mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
blame | history | raw
Matthew Swift
20.44.2013 05aed002704417713d01c11d40b637dad22fad4d 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

/*


 * CDDL HEADER START


 *


 * The contents of this file are subject to the terms of the


 * Common Development and Distribution License, Version 1.0 only


 * (the "License").  You may not use this file except in compliance


 * with the License.


 *


 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt


 * or http://forgerock.org/license/CDDLv1.0.html.


 * See the License for the specific language governing permissions


 * and limitations under the License.


 *


 * When distributing Covered Code, include this CDDL HEADER in each


 * file and include the License file at legal-notices/CDDLv1_0.txt.


 * If applicable, add the following below this CDDL HEADER, with the


 * fields enclosed by brackets "[]" replaced with your own identifying


 * information:


 *      Portions Copyright [yyyy] [name of copyright owner]


 *


 * CDDL HEADER END


 *


 *


 *      Copyright 2010 Sun Microsystems, Inc.


 *      Portions copyright 2011-2012 ForgeRock AS


 */


 


package org.forgerock.opendj.ldap.requests;


 


import static org.forgerock.opendj.ldap.ErrorResultException.newErrorResult;


 


import javax.security.sasl.Sasl;


import javax.security.sasl.SaslClient;


import javax.security.sasl.SaslException;


 


import org.forgerock.opendj.ldap.ByteString;


import org.forgerock.opendj.ldap.ErrorResultException;


import org.forgerock.opendj.ldap.ResultCode;


import org.forgerock.opendj.ldap.responses.BindResult;


import org.forgerock.opendj.ldap.responses.Responses;


 


/**


 * External SASL bind request implementation.


 */


final class ExternalSASLBindRequestImpl extends AbstractSASLBindRequest<ExternalSASLBindRequest>


        implements ExternalSASLBindRequest {


    private final static class Client extends SASLBindClientImpl {


        private final SaslClient saslClient;


 


        private Client(final ExternalSASLBindRequestImpl initialBindRequest, final String serverName)


                throws ErrorResultException {


            super(initialBindRequest);


 


            try {


                saslClient =


                        Sasl.createSaslClient(new String[] { SASL_MECHANISM_NAME },


                                initialBindRequest.getAuthorizationID(), SASL_DEFAULT_PROTOCOL,


                                serverName, null, this);


                if (saslClient.hasInitialResponse()) {


                    setNextSASLCredentials(saslClient.evaluateChallenge(new byte[0]));


                } else {


                    setNextSASLCredentials((ByteString) null);


                }


            } catch (final SaslException e) {


                throw newErrorResult(ResultCode.CLIENT_SIDE_LOCAL_ERROR, e);


            }


        }


 


        @Override


        public void dispose() {


            try {


                saslClient.dispose();


            } catch (final SaslException ignored) {


                // Ignore the SASL exception.


            }


        }


 


        @Override


        public boolean evaluateResult(final BindResult result) throws ErrorResultException {


            if (saslClient.isComplete()) {


                return true;


            }


 


            try {


                setNextSASLCredentials(saslClient.evaluateChallenge(result


                        .getServerSASLCredentials() == null ? new byte[0] : result


                        .getServerSASLCredentials().toByteArray()));


                return saslClient.isComplete();


            } catch (final SaslException e) {


                // FIXME: I18N need to have a better error message.


                // FIXME: Is this the best result code?


                throw ErrorResultException.newErrorResult(Responses.newResult(


                        ResultCode.CLIENT_SIDE_LOCAL_ERROR).setDiagnosticMessage(


                        "An error occurred during multi-stage authentication").setCause(e));


            }


        }


    }


 


    private String authorizationID = null;


 


    ExternalSASLBindRequestImpl() {


        // Nothing to do.


    }


 


    ExternalSASLBindRequestImpl(final ExternalSASLBindRequest externalSASLBindRequest) {


        super(externalSASLBindRequest);


        this.authorizationID = externalSASLBindRequest.getAuthorizationID();


    }


 


    @Override


    public BindClient createBindClient(final String serverName) throws ErrorResultException {


        return new Client(this, serverName);


    }


 


    @Override


    public String getAuthorizationID() {


        return authorizationID;


    }


 


    @Override


    public String getSASLMechanism() {


        return SASL_MECHANISM_NAME;


    }


 


    @Override


    public ExternalSASLBindRequest setAuthorizationID(final String authorizationID) {


        this.authorizationID = authorizationID;


        return this;


    }


 


    @Override


    public String toString() {


        final StringBuilder builder = new StringBuilder();


        builder.append("ExternalSASLBindRequest(bindDN=");


        builder.append(getName());


        builder.append(", authentication=SASL");


        builder.append(", saslMechanism=");


        builder.append(getSASLMechanism());


        builder.append(", authorizationID=");


        builder.append(authorizationID);


        builder.append(", controls=");


        builder.append(getControls());


        builder.append(")");


        return builder.toString();


    }


}