/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2009 Sun Microsystems, Inc.
|
*/
|
|
package org.opends.sdk.sasl;
|
|
import java.util.HashMap;
|
import java.util.Map;
|
|
import javax.security.auth.callback.NameCallback;
|
import javax.security.auth.callback.PasswordCallback;
|
import javax.security.auth.callback.UnsupportedCallbackException;
|
import javax.security.sasl.RealmCallback;
|
import javax.security.sasl.Sasl;
|
import javax.security.sasl.SaslClient;
|
import javax.security.sasl.SaslException;
|
|
import org.opends.sdk.ByteString;
|
import org.opends.sdk.DN;
|
|
import com.sun.opends.sdk.util.Validator;
|
|
|
|
/**
|
* Digest-MD5 SASL bind request.
|
*/
|
public final class DigestMD5SASLBindRequest extends
|
SASLBindRequest<DigestMD5SASLBindRequest>
|
{
|
/**
|
* The name of the SASL mechanism based on DIGEST-MD5 authentication.
|
*/
|
public static final String SASL_MECHANISM_DIGEST_MD5 = "DIGEST-MD5";
|
|
private String authenticationID;
|
private String authorizationID;
|
private ByteString password;
|
private String realm;
|
|
private NameCallbackHandler authIDHandler;
|
private PasswordCallbackHandler passHandler;
|
private TextInputCallbackHandler realmHandler;
|
|
private class DigestMD5SASLContext extends AbstractSASLContext
|
{
|
private SaslClient saslClient;
|
private ByteString outgoingCredentials = null;
|
|
private DigestMD5SASLContext(String serverName) throws SaslException {
|
Map<String, String> props = new HashMap<String, String>();
|
props.put(Sasl.QOP, "auth-conf,auth-int,auth");
|
saslClient =
|
Sasl.createSaslClient(
|
new String[] { SASL_MECHANISM_DIGEST_MD5 },
|
authorizationID, SASL_DEFAULT_PROTOCOL, serverName, props,
|
this);
|
|
if (saslClient.hasInitialResponse())
|
{
|
byte[] bytes = saslClient.evaluateChallenge(new byte[0]);
|
if (bytes != null)
|
{
|
this.outgoingCredentials = ByteString.wrap(bytes);
|
}
|
}
|
}
|
|
public void dispose() throws SaslException
|
{
|
saslClient.dispose();
|
}
|
|
public boolean evaluateCredentials(ByteString incomingCredentials)
|
throws SaslException
|
{
|
byte[] bytes =
|
saslClient.evaluateChallenge(incomingCredentials.toByteArray());
|
if (bytes != null)
|
{
|
this.outgoingCredentials = ByteString.wrap(bytes);
|
}
|
else
|
{
|
this.outgoingCredentials = null;
|
}
|
|
return isComplete();
|
}
|
|
public ByteString getSASLCredentials()
|
{
|
return outgoingCredentials;
|
}
|
|
|
public boolean isComplete()
|
{
|
return saslClient.isComplete();
|
}
|
|
|
|
public boolean isSecure()
|
{
|
String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);
|
return (qop.equalsIgnoreCase("auth-int") || qop
|
.equalsIgnoreCase("auth-conf"));
|
}
|
|
@Override
|
public byte[] unwrap(byte[] incoming, int offset, int len)
|
throws SaslException
|
{
|
return saslClient.unwrap(incoming, offset, len);
|
}
|
|
|
|
@Override
|
public byte[] wrap(byte[] outgoing, int offset, int len)
|
throws SaslException
|
{
|
return saslClient.wrap(outgoing, offset, len);
|
}
|
|
|
|
@Override
|
protected void handle(NameCallback callback)
|
throws UnsupportedCallbackException
|
{
|
if (authIDHandler == null)
|
{
|
callback.setName(authenticationID);
|
}
|
else
|
{
|
if(authIDHandler.handle(callback))
|
{
|
authenticationID = callback.getName();
|
authIDHandler = null;
|
}
|
}
|
}
|
|
|
|
@Override
|
protected void handle(PasswordCallback callback)
|
throws UnsupportedCallbackException
|
{
|
if (passHandler == null)
|
{
|
callback.setPassword(password.toString().toCharArray());
|
}
|
else
|
{
|
if(passHandler.handle(callback))
|
{
|
password = ByteString.valueOf(callback.getPassword());
|
passHandler = null;
|
}
|
}
|
}
|
|
|
|
@Override
|
protected void handle(RealmCallback callback)
|
throws UnsupportedCallbackException
|
{
|
if (realmHandler == null)
|
{
|
if (realm == null)
|
{
|
callback.setText(callback.getDefaultText());
|
}
|
else
|
{
|
callback.setText(realm);
|
}
|
}
|
else
|
{
|
if(realmHandler.handle(callback))
|
{
|
realm = callback.getText();
|
realmHandler = null;
|
}
|
}
|
}
|
|
public DigestMD5SASLBindRequest getSASLBindRequest() {
|
return DigestMD5SASLBindRequest.this;
|
}
|
}
|
|
public DigestMD5SASLBindRequest(DN authenticationDN,
|
ByteString password)
|
{
|
Validator.ensureNotNull(authenticationDN, password);
|
this.authenticationID = "dn:" + authenticationDN.toString();
|
this.password = password;
|
}
|
|
|
|
public DigestMD5SASLBindRequest(DN authenticationDN,
|
DN authorizationDN, ByteString password)
|
{
|
Validator
|
.ensureNotNull(authenticationDN, authorizationDN, password);
|
this.authenticationID = "dn:" + authenticationDN.toString();
|
this.authorizationID = "dn:" + authorizationDN.toString();
|
this.password = password;
|
}
|
|
|
|
public DigestMD5SASLBindRequest(DN authenticationDN,
|
DN authorizationDN, ByteString password, String realm)
|
{
|
Validator.ensureNotNull(authenticationDN, authorizationDN,
|
password);
|
this.authenticationID = "dn:" + authenticationDN.toString();
|
this.authorizationID = "dn:" + authorizationDN.toString();
|
this.password = password;
|
this.realm = realm;
|
}
|
|
|
|
public DigestMD5SASLBindRequest(String authenticationID,
|
ByteString password)
|
{
|
Validator.ensureNotNull(authenticationID, password);
|
this.authenticationID = authenticationID;
|
this.password = password;
|
}
|
|
|
|
public DigestMD5SASLBindRequest(String authenticationID,
|
String authorizationID, ByteString password)
|
{
|
Validator
|
.ensureNotNull(authenticationID, password);
|
this.authenticationID = authenticationID;
|
this.authorizationID = authorizationID;
|
this.password = password;
|
}
|
|
|
|
public DigestMD5SASLBindRequest(String authenticationID,
|
String authorizationID, ByteString password, String realm)
|
{
|
Validator.ensureNotNull(authenticationID, password);
|
this.authenticationID = authenticationID;
|
this.authorizationID = authorizationID;
|
this.password = password;
|
this.realm = realm;
|
}
|
|
|
|
public String getAuthenticationID()
|
{
|
return authenticationID;
|
}
|
|
|
|
public NameCallbackHandler getAuthIDHandler()
|
{
|
return authIDHandler;
|
}
|
|
|
|
public String getAuthorizationID()
|
{
|
return authorizationID;
|
}
|
|
|
|
public PasswordCallbackHandler getPassHandler()
|
{
|
return passHandler;
|
}
|
|
|
|
public ByteString getPassword()
|
{
|
return password;
|
}
|
|
|
|
public String getRealm()
|
{
|
return realm;
|
}
|
|
|
|
public TextInputCallbackHandler getRealmHandler()
|
{
|
return realmHandler;
|
}
|
|
|
@Override
|
public String getSASLMechanism()
|
{
|
return SASL_MECHANISM_DIGEST_MD5;
|
}
|
|
|
|
public SASLContext getClientContext(String serverName) throws SaslException
|
{
|
return new DigestMD5SASLContext(serverName);
|
}
|
|
|
|
public DigestMD5SASLBindRequest setAuthenticationID(
|
String authenticationID)
|
{
|
Validator.ensureNotNull(authenticationID);
|
this.authenticationID = authenticationID;
|
return this;
|
}
|
|
|
|
public DigestMD5SASLBindRequest setAuthIDHandler(
|
NameCallbackHandler authIDHandler)
|
{
|
this.authIDHandler = authIDHandler;
|
return this;
|
}
|
|
|
|
public DigestMD5SASLBindRequest setAuthorizationID(
|
String authorizationID)
|
{
|
this.authorizationID = authorizationID;
|
return this;
|
}
|
|
|
|
public DigestMD5SASLBindRequest setPassHandler(
|
PasswordCallbackHandler passHandler)
|
{
|
this.passHandler = passHandler;
|
return this;
|
}
|
|
|
|
public DigestMD5SASLBindRequest setPassword(ByteString password)
|
{
|
Validator.ensureNotNull(password);
|
this.password = password;
|
return this;
|
}
|
|
|
|
public DigestMD5SASLBindRequest setRealm(String realm)
|
{
|
this.realm = realm;
|
return this;
|
}
|
|
|
|
public void setRealmHandler(TextInputCallbackHandler realmHandler)
|
{
|
this.realmHandler = realmHandler;
|
}
|
|
|
|
@Override
|
public String toString()
|
{
|
StringBuilder builder = new StringBuilder();
|
builder.append("DigestMD5SASLBindRequest(bindDN=");
|
builder.append(getName());
|
builder.append(", authentication=SASL");
|
builder.append(", saslMechanism=");
|
builder.append(getSASLMechanism());
|
builder.append(", authenticationID=");
|
builder.append(authenticationID);
|
builder.append(", authorizationID=");
|
builder.append(authorizationID);
|
builder.append(", realm=");
|
builder.append(realm);
|
builder.append(", password=");
|
builder.append(password);
|
builder.append(", controls=");
|
builder.append(getControls());
|
builder.append(")");
|
return builder.toString();
|
}
|
}
|
