name, "name must not be null");
Assert.hasText(key, "key must not be blank");
LdapName ldapName = returnOrConstructLdapNameFromName(name);
List<Rdn> rdns = ldapName.getRdns();
for (Rdn rdn : rdns) {
NamingEnumeration<String> ids = rdn.toAttributes().getIDs();
while (ids.hasMoreElements()) {
String id = ids.nextElement();
if(key.equalsIgnoreCase(id)) {
return rdn;
}
}
}
throw new NoSuchElementException("No Rdn with the requested key: '" + key + "'");
}
Example 2
| Source File: SSL.java From crate with Apache License 2.0 | 6 votes |
|
private static String extractCN(String subjectDN) {
/*
* Get commonName using LdapName API
* The DN of X509 certificates are in rfc2253 format. Ldap uses the same format.
*
* Doesn't use X500Name because it's internal API
*/
try {
LdapName ldapName = new LdapName(subjectDN);
for (Rdn rdn : ldapName.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType())) {
return rdn.getValue().toString();
}
}
throw new RuntimeException("Could not extract commonName from certificate subjectDN: " + subjectDN);
} catch (InvalidNameException e) {
throw new RuntimeException("Could not extract commonName from certificate", e);
}
}
Example 3
| Source File: DirectoryGroupDN.java From hesperides with GNU General Public License v3.0 | 6 votes |
|
public static String extractCnFromDn(String dn) {
String cn = null;
try {
LdapName ldapName = new LdapName(dn);
for (Rdn rdn : ldapName.getRdns()) {
if (rdn.getType().equalsIgnoreCase("CN")) {
cn = (String) rdn.getValue();
}
}
} catch (InvalidNameException e) {
throw new IllegalArgumentException("Invalid DN: " + dn, e);
}
if (cn == null) {
throw new IllegalArgumentException("Can't find CN in DN: " + dn);
}
return cn;
}
Example 4
| Source File: HostnameVerifierImpl.java From mariadb-connector-j with GNU Lesser General Public License v2.1 | 6 votes |
|
private static String extractCommonName(String principal) throws SSLException {
if (principal == null) {
return null;
}
try {
LdapName ldapName = new LdapName(principal);
for (Rdn rdn : ldapName.getRdns()) {
if (rdn.getType().equalsIgnoreCase("CN")) {
Object obj = rdn.getValue();
if (obj != null) {
return obj.toString();
}
}
}
return null;
} catch (InvalidNameException e) {
throw new SSLException("DN value \"" + principal + "\" is invalid");
}
}
Example 5
| Source File: ServiceLocator.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Maps a distinguished name (RFC 2253) to a fully qualified domain name.
* Processes a sequence of RDNs having a DC attribute.
* The special RDN "DC=." denotes the root of the domain tree.
* Multi-valued RDNs, non-DC attributes, binary-valued attributes and the
* RDN "DC=." all reset the domain name and processing continues.
*
* @param dn A string distinguished name (RFC 2253).
* @return A domain name or null if none can be derived.
* @throw InvalidNameException If the distinugished name is invalid.
*/
static String mapDnToDomainName(String dn) throws InvalidNameException {
if (dn == null) {
return null;
}
StringBuffer domain = new StringBuffer();
LdapName ldapName = new LdapName(dn);
// process RDNs left-to-right
//List<Rdn> rdnList = ldapName.getRdns();
List<Rdn> rdnList = ldapName.getRdns();
for (int i = rdnList.size() - 1; i >= 0; i--) {
//Rdn rdn = rdnList.get(i);
Rdn rdn = rdnList.get(i);
// single-valued RDN with a DC attribute
if ((rdn.size() == 1) &&
("dc".equalsIgnoreCase(rdn.getType()) )) {
Object attrval = rdn.getValue();
if (attrval instanceof String) {
if (attrval.equals(".") ||
(domain.length() == 1 && domain.charAt(0) == '.')) {
domain.setLength(0); // reset (when current or previous
// RDN value is "DC=.")
}
if (domain.length() > 0) {
domain.append('.');
}
domain.append(attrval);
} else {
domain.setLength(0); // reset (when binary-valued attribute)
}
} else {
domain.setLength(0); // reset (when multi-valued RDN or non-DC)
}
}
return (domain.length() != 0) ? domain.toString() : null;
}
Example 6
| Source File: ServiceLocator.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Maps a distinguished name (RFC 2253) to a fully qualified domain name.
* Processes a sequence of RDNs having a DC attribute.
* The special RDN "DC=." denotes the root of the domain tree.
* Multi-valued RDNs, non-DC attributes, binary-valued attributes and the
* RDN "DC=." all reset the domain name and processing continues.
*
* @param dn A string distinguished name (RFC 2253).
* @return A domain name or null if none can be derived.
* @throw InvalidNameException If the distinugished name is invalid.
*/
static String mapDnToDomainName(String dn) throws InvalidNameException {
if (dn == null) {
return null;
}
StringBuffer domain = new StringBuffer();
LdapName ldapName = new LdapName(dn);
// process RDNs left-to-right
//List<Rdn> rdnList = ldapName.getRdns();
List<Rdn> rdnList = ldapName.getRdns();
for (int i = rdnList.size() - 1; i >= 0; i--) {
//Rdn rdn = rdnList.get(i);
Rdn rdn = rdnList.get(i);
// single-valued RDN with a DC attribute
if ((rdn.size() == 1) &&
("dc".equalsIgnoreCase(rdn.getType()) )) {
Object attrval = rdn.getValue();
if (attrval instanceof String) {
if (attrval.equals(".") ||
(domain.length() == 1 && domain.charAt(0) == '.')) {
domain.setLength(0); // reset (when current or previous
// RDN value is "DC=.")
}
if (domain.length() > 0) {
domain.append('.');
}
domain.append(attrval);
} else {
domain.setLength(0); // reset (when binary-valued attribute)
}
} else {
domain.setLength(0); // reset (when multi-valued RDN or non-DC)
}
}
return (domain.length() != 0) ? domain.toString() : null;
}
Example 7
| Source File: CertificateModel.java From Spark with Apache License 2.0 | 5 votes |
|
private String extractCommonName(String certName) throws InvalidNameException {
String name = null;
LdapName ldapDN = new LdapName(certName);
for (Rdn rdn : ldapDN.getRdns()) {
if (rdn.getType().equals("CN")) {
name = rdn.getValue().toString();
}
}
return name;
}
Example 8
| Source File: SSLUtil.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
private static SortedSet<String> getNamesFromCert(final X509Certificate cert)
throws InvalidNameException, CertificateParsingException
{
Principal p = cert.getSubjectDN();
String dn = p.getName();
SortedSet<String> names = new TreeSet<>();
LdapName ldapName = new LdapName(dn);
for (Rdn part : ldapName.getRdns())
{
if (part.getType().equalsIgnoreCase("CN"))
{
names.add(part.getValue().toString());
break;
}
}
if(cert.getSubjectAlternativeNames() != null)
{
for (List<?> entry : cert.getSubjectAlternativeNames())
{
if (DNS_NAME_TYPE.equals(entry.get(0)))
{
names.add((String) entry.get(1));
}
}
}
return names;
}
Example 9
| Source File: NonJavaKeyStoreImpl.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
@Override
public String getSubjectName()
{
if(_certificate != null)
{
try
{
String dn = _certificate.getSubjectX500Principal().getName();
LdapName ldapDN = new LdapName(dn);
String name = dn;
for (Rdn rdn : ldapDN.getRdns())
{
if (rdn.getType().equalsIgnoreCase("CN"))
{
name = String.valueOf(rdn.getValue());
break;
}
}
return name;
}
catch (InvalidNameException e)
{
LOGGER.error("Error getting subject name from certificate");
return null;
}
}
else
{
return null;
}
}
Example 10
| Source File: ServiceLocator.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Maps a distinguished name (RFC 2253) to a fully qualified domain name.
* Processes a sequence of RDNs having a DC attribute.
* The special RDN "DC=." denotes the root of the domain tree.
* Multi-valued RDNs, non-DC attributes, binary-valued attributes and the
* RDN "DC=." all reset the domain name and processing continues.
*
* @param dn A string distinguished name (RFC 2253).
* @return A domain name or null if none can be derived.
* @throw InvalidNameException If the distinugished name is invalid.
*/
static String mapDnToDomainName(String dn) throws InvalidNameException {
if (dn == null) {
return null;
}
StringBuffer domain = new StringBuffer();
LdapName ldapName = new LdapName(dn);
// process RDNs left-to-right
//List<Rdn> rdnList = ldapName.getRdns();
List<Rdn> rdnList = ldapName.getRdns();
for (int i = rdnList.size() - 1; i >= 0; i--) {
//Rdn rdn = rdnList.get(i);
Rdn rdn = rdnList.get(i);
// single-valued RDN with a DC attribute
if ((rdn.size() == 1) &&
("dc".equalsIgnoreCase(rdn.getType()) )) {
Object attrval = rdn.getValue();
if (attrval instanceof String) {
if (attrval.equals(".") ||
(domain.length() == 1 && domain.charAt(0) == '.')) {
domain.setLength(0); // reset (when current or previous
// RDN value is "DC=.")
}
if (domain.length() > 0) {
domain.append('.');
}
domain.append(attrval);
} else {
domain.setLength(0); // reset (when binary-valued attribute)
}
} else {
domain.setLength(0); // reset (when multi-valued RDN or non-DC)
}
}
return (domain.length() != 0) ? domain.toString() : null;
}
Example 11
| Source File: TestUtils.java From vertx-codegen with Apache License 2.0 | 5 votes |
|
public static String cnOf(X509Certificate cert) throws Exception {
String dn = cert.getSubjectDN().getName();
LdapName ldapDN = new LdapName(dn);
for (Rdn rdn : ldapDN.getRdns()) {
if (rdn.getType().equalsIgnoreCase("cn")) {
return rdn.getValue().toString();
}
}
return null;
}
Example 12
| Source File: CertificateManagerTest.java From Openfire with Apache License 2.0 | 5 votes |
|
/**
*
* @see <a href="https://stackoverflow.com/questions/2914521/how-to-extract-cn-from-x509certificate-in-java>https://stackoverflow.com/questions/2914521/how-to-extract-cn-from-x509certificate-in-java</a>
*/
public static Set<String> parse( String distinguishedName, String identifier ) throws Exception
{
final Set<String> result = new HashSet<>();
final LdapName ln = new LdapName( distinguishedName);
for( final Rdn rdn : ln.getRdns() )
{
if( rdn.getType().equalsIgnoreCase( identifier ) )
{
result.add( rdn.getValue().toString() );
}
}
return result;
}
Example 13
| Source File: J_AbstractVerifier_F.java From steady with Apache License 2.0 | 5 votes |
|
static String[] extractCNs(final String subjectPrincipal) throws SSLException {
if (subjectPrincipal == null) {
return null;
}
final List<String> cns = new ArrayList<String>();
try {
final LdapName subjectDN = new LdapName(subjectPrincipal);
final List<Rdn> rdns = subjectDN.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
final Rdn rds = rdns.get(i);
final Attributes attributes = rds.toAttributes();
final Attribute cn = attributes.get("cn");
if (cn != null) {
try {
final Object value = cn.get();
if (value != null) {
cns.add(value.toString());
}
} catch (NamingException ignore) {
}
}
}
} catch (InvalidNameException e) {
throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
return cns.isEmpty() ? null : cns.toArray(new String[ cns.size() ]);
}
Example 14
| Source File: ServiceLocator.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Maps a distinguished name (RFC 2253) to a fully qualified domain name.
* Processes a sequence of RDNs having a DC attribute.
* The special RDN "DC=." denotes the root of the domain tree.
* Multi-valued RDNs, non-DC attributes, binary-valued attributes and the
* RDN "DC=." all reset the domain name and processing continues.
*
* @param dn A string distinguished name (RFC 2253).
* @return A domain name or null if none can be derived.
* @throw InvalidNameException If the distinugished name is invalid.
*/
static String mapDnToDomainName(String dn) throws InvalidNameException {
if (dn == null) {
return null;
}
StringBuffer domain = new StringBuffer();
LdapName ldapName = new LdapName(dn);
// process RDNs left-to-right
//List<Rdn> rdnList = ldapName.getRdns();
List<Rdn> rdnList = ldapName.getRdns();
for (int i = rdnList.size() - 1; i >= 0; i--) {
//Rdn rdn = rdnList.get(i);
Rdn rdn = rdnList.get(i);
// single-valued RDN with a DC attribute
if ((rdn.size() == 1) &&
("dc".equalsIgnoreCase(rdn.getType()) )) {
Object attrval = rdn.getValue();
if (attrval instanceof String) {
if (attrval.equals(".") ||
(domain.length() == 1 && domain.charAt(0) == '.')) {
domain.setLength(0); // reset (when current or previous
// RDN value is "DC=.")
}
if (domain.length() > 0) {
domain.append('.');
}
domain.append(attrval);
} else {
domain.setLength(0); // reset (when binary-valued attribute)
}
} else {
domain.setLength(0); // reset (when multi-valued RDN or non-DC)
}
}
return (domain.length() != 0) ? domain.toString() : null;
}
Example 15
| Source File: QueryImpl.java From datawave with Apache License 2.0 | 5 votes |
|
private static String[] getComponents(String dn, String componentName) {
componentName = componentName.toUpperCase();
ArrayList<String> components = new ArrayList<String>();
try {
LdapName name = new LdapName(dn);
for (Rdn rdn : name.getRdns()) {
if (componentName.equals(rdn.getType().toUpperCase())) {
components.add(String.valueOf(rdn.getValue()));
}
}
} catch (InvalidNameException e) {
// ignore -- invalid name, so can't find components
}
return components.toArray(new String[0]);
}
Example 16
| Source File: ServiceLocator.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Maps a distinguished name (RFC 2253) to a fully qualified domain name.
* Processes a sequence of RDNs having a DC attribute.
* The special RDN "DC=." denotes the root of the domain tree.
* Multi-valued RDNs, non-DC attributes, binary-valued attributes and the
* RDN "DC=." all reset the domain name and processing continues.
*
* @param dn A string distinguished name (RFC 2253).
* @return A domain name or null if none can be derived.
* @throw InvalidNameException If the distinugished name is invalid.
*/
static String mapDnToDomainName(String dn) throws InvalidNameException {
if (dn == null) {
return null;
}
StringBuffer domain = new StringBuffer();
LdapName ldapName = new LdapName(dn);
// process RDNs left-to-right
//List<Rdn> rdnList = ldapName.getRdns();
List<Rdn> rdnList = ldapName.getRdns();
for (int i = rdnList.size() - 1; i >= 0; i--) {
//Rdn rdn = rdnList.get(i);
Rdn rdn = rdnList.get(i);
// single-valued RDN with a DC attribute
if ((rdn.size() == 1) &&
("dc".equalsIgnoreCase(rdn.getType()) )) {
Object attrval = rdn.getValue();
if (attrval instanceof String) {
if (attrval.equals(".") ||
(domain.length() == 1 && domain.charAt(0) == '.')) {
domain.setLength(0); // reset (when current or previous
// RDN value is "DC=.")
}
if (domain.length() > 0) {
domain.append('.');
}
domain.append(attrval);
} else {
domain.setLength(0); // reset (when binary-valued attribute)
}
} else {
domain.setLength(0); // reset (when multi-valued RDN or non-DC)
}
}
return (domain.length() != 0) ? domain.toString() : null;
}
Example 17
| Source File: CertInfo.java From vertx-mqtt-broker with Apache License 2.0 | 5 votes |
|
private String selectFromDN(String dn, String rdnType) {
String value = null;
try {
LdapName ldapDN = new LdapName(dn);
for (Rdn rdn : ldapDN.getRdns()) {
// logger.info(rdn.getType() + " -> " + rdn.getValue());
if(rdn.getType().equals(rdnType)) {
value = rdn.getValue().toString();
}
}
} catch (InvalidNameException in) {
in.printStackTrace();
}
return value;
}
Example 18
| Source File: SslCertificateAuditor.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
private static Map<String, String> parseLdapName(final String dn) {
try {
Map<String, String> result = new HashMap<>();
LdapName ldapName = new LdapName(dn);
for (Rdn rdn : ldapName.getRdns()) {
result.put(rdn.getType(), rdn.getValue().toString());
}
return result;
}
catch (Exception e) {
Throwables.throwIfUnchecked(e);
throw new RuntimeException(e);
}
}
Example 19
| Source File: DefaultSubjectProvider.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Create the SubjectBean using the specified principal.
*/
protected SubjectBean createSubjectBean(
Principal principal, SubjectProviderParameters subjectProviderParameters
) {
TokenProviderParameters providerParameters = subjectProviderParameters.getProviderParameters();
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
String tokenType = tokenRequirements.getTokenType();
String keyType = keyRequirements.getKeyType();
String confirmationMethod = getSubjectConfirmationMethod(tokenType, keyType);
String subjectName = principal.getName();
String localSubjectNameIDFormat = subjectNameIDFormat;
if (SAML2Constants.NAMEID_FORMAT_UNSPECIFIED.equals(localSubjectNameIDFormat)
&& principal instanceof X500Principal) {
// Just use the "cn" instead of the entire DN
try {
LdapName ln = new LdapName(principal.getName());
for (Rdn rdn : ln.getRdns()) {
if ("CN".equalsIgnoreCase(rdn.getType()) && (rdn.getValue() instanceof String)) {
subjectName = (String)rdn.getValue();
break;
}
}
} catch (Throwable ex) {
subjectName = principal.getName();
//Ignore, not X500 compliant thus use the whole string as the value
}
} else if (!SAML2Constants.NAMEID_FORMAT_UNSPECIFIED.equals(localSubjectNameIDFormat)) {
/* Set subjectNameIDFormat correctly based on type of principal
unless already set to some value other than unspecified */
if (principal instanceof UsernameTokenPrincipal) {
localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_PERSISTENT;
} else if (principal instanceof X500Principal) {
localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME;
} else if (principal instanceof KerberosPrincipal) {
localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_KERBEROS;
} else if (localSubjectNameIDFormat == null) {
localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_UNSPECIFIED;
}
}
SubjectBean subjectBean =
new SubjectBean(subjectName, subjectNameQualifier, confirmationMethod);
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Creating new subject with principal name: " + principal.getName());
}
subjectBean.setSubjectNameIDFormat(localSubjectNameIDFormat);
return subjectBean;
}
Example 20
| Source File: LegacyLDAPSecuritySettingPlugin.java From activemq-artemis with Apache License 2.0 | 4 votes |
|
private void processSearchResult(Map<String, Set<Role>> securityRoles,
SearchResult searchResult) throws NamingException {
LdapName searchResultLdapName = new LdapName(searchResult.getName());
Attributes attrs = searchResult.getAttributes();
if (attrs == null || attrs.size() == 0) {
if (logger.isDebugEnabled()) {
logger.debug("Skipping LDAP search result \"" + searchResultLdapName + "\" with " + (attrs == null ? "null" : attrs.size()) + " attributes");
}
return;
}
List<Rdn> rdns = searchResultLdapName.getRdns();
if (rdns.size() < 3) {
if (logger.isDebugEnabled()) {
logger.debug("\tSkipping LDAP search result \"" + searchResultLdapName + "\" with " + rdns.size() + " RDNs.");
}
return;
}
StringBuilder logMessage = new StringBuilder();
if (logger.isDebugEnabled()) {
logMessage.append("LDAP search result: ").append(searchResultLdapName);
}
// we can count on the RDNs being in order from right to left
Rdn rdn = rdns.get(rdns.size() - 3);
String rawDestinationType = rdn.getValue().toString();
String destinationType = "unknown";
if (rawDestinationType.toLowerCase().contains("queue")) {
destinationType = "queue";
} else if (rawDestinationType.toLowerCase().contains("topic")) {
destinationType = "topic";
}
if (logger.isDebugEnabled()) {
logMessage.append("\n\tDestination type: ").append(destinationType);
}
rdn = rdns.get(rdns.size() - 2);
if (logger.isDebugEnabled()) {
logMessage.append("\n\tDestination name: ").append(rdn.getValue());
}
String destination = rdn.getValue().toString();
rdn = rdns.get(rdns.size() - 1);
if (logger.isDebugEnabled()) {
logMessage.append("\n\tPermission type: ").append(rdn.getValue());
}
String permissionType = rdn.getValue().toString();
if (logger.isDebugEnabled()) {
logMessage.append("\n\tAttributes: ").append(attrs);
}
Attribute attr = attrs.get(roleAttribute);
NamingEnumeration<?> e = attr.getAll();
Set<Role> roles = securityRoles.get(destination);
boolean exists = false;
if (roles == null) {
roles = new HashSet<>();
} else {
exists = true;
}
while (e.hasMore()) {
String value = (String) e.next();
LdapName ldapname = new LdapName(value);
rdn = ldapname.getRdn(ldapname.size() - 1);
String roleName = rdn.getValue().toString();
if (logger.isDebugEnabled()) {
logMessage.append("\n\tRole name: ").append(roleName);
}
Role role = new Role(roleName,
permissionType.equalsIgnoreCase(writePermissionValue), // send
permissionType.equalsIgnoreCase(readPermissionValue), // consume
permissionType.equalsIgnoreCase(adminPermissionValue), // createDurableQueue
permissionType.equalsIgnoreCase(adminPermissionValue), // deleteDurableQueue
permissionType.equalsIgnoreCase(adminPermissionValue), // createNonDurableQueue
permissionType.equalsIgnoreCase(adminPermissionValue), // deleteNonDurableQueue
mapAdminToManage ? permissionType.equalsIgnoreCase(adminPermissionValue) : false, // manage - map to admin based on configuration
permissionType.equalsIgnoreCase(readPermissionValue), // browse
permissionType.equalsIgnoreCase(adminPermissionValue), // createAddress
permissionType.equalsIgnoreCase(adminPermissionValue) // deleteAddress
);
roles.add(role);
}
if (logger.isDebugEnabled()) {
logger.debug(logMessage);
}
if (!exists) {
securityRoles.put(destination, roles);
}
}
