cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: [CXF-6283] - Support binary attributes in the LDAPClaimsHandler
Date Fri, 06 Mar 2015 18:52:31 GMT
[CXF-6283] - Support binary attributes in the LDAPClaimsHandler

Conflicts:
	systests/kerberos/src/test/resources/ldap.properties


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dff1ddd5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dff1ddd5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dff1ddd5

Branch: refs/heads/3.0.x-fixes
Commit: dff1ddd57cf1210561bd8708b7bc9796ddc510e6
Parents: d9fb073
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Mar 6 18:43:48 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Mar 6 18:50:46 2015 +0000

----------------------------------------------------------------------
 .../cxf/sts/claims/LdapClaimsHandler.java       | 40 +++++++++-------
 .../systest/kerberos/ldap/LDAPClaimsTest.java   | 49 ++++++++++++++++++++
 systests/kerberos/src/test/resources/ldap.ldif  | 28 +++++++++++
 .../kerberos/src/test/resources/ldap.properties |  8 +++-
 systests/kerberos/src/test/resources/ldap.xml   |  1 +
 5 files changed, 108 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dff1ddd5/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index 238544c..2863d0d 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -234,32 +234,38 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
                     NamingEnumeration<?> list = (NamingEnumeration<?>)attr.getAll();
                     while (list.hasMore()) {
                         Object obj = list.next();
-                        if (!(obj instanceof String)) {
+                        if (obj instanceof String) {
+                            String itemValue = (String)obj;
+                            if (this.isX500FilterEnabled()) {
+                                try {
+                                    X500Principal x500p = new X500Principal(itemValue);
+                                    itemValue = x500p.getName();
+                                    int index = itemValue.indexOf('=');
+                                    itemValue = itemValue.substring(index + 1, itemValue.indexOf(',',
index));
+                                } catch (Exception ex) {
+                                    //Ignore, not X500 compliant thus use the whole string
as the value
+                                }
+                            }
+                            claimValue.append(itemValue);
+                            if (list.hasMore()) {
+                                claimValue.append(this.getDelimiter());
+                            }
+                        } else if (obj instanceof byte[]) {
+                            // Just store byte[]
+                            c.addValue(obj);
+                        } else {
                             LOG.warning("LDAP attribute '" + ldapAttribute 
                                     + "' has got an unsupported value type");
                             break;
                         }
-                        String itemValue = (String)obj;
-                        if (this.isX500FilterEnabled()) {
-                            try {
-                                X500Principal x500p = new X500Principal(itemValue);
-                                itemValue = x500p.getName();
-                                int index = itemValue.indexOf('=');
-                                itemValue = itemValue.substring(index + 1, itemValue.indexOf(',',
index));
-                            } catch (Exception ex) {
-                                //Ignore, not X500 compliant thus use the whole string as
the value
-                            }
-                        }
-                        claimValue.append(itemValue);
-                        if (list.hasMore()) {
-                            claimValue.append(this.getDelimiter());
-                        }
                     }
                 } catch (NamingException ex) {
                     LOG.warning("Failed to read value of LDAP attribute '" + ldapAttribute
+ "'");
                 }
                 
-                c.addValue(claimValue.toString());
+                if (claimValue.length() > 0) {
+                    c.addValue(claimValue.toString());
+                }
                 // c.setIssuer(issuer);
                 // c.setOriginalIssuer(originalIssuer);
                 // c.setNamespace(namespace);

http://git-wip-us.apache.org/repos/asf/cxf/blob/dff1ddd5/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
index 5e3c198..182ad91 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
@@ -19,11 +19,14 @@
 
 package org.apache.cxf.systest.kerberos.ldap;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.InputStream;
 import java.net.URI;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -266,7 +269,53 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit {
             );
         }
     }
+    
+    @org.junit.Test
+    public void testRetrieveBinaryClaims() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+        String user = props.getProperty("binaryClaimUser");
+        Assert.notNull(user, "Property 'binaryClaimUser' not configured");
 
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+        // Ask for the (binary) cert as well
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://custom/x509"));
+        claim.setOptional(true);
+        requestedClaims.add(claim);
+        
+        List<URI> expectedClaims = new ArrayList<URI>();
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+        expectedClaims.add(URI.create("http://custom/x509"));
+       
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal(user));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        boolean foundCert = false;
+        for (ProcessedClaim c : retrievedClaims) {
+            if (URI.create("http://custom/x509").equals(c.getClaimType())) {
+                foundCert = true;
+                Assert.isTrue(c.getValues().get(0) instanceof byte[]);
+                CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+                InputStream in = new ByteArrayInputStream((byte[])c.getValues().get(0));
+                X509Certificate cert = (X509Certificate)certFactory.generateCertificate(in);
+                Assert.isTrue(cert != null);
+            }
+        }
+        
+        Assert.isTrue(foundCert);
+    }
+    
     private ClaimCollection createRequestClaimCollection() {
         ClaimCollection claims = new ClaimCollection();
         Claim claim = new Claim();

http://git-wip-us.apache.org/repos/asf/cxf/blob/dff1ddd5/systests/kerberos/src/test/resources/ldap.ldif
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.ldif b/systests/kerberos/src/test/resources/ldap.ldif
index bdb6a83..0456f93 100644
--- a/systests/kerberos/src/test/resources/ldap.ldif
+++ b/systests/kerberos/src/test/resources/ldap.ldif
@@ -59,6 +59,34 @@ mail: alice@users.apache.org
 givenname: alice2
 userpassword: security
 
+# Other principal.
+dn: cn=dave,ou=users,dc=example,dc=com
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: dave
+sn: smith
+uid: dave
+mail: dave@users.apache.org
+givenname: dave2
+userpassword: security
+userCertificate:: MIIDFjCCAn+gAwIBAgIJAI3hLAppEXfSMA0GCSqGSIb3DQEBBQU
+ AMGYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1
+ UEChMESG9tZTEVMBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwHhcNMDkwN
+ DI0MTAzMjQ2WhcNMTkwNDIyMTAzMjQ2WjBmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5ZXJu
+ MQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjE
+ PMA0GA1UEAxMGV2VybmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWyYLtAg1XlEGC5d
+ Cc4SP1Rg4SbEVLWvXBIZrAIG1MqDpjDFM7WlOdMudqmVFn6+z+PMPfuQdTET7+udhDty4ukhycu
+ Akiv80lie+6tbfWddR9i3gZt0YMTq2PvXOpKiBAjD7umjbzbGnSbXAWKAYLQO5Nzcjc9eYVWxNu
+ rUqJvwIDAQABo4HLMIHIMB0GA1UdDgQWBBRWF+/2a4tZ/iMZaN54wOFNZ33QZjCBmAYDVR0jBIG
+ QMIGNgBRWF+/2a4tZ/iMZaN54wOFNZ33QZqFqpGgwZjELMAkGA1UEBhMCREUxDzANBgNVBAgTBk
+ JheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ0wCwYDVQQKEwRIb21lMRUwEwYDVQQLEwxBcGFjaGUgV
+ 1NTNEoxDzANBgNVBAMTBldlcm5lcoIJAI3hLAppEXfSMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
+ AQEFBQADgYEAYTuCjZSScbxzaWtItIL0Szh410aAisfB12MDWTGvxOL6YdqXtlwpA/miTK67KaE
+ Bnsb7PwnUGClKvGIoFYAtvgAyKclzsl4dl4pA8P2a4ofSKsdVKLyIIS7Vqgj0fmlc6lYJlhXIxU
+ Hz4tR1T97/ZU1uAr5KwXiEA7SYQzZkHZg=
+
 dn: uid=admin,dc=example,dc=com
 objectClass: top
 objectClass: person

http://git-wip-us.apache.org/repos/asf/cxf/blob/dff1ddd5/systests/kerberos/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.properties b/systests/kerberos/src/test/resources/ldap.properties
index 8654096..c4ea789 100644
--- a/systests/kerberos/src/test/resources/ldap.properties
+++ b/systests/kerberos/src/test/resources/ldap.properties
@@ -17,4 +17,10 @@
 # under the License.
 #
 
-claimUser=alice
\ No newline at end of file
+<<<<<<< HEAD
+claimUser=alice
+=======
+claimUser=alice
+otherClaimUser=bob
+binaryClaimUser=dave
+>>>>>>> 5903132... [CXF-6283] - Support binary attributes in the LDAPClaimsHandler

http://git-wip-us.apache.org/repos/asf/cxf/blob/dff1ddd5/systests/kerberos/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.xml b/systests/kerberos/src/test/resources/ldap.xml
index 8c137b4..d73b9a8 100644
--- a/systests/kerberos/src/test/resources/ldap.xml
+++ b/systests/kerberos/src/test/resources/ldap.xml
@@ -33,6 +33,7 @@
         <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/>
         <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
value="mail"/>
         <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
+        <entry key="http://custom/x509" value="usercertificate"/>
     </util:map>
     <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
         <property name="ldapTemplate" ref="ldapTemplate" />


Mime
View raw message