Example #1
0
        public void Bind_with_client_certificate_is_successful()
        {
            _ldapConnectionOptions.UseSsl();
            using var ldapConnection = new LdapConnection(_ldapConnectionOptions);

            ldapConnection.Connect(TestsConfig.LdapServer.ServerAddress, TestsConfig.LdapServer.ServerPortSsl);

            ldapConnection.Bind(new SaslExternalRequest());

            Assert.True(ldapConnection.Bound);
            var response = ldapConnection.WhoAmI();

            Assert.Equal(_expectedAuthzId, response.AuthzId);
        }
Example #2
0
        private static LdapConnectionOptions GetConnectionOptions()
        {
            var connectionOptions = new LdapConnectionOptions();
            var configuration     = LdapPlugin.Instance.Configuration;

            if (configuration.UseSsl)
            {
                connectionOptions.UseSsl();
            }

            if (configuration.SkipSslVerify)
            {
                connectionOptions.ConfigureRemoteCertificateValidationCallback(LdapClient_UserDefinedServerCertValidationDelegate);
            }

            return(connectionOptions);
        }
Example #3
0
        public T ExecuteLdapQuery <T>(string searchBase, string filter, string[] attributes) where T : class
        {
            try
            {
                var sw     = new Stopwatch();
                T   result = null;
                sw.Start();
                var logMessage = new SpineMessage
                {
                    RequestPayload     = $"{searchBase} {filter} [{string.Join(",", attributes)}]",
                    SpineMessageTypeId = (int)GPConnect.Constants.SpineMessageTypes.SpineLdapQuery
                };

                var results          = new Dictionary <string, object>();
                var useLdaps         = bool.Parse(_configuration.GetSection("Spine:sds_use_ldaps").Value);
                var useSdsMutualAuth = bool.Parse(_configuration.GetSection("Spine:sds_use_mutualauth").Value);


                Novell.Directory.Ldap.LdapConnectionOptions ldapConnectionOptions = new LdapConnectionOptions();

                if (useLdaps)
                {
                    SslProtocols sslProtocol = ParseTlsVersion(_configuration.GetSection("Spine:sds_tls_version").Value);

                    ldapConnectionOptions.ConfigureSslProtocols(SslProtocols.Tls12);
                    ldapConnectionOptions.UseSsl();
                    ldapConnectionOptions.ConfigureLocalCertificateSelectionCallback(SelectLocalCertificate);
                    ldapConnectionOptions.ConfigureRemoteCertificateValidationCallback(ValidateServerCertificate);
                }

                using (var ldapConnection = new LdapConnection(ldapConnectionOptions)
                {
                    ConnectionTimeout = int.Parse(_configuration.GetSection("Spine:timeout_seconds").Value) * 1000
                })
                {
                    if (useSdsMutualAuth)
                    {
                        var clientCert       = _configuration.GetSection("spine:client_cert").GetConfigurationString();
                        var serverCert       = _configuration.GetSection("spine:server_ca_certchain").GetConfigurationString();
                        var clientPrivateKey = _configuration.GetSection("spine:client_private_key").GetConfigurationString();

                        var clientCertData        = CertificateHelper.ExtractCertInstances(clientCert);
                        var clientPrivateKeyData  = CertificateHelper.ExtractKeyInstance(clientPrivateKey);
                        var x509ClientCertificate = new X509Certificate2(clientCertData.FirstOrDefault());

                        var privateKey = RSA.Create();
                        privateKey.ImportRSAPrivateKey(clientPrivateKeyData, out _);
                        var x509CertificateWithPrivateKey = x509ClientCertificate.CopyWithPrivateKey(privateKey);
                        var pfxFormattedCertificate       = new X509Certificate(x509CertificateWithPrivateKey.Export(X509ContentType.Pfx, string.Empty), string.Empty);

                        _clientCertificate = pfxFormattedCertificate;
                    }

                    var hostName = _configuration.GetSection("Spine:sds_hostname").Value;
                    var hostPort = int.Parse(_configuration.GetSection("Spine:sds_port").Value);

                    ldapConnection.Connect(hostName, hostPort);
                    ldapConnection.Bind(string.Empty, string.Empty);

                    LogTlsVersionOnStartup(ldapConnection);

                    var searchResults = ldapConnection.Search(searchBase, LdapConnection.ScopeSub, filter, attributes, false);

                    while (searchResults.HasMore())
                    {
                        var nextEntry    = searchResults.Next();
                        var attributeSet = nextEntry.GetAttributeSet();

                        foreach (var attribute in attributeSet)
                        {
                            results.TryAdd(attribute.Name, attribute.StringValue);
                        }
                    }

                    ldapConnection.Disconnect();
                    ldapConnection.Dispose();
                }

                var jsonDictionary = JsonConvert.SerializeObject(results);
                if (results.Count > 0)
                {
                    result = JsonConvert.DeserializeObject <T>(jsonDictionary);
                }
                logMessage.ResponsePayload = jsonDictionary;
                logMessage.RoundTripTimeMs = sw.ElapsedMilliseconds;
                _logService.AddSpineMessageLog(logMessage);
                return(result);
            }
            catch (LdapException ldapException)
            {
                _logger.LogError(ldapException, "An LdapException has occurred while attempting to execute an LDAP query");
                throw;
            }
            catch (Exception exc)
            {
                _logger.LogError(exc, "An Exception has occurred while attempting to execute an LDAP query");
                throw;
            }
        }
Example #4
0
        public T ExecuteLdapQuery <T>(string searchBase, string filter, string[] attributes) where T : class
        {
            try
            {
                var sw     = new Stopwatch();
                T   result = null;
                sw.Start();
                var logMessage = new SpineMessage
                {
                    RequestPayload     = $"{searchBase} {filter} [{string.Join(",", attributes)}]",
                    SpineMessageTypeId = (int)GPConnect.Constants.SpineMessageTypes.SpineLdapQuery
                };

                var results = new Dictionary <string, object>();

                var ldapConnectionOptions = new LdapConnectionOptions();

                if (_spineOptionsDelegate.CurrentValue.SdsUseLdaps)
                {
                    ldapConnectionOptions.ConfigureSslProtocols(SecurityHelper.ParseTlsVersion(_spineOptionsDelegate.CurrentValue.SdsTlsVersion));
                    ldapConnectionOptions.UseSsl();
                    ldapConnectionOptions.ConfigureLocalCertificateSelectionCallback(SelectLocalCertificate);
                    ldapConnectionOptions.ConfigureRemoteCertificateValidationCallback(ValidateServerCertificate);
                }

                using (var ldapConnection = new LdapConnection(ldapConnectionOptions)
                {
                    ConnectionTimeout = _spineOptionsDelegate.CurrentValue.TimeoutMilliseconds
                })
                {
                    SetupMutualAuth();

                    ldapConnection.Connect(_spineOptionsDelegate.CurrentValue.SdsHostname, _spineOptionsDelegate.CurrentValue.SdsPort);
                    ldapConnection.Bind(string.Empty, string.Empty);

                    LogTlsVersionOnStartup(ldapConnection);

                    var searchResults = ldapConnection.Search(searchBase, LdapConnection.ScopeSub, filter, attributes, false);

                    while (searchResults.HasMore())
                    {
                        var nextEntry    = searchResults.Next();
                        var attributeSet = nextEntry.GetAttributeSet();

                        foreach (var attribute in attributeSet)
                        {
                            results.TryAdd(attribute.Name, attribute.StringValue);
                        }
                    }

                    ldapConnection.Disconnect();
                    ldapConnection.Dispose();
                }

                var jsonDictionary = JsonConvert.SerializeObject(results);
                if (results.Count > 0)
                {
                    result = JsonConvert.DeserializeObject <T>(jsonDictionary);
                }
                logMessage.ResponsePayload = jsonDictionary;
                logMessage.RoundTripTimeMs = sw.ElapsedMilliseconds;
                _logService.AddSpineMessageLog(logMessage);
                return(result);
            }
            catch (LdapException ldapException)
            {
                _logger.LogError(ldapException, "An LdapException has occurred while attempting to execute an LDAP query");
                throw;
            }
            catch (Exception exc)
            {
                _logger.LogError(exc, "An Exception has occurred while attempting to execute an LDAP query");
                throw;
            }
        }