From 8943c56c500ef9b90a0eab8ca9f621c94e7f87ac Mon Sep 17 00:00:00 2001
From: ogattaz <olivier@gattaz.com>
Date: Thu, 24 Jul 2014 10:14:35 +0200
Subject: LDAP properties enhancements : add protections during the
 instanciation add  methods to return validity informations about the
 contained data

---
 .../com/c2kernel/lookup/ldap/LDAPProperties.java   | 208 ++++++++++++++++++---
 1 file changed, 179 insertions(+), 29 deletions(-)

diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java
index 1e9f971..289b206 100644
--- a/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java
@@ -1,38 +1,188 @@
-/*
+package com.c2kernel.lookup.ldap;
+
+/**
  * Directory Lookup Service
-*/
+ * 
+ * This represent 
+ * 
+ */
 
-package com.c2kernel.lookup.ldap;
+import javax.xml.bind.DatatypeConverter;
 
 import com.c2kernel.utils.ObjectProperties;
 
 /**
+ * example:
+ * 
+ * <pre>
+ * # LDAP Lookup config
+ * # use the ApacheDS 2.0.0 M15 available using the port 10389
+ * LDAP.GlobalPath=dc=cristalosgiglobal
+ * LDAP.RootPath=cn=cristalosgiroot
+ * LDAP.LocalPath=cn=cristalosgilocal
+ * LDAP.port=10389
+ * LDAP.host=localhost
+ * LDAP.user=uid=admin,ou=system
+ * LDAP.password=xxxxxx
+ * or
+ * LDAP.password64=xxxxxx
+ * </pre>
+ * 
  * @version $Revision: 1.16 $ $Date: 2005/10/12 12:51:54 $
- * @author  $Author: abranson $
+ * @author $Author: abranson $
+ * @author ogattaz
  */
-public class LDAPProperties
-{
-    public String mGlobalPath = null;     //o=cern.ch
-    public String mRootPath = null;     //cn=cristal2
-    public String mLocalPath = null;    //cn=lab27
-    public Integer mPort = null;
-    public String mHost = null;
-    public String mUser = null;
-    public String mPassword = null;
-
-    public LDAPProperties(ObjectProperties obj)
-    {
-        mGlobalPath   = obj.getProperty( "LDAP.GlobalPath" );
-        mRootPath     = obj.getProperty( "LDAP.RootPath" );
-        mLocalPath    = obj.getProperty( "LDAP.LocalPath" );
-        mPort         = obj.getInt( "LDAP.port", 389 );
-        mHost         = obj.getProperty( "LDAP.host" );
-        mUser         = obj.getProperty( "LDAP.user" );
-        mPassword     = obj.getProperty( "LDAP.password" );
-
-        mRootPath    += "," + mGlobalPath;
-        mLocalPath   += "," + mRootPath;
-
-    }
-}
+public class LDAPProperties {
+
+	private static final String BAD_PASSWORD_MESSAGE = "bad base64 password value";
+	
+	public static final String LDAP_PROP_GPATH = "LDAP.GlobalPath";
+	public static final String LDAP_PROP_HOST = "LDAP.host";
+	public static final String LDAP_PROP_LPATH = "LDAP.LocalPath";
+	public static final String LDAP_PROP_PASS = "LDAP.password";
+	public static final String LDAP_PROP_PASS64 = "LDAP.password64";
+	public static final String LDAP_PROP_PORT = "LDAP.port";
+	public static final String LDAP_PROP_RPATH = "LDAP.RootPath";
+	public static final String LDAP_PROP_USER = "LDAP.user";
+	
+	public String mGlobalPath = null; // o=cern.ch
+	public String mHost = null;
+	public String mLocalPath = null; // cn=lab27
+	public String mPassword = null;
+	public Integer mPort = null;
+	public String mRootPath = null; // cn=cristal2
+	public String mUser = null;
+
+	/**
+	 * @param aObjectProps
+	 *            an ObjectProperties instance comming from clc file for exemple
+	 */
+	public LDAPProperties(final ObjectProperties aObjectProps) {
+
+		if (aObjectProps != null) {
+
+			mGlobalPath = aObjectProps.getProperty(LDAP_PROP_GPATH);
+
+			mRootPath = aObjectProps.getProperty(LDAP_PROP_RPATH);
+			if (mRootPath != null) {
+				mRootPath += "," + mGlobalPath;
+			}
+
+			mLocalPath = aObjectProps.getProperty(LDAP_PROP_LPATH);
+			if (mLocalPath != null) {
+				mLocalPath += "," + mRootPath;
+			}
+
+			mPort = aObjectProps.getInt(LDAP_PROP_PORT, 389);
+			mHost = aObjectProps.getProperty(LDAP_PROP_HOST);
+			mUser = aObjectProps.getProperty(LDAP_PROP_USER);
+			mPassword = aObjectProps.getProperty(LDAP_PROP_PASS);
+
+			// if raw password not available, try to find base64 one
+			if (mPassword == null) {
+				mPassword = aObjectProps.getProperty(LDAP_PROP_PASS64);
+				// if base64 password available
+				if (mPassword != null) {
+					mPassword = translateBase64OPassword(mPassword);
+				}
+			}
+		}
+	}
 
+	/**
+	 * @param aPropertyName
+	 *            the name of the property associated to the member
+	 * @param aMemberValue
+	 *            the value to check
+	 * @return true if valid
+	 * @throws IllegalArgumentException
+	 *             if not valid
+	 */
+	private boolean checkMemberValidity(final String aPropertyName,
+			final String aMemberValue) throws IllegalArgumentException {
+
+		if (isMemberValueValid(aMemberValue))
+			return true;
+
+		throw new IllegalArgumentException(String.format(
+				"The LDAP property [%s] is not valid. The member value=[%s]",
+				aPropertyName, aMemberValue));
+	}
+
+	/**
+	 * @param aValue
+	 *            the value to be checked
+	 * @return true if not null and not empty
+	 */
+	private boolean checkPasswordValidity(final String aPasswordValue)
+			throws IllegalArgumentException {
+
+		if (checkMemberValidity(LDAP_PROP_PASS, aPasswordValue)) {
+
+			if (aPasswordValue.contains(BAD_PASSWORD_MESSAGE)) {
+				throw new IllegalArgumentException(
+						String.format(
+								"The LDAP property [%s] is not valid. The member value=[%s]",
+								LDAP_PROP_PASS, aPasswordValue));
+			}
+		}
+		return true;
+	}
+
+	/**
+	 * @return true is valid
+	 * @throws IllegalArgumentException
+	 *             if one of the members is not valid (null or empty)
+	 */
+	public boolean checkValidity() throws IllegalArgumentException {
+
+		return checkMemberValidity(LDAP_PROP_GPATH, mGlobalPath)
+				&& checkMemberValidity(LDAP_PROP_RPATH, mRootPath)
+				&& checkMemberValidity(LDAP_PROP_LPATH, mLocalPath)
+				&& checkMemberValidity(LDAP_PROP_HOST, mHost)
+				&& checkMemberValidity(LDAP_PROP_USER, mUser)
+				&& checkPasswordValidity(mPassword);
+	}
+
+	/**
+	 * @param aValue
+	 *            the value to be checked
+	 * @return true if not null and not empty
+	 */
+	private boolean isMemberValueValid(final String aValue) {
+
+		return (aValue != null && !aValue.isEmpty());
+	}
+
+	/**
+	 * @return true if the password is not null, not empty and is decoded id the
+	 *         passed property is a password64 one
+	 */
+	public boolean isPasswordValid() {
+		try {
+			return checkPasswordValidity(mPassword);
+		} catch (IllegalArgumentException ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @param aBase6Password
+	 *            the encoded password
+	 * @return the decodded password or a dummy phrase which cause an explicit
+	 *         error when it will be used during the connection
+	 */
+	private String translateBase64OPassword(final String aBase6Password) {
+
+		try {
+			// DatatypeConverter tool class available since java 1.5.
+			// Throws IllegalArgumentException if value not conform
+			return new String(
+					DatatypeConverter.parseBase64Binary(aBase6Password));
+
+		} catch (IllegalArgumentException ex) {
+			return String.format("#### %s [%s] ####", BAD_PASSWORD_MESSAGE,
+					aBase6Password);
+		}
+	}
+}
-- 
cgit v1.2.3


From bbd89b565324f8c58ef812398ff2a9e378b7038f Mon Sep 17 00:00:00 2001
From: ogattaz <olivier@gattaz.com>
Date: Thu, 24 Jul 2014 10:27:35 +0200
Subject: set protected the new memeber "ldapProps"

---
 .../java/com/c2kernel/lookup/ldap/LDAPLookup.java    | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java
index 372a91c..24fcc78 100644
--- a/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java
@@ -50,26 +50,28 @@ import com.novell.ldap.LDAPSearchResults;
  * @author  $Author: abranson $
  */
 
-public class LDAPLookup implements LookupManager
-
-{
+public class LDAPLookup implements LookupManager{
+	
 	protected LDAPAuthManager mLDAPAuth;
 	protected LDAPPropertyManager mPropManager;
-    
+	protected LDAPProperties ldapProps;
+
     private String mGlobalPath, mRootPath, mLocalPath, mRolePath, mItemTypeRoot, mDomainTypeRoot;
-    LDAPProperties ldapProps;
 
+    /**
+     * 
+     */
     public LDAPLookup() {
+    	super();
     }
     
-    
     /**
      * Initializes the DN paths from the Root, global and local paths supplied by the LDAP properties.
      * @param props
      */
-    protected void initPaths(LDAPProperties props)
-    {
-        Logger.msg(8,"LDAPLookup - initialising.");
+    protected void initPaths(LDAPProperties props){
+    	
+        Logger.msg(8,"LDAPLookup.initPaths(): - initialising with LDAPProperties");
         ldapProps = props;
 
         mGlobalPath=props.mGlobalPath;
-- 
cgit v1.2.3