mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29003 Commits
59 Branches
Tree: 274c9faaf5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '274c9faaf5'
${ noResults }
sonarqube/sonar-testing-ldap/src/main/java/org/sonar/ldap/ApacheDS.java

ApacheDS.java 9.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. 

  21. package org.sonar.ldap;

  22. 

  23. import java.io.File;

  24. import java.io.IOException;

  25. import java.io.InputStream;

  26. import java.nio.charset.StandardCharsets;

  27. import java.util.Collections;

  28. import java.util.HashMap;

  29. import java.util.Map;

  30. import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;

  31. import org.apache.directory.api.ldap.model.entry.DefaultEntry;

  32. import org.apache.directory.api.ldap.model.entry.DefaultModification;

  33. import org.apache.directory.api.ldap.model.entry.ModificationOperation;

  34. import org.apache.directory.api.ldap.model.exception.LdapOperationException;

  35. import org.apache.directory.api.ldap.model.ldif.ChangeType;

  36. import org.apache.directory.api.ldap.model.ldif.LdifEntry;

  37. import org.apache.directory.api.ldap.model.ldif.LdifReader;

  38. import org.apache.directory.api.ldap.model.name.Dn;

  39. import org.apache.directory.api.util.FileUtils;

  40. import org.apache.directory.server.core.api.CoreSession;

  41. import org.apache.directory.server.core.api.DirectoryService;

  42. import org.apache.directory.server.core.api.InstanceLayout;

  43. import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;

  44. import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;

  45. import org.apache.directory.server.core.partition.impl.avl.AvlPartition;

  46. import org.apache.directory.server.kerberos.KerberosConfig;

  47. import org.apache.directory.server.kerberos.kdc.KdcServer;

  48. import org.apache.directory.server.ldap.LdapServer;

  49. import org.apache.directory.server.ldap.handlers.sasl.MechanismHandler;

  50. import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;

  51. import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;

  52. import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;

  53. import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;

  54. import org.apache.directory.server.protocol.shared.transport.TcpTransport;

  55. import org.apache.directory.server.protocol.shared.transport.UdpTransport;

  56. import org.apache.directory.server.xdbm.impl.avl.AvlIndex;

  57. import org.apache.mina.util.AvailablePortFinder;

  58. import org.slf4j.Logger;

  59. import org.slf4j.LoggerFactory;

  60. 

  61. public final class ApacheDS {

  62. 

  63.   private static final Logger LOG = LoggerFactory.getLogger(ApacheDS.class);

  64. 

  65.   private final String realm;

  66.   private final String baseDn;

  67. 

  68.   private DirectoryService directoryService;

  69.   private LdapServer ldapServer;

  70.   private KdcServer kdcServer;

  71. 

  72.   private ApacheDS(String realm, String baseDn) {

  73.     this.realm = realm;

  74.     this.baseDn = baseDn;

  75.     ldapServer = new LdapServer();

  76.   }

  77. 

  78.   public static ApacheDS start(String realm, String baseDn, String workDir, Integer port) throws Exception {

  79.     return new ApacheDS(realm, baseDn)

  80.       .startDirectoryService(workDir)

  81.       .startKdcServer()

  82.       .startLdapServer(port == null ? AvailablePortFinder.getNextAvailable(1024) : port)

  83.       .activateNis();

  84.   }

  85. 

  86.   public static ApacheDS start(String realm, String baseDn, String workDir) throws Exception {

  87.     return start(realm, baseDn, workDir + realm, null);

  88.   }

  89. 

  90.   public static ApacheDS start(String realm, String baseDn) throws Exception {

  91.     return start(realm, baseDn, "target/ldap-work/" + realm, null);

  92.   }

  93. 

  94.   public void stop() {

  95.     try {

  96.       kdcServer.stop();

  97.       kdcServer = null;

  98.       ldapServer.stop();

  99.       ldapServer = null;

  100.       directoryService.shutdown();

  101.       directoryService = null;

  102.     } catch (Exception e) {

  103.       throw new IllegalStateException(e);

  104.     }

  105.   }

  106. 

  107.   public String getUrl() {

  108.     return "ldap://localhost:" + ldapServer.getPort();

  109.   }

  110. 

  111.   /**

  112.    * Stream will be closed automatically.

  113.    */

  114.   public void importLdif(InputStream is) throws Exception {

  115.     try (LdifReader reader = new LdifReader(is)) {

  116.       CoreSession coreSession = directoryService.getAdminSession();

  117.       // see LdifFileLoader

  118.       for (LdifEntry ldifEntry : reader) {

  119.         String ldif = ldifEntry.toString();

  120.         LOG.info(ldif);

  121.         if (ChangeType.Add == ldifEntry.getChangeType() || /* assume "add" by default */ ChangeType.None == ldifEntry.getChangeType()) {

  122.           coreSession.add(new DefaultEntry(coreSession.getDirectoryService().getSchemaManager(), ldifEntry.getEntry()));

  123.         } else if (ChangeType.Modify == ldifEntry.getChangeType()) {

  124.           coreSession.modify(ldifEntry.getDn(), ldifEntry.getModifications());

  125.         } else if (ChangeType.Delete == ldifEntry.getChangeType()) {

  126.           coreSession.delete(ldifEntry.getDn());

  127.         } else {

  128.           throw new IllegalStateException();

  129.         }

  130.       }

  131.     }

  132.   }

  133. 

  134.   public void disableAnonymousAccess() {

  135.     directoryService.setAllowAnonymousAccess(false);

  136.   }

  137. 

  138.   public void enableAnonymousAccess() {

  139.     directoryService.setAllowAnonymousAccess(true);

  140.   }

  141. 

  142.   private ApacheDS startDirectoryService(String workDirStr) throws Exception {

  143.     DefaultDirectoryServiceFactory factory = new DefaultDirectoryServiceFactory();

  144.     factory.init(realm);

  145. 

  146.     directoryService = factory.getDirectoryService();

  147.     directoryService.getChangeLog().setEnabled(false);

  148.     directoryService.setShutdownHookEnabled(false);

  149.     directoryService.setAllowAnonymousAccess(true);

  150. 

  151.     File workDir = new File(workDirStr);

  152.     if (workDir.exists()) {

  153.       FileUtils.deleteDirectory(workDir);

  154.     }

  155.     InstanceLayout instanceLayout = new InstanceLayout(workDir);

  156.     directoryService.setInstanceLayout(instanceLayout);

  157. 

  158.     AvlPartition partition = new AvlPartition(directoryService.getSchemaManager());

  159.     partition.setId("Test");

  160.     partition.setSuffixDn(new Dn(directoryService.getSchemaManager(), baseDn));

  161.     partition.addIndexedAttributes(

  162.       new AvlIndex<>("ou"),

  163.       new AvlIndex<>("uid"),

  164.       new AvlIndex<>("dc"),

  165.       new AvlIndex<>("objectClass"));

  166.     partition.initialize();

  167.     directoryService.addPartition(partition);

  168.     directoryService.addLast(new KeyDerivationInterceptor());

  169. 

  170.     directoryService.shutdown();

  171.     directoryService.startup();

  172. 

  173.     return this;

  174.   }

  175. 

  176.   private ApacheDS startLdapServer(int port) throws Exception {

  177.     ldapServer.setTransports(new TcpTransport(port));

  178.     ldapServer.setDirectoryService(directoryService);

  179. 

  180.     // Setup SASL mechanisms

  181.     Map<String, MechanismHandler> mechanismHandlerMap = new HashMap<>();

  182.     mechanismHandlerMap.put(SupportedSaslMechanisms.PLAIN, new PlainMechanismHandler());

  183.     mechanismHandlerMap.put(SupportedSaslMechanisms.CRAM_MD5, new CramMd5MechanismHandler());

  184.     mechanismHandlerMap.put(SupportedSaslMechanisms.DIGEST_MD5, new DigestMd5MechanismHandler());

  185.     mechanismHandlerMap.put(SupportedSaslMechanisms.GSSAPI, new GssapiMechanismHandler());

  186.     ldapServer.setSaslMechanismHandlers(mechanismHandlerMap);

  187. 

  188.     ldapServer.setSaslHost("localhost");

  189.     ldapServer.setSaslRealms(Collections.singletonList(realm));

  190.     // TODO ldapServer.setSaslPrincipal();

  191.     // The base DN containing users that can be SASL authenticated.

  192.     ldapServer.setSearchBaseDn(baseDn);

  193. 

  194.     ldapServer.start();

  195. 

  196.     return this;

  197.   }

  198. 

  199.   private ApacheDS startKdcServer() throws IOException, LdapOperationException {

  200.     int port = AvailablePortFinder.getNextAvailable(6088);

  201. 

  202.     KerberosConfig kdcConfig = new KerberosConfig();

  203.     kdcConfig.setServicePrincipal("krbtgt/EXAMPLE.ORG@EXAMPLE.ORG");

  204.     kdcConfig.setPrimaryRealm("EXAMPLE.ORG");

  205.     kdcConfig.setPaEncTimestampRequired(false);

  206. 

  207.     kdcServer = new KdcServer(kdcConfig);

  208.     kdcServer.setSearchBaseDn("dc=example,dc=org");

  209.     kdcServer.addTransports(new UdpTransport("localhost", port));

  210.     kdcServer.setDirectoryService(directoryService);

  211.     kdcServer.start();

  212. 

  213.     FileUtils.writeStringToFile(new File("target/krb5.conf"), ""

  214.       + "[libdefaults]\n"

  215.       + "    default_realm = EXAMPLE.ORG\n"

  216.       + "\n"

  217.       + "[realms]\n"

  218.       + "    EXAMPLE.ORG = {\n"

  219.       + "        kdc = localhost:" + port + "\n"

  220.       + "    }\n"

  221.       + "\n"

  222.       + "[domain_realm]\n"

  223.       + "    .example.org = EXAMPLE.ORG\n"

  224.       + "    example.org = EXAMPLE.ORG\n",

  225.       StandardCharsets.UTF_8.name());

  226. 

  227.     return this;

  228.   }

  229. 

  230.   /**

  231.    * This seems to be required for objectClass posixGroup.

  232.    */

  233.   private ApacheDS activateNis() throws Exception {

  234.     directoryService.getAdminSession().modify(

  235.       new Dn("cn=nis,ou=schema"),

  236.       new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "m-disabled", "FALSE"));

  237.     return this;

  238.   }

  239. 

  240. }