From 27bab87f184114324fddbb7bdd2b71b8027b3552 Mon Sep 17 00:00:00 2001
From: Gabriel Barros <g.santos.barros@gmail.com>
Date: Wed, 24 Apr 2024 17:00:58 +0100
Subject: [PATCH] WIP: bug fix on ldap bootstrap flow

---
 .../roda/core/security/LdapUtilityTest.java   |  5 ++
 .../roda/core/model/utils/LdapUtility.java    | 86 +++++++------------
 2 files changed, 37 insertions(+), 54 deletions(-)

diff --git a/roda-core/roda-core-tests/src/main/java/org/roda/core/security/LdapUtilityTest.java b/roda-core/roda-core-tests/src/main/java/org/roda/core/security/LdapUtilityTest.java
index d37b028b1a..df3142acee 100644
--- a/roda-core/roda-core-tests/src/main/java/org/roda/core/security/LdapUtilityTest.java
+++ b/roda-core/roda-core-tests/src/main/java/org/roda/core/security/LdapUtilityTest.java
@@ -236,6 +236,11 @@ private static User getTestUser() {
 
   private Group addTestGroup() throws GenericException {
     Group group = getTestGroup();
+
+    HashSet<String> roles = new HashSet<>();
+    roles.add("access_key.manage");
+    group.setDirectRoles(roles);
+    group.setAllRoles(roles);
     try {
       ldapUtility.addGroup(group);
     } catch (GroupAlreadyExistsException e) {
diff --git a/roda-core/roda-core/src/main/java/org/roda/core/model/utils/LdapUtility.java b/roda-core/roda-core/src/main/java/org/roda/core/model/utils/LdapUtility.java
index b591a99776..3ba9cbc7fe 100644
--- a/roda-core/roda-core/src/main/java/org/roda/core/model/utils/LdapUtility.java
+++ b/roda-core/roda-core/src/main/java/org/roda/core/model/utils/LdapUtility.java
@@ -1,9 +1,7 @@
 package org.roda.core.model.utils;
 
-import java.io.File;
 import java.io.IOException;
-import java.net.URL;
-import java.nio.file.Paths;
+import java.io.InputStream;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.util.ArrayList;
@@ -47,6 +45,8 @@
 import org.roda.core.util.IdUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.core.io.InputStreamResource;
+import org.springframework.core.io.Resource;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.ldap.AuthenticationException;
 import org.springframework.ldap.InvalidNameException;
@@ -72,21 +72,9 @@ public class LdapUtility {
   /** Class logger. */
   private static final Logger LOGGER = LoggerFactory.getLogger(LdapUtility.class);
 
-  /** RODA instance name. */
-  private static final String INSTANCE_NAME = "RODA";
-
   /** Size of random passwords */
   private static final int RANDOM_PASSWORD_LENGTH = 12;
 
-  /** Shadow inactive constant. */
-  private static final String SHADOW_INACTIVE = "shadowInactive";
-
-  /** Unique member constant. */
-  private static final String UNIQUE_MEMBER = "uniqueMember";
-
-  /** Role occupant constant. */
-  private static final String ROLE_OCCUPANT = "roleOccupant";
-
   /** Object class constant. */
   private static final String OBJECT_CLASS = "objectClass";
 
@@ -99,9 +87,6 @@ public class LdapUtility {
   /** Constant: top. */
   private static final String OBJECT_CLASS_ORGANIZATIONAL_UNIT = "organizationalUnit";
 
-  /** Constant: groupOfUniqueNames. */
-  private static final String GROUP_OF_UNIQUE_NAMES = "groupOfUniqueNames";
-
   /** Constant: domain. */
   private static final String OBJECT_CLASS_DOMAIN = "dcObject";
 
@@ -128,9 +113,6 @@ public class LdapUtility {
 
   private static final String RODA_DUMMY_USER = "cn=roda,ou=system,dc=roda,dc=org";
 
-  /** The port where LDAP server should bind. */
-  private int ldapPort = 10389;
-
   /**
    * LDAP administrator Distinguished Name (DN).
    */
@@ -156,11 +138,6 @@ public class LdapUtility {
    */
   private String ldapRolesDN = null;
 
-  /**
-   * Password Digest Algorithm.
-   */
-  private String ldapDigestAlgorithm = "MD5";
-
   /**
    * List of protected users. Users in the protected list cannot be modified.
    *
@@ -190,10 +167,6 @@ public class LdapUtility {
    */
   private String rodaAdministratorsDN = null;
 
-  /**
-   * Directory where ApacheDS data will be stored.
-   */
-
   private final LdapTemplate ldapTemplate;
   private final LdapUserRepository ldapUserRepository;
   private final LdapGroupRepository ldapGroupRepository;
@@ -285,13 +258,7 @@ private void bootstrap() throws Exception {
       // Add groups DN
       addOrganizationUnitIfNotExists(ldapGroupsDN);
 
-      final List<String> ldifFileNames = Arrays.asList("users.ldif", "groups.ldif", "roles.ldif");
-      for (String ldifFileName : ldifFileNames) {
-        URL ldifResourceURL = RodaCoreFactory.getConfigurationFile(RodaConstants.CORE_LDAP_FOLDER + "/" + ldifFileName);
-        if (ldifResourceURL != null) {
-          applyLdif(ldifResourceURL.getPath());
-        }
-      }
+      applyLdif();
     }
   }
 
@@ -619,7 +586,17 @@ public Group getGroup(final String name) throws GenericException, NotFoundExcept
     try {
       LdapGroup ldapGroup = ldapGroupRepository.findByCommonName(name);
       if (ldapGroup != null) {
-        return getGroupFromEntry(ldapGroup);
+        final Group group = getGroupFromEntry(ldapGroup);
+
+        // Add all roles assigned to this group
+        final Set<String> memberRoles = getMemberRoles(getGroupDN(group.getName()));
+        group.setAllRoles(memberRoles);
+
+        // Add direct roles assigned to this group
+        for (String role : getMemberDirectRoles(getGroupDN(group.getName()))) {
+          group.addDirectRole(role);
+        }
+        return group;
       } else {
         return null;
       }
@@ -1677,25 +1654,30 @@ private String userMessage(final String user, final String message) {
   /**
    * Apply LDIF text.
    *
-   * @param ldifPath
-   *          LDIF file path .
    * @throws NamingException
    *           if some LDAP related error occurs.
    * @throws IOException
    *           if stream could not be closed.
    */
-  private void applyLdif(final String ldifPath) throws NamingException, IOException {
-    File ldifFile = Paths.get(ldifPath).toFile();
-    if (ldifFile.exists()) {
-      LdifParser parser = new LdifParser(ldifFile);
-      parser.open();
-      while (parser.hasMoreRecords()) {
-        LdapAttributes record = parser.getRecord();
-        if (!dnExists(record.getName())) {
-          ldapTemplate.bind(removeBaseDN(record.getName()), null, record);
+  private void applyLdif() throws NamingException, IOException {
+    final List<String> ldifFileNames = Arrays.asList("users.ldif", "groups.ldif", "roles.ldif");
+    for (String ldifFileName : ldifFileNames) {
+      InputStream inputStream = RodaCoreFactory
+        .getConfigurationFileAsStream(RodaConstants.CORE_LDAP_FOLDER + "/" + ldifFileName);
+      if (inputStream != null) {
+        Resource resource = new InputStreamResource(inputStream);
+        if (resource.exists()) {
+          LdifParser parser = new LdifParser(resource);
+          parser.open();
+          while (parser.hasMoreRecords()) {
+            LdapAttributes record = parser.getRecord();
+            if (!dnExists(record.getName())) {
+              ldapTemplate.bind(removeBaseDN(record.getName()), null, record);
+            }
+          }
+          parser.close();
         }
       }
-      parser.close();
     }
   }
 
@@ -1766,10 +1748,6 @@ private boolean dnExists(Name dn) {
     }
   }
 
-  private Name getFullDN(String dn) {
-    return getFullDN(LdapUtils.newLdapName(dn));
-  }
-
   private Name getFullDN(Name dn) {
     return LdapNameBuilder.newInstance(ldapRootDN).add(dn).build();
   }