mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29003 Commits
59 Branches
Tree: 274c9faaf5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '274c9faaf5'
${ noResults }
sonarqube/server/sonar-auth-ldap/src/test/java/org/sonar/auth/ldap/server/ApacheDS.java

ApacheDS.java 8.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.auth.ldap.server;

  21. 

  22. import java.io.File;

  23. import java.io.IOException;

  24. import java.io.InputStream;

  25. import java.nio.charset.StandardCharsets;

  26. import java.util.Collections;

  27. import java.util.HashMap;

  28. import java.util.Map;

  29. import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;

  30. import org.apache.directory.api.ldap.model.entry.DefaultEntry;

  31. import org.apache.directory.api.ldap.model.entry.DefaultModification;

  32. import org.apache.directory.api.ldap.model.entry.ModificationOperation;

  33. import org.apache.directory.api.ldap.model.exception.LdapOperationException;

  34. import org.apache.directory.api.ldap.model.ldif.ChangeType;

  35. import org.apache.directory.api.ldap.model.ldif.LdifEntry;

  36. import org.apache.directory.api.ldap.model.ldif.LdifReader;

  37. import org.apache.directory.api.ldap.model.name.Dn;

  38. import org.apache.directory.api.util.FileUtils;

  39. import org.apache.directory.server.core.api.CoreSession;

  40. import org.apache.directory.server.core.api.DirectoryService;

  41. import org.apache.directory.server.core.api.InstanceLayout;

  42. import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;

  43. import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;

  44. import org.apache.directory.server.core.partition.impl.avl.AvlPartition;

  45. import org.apache.directory.server.kerberos.KerberosConfig;

  46. import org.apache.directory.server.kerberos.kdc.KdcServer;

  47. import org.apache.directory.server.ldap.handlers.sasl.MechanismHandler;

  48. import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;

  49. import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;

  50. import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;

  51. import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;

  52. import org.apache.directory.server.protocol.shared.transport.TcpTransport;

  53. import org.apache.directory.server.protocol.shared.transport.UdpTransport;

  54. import org.apache.directory.server.xdbm.impl.avl.AvlIndex;

  55. import org.apache.mina.util.AvailablePortFinder;

  56. import org.slf4j.Logger;

  57. import org.slf4j.LoggerFactory;

  58. 

  59. public final class ApacheDS {

  60. 

  61.   private static final Logger LOG = LoggerFactory.getLogger(ApacheDS.class);

  62. 

  63.   private final String realm;

  64.   private final String baseDn;

  65. 

  66.   private DirectoryService directoryService;

  67.   private org.apache.directory.server.ldap.LdapServer ldapServer;

  68.   private KdcServer kdcServer;

  69. 

  70.   private ApacheDS(String realm, String baseDn) {

  71.     this.realm = realm;

  72.     this.baseDn = baseDn;

  73.     ldapServer = new org.apache.directory.server.ldap.LdapServer();

  74.   }

  75. 

  76.   public static ApacheDS start(String realm, String baseDn, String workDir) throws Exception {

  77.     return start(realm, baseDn, workDir + realm, null);

  78.   }

  79. 

  80.   static ApacheDS start(String realm, String baseDn) throws Exception {

  81.     return start(realm, baseDn, "target/ldap-work/" + realm, null);

  82.   }

  83. 

  84.   private static ApacheDS start(String realm, String baseDn, String workDir, Integer port) throws Exception {

  85.     return new ApacheDS(realm, baseDn)

  86.       .startDirectoryService(workDir)

  87.       .startKdcServer()

  88.       .startLdapServer(port == null ? AvailablePortFinder.getNextAvailable(1024) : port)

  89.       .activateNis();

  90.   }

  91. 

  92.   void stop() throws Exception {

  93.     kdcServer.stop();

  94.     kdcServer = null;

  95.     ldapServer.stop();

  96.     ldapServer = null;

  97.     directoryService.shutdown();

  98.     directoryService = null;

  99.   }

  100. 

  101.   public String getUrl() {

  102.     return "ldap://localhost:" + ldapServer.getPort();

  103.   }

  104. 

  105.   /**

  106.    * Stream will be closed automatically.

  107.    */

  108.   public void importLdif(InputStream is) throws Exception {

  109.     try (LdifReader reader = new LdifReader(is)) {

  110.       CoreSession coreSession = directoryService.getAdminSession();

  111.       // see LdifFileLoader

  112.       for (LdifEntry ldifEntry : reader) {

  113.         String ldif = ldifEntry.toString();

  114.         LOG.info(ldif);

  115.         if (ChangeType.Add == ldifEntry.getChangeType() || /* assume "add" by default */ ChangeType.None == ldifEntry.getChangeType()) {

  116.           coreSession.add(new DefaultEntry(coreSession.getDirectoryService().getSchemaManager(), ldifEntry.getEntry()));

  117.         } else if (ChangeType.Modify == ldifEntry.getChangeType()) {

  118.           coreSession.modify(ldifEntry.getDn(), ldifEntry.getModifications());

  119.         } else if (ChangeType.Delete == ldifEntry.getChangeType()) {

  120.           coreSession.delete(ldifEntry.getDn());

  121.         } else {

  122.           throw new IllegalStateException();

  123.         }

  124.       }

  125.     }

  126.   }

  127. 

  128.   void disableAnonymousAccess() {

  129.     directoryService.setAllowAnonymousAccess(false);

  130.   }

  131. 

  132.   void enableAnonymousAccess() {

  133.     directoryService.setAllowAnonymousAccess(true);

  134.   }

  135. 

  136.   private ApacheDS startDirectoryService(String workDirStr) throws Exception {

  137.     DefaultDirectoryServiceFactory factory = new DefaultDirectoryServiceFactory();

  138.     factory.init(realm);

  139. 

  140.     directoryService = factory.getDirectoryService();

  141.     directoryService.getChangeLog().setEnabled(false);

  142.     directoryService.setShutdownHookEnabled(false);

  143.     directoryService.setAllowAnonymousAccess(true);

  144. 

  145.     File workDir = new File(workDirStr);

  146.     if (workDir.exists()) {

  147.       FileUtils.deleteDirectory(workDir);

  148.     }

  149.     InstanceLayout instanceLayout = new InstanceLayout(workDir);

  150.     directoryService.setInstanceLayout(instanceLayout);

  151. 

  152.     AvlPartition partition = new AvlPartition(directoryService.getSchemaManager());

  153.     partition.setId("Test");

  154.     partition.setSuffixDn(new Dn(directoryService.getSchemaManager(), baseDn));

  155.     partition.addIndexedAttributes(

  156.       new AvlIndex<>("ou"),

  157.       new AvlIndex<>("uid"),

  158.       new AvlIndex<>("dc"),

  159.       new AvlIndex<>("objectClass"));

  160.     partition.initialize();

  161.     directoryService.addPartition(partition);

  162.     directoryService.addLast(new KeyDerivationInterceptor());

  163. 

  164.     directoryService.shutdown();

  165.     directoryService.startup();

  166. 

  167.     return this;

  168.   }

  169. 

  170.   private ApacheDS startLdapServer(int port) throws Exception {

  171.     ldapServer.setTransports(new TcpTransport(port));

  172.     ldapServer.setDirectoryService(directoryService);

  173. 

  174.     // Setup SASL mechanisms

  175.     Map<String, MechanismHandler> mechanismHandlerMap = new HashMap<>();

  176.     mechanismHandlerMap.put(SupportedSaslMechanisms.PLAIN, new PlainMechanismHandler());

  177.     mechanismHandlerMap.put(SupportedSaslMechanisms.CRAM_MD5, new CramMd5MechanismHandler());

  178.     mechanismHandlerMap.put(SupportedSaslMechanisms.DIGEST_MD5, new DigestMd5MechanismHandler());

  179.     mechanismHandlerMap.put(SupportedSaslMechanisms.GSSAPI, new GssapiMechanismHandler());

  180.     ldapServer.setSaslMechanismHandlers(mechanismHandlerMap);

  181. 

  182.     ldapServer.setSaslHost("localhost");

  183.     ldapServer.setSaslRealms(Collections.singletonList(realm));

  184.     // TODO ldapServer.setSaslPrincipal();

  185.     // The base DN containing users that can be SASL authenticated.

  186.     ldapServer.setSearchBaseDn(baseDn);

  187. 

  188.     ldapServer.start();

  189. 

  190.     return this;

  191.   }

  192. 

  193.   private ApacheDS startKdcServer() throws IOException, LdapOperationException {

  194.     int port = AvailablePortFinder.getNextAvailable(6088);

  195. 

  196.     KerberosConfig kdcConfig = new KerberosConfig();

  197.     kdcConfig.setServicePrincipal("krbtgt/EXAMPLE.ORG@EXAMPLE.ORG");

  198.     kdcConfig.setPrimaryRealm("EXAMPLE.ORG");

  199.     kdcConfig.setPaEncTimestampRequired(false);

  200. 

  201.     kdcServer = new KdcServer(kdcConfig);

  202.     kdcServer.setSearchBaseDn("dc=example,dc=org");

  203.     kdcServer.addTransports(new UdpTransport("localhost", port));

  204.     kdcServer.setDirectoryService(directoryService);

  205.     kdcServer.start();

  206. 

  207.     FileUtils.writeStringToFile(new File("target/krb5.conf"), ""

  208.       + "[libdefaults]\n"

  209.       + "    default_realm = EXAMPLE.ORG\n"

  210.       + "\n"

  211.       + "[realms]\n"

  212.       + "    EXAMPLE.ORG = {\n"

  213.       + "        kdc = localhost:" + port + "\n"

  214.       + "    }\n"

  215.       + "\n"

  216.       + "[domain_realm]\n"

  217.       + "    .example.org = EXAMPLE.ORG\n"

  218.       + "    example.org = EXAMPLE.ORG\n",

  219.       StandardCharsets.UTF_8.name());

  220. 

  221.     return this;

  222.   }

  223. 

  224.   /**

  225.    * This seems to be required for objectClass posixGroup.

  226.    */

  227.   private ApacheDS activateNis() throws Exception {

  228.     directoryService.getAdminSession().modify(

  229.       new Dn("cn=nis,ou=schema"),

  230.       new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "m-disabled", "FALSE"));

  231.     return this;

  232.   }

  233. 

  234. }