public void Bind_with_client_certificate_is_successful()
{
_ldapConnectionOptions.UseSsl();
using var ldapConnection = new LdapConnection(_ldapConnectionOptions);
ldapConnection.Connect(TestsConfig.LdapServer.ServerAddress, TestsConfig.LdapServer.ServerPortSsl);
ldapConnection.Bind(new SaslExternalRequest());
Assert.True(ldapConnection.Bound);
var response = ldapConnection.WhoAmI();
Assert.Equal(_expectedAuthzId, response.AuthzId);
}
private static LdapConnectionOptions GetConnectionOptions()
{
var connectionOptions = new LdapConnectionOptions();
var configuration = LdapPlugin.Instance.Configuration;
if (configuration.UseSsl)
{
connectionOptions.UseSsl();
}
if (configuration.SkipSslVerify)
{
connectionOptions.ConfigureRemoteCertificateValidationCallback(LdapClient_UserDefinedServerCertValidationDelegate);
}
return(connectionOptions);
}
public T ExecuteLdapQuery <T>(string searchBase, string filter, string[] attributes) where T : class
{
try
{
var sw = new Stopwatch();
T result = null;
sw.Start();
var logMessage = new SpineMessage
{
RequestPayload = $"{searchBase} {filter} [{string.Join(",", attributes)}]",
SpineMessageTypeId = (int)GPConnect.Constants.SpineMessageTypes.SpineLdapQuery
};
var results = new Dictionary <string, object>();
var useLdaps = bool.Parse(_configuration.GetSection("Spine:sds_use_ldaps").Value);
var useSdsMutualAuth = bool.Parse(_configuration.GetSection("Spine:sds_use_mutualauth").Value);
Novell.Directory.Ldap.LdapConnectionOptions ldapConnectionOptions = new LdapConnectionOptions();
if (useLdaps)
{
SslProtocols sslProtocol = ParseTlsVersion(_configuration.GetSection("Spine:sds_tls_version").Value);
ldapConnectionOptions.ConfigureSslProtocols(SslProtocols.Tls12);
ldapConnectionOptions.UseSsl();
ldapConnectionOptions.ConfigureLocalCertificateSelectionCallback(SelectLocalCertificate);
ldapConnectionOptions.ConfigureRemoteCertificateValidationCallback(ValidateServerCertificate);
}
using (var ldapConnection = new LdapConnection(ldapConnectionOptions)
{
ConnectionTimeout = int.Parse(_configuration.GetSection("Spine:timeout_seconds").Value) * 1000
})
{
if (useSdsMutualAuth)
{
var clientCert = _configuration.GetSection("spine:client_cert").GetConfigurationString();
var serverCert = _configuration.GetSection("spine:server_ca_certchain").GetConfigurationString();
var clientPrivateKey = _configuration.GetSection("spine:client_private_key").GetConfigurationString();
var clientCertData = CertificateHelper.ExtractCertInstances(clientCert);
var clientPrivateKeyData = CertificateHelper.ExtractKeyInstance(clientPrivateKey);
var x509ClientCertificate = new X509Certificate2(clientCertData.FirstOrDefault());
var privateKey = RSA.Create();
privateKey.ImportRSAPrivateKey(clientPrivateKeyData, out _);
var x509CertificateWithPrivateKey = x509ClientCertificate.CopyWithPrivateKey(privateKey);
var pfxFormattedCertificate = new X509Certificate(x509CertificateWithPrivateKey.Export(X509ContentType.Pfx, string.Empty), string.Empty);
_clientCertificate = pfxFormattedCertificate;
}
var hostName = _configuration.GetSection("Spine:sds_hostname").Value;
var hostPort = int.Parse(_configuration.GetSection("Spine:sds_port").Value);
ldapConnection.Connect(hostName, hostPort);
ldapConnection.Bind(string.Empty, string.Empty);
LogTlsVersionOnStartup(ldapConnection);
var searchResults = ldapConnection.Search(searchBase, LdapConnection.ScopeSub, filter, attributes, false);
while (searchResults.HasMore())
{
var nextEntry = searchResults.Next();
var attributeSet = nextEntry.GetAttributeSet();
foreach (var attribute in attributeSet)
{
results.TryAdd(attribute.Name, attribute.StringValue);
}
}
ldapConnection.Disconnect();
ldapConnection.Dispose();
}
var jsonDictionary = JsonConvert.SerializeObject(results);
if (results.Count > 0)
{
result = JsonConvert.DeserializeObject <T>(jsonDictionary);
}
logMessage.ResponsePayload = jsonDictionary;
logMessage.RoundTripTimeMs = sw.ElapsedMilliseconds;
_logService.AddSpineMessageLog(logMessage);
return(result);
}
catch (LdapException ldapException)
{
_logger.LogError(ldapException, "An LdapException has occurred while attempting to execute an LDAP query");
throw;
}
catch (Exception exc)
{
_logger.LogError(exc, "An Exception has occurred while attempting to execute an LDAP query");
throw;
}
}
public T ExecuteLdapQuery <T>(string searchBase, string filter, string[] attributes) where T : class
{
try
{
var sw = new Stopwatch();
T result = null;
sw.Start();
var logMessage = new SpineMessage
{
RequestPayload = $"{searchBase} {filter} [{string.Join(",", attributes)}]",
SpineMessageTypeId = (int)GPConnect.Constants.SpineMessageTypes.SpineLdapQuery
};
var results = new Dictionary <string, object>();
var ldapConnectionOptions = new LdapConnectionOptions();
if (_spineOptionsDelegate.CurrentValue.SdsUseLdaps)
{
ldapConnectionOptions.ConfigureSslProtocols(SecurityHelper.ParseTlsVersion(_spineOptionsDelegate.CurrentValue.SdsTlsVersion));
ldapConnectionOptions.UseSsl();
ldapConnectionOptions.ConfigureLocalCertificateSelectionCallback(SelectLocalCertificate);
ldapConnectionOptions.ConfigureRemoteCertificateValidationCallback(ValidateServerCertificate);
}
using (var ldapConnection = new LdapConnection(ldapConnectionOptions)
{
ConnectionTimeout = _spineOptionsDelegate.CurrentValue.TimeoutMilliseconds
})
{
SetupMutualAuth();
ldapConnection.Connect(_spineOptionsDelegate.CurrentValue.SdsHostname, _spineOptionsDelegate.CurrentValue.SdsPort);
ldapConnection.Bind(string.Empty, string.Empty);
LogTlsVersionOnStartup(ldapConnection);
var searchResults = ldapConnection.Search(searchBase, LdapConnection.ScopeSub, filter, attributes, false);
while (searchResults.HasMore())
{
var nextEntry = searchResults.Next();
var attributeSet = nextEntry.GetAttributeSet();
foreach (var attribute in attributeSet)
{
results.TryAdd(attribute.Name, attribute.StringValue);
}
}
ldapConnection.Disconnect();
ldapConnection.Dispose();
}
var jsonDictionary = JsonConvert.SerializeObject(results);
if (results.Count > 0)
{
result = JsonConvert.DeserializeObject <T>(jsonDictionary);
}
logMessage.ResponsePayload = jsonDictionary;
logMessage.RoundTripTimeMs = sw.ElapsedMilliseconds;
_logService.AddSpineMessageLog(logMessage);
return(result);
}
catch (LdapException ldapException)
{
_logger.LogError(ldapException, "An LdapException has occurred while attempting to execute an LDAP query");
throw;
}
catch (Exception exc)
{
_logger.LogError(exc, "An Exception has occurred while attempting to execute an LDAP query");
throw;
}
}
