[picketlink-commits] Picketlink SVN: r434 - in idm/branches/1.1.0: picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store and 2 other directories.

Author: bdaw Date: 2010-10-05 15:14:30 -0400 (Tue, 05 Oct 2010) New Revision: 434 Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java Log: - PLIDM-24 names in LDAP search filter are not escaped properly Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2010-10-04 17:58:28 UTC (rev 433) +++ idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2010-10-05 19:14:30 UTC (rev 434) @@ -118,4 +118,47 @@ return null; } + + + /** + * Escape string for LDAP search filter use according to RFC 2554 + * + * Character ASCII value + * --------------------------- + * * 0x2a + * ( 0x28 + * ) 0x29 + * \ 0x5c + * NUL 0x00 + * + * @param filter + * @return + */ + public static final String escapeLDAPSearchFilter(String filter) + { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < filter.length(); i++) { + char curChar = filter.charAt(i); + switch (curChar) { + case '\\': + sb.append("\\5c"); + break; + case '*': + sb.append("\\2a"); + break; + case '(': + sb.append("\\28"); + break; + case ')': + sb.append("\\29"); + break; + case '\u0000': + sb.append("\\00"); + break; + default: + sb.append(curChar); + } + } + return sb.toString(); + } } Modified: idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java 2010-10-04 17:58:28 UTC (rev 433) +++ idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java 2010-10-05 19:14:30 UTC (rev 434) @@ -110,8 +110,20 @@ assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(), "Adam//Ewa////Toto*%.$", IdentityTypeEnum.USER)); + user1 = testContext.getStore().createIdentityObject(testContext.getCtx(), "Adam(Ewa)", IdentityTypeEnum.USER); + assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(), "Adam(Ewa)", IdentityTypeEnum.USER)); + user1 = testContext.getStore().createIdentityObject(testContext.getCtx(), "Adam!(Ewa)", IdentityTypeEnum.USER); + + assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(), "Adam!(Ewa)", IdentityTypeEnum.USER)); + + user1 = testContext.getStore().createIdentityObject(testContext.getCtx(), "!(06_13_07 Sche) !(0", IdentityTypeEnum.USER); + + assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(), "!(06_13_07 Sche) !(0", IdentityTypeEnum.USER)); + + + testContext.commit(); Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-10-04 17:58:28 UTC (rev 433) +++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-10-05 19:14:30 UTC (rev 434) @@ -602,7 +602,11 @@ else { //search all entries - filter = "(".concat(getTypeConfiguration(invocationCtx, type).getIdAttributeName()).concat("=").concat(name).concat(")"); + filter = "(" + .concat(getTypeConfiguration(invocationCtx, type).getIdAttributeName()) + .concat("=") + .concat(Tools.escapeLDAPSearchFilter(name)) + .concat(")"); sr = searchIdentityObjects(invocationCtx, entryCtxs, filter, @@ -1226,7 +1230,7 @@ af.append("(") .append(stringEntry.getKey()) .append("=") - .append(value) + .append(Tools.escapeLDAPSearchFilter(value)) .append(")"); } } @@ -2138,7 +2142,11 @@ else { //search all entries - filter = "(".concat(getConfiguration(invocationCtx).getRelationshipNameAttributeName()).concat("=").concat(name).concat(")"); + filter = "(" + .concat(getConfiguration(invocationCtx).getRelationshipNameAttributeName()) + .concat("=") + .concat(Tools.escapeLDAPSearchFilter(name)) + .concat(")"); sr = searchIdentityObjects(invocationCtx, entryCtxs, filter, Modified: idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java 2010-10-04 17:58:28 UTC (rev 433) +++ idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java 2010-10-05 19:14:30 UTC (rev 434) @@ -422,7 +422,13 @@ assertTrue(session.getAttributesManager().validateCredentials(anotherOne, new Credential[]{binaryCredential})); } + session.getPersistenceManager().createUser("!(06_13_07 Sche) !(0"); + User u1 = session.getPersistenceManager().findUser("!(06_13_07 Sche) !(0"); + + assertNotNull(u1); + + ctx.commit(); }