LdapAuthBeanTester.java
/* Copyright (c) 2001-2024, The HSQL Development Group
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the HSQL Development Group nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG,
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.hsqldb.auth;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Properties;
/**
* Tests the settings for LdapAuthBean.
*/
public class LdapAuthBeanTester {
/**
* Run this method to try and test configuration settings for LdapAuthBeans,
* or to troubleshoot.
* It purposefully does not test the Java Function or the JDBC layer at all.
* This program will attempt to retrieve and display the schema/roles list
* for the specified user and with the specified password from the LDAP
* server according to the specified properties.
* <P>
* Passwords typed on the command line are inherently not secure, so only
* use this program when the computer it is run on is secured and where
* your command line may not be observed, directly or indirectly, by others.
* <P>
* Set the properties in a properties file to match your LDAP security and
* Directory Information Tree structure and use this program to check
* everything between the LdapAuthBean and your LDAP server.
* You then know the exact settings to use for an LdapAuthBean that you can
* plug into AuthBeanMultiplexer.
* <P>
* Run with no arguments to see required syntax.
* <P>
* The property file may contain any of the following properties, which
* exactly match the corresponding setter methods in this class.
* <UL>
* <LI>trustStore. This is the only property without a corresponding
* setter method. Setting this property has the same effect as
* setting Java system property
* {@code 'javax.net.ssl.trustStore'}.
* <LI>startTls. Takes a boolean value according to
* method java.util.Boolean.parseBoolean.
* <LI>roleSchemaValuePattern. Corresponds to method
* setRoleSchemaValuePatternString
* <LI>accessValuePattern. Corresponds to method
* setAccessValuePatternString
* <LI>ldapPort
* <LI>securityMechanism
* <LI>ldapHost
* <LI>principalTemplate
* <LI>initialContextFactory
* <LI>saslRealm
* <LI>parentDn
* <LI>rdnAttribute
* <LI>rolesSchemaAttribute
* <LI>accessAttribute
* </UL>
* <P>
* Tokens like ${this} will not be expanded to system property values,
* and your bean will get the values exactly as you type them in.
* <P>
* The file sample/ldap-exerciser.properties in the HyperSQL distribution
* may be used as a template or example.
*
* @param sa arguments
* @throws IOException on io error
*/
public static void main(String[] sa) throws IOException {
if (sa.length != 3) {
throw new IllegalArgumentException(
"SYNTAX: java " + AuthBeanMultiplexer.class.getName()
+ " path/to/file.properties <USERNAME> <PASSWORD>");
}
File file = new File(sa[0]);
if (!file.isFile()) {
throw new IllegalArgumentException("Not a file: "
+ file.getAbsolutePath());
}
Properties p = new Properties();
p.load(new FileInputStream(file));
String trustStore = p.getProperty("trustStore");
String startTlsString = p.getProperty("startTls");
String ldapPortString = p.getProperty("ldapPort");
String roleSchemaValuePatternString =
p.getProperty("roleSchemaValuePattern");
String accessValuePatternString = p.getProperty("accessValuePattern");
String securityMechanism = p.getProperty("securityMechanism");
String ldapHost = p.getProperty("ldapHost");
String principalTemplate = p.getProperty("principalTemplate");
String initialContextFactory = p.getProperty("initialContextFactory");
String saslRealm = p.getProperty("saslRealm");
String parentDn = p.getProperty("parentDn");
String rdnAttribute = p.getProperty("rdnAttribute");
String rolesSchemaAttribute = p.getProperty("rolesSchemaAttribute");
String accessAttribute = p.getProperty("accessAttribute");
if (trustStore != null) {
if (!(new File(trustStore)).isFile()) {
throw new IllegalArgumentException(
"Specified trust store is not a file: " + trustStore);
}
System.setProperty("javax.net.ssl.trustStore", trustStore);
}
LdapAuthBean bean = new LdapAuthBean();
if (startTlsString != null) {
bean.setStartTls(Boolean.parseBoolean(startTlsString));
}
if (ldapPortString != null) {
bean.setLdapPort(Integer.parseInt(ldapPortString));
}
if (roleSchemaValuePatternString != null) {
bean.setRoleSchemaValuePatternString(roleSchemaValuePatternString);
}
if (accessValuePatternString != null) {
bean.setAccessValuePatternString(accessValuePatternString);
}
if (securityMechanism != null) {
bean.setSecurityMechanism(securityMechanism);
}
if (ldapHost != null) {
bean.setLdapHost(ldapHost);
}
if (principalTemplate != null) {
bean.setPrincipalTemplate(principalTemplate);
}
if (initialContextFactory != null) {
bean.setInitialContextFactory(initialContextFactory);
}
if (saslRealm != null) {
bean.setSaslRealm(saslRealm);
}
if (parentDn != null) {
bean.setParentDn(parentDn);
}
if (rdnAttribute != null) {
bean.setRdnAttribute(rdnAttribute);
}
if (rolesSchemaAttribute != null) {
bean.setRolesSchemaAttribute(rolesSchemaAttribute);
}
if (accessAttribute != null) {
bean.setAccessAttribute(accessAttribute);
}
bean.init();
String[] res = null;
try {
res = bean.authenticate(sa[1], sa[2]);
} catch (DenyException de) {
System.out.println("<DENY ACCESS>");
return;
}
if (res == null) {
System.out.println("<ALLOW ACCESS w/ local Roles+Schema>");
} else {
System.out.println(Integer.toString(res.length)
+ " Roles/Schema: " + Arrays.toString(res));
}
}
}