1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.jndi;
21
22
23 import java.util.Hashtable;
24
25 import javax.naming.Context;
26 import javax.naming.NamingException;
27
28 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
29 import org.apache.directory.shared.ldap.exception.LdapConfigurationException;
30 import org.apache.directory.shared.ldap.name.LdapDN;
31 import org.apache.directory.shared.ldap.util.StringTools;
32
33
34
35
36
37
38
39
40
41 public class LdapJndiProperties
42 {
43 private static final String SASL_AUTHID = "java.naming.security.sasl.authorizationId";
44
45 private LdapDN providerDn;
46 private LdapDN bindDn;
47 private String saslAuthId;
48 private AuthenticationLevel level;
49 private String saslMechanism;
50 private byte[] credentials;
51
52
53 public static AuthenticationLevel getAuthenticationLevel( Hashtable env ) throws NamingException
54 {
55 AuthenticationLevel level;
56 Object credobj = env.get( Context.SECURITY_CREDENTIALS );
57 Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
58
59
60
61
62
63 if ( authentication == null )
64 {
65
66 if ( credobj == null )
67 {
68 level = AuthenticationLevel.NONE;
69 }
70 else
71 {
72 level = AuthenticationLevel.SIMPLE;
73 }
74 }
75 else if ( !( authentication instanceof String ) )
76 {
77 throw new LdapConfigurationException( "Don't know how to interpret " + authentication.getClass()
78 + " objects for environment property " + Context.SECURITY_AUTHENTICATION );
79 }
80 else
81 {
82 if ( AuthenticationLevel.NONE.toString().equals( authentication ) )
83 {
84 level = AuthenticationLevel.NONE;
85 }
86 else if ( AuthenticationLevel.SIMPLE.toString().equals( authentication ) )
87 {
88 level = AuthenticationLevel.SIMPLE;
89 }
90 else
91 {
92 level = AuthenticationLevel.STRONG;
93 }
94 }
95
96 return level;
97 }
98
99
100 public static LdapJndiProperties getLdapJndiProperties( Hashtable env ) throws NamingException
101 {
102 if ( env == null )
103 {
104 throw new LdapConfigurationException( "environment cannot be null" );
105 }
106
107 LdapJndiProperties props = new LdapJndiProperties();
108 Object principal = env.get( Context.SECURITY_PRINCIPAL );
109 Object credobj = env.get( Context.SECURITY_CREDENTIALS );
110 Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
111
112
113
114
115
116 if ( !env.containsKey( Context.PROVIDER_URL ) )
117 {
118 String msg = "Expected property " + Context.PROVIDER_URL;
119 msg += " but could not find it in env!";
120 throw new LdapConfigurationException( msg );
121 }
122
123 String url = ( String ) env.get( Context.PROVIDER_URL );
124 if ( url == null )
125 {
126 String msg = "Expected value for property " + Context.PROVIDER_URL;
127 msg += " but it was set to null in env!";
128 throw new LdapConfigurationException( msg );
129 }
130
131 if ( url.trim().equals( "" ) )
132 {
133 props.providerDn = LdapDN.EMPTY_LDAPDN;
134 }
135 else
136 {
137 props.providerDn = new LdapDN( url );
138 }
139
140
141
142
143
144 if ( authentication == null )
145 {
146
147 if ( credobj == null )
148 {
149 props.level = AuthenticationLevel.NONE;
150 }
151 else
152 {
153 props.level = AuthenticationLevel.SIMPLE;
154 }
155 }
156 else if ( !( authentication instanceof String ) )
157 {
158 throw new LdapConfigurationException( "Don't know how to interpret " + authentication.getClass()
159 + " objects for environment property " + Context.SECURITY_AUTHENTICATION );
160 }
161 else
162 {
163 if ( AuthenticationLevel.NONE.toString().equals( authentication ) )
164 {
165 props.level = AuthenticationLevel.NONE;
166 }
167 else if ( AuthenticationLevel.SIMPLE.toString().equals( authentication ) )
168 {
169 props.level = AuthenticationLevel.SIMPLE;
170 }
171 else
172 {
173 props.level = AuthenticationLevel.STRONG;
174 props.saslMechanism = ( String ) authentication;
175
176
177
178
179
180
181
182
183 }
184 }
185
186
187
188
189
190 if ( principal == null && props.level == AuthenticationLevel.SIMPLE )
191 {
192 throw new LdapConfigurationException( Context.SECURITY_PRINCIPAL + " cannot be null." );
193 }
194 else if ( principal == null && props.level == AuthenticationLevel.NONE )
195 {
196 props.bindDn = LdapDN.EMPTY_LDAPDN;
197 }
198 else if ( !( principal instanceof String ) )
199 {
200 throw new LdapConfigurationException( "Don't know how to interpret " + principal.getClass()
201 + " objects for environment property " + Context.SECURITY_PRINCIPAL );
202 }
203 else if ( ( ( String ) principal ).trim().equals( "" ) )
204 {
205 props.bindDn = LdapDN.EMPTY_LDAPDN;
206 }
207 else
208 {
209 props.bindDn = new LdapDN( ( String ) principal );
210 }
211
212
213 if ( env.get( SASL_AUTHID ) != null && props.level == AuthenticationLevel.STRONG )
214 {
215 Object obj = env.get( SASL_AUTHID );
216 if ( obj instanceof String )
217 {
218 props.saslAuthId = ( String ) obj;
219 }
220 else
221 {
222 throw new LdapConfigurationException( "Don't know how to interpret " + obj.getClass()
223 + " objects for environment property " + SASL_AUTHID );
224 }
225 props.saslAuthId = ( String ) principal;
226 }
227
228
229
230
231
232 if ( props.level == AuthenticationLevel.SIMPLE && credobj == null )
233 {
234 throw new LdapConfigurationException( "cannot specify simple authentication with supplying credentials" );
235 }
236 else if ( credobj != null )
237 {
238 if ( credobj instanceof String )
239 {
240 props.credentials = StringTools.getBytesUtf8( ( String ) credobj );
241 }
242 else if ( credobj instanceof byte[] )
243 {
244 props.credentials = ( byte[] ) credobj;
245 }
246 else
247 {
248 throw new LdapConfigurationException( "Don't know how to interpret " + credobj.getClass()
249 + " objects for environment property " + Context.SECURITY_CREDENTIALS );
250 }
251 }
252
253 return props;
254 }
255
256
257 public LdapDN getBindDn()
258 {
259 return bindDn;
260 }
261
262
263 public LdapDN getProviderDn()
264 {
265 return providerDn;
266 }
267
268
269 public String getSaslAuthId()
270 {
271 return saslAuthId;
272 }
273
274
275 public AuthenticationLevel getAuthenticationLevel()
276 {
277 return level;
278 }
279
280
281 public String getSaslMechanism()
282 {
283 return saslMechanism;
284 }
285
286
287 public byte[] getCredentials()
288 {
289 return credentials;
290 }
291 }