View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.jndi;
21  
22  
23  import java.util.Hashtable;
24  
25  import javax.naming.Context;
26  import javax.naming.NamingException;
27  
28  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
29  import org.apache.directory.shared.ldap.exception.LdapConfigurationException;
30  import org.apache.directory.shared.ldap.name.LdapDN;
31  import org.apache.directory.shared.ldap.util.StringTools;
32  
33  
34  /**
35   * A wrapper around a JNDI environment which checks for correct LDAP specific 
36   * environment settings.
37   *
38   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
39   * @version $Rev: 679219 $
40   */
41  public class LdapJndiProperties
42  {
43      private static final String SASL_AUTHID = "java.naming.security.sasl.authorizationId";
44  
45      private LdapDN providerDn;
46      private LdapDN bindDn;
47      private String saslAuthId;
48      private AuthenticationLevel level;
49      private String saslMechanism;
50      private byte[] credentials;
51  
52  
53      public static AuthenticationLevel getAuthenticationLevel( Hashtable env ) throws NamingException
54      {
55          AuthenticationLevel level;
56          Object credobj = env.get( Context.SECURITY_CREDENTIALS );
57          Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
58  
59          // -------------------------------------------------------------------
60          // Figure out and set the authentication level and mechanisms
61          // -------------------------------------------------------------------
62  
63          if ( authentication == null )
64          {
65              // if the property is not set but Context.SECURITY_CREDENTIALS is then SIMPLE
66              if ( credobj == null )
67              {
68                  level = AuthenticationLevel.NONE;
69              }
70              else
71              {
72                  level = AuthenticationLevel.SIMPLE;
73              }
74          }
75          else if ( !( authentication instanceof String ) )
76          {
77              throw new LdapConfigurationException( "Don't know how to interpret " + authentication.getClass()
78                  + " objects for environment property " + Context.SECURITY_AUTHENTICATION );
79          }
80          else
81          {
82              if ( AuthenticationLevel.NONE.toString().equals( authentication ) )
83              {
84                  level = AuthenticationLevel.NONE;
85              }
86              else if ( AuthenticationLevel.SIMPLE.toString().equals( authentication ) )
87              {
88                  level = AuthenticationLevel.SIMPLE;
89              }
90              else
91              {
92                  level = AuthenticationLevel.STRONG;
93              }
94          }
95  
96          return level;
97      }
98  
99  
100     public static LdapJndiProperties getLdapJndiProperties( Hashtable env ) throws NamingException
101     {
102         if ( env == null )
103         {
104             throw new LdapConfigurationException( "environment cannot be null" );
105         }
106 
107         LdapJndiProperties props = new LdapJndiProperties();
108         Object principal = env.get( Context.SECURITY_PRINCIPAL );
109         Object credobj = env.get( Context.SECURITY_CREDENTIALS );
110         Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
111 
112         // -------------------------------------------------------------------
113         // check for the provider URL property 
114         // -------------------------------------------------------------------
115 
116         if ( !env.containsKey( Context.PROVIDER_URL ) )
117         {
118             String msg = "Expected property " + Context.PROVIDER_URL;
119             msg += " but could not find it in env!";
120             throw new LdapConfigurationException( msg );
121         }
122 
123         String url = ( String ) env.get( Context.PROVIDER_URL );
124         if ( url == null )
125         {
126             String msg = "Expected value for property " + Context.PROVIDER_URL;
127             msg += " but it was set to null in env!";
128             throw new LdapConfigurationException( msg );
129         }
130 
131         if ( url.trim().equals( "" ) )
132         {
133             props.providerDn = LdapDN.EMPTY_LDAPDN;
134         }
135         else
136         {
137             props.providerDn = new LdapDN( url );
138         }
139 
140         // -------------------------------------------------------------------
141         // Figure out and set the authentication level and mechanisms
142         // -------------------------------------------------------------------
143 
144         if ( authentication == null )
145         {
146             // if the property is not set but Context.SECURITY_CREDENTIALS is then SIMPLE
147             if ( credobj == null )
148             {
149                 props.level = AuthenticationLevel.NONE;
150             }
151             else
152             {
153                 props.level = AuthenticationLevel.SIMPLE;
154             }
155         }
156         else if ( !( authentication instanceof String ) )
157         {
158             throw new LdapConfigurationException( "Don't know how to interpret " + authentication.getClass()
159                 + " objects for environment property " + Context.SECURITY_AUTHENTICATION );
160         }
161         else
162         {
163             if ( AuthenticationLevel.NONE.toString().equals( authentication ) )
164             {
165                 props.level = AuthenticationLevel.NONE;
166             }
167             else if ( AuthenticationLevel.SIMPLE.toString().equals( authentication ) )
168             {
169                 props.level = AuthenticationLevel.SIMPLE;
170             }
171             else
172             {
173                 props.level = AuthenticationLevel.STRONG;
174                 props.saslMechanism = ( String ) authentication;
175 //                String[] mechList = ( ( String ) authentication ).trim().split( " " );
176 //                for ( String mech : mechList )
177 //                {
178 //                    if ( !mech.trim().equals( "" ) )
179 //                    {
180 //                        props.mechanisms.add( mech );
181 //                    }
182 //                }
183             }
184         }
185 
186         // -------------------------------------------------------------------
187         // Figure out and set the security principal bindDn and saslAuthId
188         // -------------------------------------------------------------------
189 
190         if ( principal == null && props.level == AuthenticationLevel.SIMPLE )
191         {
192             throw new LdapConfigurationException( Context.SECURITY_PRINCIPAL + " cannot be null." );
193         }
194         else if ( principal == null && props.level == AuthenticationLevel.NONE )
195         {
196             props.bindDn = LdapDN.EMPTY_LDAPDN;
197         }
198         else if ( !( principal instanceof String ) )
199         {
200             throw new LdapConfigurationException( "Don't know how to interpret " + principal.getClass()
201                 + " objects for environment property " + Context.SECURITY_PRINCIPAL );
202         }
203         else if ( ( ( String ) principal ).trim().equals( "" ) )
204         {
205             props.bindDn = LdapDN.EMPTY_LDAPDN;
206         }
207         else
208         {
209             props.bindDn = new LdapDN( ( String ) principal );
210         }
211         
212 
213         if ( env.get( SASL_AUTHID ) != null && props.level == AuthenticationLevel.STRONG )
214         {
215             Object obj = env.get( SASL_AUTHID );
216             if ( obj instanceof String )
217             {
218                 props.saslAuthId = ( String ) obj;
219             }
220             else
221             {
222                 throw new LdapConfigurationException( "Don't know how to interpret " + obj.getClass()
223                     + " objects for environment property " + SASL_AUTHID );
224             }
225             props.saslAuthId = ( String ) principal;
226         }
227 
228         // -------------------------------------------------------------------
229         // Figure out the credentials
230         // -------------------------------------------------------------------
231 
232         if ( props.level == AuthenticationLevel.SIMPLE && credobj == null )
233         {
234             throw new LdapConfigurationException( "cannot specify simple authentication with supplying credentials" );
235         }
236         else if ( credobj != null )
237         {
238             if ( credobj instanceof String )
239             {
240                 props.credentials = StringTools.getBytesUtf8( ( String ) credobj );
241             }
242             else if ( credobj instanceof byte[] )
243             {
244                 props.credentials = ( byte[] ) credobj;
245             }
246             else
247             {
248                 throw new LdapConfigurationException( "Don't know how to interpret " + credobj.getClass()
249                     + " objects for environment property " + Context.SECURITY_CREDENTIALS );
250             }
251         }
252 
253         return props;
254     }
255 
256 
257     public LdapDN getBindDn()
258     {
259         return bindDn;
260     }
261 
262 
263     public LdapDN getProviderDn()
264     {
265         return providerDn;
266     }
267 
268 
269     public String getSaslAuthId()
270     {
271         return saslAuthId;
272     }
273 
274 
275     public AuthenticationLevel getAuthenticationLevel()
276     {
277         return level;
278     }
279 
280 
281     public String getSaslMechanism()
282     {
283         return saslMechanism;
284     }
285 
286 
287     public byte[] getCredentials()
288     {
289         return credentials;
290     }
291 }