import java.util.Collections;
import java.util.Dictionary;
import java.util.Enumeration;
-import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
-import java.util.Set;
+import java.util.StringJoiner;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import org.argeo.util.naming.AuthPassword;
import org.argeo.util.naming.LdapAttrs;
+import org.argeo.util.naming.LdapObjs;
import org.argeo.util.naming.SharedSecret;
/** Directory user implementation */
-class LdifUser implements DirectoryUser {
+abstract class LdifUser implements DirectoryUser {
private final AbstractUserDirectory userAdmin;
private final LdapName dn;
// String pwd = new String((char[]) value);
// authPassword (RFC 312 https://tools.ietf.org/html/rfc3112)
char[] password = DigestUtils.bytesToChars(value);
+
+ if (userAdmin.getForcedPassword() != null && userAdmin.getForcedPassword().equals(new String(password)))
+ return true;
+
AuthPassword authPassword = AuthPassword.matchAuthValue(getAttributes(), password);
if (authPassword != null) {
if (authPassword.getAuthScheme().equals(SharedSecret.X_SHARED_SECRET)) {
byte[] sha1hash(char[] password) {
byte[] hashedPassword = ("{SHA}"
+ Base64.getEncoder().encodeToString(DigestUtils.sha1(DigestUtils.charsToBytes(password))))
- .getBytes(StandardCharsets.UTF_8);
+ .getBytes(StandardCharsets.UTF_8);
return hashedPassword;
}
protected synchronized void startEditing() {
if (frozen)
- throw new UserDirectoryException("Cannot edit frozen view");
+ throw new IllegalStateException("Cannot edit frozen view");
if (getUserAdmin().isReadOnly())
- throw new UserDirectoryException("User directory is read-only");
+ throw new IllegalStateException("User directory is read-only");
assert getModifiedAttributes() == null;
getWc().startEditing(this);
// modifiedAttributes = (Attributes) publishedAttributes.clone();
publishedAttributes = modifiedAttributes;
}
- public DirectoryUser getPublished() {
- return new LdifUser(userAdmin, dn, publishedAttributes, true);
- }
+// public DirectoryUser getPublished() {
+// return new LdifUser(userAdmin, dn, publishedAttributes, true);
+// }
@Override
public int hashCode() {
private final List<String> attrFilter;
private final Boolean includeFilter;
- public AttributeDictionary(Boolean includeFilter) {
+ public AttributeDictionary(Boolean credentials) {
this.attrFilter = userAdmin.getCredentialAttributeIds();
- this.includeFilter = includeFilter;
+ this.includeFilter = credentials;
try {
NamingEnumeration<String> ids = getAttributes().getIDs();
while (ids.hasMore()) {
String id = ids.next();
- if (includeFilter && attrFilter.contains(id))
+ if (credentials && attrFilter.contains(id))
effectiveKeys.add(id);
- else if (!includeFilter && !attrFilter.contains(id))
+ else if (!credentials && !attrFilter.contains(id))
effectiveKeys.add(id);
}
} catch (NamingException e) {
- throw new UserDirectoryException("Cannot initialise attribute dictionary", e);
+ throw new IllegalStateException("Cannot initialise attribute dictionary", e);
}
+ if (!credentials)
+ effectiveKeys.add(LdapAttrs.objectClasses.name());
}
@Override
@Override
public Object get(Object key) {
try {
- Attribute attr = getAttributes().get(key.toString());
+ Attribute attr = !key.equals(LdapAttrs.objectClasses.name()) ? getAttributes().get(key.toString())
+ : getAttributes().get(LdapAttrs.objectClass.name());
if (attr == null)
return null;
Object value = attr.get();
}
if (attr.size() == 1)
return value;
- if (!attr.getID().equals(LdapAttrs.objectClass.name()))
- return value;
// special case for object class
- NamingEnumeration<?> en = attr.getAll();
- Set<String> objectClasses = new HashSet<String>();
- while (en.hasMore()) {
- String objectClass = en.next().toString();
- objectClasses.add(objectClass);
+ if (key.equals(LdapAttrs.objectClass.name())) {
+ // TODO support multiple object classes
+ NamingEnumeration<?> en = attr.getAll();
+ String first = null;
+ attrs: while (en.hasMore()) {
+ String v = en.next().toString();
+ if (v.equalsIgnoreCase(LdapObjs.top.name()))
+ continue attrs;
+ if (first == null)
+ first = v;
+ if (v.equalsIgnoreCase(userAdmin.getUserObjectClass()))
+ return userAdmin.getUserObjectClass();
+ else if (v.equalsIgnoreCase(userAdmin.getGroupObjectClass()))
+ return userAdmin.getGroupObjectClass();
+ }
+ if (first != null)
+ return first;
+ throw new IllegalStateException("Cannot find objectClass in " + value);
+ } else {
+ NamingEnumeration<?> en = attr.getAll();
+ StringJoiner values = new StringJoiner("\n");
+ while (en.hasMore()) {
+ String v = en.next().toString();
+ values.add(v);
+ }
+ return values.toString();
}
-
- if (objectClasses.contains(userAdmin.getUserObjectClass()))
- return userAdmin.getUserObjectClass();
- else if (objectClasses.contains(userAdmin.getGroupObjectClass()))
- return userAdmin.getGroupObjectClass();
- else
- return value;
+// else
+// return value;
} catch (NamingException e) {
- throw new UserDirectoryException("Cannot get value for attribute " + key, e);
+ throw new IllegalStateException("Cannot get value for attribute " + key, e);
}
}
else
return null;
} catch (NamingException e) {
- throw new UserDirectoryException("Cannot get value for attribute " + key, e);
+ throw new IllegalStateException("Cannot get value for attribute " + key, e);
}
}
else
return null;
} catch (NamingException e) {
- throw new UserDirectoryException("Cannot remove attribute " + key, e);
+ throw new IllegalStateException("Cannot remove attribute " + key, e);
}
}
}
return ch >= 32 && ch < 127;
}
+ static class LdifPerson extends LdifUser implements Person {
+
+ public LdifPerson(AbstractUserDirectory userAdmin, LdapName dn, Attributes attributes) {
+ super(userAdmin, dn, attributes);
+ }
+
+ }
}