From 6e35118970c7af70eb0ac938859d794f7348d367 Mon Sep 17 00:00:00 2001
From: Andrew Branson <andrew.branson@cern.ch>
Date: Fri, 22 Feb 2013 14:04:33 +0100
Subject: Extracted LDAP specifics into subpackage

---
 .../com/c2kernel/lookup/ldap/LDAPRoleManager.java  | 210 +++++++++++++++++++++
 1 file changed, 210 insertions(+)
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPRoleManager.java

(limited to 'src/main/java/com/c2kernel/lookup/ldap/LDAPRoleManager.java')

diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPRoleManager.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPRoleManager.java
new file mode 100644
index 0000000..816d1c4
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPRoleManager.java
@@ -0,0 +1,210 @@
+package com.c2kernel.lookup.ldap;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+
+import com.c2kernel.common.ObjectAlreadyExistsException;
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.lookup.AgentPath;
+import com.c2kernel.lookup.InvalidEntityPathException;
+import com.c2kernel.lookup.Path;
+import com.c2kernel.lookup.RoleManager;
+import com.c2kernel.lookup.RolePath;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPConnection;
+import com.novell.ldap.LDAPEntry;
+import com.novell.ldap.LDAPException;
+import com.novell.ldap.LDAPSearchConstraints;
+
+/**************************************************************************
+ *
+ * $Revision: 1.1 $
+ * $Date: 2005/04/26 06:48:12 $
+ *
+ * Copyright (C) 2003 CERN - European Organization for Nuclear Research
+ * All rights reserved.
+ **************************************************************************/
+
+//    public static final String codeRevision = "$Revision: 1.1 $ $Date: 2005/04/26 06:48:12 $ $Author: abranson $";
+public class LDAPRoleManager implements RoleManager {
+
+    /**
+     *
+     */
+    LDAPLookup mLdap;
+    private final String mRolePath;
+    private final String mEntityPath;
+
+    public LDAPRoleManager(LDAPLookup ldap, String rolePath, String entityPath) {
+        super();
+        this.mLdap = ldap;
+        this.mRolePath = rolePath;
+        this.mEntityPath = entityPath;
+    }
+
+    //NOTE: A role must have at LEAST 1 userDN, cannot be empty...
+    //Creates a cristalRole
+    //CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
+    @Override
+	public RolePath createRole(String roleName, boolean jobList)
+        throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
+    {
+
+        // create the role
+    	RolePath rolePath = new RolePath(roleName, jobList);
+    	String roleDN = rolePath.getFullDN();
+        LDAPEntry roleNode;
+        try
+        {
+        	roleNode = LDAPLookupUtils.getEntry(mLdap.getConnection(), rolePath.getFullDN());
+            throw new ObjectAlreadyExistsException();
+        } catch (ObjectNotFoundException ex) { }
+
+        //create CristalRole if it does not exist
+        roleNode = new LDAPEntry(roleDN, rolePath.createAttributeSet());
+        try {
+            LDAPLookupUtils.addEntry(mLdap.getConnection(),roleNode);
+        } catch (LDAPException e) {
+            throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
+        }
+        return rolePath;
+
+
+    }
+    public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
+        try {
+            LDAPLookupUtils.delete(mLdap.getConnection(), role.getFullDN());
+        } catch (LDAPException ex) {
+            throw new ObjectCannotBeUpdated("Could not remove role");
+        }
+    }
+
+    @Override
+	public void addRole(AgentPath agent, RolePath role)
+            throws ObjectCannotBeUpdated, ObjectNotFoundException
+    {
+        LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
+        //add memberDN to uniqueMember if it is not yet a member
+        if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
+            LDAPLookupUtils.addAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
+        else
+            throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
+    }
+
+    public void removeRole(AgentPath agent, RolePath role)
+        throws ObjectCannotBeUpdated, ObjectNotFoundException
+    {
+    	LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
+    	if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
+   			LDAPLookupUtils.removeAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
+    	else
+    		throw new ObjectCannotBeUpdated("Agent did not have that role");
+    }
+
+    public boolean hasRole(AgentPath agent, RolePath role) {
+        String filter = "(&(objectclass=cristalrole)(uniqueMember="+agent.getFullDN()+")(cn="+role.getName()+"))";
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+        return mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons).hasMoreElements();
+    }
+
+    @Override
+	public AgentPath[] getAgents(RolePath role)
+        throws ObjectNotFoundException
+    {
+    	//get the roleDN entry, and its uniqueMember entry pointing to
+    	LDAPEntry roleEntry;
+        try {
+            roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
+        } catch (ObjectNotFoundException e) {
+            throw new ObjectNotFoundException("Role does not exist", "");
+        }
+
+    	String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
+    	ArrayList<AgentPath> agents = new ArrayList<AgentPath>();
+    	for (String userDN : res) {
+    		try {
+    			LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), userDN);
+    		    AgentPath path = (AgentPath)mLdap.nodeToPath(userEntry);
+                agents.add(path);
+    		} catch (ObjectNotFoundException ex) {
+                Logger.error("Agent "+userDN+" does not exist");
+    		} catch (InvalidEntityPathException ex) {
+                Logger.error("Agent "+userDN+" is not a valid entity");
+    		}
+    	}
+        AgentPath[] usersList = new AgentPath[0];
+        usersList = agents.toArray(usersList);
+    	return usersList;
+    }
+
+    //returns the role/s of a user
+    @Override
+	public RolePath[] getRoles(AgentPath agentPath)
+    {
+    	//search the mDomainPath tree uniqueMember=userDN
+    	//filter = objectclass=cristalrole AND uniqueMember=userDN
+        String filter = "(&(objectclass=cristalrole)(uniqueMember="+agentPath.getFullDN()+"))";
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+    	Enumeration<?> roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+        ArrayList<RolePath> roleList = new ArrayList<RolePath>();
+
+    	while(roles.hasMoreElements())
+    	{
+            RolePath path = (RolePath) roles.nextElement();
+   			roleList.add(path);
+    	}
+        RolePath[] roleArr = new RolePath[roleList.size()];
+        roleArr = roleList.toArray(roleArr);
+        return roleArr;
+    }
+
+    /**
+     * Utility for looking up a login name
+     *
+     * @param ld
+     * @param agentName
+     * @param baseDN
+     * @return
+     * @throws ObjectNotFoundException
+     */
+    @Override
+	public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
+    {
+        //search to get the userDN equivalent of the userID
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+        String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";
+        Enumeration<Path> res = mLdap.search(mEntityPath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+        if (!res.hasMoreElements())
+            throw new ObjectNotFoundException("Agent not found");
+        Path result = res.nextElement();
+        if (result instanceof AgentPath)
+            return (AgentPath)result;
+        else
+            throw new ObjectNotFoundException("Entry was not an Agent");
+    }
+
+    @Override
+	public RolePath getRolePath(String roleName) throws ObjectNotFoundException
+    {
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+        String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";
+		Enumeration<Path> res = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+		if (!res.hasMoreElements())
+            throw new ObjectNotFoundException("Role not found");
+        Path result = res.nextElement();
+        if (result instanceof RolePath)
+            return (RolePath)result;
+        else
+            throw new ObjectNotFoundException("Entry was not a Role");
+    }
+
+}
-- 
cgit v1.2.3