View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.server.ldap.handlers.bind.digestMD5;
21  
22  
23  import org.apache.directory.server.core.CoreSession;
24  import org.apache.directory.server.ldap.LdapService;
25  import org.apache.directory.server.ldap.LdapSession;
26  import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;
27  import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
28  import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
29  import org.apache.directory.shared.ldap.message.BindRequest;
30  
31  import javax.security.auth.callback.CallbackHandler;
32  import javax.security.sasl.Sasl;
33  import javax.security.sasl.SaslServer;
34  
35  import java.util.HashMap;
36  import java.util.Map;
37  
38  
39  /**
40   * The DIGEST-MD5 mechanism handler.
41   * 
42   * @org.apache.xbean.XBean
43   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
44   * @version $Rev$, $Date$
45   */
46  public class DigestMd5MechanismHandler extends AbstractMechanismHandler
47  {
48      /**
49       * Create a list of all the configured realms.
50       * 
51       * @param ldapService the LdapService for which we want to get the realms
52       * @return a list of realms, separated by spaces
53       */
54      private String getActiveRealms( LdapService ldapService )
55      {
56          StringBuilder realms = new StringBuilder();
57          boolean isFirst = true;
58  
59          for ( String realm:ldapService.getSaslRealms() )
60          {
61              if ( isFirst )
62              {
63                  isFirst = false;
64              }
65              else
66              {
67                  realms.append( ' ' );
68              }
69              
70              realms.append( realm );
71          }
72  
73          return realms.toString();
74      }
75  
76  
77      
78      public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
79      {
80          SaslServer ss = (SaslServer)ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
81  
82          if ( ss == null )
83          {
84              CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession();
85  
86              CallbackHandler callbackHandler = new DigestMd5CallbackHandler( ldapSession, adminSession, bindRequest );
87  
88              ss = Sasl.createSaslServer( 
89                  SupportedSaslMechanisms.DIGEST_MD5, 
90                  SaslConstants.LDAP_PROTOCOL, 
91                  (String)ldapSession.getSaslProperty( SaslConstants.SASL_HOST ),
92                  (Map<String, String>)ldapSession.getSaslProperty( SaslConstants.SASL_PROPS ),
93                  callbackHandler );
94              ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss );
95          }
96  
97          return ss;
98      }
99  
100     
101     /**
102      * {@inheritDoc}
103      */
104     public void init( LdapSession ldapSession )
105     {
106         // Store the host in the ldap session
107         String saslHost = ldapSession.getLdapServer().getSaslHost();
108         String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn();
109 
110 
111         ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
112         ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn );
113 
114         Map<String, String> saslProps = new HashMap<String, String>();
115         saslProps.put( Sasl.QOP, ldapSession.getLdapServer().getSaslQopString() );
116         saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapSession.getLdapServer() ) );
117         ldapSession.putSaslProperty( SaslConstants.SASL_PROPS, saslProps );
118     }
119     
120     
121     /**
122      * Remove the Host, UserBaseDn, props and Mechanism property.
123      * 
124      * @param ldapSession the LdapSession instance
125      */
126     public void cleanup( LdapSession ldapSession )
127     {
128         // Inject the Sasl Filter
129         insertSaslFilter( ldapSession );
130         
131         // and cleanup the useless informations
132         ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
133         ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
134         ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
135         ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
136         ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
137     }
138 }