Commit 10f016ee authored by benjamin.ertl's avatar benjamin.ertl

remove apacheds dependencies

parent 1c33bac2
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>edu.kit.scc.dei</groupId>
<artifactId>ads-ecp-auth</artifactId>
<version>0.0.4</version>
<groupId>edu.kit.scc</groupId>
<artifactId>identity-harmonization</artifactId>
<version>0.0.1</version>
<packaging>jar</packaging>
<properties>
......@@ -68,11 +68,6 @@
</build>
<dependencies>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>2.0.0-M9</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
......
package edu.kit.scc;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.dei.adsecp.EcpAuthenticator;
import edu.kit.scc.http.HttpClient;
import edu.kit.scc.http.HttpResponse;
......@@ -38,13 +36,5 @@ public class Main {
// log.debug(response.toString());
// client.makePOST("localhost", 50070, "user", "password",
// "http://localhost:50070");
EcpAuthenticator auth = new EcpAuthenticator();
try {
auth.authenticate(null);
} catch (LdapException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
package edu.kit.scc.dei.adsecp;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Properties;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.StringConstants;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.authn.SimpleAuthenticator;
import org.apache.directory.server.i18n.I18n;
import org.apache.http.HttpStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.Utils;
import edu.kit.scc.http.HttpClient;
import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.http.HttpsClient;
public class EcpAuthenticator extends SimpleAuthenticator {
private static final Logger logger = LoggerFactory.getLogger(EcpAuthenticator.class);
// Reg-App connection properties, overwritten by system properties
//
// config.properties regapp.serviceUrl or registerApp.serviceUrl
private String serviceUrl;
// config.properties regapp.serviceUsername or registerApp.serviceUsername
private String serviceUsername;
// config.properties regapp.servicePassword or registerApp.servicePassword
private String servicePassword;
// config.properties regapp.checkCert or registerApp.checkCert
private Boolean checkCert;
// from registerApp.serviceUrl
private String serviceHost;
// from registerApp.serviceUrl
private int servicePort;
// from registerApp.serviceUrl
private String serviceProtocol;
public EcpAuthenticator() {
super();
Properties properties = Utils.loadProperties();
this.serviceUrl = properties.getProperty("regapp.serviceUrl");
this.serviceUsername = properties.getProperty("regapp.serviceUsername");
this.servicePassword = properties.getProperty("regapp.servicePassword");
this.checkCert = Boolean.valueOf(properties.getProperty("regapp.checkCert"));
logger.info("Constructing EcpAuthenticator");
logger.debug("RegApp service url {}", serviceUrl);
logger.debug("RegApp service username {}", serviceUsername);
logger.debug("RegApp service password {}", servicePassword);
logger.debug("RegApp check certificate {}", checkCert);
}
@Override
public LdapPrincipal authenticate(BindOperationContext bindContext) throws LdapException {
try {
logger.debug("Starting ECP Auth routine for {}", bindContext.getDn());
LdapPrincipal principal = super.authenticate(bindContext);
logger.debug("SimpleAuthentication succeded, no ECP auth");
return principal;
} catch (NullPointerException e) {
logger.warn(e.getMessage());
} catch (LdapException e) {
logger.warn("LdapException", e);
}
logger.debug("ECP authenticate called");
// TODO - needs to be reconsidered
//
// bindContext.getEntry() == null -> no ldap entry for dn
// bindContext.getEntry().get("description") == null -> no description
// attribute for ldap dn entry, associated with the user's Reg-App Id
//
// if (bindContext.getEntry() == null ||
// bindContext.getEntry().get("description") == null)
// lookupUserPassword(bindContext);
String regId = "007";
try {
regId = (String) bindContext.getEntry().get("description").get().getValue();
} catch (NullPointerException e) {
logger.error("Entry has no description", e);
// throw new IllegalStateException("entry has no description");
} catch (ClassCastException e) {
logger.error("Description not of type String", e);
throw new IllegalStateException("description not of type String");
}
String password = "";
try {
byte[] credentials = bindContext.getCredentials();
password = new String(credentials, "UTF-8");
} catch (NullPointerException e) {
logger.error("Context has no password", e);
// throw new IllegalStateException("entry has no description");
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding: UTF-8", e);
throw new LdapAuthenticationException("Internal server error");
}
logger.debug("trying login for regId {}", regId);
try {
serviceHost = new URI(serviceUrl).getHost();
servicePort = new URI(serviceUrl).getPort();
serviceProtocol = new URI(serviceUrl).getScheme();
} catch (URISyntaxException e) {
logger.warn("Service URL is misconfigured", e);
throw new LdapException(e);
}
logger.debug("ECPAuth Config: url {}, user {}, pass {}, host {}, port {}, protocol {}, cert {}", new Object[] {
serviceUrl, serviceUsername, servicePassword, serviceHost, servicePort, serviceProtocol, checkCert });
serviceUrl = serviceUrl.replaceAll("/$", "");
serviceUrl += "/" + regId;
HttpResponse response = null;
if (serviceProtocol.toLowerCase().equals("http")) {
HttpClient httpClient = new HttpClient();
response = httpClient.makeHTTPPostRequest(serviceUsername, servicePassword, "password=" + password,
serviceUrl);
logger.debug(String.valueOf(response.toString()));
} else if (serviceProtocol.toLowerCase().equals("https")) {
HttpsClient httpsClient = new HttpsClient();
response = httpsClient.makeHTTPSPostRequest(serviceUsername, servicePassword, "password=" + password,
serviceUrl);
logger.debug(String.valueOf(response.toString()));
} else {
logger.error("Unsupported protocol: {}", serviceProtocol.toLowerCase());
throw new LdapAuthenticationException("Internal server error");
}
if (response.getStatusCode() == HttpStatus.SC_OK) {
return new LdapPrincipal(getDirectoryService().getSchemaManager(), bindContext.getDn(),
AuthenticationLevel.SIMPLE);
} else if (response.getStatusCode() == HttpStatus.SC_UNAUTHORIZED) {
logger.info("User {} is not authorized by idp", regId);
} else {
logger.warn("Statuscode bad: {}", response.getStatusCode());
String responseString = response.getResponseString();
logger.debug(responseString);
}
String message = I18n.err(I18n.ERR_230, bindContext.getDn().getName());
logger.info(message);
throw new LdapAuthenticationException(message);
}
@SuppressWarnings("unused")
private byte[] lookupUserPassword(BindOperationContext bindContext) throws LdapException {
// ---- lookup the principal entry's userPassword attribute
Entry userEntry;
try {
/*
* NOTE: at this point the BindOperationContext does not has a null
* session since the user has not yet authenticated so we cannot use
* lookup() yet. This is a very special case where we cannot rely on
* the bindContext to perform a new sub operation. We request all
* the attributes
*/
LookupOperationContext lookupContext = new LookupOperationContext(getDirectoryService().getAdminSession(),
bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES,
SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);
userEntry = getDirectoryService().getPartitionNexus().lookup(lookupContext);
if (userEntry == null) {
Dn dn = bindContext.getDn();
String upDn = (dn == null ? "" : dn.getName());
throw new LdapAuthenticationException(I18n.err(I18n.ERR_231, upDn));
}
} catch (Exception cause) {
LOG.error(I18n.err(I18n.ERR_6, cause.getLocalizedMessage()));
LdapAuthenticationException e = new LdapAuthenticationException(cause.getLocalizedMessage());
e.initCause(e);
throw e;
}
checkPwdPolicy(userEntry);
Value<?> userPassword;
Attribute userPasswordAttr = userEntry.get(SchemaConstants.USER_PASSWORD_AT);
bindContext.setEntry(new ClonedServerEntry(userEntry));
// ---- assert that credentials match
if (userPasswordAttr == null) {
return StringConstants.EMPTY_BYTES;
} else {
userPassword = userPasswordAttr.get();
return userPassword.getBytes();
}
}
}
\ No newline at end of file
package edu.kit.test;
import java.net.SocketAddress;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.authn.AbstractAuthenticator;
import org.apache.directory.server.core.authn.SimpleAuthenticator;
import org.apache.directory.server.i18n.I18n;
import org.apache.mina.core.session.IoSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class MyAuthenticator extends AbstractAuthenticator {
private static final Logger LOG = LoggerFactory.getLogger(MyAuthenticator.class);
private SimpleAuthenticator delegatedAuth;
private boolean disabled;
public MyAuthenticator() {
super(AuthenticationLevel.SIMPLE);
delegatedAuth = new SimpleAuthenticator();
LOG.info("MyAuthenticator has been created");
}
@Override
protected void doInit() {
super.doInit();
LOG.info("Init called");
if (getDirectoryService() != null) {
try {
delegatedAuth.init(getDirectoryService());
} catch (Exception e) {
LOG.error("Exception initializing MyAuthenticator", e);
disabled = true;
}
} else {
LOG.info("doInit w/o directory service");
}
}
@Override
public LdapPrincipal authenticate(BindOperationContext bindContext) throws Exception {
if (disabled) {
LOG.info("Skipping " + bindContext.getDn());
if (delegatedAuth == null) {
LOG.error("Delegated auth is null");
return null;
}
return delegatedAuth.authenticate(bindContext);
}
LOG.info("Authenticating " + bindContext.getDn());
byte[] password = bindContext.getCredentials();
LOG.info("Password " + new String(password));
if (true) {
LookupOperationContext lookupContext = new LookupOperationContext(getDirectoryService().getAdminSession(),
bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES,
SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);
Entry userEntry = getDirectoryService().getPartitionNexus().lookup(lookupContext);
LOG.info(userEntry.toString());
password = "secret".getBytes();
LOG.info("New password " + new String(password));
LdapPrincipal principal = new LdapPrincipal(getDirectoryService().getSchemaManager(), bindContext.getDn(),
AuthenticationLevel.SIMPLE, password);
IoSession session = bindContext.getIoSession();
if (session != null) {
SocketAddress clientAddress = session.getRemoteAddress();
principal.setClientAddress(clientAddress);
SocketAddress serverAddress = session.getServiceAddress();
principal.setServerAddress(serverAddress);
}
bindContext.setEntry(new ClonedServerEntry(userEntry));
return principal;
} else {
String message = I18n.err(I18n.ERR_230, bindContext.getDn().getName());
LOG.info(message);
throw new LdapAuthenticationException(message);
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment